The channel 'The Bug Bounty Hunter' is now on Mastodon.
| Web | https://thebugbountyhunter.com |
| Telegram | https://t.me/thebugbountyhunter/ |
| https://twitter.com/tbbhunter |
Truffle Security is proud to host a new XSSHunter
https://trufflesecurity.com/blog/xsshunter/
Thank you @[email protected] 👏
Security Advisory: Remote Command Execution in binwalk
https://onekey.com/blog/security-advisory-remote-command-execution-in-binwalk/
Account Takeover in Canvas Apps served in Comet due to failure in Cross-Window-Message Origin validation
How to Directory Brute Force Properly
The Anti-Recon Recon Club (using ReconFTW)
https://www.jhaddix.com/post/the-anti-recon-recon-club-using-reconftw
Recon is important, but some people hate it. I get it. When you're in the zone and ready to pounce on a target, you just want to start hacking. Want the best of both worlds? Quick/complete recon? Without sacrificing coverage? As an offensive security and testing connoisseur, I love recon. But after talking with many other hackers about their flow, It’s always divided. Others absolutely do not enjoy it at all and are way more comfortable getting on a target as fast as possible. So, for those of
DOM-XSS in Instant Games due to improper verification of supplied URLs
The 100+ Million Person Data Disclosure
https://www.jhaddix.com/post/the-100-million-person-data-disclosure
Or, That time I hacked a whole country by accident! I have done consulting gigs all over the world for security testing, and I frequently travel to speak at international conferences. Here’s a story about how I found a vulnerability that could have allowed me to steal the private information of over 100+ MILLION people. This is by far the biggest (in the number of people impacted) hack I’ve ever done… and it wasn’t even for work. Not too long ago I was planning on traveling out of the states for
Research | Bypass CSRF Protection w/ XSS
https://sl4x0.medium.com/research-bypass-csrf-protection-w-xss-710faf20000
