Patrick Peng0reg.dev·Mar 26, 2024$900 of $5870: From Path-traversals to RCE.Recently, I been dedicating my time to bug hunting of large OSS Projects, which is both a time and brain consuming job with these complex architecture and these intricating X-referencing and API calls. Nevertheless, these hardworks paid off (In mywor...Discussbugbounty
Ryan Bonnerroll4combat.hashnode.dev·Mar 7, 2024Finding My Way In CybersecurityMy Journey from Discontent to Discovery Two and a half years ago, I found myself at a crossroads. My career path was a patchwork of sales and odd jobs—from pest control to driving for Uber to moving people's houses. These roles paid the bills, but no...Discuss·10 likes·572 readshacking
Mohammad ZaheriforVoorivex's Teamblog.voorivex.team·Mar 5, 2024$20,300 Bounties from a 200 Hour Hacking ChallengeBack to July 2023, Mohammad Nikouei and I decided to dedicate 100 hours to working on the public BB program on BugCrowd. We worked on the program part-time, spending 4 to 6 hours per day on it each. The program we chose was a famous and big company, ...Discuss·75 likes·6.2K readsbugbounty
N1ghtm4r3n1ghtm4r3.hashnode.dev·Feb 15, 2024Cache Corruption: Unveiling the Web Cache Poisoning ExploitWeb Caches 101 a web cache is a system that temporarily stores web documents such as HTML pages, images, and media files to reduce bandwidth usage, server load, and latency. It serves copies of requested content directly to users, avoiding the need t...Discuss·3 likesbugbounty
Lohith Gowda Mblog.lohigowda.in·Feb 6, 2024Unveiling CVE-2024–0953: Firefox iOS Open Redirect VulnerabilityMy recent encounter with a bug in the Firefox iOS app led to the assignment of CVE-2024–0953. This blog post narrates the journey of uncovering this vulnerability As QR codes become more popular in today’s digital age, it’s essential to ensure that t...Discuss·146 readsCVE-2024–0953
Panagiotis Vasilikossecuringbits.com·Jan 24, 2024JSON Web Tokens (JWTs)JSON Web Tokens (JWTs) are widely used to transfer security critical information between parties, as they can guarantee data integrity. However, it is important to be aware of the potential risks associated with their usage. 🔒DiscussApplication Security
assemghor redaredapt.hashnode.dev·Jan 18, 2024Web Developers: Leveraging Ethical Hacking and Bug Bounty Programs for Security ExcellenceTitle: "Web Developers: Leveraging Ethical Hacking and Bug Bounty Programs for Security Excellence" Introduction: Web developers today face a dual challenge: staying ahead in technology and ensuring the security of their creations. One powerful solut...DiscussWeb Development
Panagiotis Vasilikossecuringbits.com·Jan 17, 2024UUID Sandwich AttacksIf you're using UUIDs (version 1) to implement security features in your application, you may be vulnerable to Sandwich Attacks. Solution: switch to version 4 UUIDs instead.Discuss·2 likes·45 readsApplication Security
Rizwan SyedforBreachForcebreachforce.net·Jan 14, 2024Scrape Cloud for SSL/TLS CertificateCrafting a thorough reconnaissance strategy involves harnessing SSL/TLS certificate data from the internet to empower Bug Bounty Hunters, Pentesters, Red Teamers, and Blue Teamers. Through systematic web scraping of SSL/TLS certificates and structuri...Discuss·82 readsRecon 3000: Navigating Advanced Recon Techniquescloudrecon
Awais Sajidblackdiamond.hashnode.dev·Jan 12, 2024ZERO-Day Exploits and Automations0-Day exploits How to automate hacking using the cloud and Telegram Step 1: We are not using any paid services for this automation. Step 2: We use Google Cloud Shell to open a terminal. Step 3: Get a list of your targets from different hacking progra...Discussbugbounty