43247
Happy hunting! thebugbountyhunter.com hello@thebugbountyhunter.com
When IoT hacking meets Indiana Jones!
https://www.youtube.com/watch?v=0E85Y5_9m4U
The cyber threat landscape part 1: Enhancing cybersecurity strategies
https://blog.intigriti.com/business-insights/the-cyber-threat-landscape-part-1-enhancing-cybersecurity-strategies
The Problem with IoT Cloud-Connectivity and How it Exposed All OvrC Devices to Hijacking
https://claroty.com/team82/research/the-problem-with-iot-cloud-connectivity-and-how-it-exposed-all-ovrc-devices-to-hijacking
Ruby SAML CVE-2024-45409: As bad as it gets and hiding in plain sight — WorkOS
https://workos.com/blog/ruby-saml-cve-2024-45409
Top 4 new attack vectors in web application targets
https://blog.intigriti.com/hacking-tools/top-4-new-attack-vectors-in-web-application-targets
262 - Static Analysis, LLMs, and In-The-Wild Exploit Chains
https://dayzerosec.com/podcast/262.html
Google dorking for beginners: how to find more vulnerabilities using Google search
https://blog.intigriti.com/hacking-tools/google-dorking-for-beginners-how-to-find-more-vulnerabilities-using-google-search
Tales of the Crimson Foes
https://therealunicornsecurity.github.io/CrimsonFoes/
Parrot Anafi Drone Reverse Engineering | HardBreak
https://www.hardbreak.wiki/network-analysis/protocols/application-layer/proprietary-protocols/parrot-anafi-drone-reverse-engineering
7 Ways to achieve remote code execution
https://blog.intigriti.com/hacking-tools/7-ways-to-achieve-remote-code-execution-rce
Talkie Pwnii #1: Exploiting SQL LIKE Operator & Command Injection Regex Bypass
https://www.youtube.com/watch?v=Rw3wWiD5Fto
Apple CarPlay: What's Under the Hood
Slides: https://troopers.de/downloads/troopers24/TR24_Apple_CarPlay-What's_Under_the_Hood_8MCYKG.pdf
Video: https://www.youtube.com/watch?v=cHhxJzavq5I
Retail Under Attack: 6 Learnings from a Retail Customer
https://www.hackerone.com/customer-stories/retail-under-attack
Recon for bug bounty: 8 essential tools for performing effective reconnaissance
https://blog.intigriti.com/hacking-tools/recon-for-bug-bounty-8-essential-tools-for-performing-effective-reconnaissance
Escalating from Reader to Contributor in Azure API Management pt II
https://binarysecurity.no/posts/2024/11/apim-privesc
Hop-Skip-FortiJump-FortiJump-Higher - Fortinet FortiManager CVE-2024-47575
https://labs.watchtowr.com/hop-skip-fortijump-fortijumphigher-cve-2024-23113-cve-2024-47575/
Safer with Google: New intelligent, real-time protections on Android to keep you safe
http://security.googleblog.com/2024/11/new-real-time-protections-on-Android.html
Fault Injection - Down the Rabbit Hole - hn security
https://security.humanativaspa.it/fault-injection-down-the-rabbit-hole/
Visionaries Have Democratised Remote Network Access - Citrix Virtual Apps and Desktops (CVE Unknown)
https://labs.watchtowr.com/visionaries-at-citrix-have-democratised-remote-network-access-citrix-virtual-apps-and-desktops-cve-unknown/
How Hai Facilitates Clear and Effective Communication
https://www.hackerone.com/ai/hai-facilitates-effective-communication
Do This For Your First $100,000 in Bounties
https://www.youtube.com/watch?v=QEQ8JENCnNM
Bypass GuardDuty Pentest Findings for the AWS CLI - Hacking The Cloud
https://hackingthe.cloud/aws/avoiding-detection/guardduty-pentest/
Submission retesting is here
https://blog.intigriti.com/changelog/submission-retesting-is-here
100 Hacking Tools and Resources
https://www.hackerone.com/ethical-hacker/100-hacking-tools-and-resources
Beyond RCE: Autonomous Code Execution in Agentic AI
https://www.securityrunners.io/post/beyond-rce-autonomous-code-execution-in-agentic-ai
Uphold celebrates four years with Intigriti
https://blog.intigriti.com/intigriti-news/uphold-celebrates-four-years-with-intigriti
12 incident response metrics your business should be tracking
https://blog.intigriti.com/business-insights/12-incident-response-metrics-your-business-should-be-tracking
Want to learn hardware hacking? Try this.
https://www.youtube.com/watch?v=q4_eRiBuSYg
Breaking Down Multipart Parsers: File upload validation bypass
https://blog.sicuranext.com/breaking-down-multipart-parsers-validation-bypass/
Escalating from Reader to Contributor in Azure API Management
https://binarysecurity.no/posts/2024/09/apim-privilege-escalation