Wiz observes CVE-2024-0012 and CVE-2024-9474 exploitation | Wiz Blog
https://www.wiz.io/blog/cve-2024-0012-pan-os-vulnerability-exploited-in-the-wild
Wormable XSS www.bing.com
pedbap/wormable-xss-www-bing-com-7d7cb52e7a12" rel="nofollow">https://medium.com/@pedbap/wormable-xss-www-bing-com-7d7cb52e7a12
The cyber threat landscape part 2: Threat actors and their motivations
https://blog.intigriti.com/business-insights/the-cyber-threat-landscape-part-2-threat-actors-and-their-motivations
The $2,200 ATO Most Bug Hunters Overlooked by Closing Intruder Too Soon
mokhansec/the-2-200-ato-most-bug-hunters-overlooked-by-closing-intruder-too-soon-505f21d56732" rel="nofollow">https://medium.com/@mokhansec/the-2-200-ato-most-bug-hunters-overlooked-by-closing-intruder-too-soon-505f21d56732
Bypass Email Verification in Mozilla
0d-amr/bypass-email-verification-in-mozilla-2ab45ac36c42" rel="nofollow">https://medium.com/@0d-amr/bypass-email-verification-in-mozilla-2ab45ac36c42
YesWeHack Hunter Interviews - #11 Pwnii: “Don't forget that a duplicate bug is a valid bug”
https://www.youtube.com/watch?v=cYHqLMgdzAk
Leveling Up Fuzzing: Finding more vulnerabilities with AI
http://security.googleblog.com/2024/11/leveling-up-fuzzing-finding-more.html
Fortune 1000 at risk: How we discovered 100k vulnerabilities
https://escape.tech/blog/fortune-1000-at-risk-30k-exposed-apis-100k-vulnerabilities/
263 - FortiJump Higher, Pishi, and Breaking Control Flow Flattening
https://dayzerosec.com/podcast/263.html
HackerOne’s Commitment to Learning and Development
https://www.hackerone.com/culture-and-talent/hackerones-commitment-learning-and-development
AWS Pentesting: IAM Privilege Escalation via Rollback Policy
https://rodelllemit.medium.com/aws-pentesting-iam-privilege-escalation-via-rollback-policy-62bc8ba6be51
Sensitive Data Exposure in a Moodle Config File
mrcix/sensitive-data-exposure-in-a-moodle-config-file-648ca3d54676" rel="nofollow">https://medium.com/@mrcix/sensitive-data-exposure-in-a-moodle-config-file-648ca3d54676
Intigriti CTF 2024 - 1337 UP - Live Hacking Talks [5f336e6a30795f]
https://www.youtube.com/watch?v=BKXfrNwrcqQ
Unpatched Remote Code Execution in Gogs
https://fysac.github.io/posts/2024/11/unpatched-remote-code-execution-in-gogs/
Disclosure of 7 Android and Google Pixel Vulnerabilities
https://blog.oversecured.com/Disclosure-of-7-Android-and-Google-Pixel-Vulnerabilities/
Latest Nuclei Release v3.3.6!
https://github.com/projectdiscovery/nuclei/releases/tag/v3.3.6
Quantifying the Value of Bug Bounty Programs: ROI, ROM, or Both?
https://www.hackerone.com/vulnerability-management/quantifying-value-bug-bounty-programs-roi-rom-or-both
Is THIS the most underrated skill in bug bounty?
https://www.youtube.com/watch?v=X1zirlaeBd4
From an Android Hook to RCE: $5000 Bounty
https://blog.voorivex.team/from-an-android-hook-to-rce-5000-bounty
Buffer Overflow: Overwriting Stack Variables - "Rigged Slot Machine" [INTIGRITI 1337UP CTF 2024]
https://www.youtube.com/watch?v=ZKtRuZMqo2o
Remediation for CVE-2024-20767 and CVE-2024-21216: Protect Yourself Against Two Recent Critical Bugs Exploitable in the Wild
https://blog.securelayer7.net/coldfusion-path-traversal-and-weblogic-unauthenticated-rce-remediation/
Crushing FUD: Embracing Ethical Hackers to Strengthen Cybersecurity
https://www.hackerone.com/vulnerability-management/crushing-fud
Hacking Unity Games with Cheat Engine and dnSpy - "Bug Squash (part 1)" [INTIGRITI 1337UP CTF 2024]
https://www.youtube.com/watch?v=VoT74JOGWgA
Research Case Study: Supply Chain Security at Scale – Insights into NPM Account Takeovers - Laburity
https://laburity.com/research-npm-account-takeovers/
Exploring the DOMPurify library: Bypasses and Fixes. Tags:Article - Article - Web - mXSS
https://mizu.re/post/exploring-the-dompurify-library-bypasses-and-fixes
How I hacked 100 hackers
corneacristian/how-i-hacked-100-hackers-5c3c313e8a1a" rel="nofollow">https://medium.com/@corneacristian/how-i-hacked-100-hackers-5c3c313e8a1a
These Two Tools Helped Me Earn $40K in Bounties
alwalxed/these-two-tools-helped-me-earn-40k-in-bounties-8c688b9deccd" rel="nofollow">https://medium.com/@alwalxed/these-two-tools-helped-me-earn-40k-in-bounties-8c688b9deccd
Retrofitting spatial safety to hundreds of millions of lines of C++
http://security.googleblog.com/2024/11/retrofitting-spatial-safety-to-hundreds.html
A beginner's roadmap for playing CTFs: 10 practical tips for beginners
https://blog.intigriti.com/hacking-tools/a-beginner-s-roadmap-for-playing-ctfs-10-practical-tips-for-beginners