43247
Happy hunting! thebugbountyhunter.com hello@thebugbountyhunter.com
Announcing the launch of Vanir: Open-source Security Patch Validation
http://security.googleblog.com/2024/12/announcing-launch-of-vanir-open-source.html
Compromising OpenWrt Supply Chain via Truncated SHA-256 Collision and Command Injection
https://flatt.tech/research/posts/compromising-openwrt-supply-chain-sha256-collision/
How to Accelerate Vulnerability Remediation with Hai
https://www.hackerone.com/ai/accelerate-vulnerability-remediation-with-hai
Broken authentication: 7 Advanced ways of bypassing insecure 2-FA implementations
https://blog.intigriti.com/hacking-tools/broken-authentication-7-advanced-ways-of-bypassing-insecure-2-fa-implementations
Announcing the launch of Vanir: Open-source Security Patch Validation
http://security.googleblog.com/2024/12/announcing-launch-of-vanir-open-source.html
Bypassing WAFs with the phantom $Version cookie
https://portswigger.net/research/bypassing-wafs-with-the-phantom-version-cookie
Announcing the launch of Vanir: Open-source Security Patch Validation
http://security.googleblog.com/2024/12/announcing-launch-of-vanir-open-source.html
The AI-Powered 403 Bypasser: Caido Plugin!
https://www.youtube.com/watch?v=LAn3LU1s0Dc
Where There’s Smoke, There’s Fire - Mitel MiCollab CVE-2024-35286, CVE-2024-41713 And An 0day
https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/
OAuth Labs: OAuth 2.0 Vulnerabilites
https://cyllective.com/blog/posts/oauth-labs
Broken authentication: A complete guide to exploiting advanced authentication vulnerabilities
https://blog.intigriti.com/hacking-tools/broken-authentication-a-complete-guide-to-exploiting-advanced-authentication-vulnerabilities
265 - A Windows Keyhole and Buggy OAuth
https://dayzerosec.com/podcast/265.html
Autonomous Discovery of Critical Zero-Days - ZeroPath Blog
https://zeropath.com/blog/0day-discoveries
Latest Nuclei Release v3.3.7!
https://github.com/projectdiscovery/nuclei/releases/tag/v3.3.7
Announcing Hai Plays: Personalize Your Playbook for Spot-On Security Advice
https://www.hackerone.com/ai/hai-plays
Deobfuscate Android App: LLM tool to find any potential security vulnerabilities in Android apps and deobfuscate Android app code
https://github.com/In3tinct/deobfuscate-android-app
From XSS Vulnerability to Full Admin Access
https://haymiz.dev/security/2024/11/25/stored-xss-takeover/
Malimite: iOS decompiler designed to analyze and decode IPA files
Built on top of Ghidra to offer direct support for Swift, Objective-C, and iOS resources
https://github.com/LaurieWired/Malimite
Banco Galicia x YesWeHack: Live Bug Bounty highlights from Ekoparty, Argentina
https://www.youtube.com/watch?v=NknCHX8Hbqg
Automatically decode Android apps and searche for secrets
https://trufflesecurity.com/blog/cracking-open-apk-files-at-scale
Introducing HackerOne Automations
https://www.hackerone.com/vulnerability-management/introducing-hackerone-automations
10 RXSS on HackerOne VDPs
https://medium.com/infosecmatrix/10-rxss-on-hackerone-vdps-5162d3ee42af
OAuth Non-Happy Path to ATO
https://blog.voorivex.team/oauth-non-happy-path-to-ato
The cyber threat landscape part 5: Staying safe with multi-layered defense
https://blog.intigriti.com/business-insights/the-cyber-threat-landscape-part-5-staying-safe-with-multi-layered-defense
CSPT the Eval Villain Way! · Doyensec's Blog
https://blog.doyensec.com/2024/12/03/cspt-with-eval-villain.html
The Rise of Bug Bounty Programs in S-1 Filings: A New Standard in Corporate Security
https://www.hackerone.com/vulnerability-management/bug-bounty-s-1-filings
From File Upload To LFI: A Journey To Exploitation
red.whisperer/from-file-upload-to-lfi-a-journey-to-exploitation-02ab5e1a7d0a" rel="nofollow">https://medium.com/@red.whisperer/from-file-upload-to-lfi-a-journey-to-exploitation-02ab5e1a7d0a
How To Write A Pentest Report That Gets Your Findings Fixed
https://www.youtube.com/watch?v=oBtJ7bryKII
Pentesting Salesforce Communities
https://0xbro.red/writeups/web-hacking/salesforce-hacking/
MSSQL Identified as Vulnerable to Emoji String Exploitation
https://decrypt.lol/posts/2024/11/29/mssql-identified-as-vulnerable-to-emoji-string-exploitation/