Skip to content
Latest
Ghost Phishing Shows Why Email Security Must Follow the BrowserPakistani Police Intrusions Show Why Public-Sector Data Systems Are Strategic TargetsBad Epoll Shows Linux Kernel LPEs Belong in the Patch Priority QueueFake Payment SDKs Show Why Dependency Risk Is Credential RiskCritical UniFi Flaws Put Network Control Planes Back in the Patch QueueVidar Stealer Campaign Shows Why File Size and Fake Signatures Still Beat Weak ControlsADFS Signing Keys Show Why Federation Servers Are Tier-Zero Identity InfrastructureUAT-7810 Shows Edge Devices Are Becoming China-Nexus Relay InfrastructureFortiBleed Shows Firewall Credentials Are Ransomware FuelNetNut and Popa Takedown Shows Residential Proxies Are Now Attack InfrastructureVect and TeamPCP Show Supply-Chain Credentials Are Ransomware FuelOusaban Shows Banking Trojans Are Learning to Hide From SandboxesNUT upsmon Command Injection Shows UPS Monitoring Belongs in the Patch QueueARToken Shows Microsoft 365 Tokens Are the New BEC Control Plane

Category Archive

Bug Bounty

8 reports · All intelligence

Bug bounty and vulnerability research — write-ups, methodology, and findings from real-world testing.

Bug Bounty
TBHM Live Training with Jhaddix
Bug Bounty·

TBHM Live Training with Jhaddix

Attending The Bug Hunters Methodology Live training by Jason Haddix was a great experience. I think my goal with writing this post is really to paint a picture of my overall personal experience being new to Bug Bounty Hunting, coming from the Blue Teaming side of things, and to j

Bug Bounty
Endpoints vs Routes: What every API hacker needs to know
Bug Bounty·

Endpoints vs Routes: What every API hacker needs to know

READ ARTICLE DANA EPP’S BLOG API Hacking Fundamentals February 13, 2024 I recently had an interesting conversation on Twitter/X that got me thinking about API endpoints vs routes. It all started with this tweet: The conversation progressed into whether this was one vulnerability

Bug Bounty
Detecting API endpoints and source code with JS Miner
Bug Bounty·

Detecting API endpoints and source code with JS Miner

Read Article DANA EPP’S BLOG Security (de)engineering for fun and profit Let’s be honest. Most APIs are naked without some sort of web app frontend calling it. These days, those apps are usually written in some sort of framework based on Javascript. With a bit of work, we can do

Bug Bounty
Book.HackTricks
Bug Bounty·

Book.HackTricks

To the Book! Disclaimer This book, ‘HackTricks,’ is intended for educational and informational purposes only. The content within this book is provided on an ‘as is’ basis, and the authors and publishers make no representations or warranties of any kind, express or implied, about

Bug Bounty
Virtual Host Enumeration for Uncovering Hidden Subdomains
Bug Bounty·

Virtual Host Enumeration for Uncovering Hidden Subdomains

Read Article Nairuz Abulhul – Nov 28, 2023 | Published in R3d Buck3T | 8 min read When performing external penetration testing or bug bounty hunting, we explore the targeted system from various angles to collect as much information as possible to identify potential attack vectors

Bug Bounty
SQLmap Cheat Sheet
Bug Bounty·

SQLmap Cheat Sheet

Link to Sheet

Bug Bounty
Announcing cvemap from ProjectDiscovery
Bug Bounty·

Announcing cvemap from ProjectDiscovery

Read Article Project Discovery Tool ManagerGitHub pdtm is a simple and easy-to-use golang based tool for managing open source projects from ProjectDiscovery. Security professionals are constantly on guard against cyber threats, especially given the rising number and sophisticatio

Bug Bounty
From Akamai to F5 to NTLM… with love.
Bug Bounty·

From Akamai to F5 to NTLM… with love.

Read Article Discovery Note: This paper will be covering 1 smuggle gadget out of about 10 that I use in my testing, however this paper will show how this gadget, originally found by @albinowax, can be modified to pin one provider against another in a brutal fashion as you will re