FIKARA BILALblog.fikara.io·Nov 19, 2024Collecte d'informations Bug BountyDans un contexte de BugBounty ou de test de sécurité, la collecte d’informations est une étape qui consiste à recueillir un maximun de données sur une cible. Le but est de mieux comprendre son environnement et surtout identifier des vulnérabilités po...Discuss·1 like·32 readsbugbountysearchengine
Sergio Medeirosgrumpz.net·Nov 10, 2024My Journey to Passing the CAPenX Certification: A Guide for Aspiring Expert-Level AppSec PentestersIntroduction: As a seasoned cybersecurity researcher and penetration tester, I am constantly on the lookout for certifications that sharpen my skills and keep me at the forefront of web application security. The Certified AppSec Pentesting Expert (CA...Discuss·10 likes·80 readssoftware development
YSsymbolexe.xyz·Nov 9, 2024Apple Intelligence InjectionThis Python script demonstrates a prompt injection technique to drive interactions with a chatbot through macOS Notes. It uses AppleScript to dynamically create Notes entries with injected prompts, allowing for customized and contextual responses to ...DiscussApple
Bhuwan BhetwalforBhuwan Bhetwal's HandBookblog.bhuwanbhetwal.com.np·Nov 8, 2024CSRF + POST Body Param Reflection = POST-Based XSS (A BrainFuck)Hello again, This blog explains how i chained a CSRF and XSS on a POST request. So, lets get straight into it. One day i was hunting on a private program and i could see most of hacker’s were reporting CSRF. Almost 5 reports out of 10 were them. Lo...Discuss·534 readsXSS
Harshal ShahforHarshal_Shah' Blogdelvingwithharshal.hashnode.dev·Oct 2, 2024Directory Traversal Attacks Explained: How to Detect and Stop ThemDirectory Traversal, also known as Path Traversal, is a serious web vulnerability that allows attackers to gain unauthorized access to the server’s filesystem by manipulating input paths. By exploiting this vulnerability, an attacker can access files...DiscussFortify and Defend: Navigating the Cybersecurity Landscapebugbounty
CodeChef-VITforCodeChef-VITblogs.codechefvit.com·Oct 1, 2024Sneaking into your documents: How I hacked DigiLocker?Hello, friend. Ever wonder what it feels like to hold someone’s entire digital identity in your hands? To have the power to become anyone you want? That’s the rabbit hole I fell into when I decided to poke around DigiLocker. You see, DigiLocker is su...Discussbugbounty
Retr0forR3tr0's blogretr0x.hashnode.dev·Aug 12, 2024New Reconnaissance Methodologies/Tools for Bug Bounty Hunting & Ethical Hacking 💥💥Welcome Readers!! With new methodologies constantly emerging in the field of ethical hacking and bug bounty hunting, it's essential to explore the latest and most effective techniques. In this blog, we'll delve into some of the most innovative and t...Discuss·32 readssundomain enumeration
Ananya Chatterjeedevelover.hashnode.dev·Jul 30, 2024My bug bounty methodology and how I approach a targetHow I choose a bug bounty program , let’s assume you have received some private invitations. How would you choose between them? What program would you pick to start hunting for bugs? On HackerOne where I primarily hunt for bugs, I choose a program ba...Discuss·1 like·89 readsBug Bounty#cybersecurity
Blake JacobsforDorki - Blogdorki.hashnode.dev·May 28, 2024How I Discovered a Critical Path Traversal Vulnerability Using DorkiIn this article, I detail my journey of discovering a critical vulnerability using Secondary Context Path Traversal. By leveraging Dorki for passive reconnaissance, I identified an Apache Tomcat-hosted web app and exploited its path normalization fla...Discuss·1 like·1.4K readshacking
Sergio Medeirosgrumpz.net·May 21, 2024CVE-2024-34240: Latest Stored XSS 0day Vulnerability UnveiledLate in the evening, I decided to explore some PHP applications focused on Student Information Systems, inspired by my recent success in finding systemic stored XSS vulnerabilities in a private bug bounty program. I visited my favorite source for PHP...Discuss·11 likes·807 readsMy Security ResearchBugs and Errors
