43247
Happy hunting! thebugbountyhunter.com hello@thebugbountyhunter.com
OAuth Labs: OAuth 2.0 Vulnerabilites
https://cyllective.com/blog/posts/oauth-labs
Broken authentication: A complete guide to exploiting advanced authentication vulnerabilities
https://blog.intigriti.com/hacking-tools/broken-authentication-a-complete-guide-to-exploiting-advanced-authentication-vulnerabilities
265 - A Windows Keyhole and Buggy OAuth
https://dayzerosec.com/podcast/265.html
Autonomous Discovery of Critical Zero-Days - ZeroPath Blog
https://zeropath.com/blog/0day-discoveries
Latest Nuclei Release v3.3.7!
https://github.com/projectdiscovery/nuclei/releases/tag/v3.3.7
Announcing Hai Plays: Personalize Your Playbook for Spot-On Security Advice
https://www.hackerone.com/ai/hai-plays
OSINT: Following the Breadcrumbs - "No Comment" [INTIGRITI 1337UP CTF 2024]
https://www.youtube.com/watch?v=uzwKwI72FDQ
The cyber threat landscape part 4: Emerging technologies and their security implications
https://blog.intigriti.com/business-insights/the-cyber-threat-landscape-part-4-emerging-technologies-and-their-security-implic
Android's CVE-2020-0238 (AccountTypePreferenceLoader)
https://pwner.gg/blog/Android's-CVE-2020-0238
Introduction to Fuzzing Android Native Components
https://blog.convisoappsec.com/en/introduction-to-fuzzing-android-native-components/
DEF CON 32 - Gotta Cache ‘em all bending the rules of web cache exploitation - Martin Doyhenard
https://m.youtube.com/watch?v=70yyOMFylUA
Brainstorm Tool Release: Optimizing Web Fuzzing With Local LLMs
https://www.invicti.com/blog/security-labs/brainstorm-tool-release-optimizing-web-fuzzing-with-local-llms/
Brainstorm Tool Release: Optimizing Web Fuzzing With Local LLMs
https://www.invicti.com/blog/security-labs/brainstorm-tool-release-optimizing-web-fuzzing-with-local-llms/
Capital One Launches Public Bug Bounty Program with HackerOne
https://www.hackerone.com/customer-stories/capital-one-public-bug-bounty
At Patchstack we launched a Black Friday special #bounty event 🛒
📅 When: 26 Nov to 08 Dev
🛍️ What: WooCommerce and alternatives, payment gateways, and plugins extending eCommerce functionality
🔒 CVSS: 6.4+
📈 Installs: 50+ active installs
Learn more patchstack.com/bug-bounty/
CSPT the Eval Villain Way! · Doyensec's Blog
https://blog.doyensec.com/2024/12/03/cspt-with-eval-villain.html
The Rise of Bug Bounty Programs in S-1 Filings: A New Standard in Corporate Security
https://www.hackerone.com/vulnerability-management/bug-bounty-s-1-filings
From File Upload To LFI: A Journey To Exploitation
red.whisperer/from-file-upload-to-lfi-a-journey-to-exploitation-02ab5e1a7d0a" rel="nofollow">https://medium.com/@red.whisperer/from-file-upload-to-lfi-a-journey-to-exploitation-02ab5e1a7d0a
How To Write A Pentest Report That Gets Your Findings Fixed
https://www.youtube.com/watch?v=oBtJ7bryKII
Pentesting Salesforce Communities
https://0xbro.red/writeups/web-hacking/salesforce-hacking/
MSSQL Identified as Vulnerable to Emoji String Exploitation
https://decrypt.lol/posts/2024/11/29/mssql-identified-as-vulnerable-to-emoji-string-exploitation/
⏳ Time is ticking! Black Friday is your chance to get Burp Bounty Pro for just €79/year – save €40.
🎯Advanced customization, faster audits, and the power to detect vulnerabilities with less effort.
🔗Don’t wait! https://bountysecurity.ai/pages/burp-bounty
Hack My Career: Harley Kimball’s Journey to DEFCON
https://www.hackerone.com/culture-and-talent/hack-my-career-harley-kimballs-journey-defcon
How the Great Firewall of China Uses DNS Poisoning
https://www.youtube.com/watch?v=BUbCkUVaFFY
SSD Advisory - ksthunk.sys Integer Overflow (PE) - SSD Secure Disclosure
https://ssd-disclosure.com/ssd-advisory-ksthunk-sys-integer-overflow-pe/
Crafting your bug bounty methodology: A complete guide for beginners
https://blog.intigriti.com/hacking-tools/crafting-your-bug-bounty-methodology-a-complete-guide-for-beginners
Extending Burp Suite for fun and profit – The Montoya way – Part 8 - hn security
https://security.humanativaspa.it/extending-burp-suite-for-fun-and-profit-the-montoya-way-part-8/
REverse Tactics
https://www.reversetactics.com/publications/2024_conf_grehack_virtualbox/
264 - Linux Is Still a Mess and Vaultwarden Auth Issues
https://dayzerosec.com/podcast/264.html
Reversing an Insecure 2FA Generation Algorithm - "Secure Bank" [INTIGRITI 1337UP CTF 2024]
https://www.youtube.com/watch?v=d7fdWoYOGaw