43247
Happy hunting! thebugbountyhunter.com hello@thebugbountyhunter.com
NIS2 Directive: The complete guide for in-scope entities
https://blog.intigriti.com/business-insights/the-nis2-directive
261 - Attacking Browser Extensions and CyberPanel
https://dayzerosec.com/podcast/261.html
Meet Reaper: Open-Source Application Security Testing Built for AI
https://www.youtube.com/watch?v=ULpCO1-oDFI
The OAuth Oversight: When Configuration Errors Turn into Account Hijacks
nightcoders0/the-oauth-oversight-when-configuration-errors-turn-into-account-hijacks-5ed1f9c83d16" rel="nofollow">https://medium.com/@nightcoders0/the-oauth-oversight-when-configuration-errors-turn-into-account-hijacks-5ed1f9c83d16
7 Tips for bug bounty beginners
https://blog.intigriti.com/hacking-tools/7-tips-for-bug-bounty-beginners
IDOR Exploit: Gaining Unauthorized Control Over Users’ Shopping Baskets
0xmatrix/idor-exploit-gaining-unauthorized-control-over-users-shopping-baskets-122650091cf5" rel="nofollow">https://medium.com/@0xmatrix/idor-exploit-gaining-unauthorized-control-over-users-shopping-baskets-122650091cf5
Template Engines Injection 101
0xAwali/template-engines-injection-101-4f2fe59e5756" rel="nofollow">https://medium.com/@0xAwali/template-engines-injection-101-4f2fe59e5756
Discovering Hidden Vulnerabilities in Portainer with CodeQL
https://www.cyberark.com/resources/threat-research-blog/discovering-hidden-vulnerabilities-in-portainer-with-codeql
Autonomous Discovery of Critical Zero-Days - ZeroPath Blog
https://zeropath.com/blog/0day-discoveries
PHP stripslashes() DOESN'T strip slashes!?
https://www.youtube.com/watch?v=ZIrxb48LoUc
GitHub - Escape-Technologies/graphinder: 🕸️ Blazing fast GraphQL endpoints finder using subdomain enumeration, scripts analysis and bruteforce. 🕸️
https://github.com/Escape-Technologies/graphinder
Paranoids’ Vulnerability Research: NetIQ iManager Security Alerts | Paranoids | Yahoo Inc.
https://www.yahooinc.com/paranoids/paranoids-vulnerability-research-netiq-imanager-security-alerts
Using AFL++ on bug bounty programs: an example with Gnome libsoup - Almond Offensive Security Blog
https://offsec.almond.consulting/using-aflplusplus-on-bug-bounty-programs-an-example-with-gnome-libsoup.html
Take control of your security posture: The Burp Suite Enterprise Edition winter update
https://portswigger.net/blog/take-control-of-your-security-posture-the-burp-suite-enterprise-edition-winter-update
Hack My Career: Meet Alek Relyea
https://www.hackerone.com/culture-and-talent/hack-my-career-meet-alek-relyea
Hack My Career: Meet Bertijn Eldering
https://www.hackerone.com/culture-and-talent/hack-my-career-meet-bertijn-eldering
YesWeHack Customer Story: L'Oréal, world’s largest cosmetics and personal care brand
https://www.youtube.com/watch?v=fObtShgP9U8
Justifying cybersecurity budgets: The power of cyber threat analysis
https://blog.intigriti.com/business-insights/justifying-cybersecurity-budgets-cyber-threat-analysis
32 vulnerabilities in IBM Security Verify Access - IT Security Research by Pierre
https://pierrekim.github.io/blog/2024-11-01-ibm-security-verify-access-32-vulnerabilities.html
Takeaways from the Dismissal of Most of the Government’s Case Against the SolarWinds CISO
https://www.hackerone.com/public-policy/solarwinds-case-dismissal
Taming Post Claps
https://medium.com/medium-eng/taming-post-claps-273d97ce1ced
Looking into the Nintendo Alarmo
https://garyodernichts.blogspot.com/2024/10/looking-into-nintendo-alarmo.html
5 Questions to Assess Your Organization’s Bug Bounty Readiness
https://www.hackerone.com/vulnerability-management/bug-bounty-readiness-questions
October 2024 Newsletter
https://blog.projectdiscovery.io/october-2024-newsletter/
Exploiting Fortune 500 Through Hidden Supply Chain Links - Lupin & Holmes
https://www.landh.tech/blog/20241028-hidden-supply-chain-links/
More Models, More ProbLLMs: New Vulnerabilities in Ollama | Oligo Security
https://www.oligo.security/blog/more-models-more-probllms
How I Accessed Microsoft’s ServiceNow — Exposing ALL Microsoft Employee emails, Chat Support Transcripts & Attachments
moblig/how-i-accessed-microsofts-servicenow-exposing-all-microsoft-employee-emails-chat-support-5f8d535eb63b" rel="nofollow">https://medium.com/@moblig/how-i-accessed-microsofts-servicenow-exposing-all-microsoft-employee-emails-chat-support-5f8d535eb63b
New crazy payloads in the URL Validation Bypass Cheat Sheet
https://portswigger.net/research/new-crazy-payloads-in-the-url-validation-bypass-cheat-sheet
Nine writeup for some Android specific chromium behavior vulnerabilities
1) intent:// restrictions bypassed via firebase dynamic links (Fixed, Awarded $3000)
2) Bypass to issue 40060327 via market:// URL (Fixed, Awarded $2250)
3) Add to home screen spoof (Fixed, Awarded $1125)
4) Iframe sandbox allow-popups-to-escape-sandbox bypass via intent (Asked, Not fixed)
5) Controlling Google assistant (Asked, Not fixed)
6) Controlling Clock (Accepted, Not fixed)
7) URL Spoof via intent (Fixed, Awarded $3133.70)
8) BROWSABLE intent:// bypass (Fixed, Duplicate)
9) BROWSABLE intent:// bypass (Fixed, Awarded $4500.00)
https://ndevtk.github.io/writeups/2024/08/01/awas/
260 - Hardwear.IO NL, DEF CON 32, and Filesystem Exploitation
https://dayzerosec.com/podcast/260.html