VoorivexforVoorivex's Teamblog.voorivex.team·Nov 19, 2024From an Android Hook to RCE: $5000 BountyHello, today I want to share a research-based story about how I reverse-engineered a famous Android application called MyIrancell. I managed to achieve RCE, reported it to the vendor, and earned a bounty. A few days ago, I received permission from th...Discuss·8 likes·3.0K readsbugbounty
FIKARA BILALblog.fikara.io·Nov 19, 2024Collecte d'informations Bug BountyDans un contexte de BugBounty ou de test de sécurité, la collecte d’informations est une étape qui consiste à recueillir un maximun de données sur une cible. Le but est de mieux comprendre son environnement et surtout identifier des vulnérabilités po...Discuss·1 likebugbountysearchengine
Abdullah Elmasry0xmrmasry.hashnode.dev·Nov 14, 2024Upgrading Simple Shells to Fully Interactive TTYsImagine you’re a hacking pro, right? You pull off this cool move, catching a reverse shell with netcat. The netcat messages start showing off, and the “id” command spills secrets like a chatterbox. But, oh boy, here comes the buzzkill! You’re typing ...Discuss#cybersecurity
FIKARA BILALblog.fikara.io·Nov 14, 2024Ffuf Fast FuzzerFast fuzzer (ffuf) est un outil outil open-source de fuzzing et de force brute, écrit en langage Go, utilisé pour découvrir des ressources web telles que des fichiers, des répertoires, et des sous-domaines. Le fuzzing est une méthode qui consiste à e...Discussfastfuzzer
meydimeydi.hashnode.dev·Nov 12, 2024Master of XSS WAF Bypass - Part 1Hello, I'm Meydi. I have been working in bug bounty for a year and a half, and over the past year, my main focus has been on client-side bugs and I have earned more than $25k in bounties through XSS In this part, my focus is on situations where you c...Discuss·34 likes·509 readswafbypassVery Good Writeup 21
Sergio Medeirosgrumpz.net·Nov 10, 2024My Journey to Passing the CAPenX Certification: A Guide for Aspiring Expert-Level AppSec PentestersIntroduction: As a seasoned cybersecurity researcher and penetration tester, I am constantly on the lookout for certifications that sharpen my skills and keep me at the forefront of web application security. The Certified AppSec Pentesting Expert (CA...Discuss·10 likes·70 readssoftware development
YSsymbolexe.xyz·Nov 9, 2024Apple Intelligence InjectionThis Python script demonstrates a prompt injection technique to drive interactions with a chatbot through macOS Notes. It uses AppleScript to dynamically create Notes entries with injected prompts, allowing for customized and contextual responses to ...DiscussApple
Bhuwan BhetwalforBhuwan Bhetwal's HandBookblog.bhuwanbhetwal.com.np·Nov 8, 2024CSRF + POST Body Param Reflection = POST-Based XSS (A BrainFuck)Hello again, This blog explains how i chained a CSRF and XSS on a POST request. So, lets get straight into it. One day i was hunting on a private program and i could see most of hacker’s were reporting CSRF. Almost 5 reports out of 10 were them. Lo...Discuss·524 readsXSS
0xryzn1ghtm4r3.hashnode.dev·Oct 29, 2024Bug Bounty Cartel Stories – October EditionWelcome to the October Edition of the Bug Bounty Cartel Stories! This month has marked a transformative chapter in my bug bounty journey, brimming with invaluable lessons, challenges, and significant achievements. While I initially set out to provide...Discuss·72 readsThe Bug Bounty Cartel Stories#cybersecurity
0xrzforVoorivex's Teamblog.voorivex.team·Oct 23, 2024A Weird CSP Bypass led to $3.5k BountyRoughly 5 months ago, YShahinzadeh and I found an XSS vulnerability that had a weird CSP bypass leading to Account Takeover and received a $3500 bounty. The journey was quite interesting to me as it involved deep recon, reading many documents of the ...Discuss·6 likes·1.8K readscsp bypass
