Reza RashidiforRedTeamReciperedteamrecipe.com·Jul 25, 2024RedTeam Story #1: XSS, LFI, LogrotateMITRE ATT&CK Techniques and Tactics Tactic: Reconnaissance Technique ID: T1595 Attack Context Reconnaissance is the phase where the attacker gathers information about the target system. This phase is critical for understanding the system's struct...Discuss·77 readsredteamstory
Cyber Seklercybersekler.com·Jul 13, 2024Git Gone Wrong: Application Compromise via Exposed .git DirectoryEvery penetration test begins with reconnaissance, and my initial steps always involve looking for potentially interesting endpoints. During one engagement, I encountered an exposed .git endpoint and I will discuss how I exploited it to gain admin-le...Discuss·38 readspenetration testing
Collins Boitl00pinfinity.hashnode.dev·Jul 11, 2024Building an Ethical Hacking Playground at HomeI recently embarked on an exciting project: building my own homelab to dive deeper into ethical hacking. I am able to practice freely without the worry of breaking any rules in this environment. Let me show you how I set it up on my computer. Why Bui...Discussethicalhacking
Salik Seraj Naikcodewithssn.hashnode.dev·Jul 4, 2024Top 10 Bugs For Bug Hunters𝗧𝗼𝗽 𝟭𝟬 𝗕𝘂𝗴𝘀 𝗳𝗼𝗿 𝗕𝘂𝗴 𝗕𝗼𝘂𝗻𝘁𝘆 𝗛𝘂𝗻𝘁𝗲𝗿𝘀 🔹1. SQL Injection (SQLi) ▪️Description: Exploiting web applications by injecting malicious SQL code. ▪️Impact: Unauthorized access to databases, data leakage. 🔹2. Cross-Site Scripting (...Discussbugbounty
Sergio Medeirosgrumpz.net·Jun 12, 2024CVE-2024-37629: Simple XSS Payload Exploits 0day Vulnerability in 10,000 Web AppsLate one night, after working on a couple of bug bounty platforms, I decided to revisit a CVE I found last month. I realized that the web application had implemented the Summernote WYSIWYG Editor, which was the root cause of the stored XSS vulnerabil...Discuss·11 likes·1.2K readsbugbounty
Rushikesh Patiloffensivebytes.com·Jun 9, 2024Exposed: A Real-World Case Study of PII Data LeakIntroduction: Discovering sensitive information disclosure in cybersecurity can have serious consequences for users and organizations. During a recent penetration test, I uncovered a significant vulnerability in a web application that exposed user in...Discuss·167 readsappsec
Opara Davidzalparus.hashnode.dev·Jun 8, 2024Perform Proper ReconnaissanceReconnaissance refers to the preliminary phase of a cyber attack where the attacker gathers information about a target system, network, or organization. This phase is crucial as it helps the attacker understand the landscape they are about to infiltr...Discuss·1 like·32 reads#cybersecurity
Silver Spadesagspades.hashnode.dev·May 29, 2024Bug Bounty Hunting 101: An Introduction for BeginnersIntroduction Bug bounty hunting, as the name suggests, is an activity where you hunt for bugs (look for security vulnerabilities) in software applications, websites, and systems and report them to the company or organization running the bounty progra...Discuss#cybersecurity
Blake JacobsforDorki - Blogdorki.hashnode.dev·May 28, 2024How I Discovered a Critical Path Traversal Vulnerability Using DorkiIn this article, I detail my journey of discovering a critical vulnerability using Secondary Context Path Traversal. By leveraging Dorki for passive reconnaissance, I identified an Apache Tomcat-hosted web app and exploited its path normalization fla...Discuss·939 readshacking
Sergio Medeirosgrumpz.net·May 21, 2024CVE-2024-34240: Latest Stored XSS 0day Vulnerability UnveiledLate in the evening, I decided to explore some PHP applications focused on Student Information Systems, inspired by my recent success in finding systemic stored XSS vulnerabilities in a private bug bounty program. I visited my favorite source for PHP...Discuss·11 likes·600 readsMy Security ResearchBugs and Errors