An example why NAT is NOT security

GitHub - djadmin/awesome-bug-bounty: A comprehensive curated list of available Bug Bounty & Disclosure Programs and Write-ups.

A comprehensive curated list of available bug bounty amp disclosure programs and write ups git hub djadmin awesome bug bounty a comprehensive curated list of available bug bounty amp discl

GitHub - ngalongc/bug-bounty-reference: Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature

Inspired by https github com djadmin awesome bug bounty a list of bug bounty write up that is categorized by the bug nature git hub ngalongc bug bounty reference inspired by https github c

Bughunter University - Google VRP and Unicorns

The content of this page has moved to our new site https bughunters google com learn presentations 5475439755395072

Brute Forcing Your Facebook Email and Phone Number

Today i m going to talk about the facebook password reset page and a series of flaws that allowed anyone to brute force a user s primary em

Pentest + Exploit dev Cheatsheet wallpaper - Penetration Testing and Exploit Dev CheatSheet.

The Definitive Security Data Science and Machine Learning Guide

Books tutorials presentations and research papers on various security topics that use data science and machine learning

GitHub - x0rz/EQGRP: Decrypted content of eqgrp-auction-file.tar.xz

Decrypted content of eqgrp auction file tar xz contribute to x0rz eqgrp development by creating an account on git hub

GitHub - ChALkeR/notes: Some public notes

Some public notes contribute to ch a lke r notes development by creating an account on git hub

Redirecting…

Cybersecurity Campaign Playbook

The information assembled here is for any campaign in any party it was designed to give you simple actionable information that will make your campaign s information more secure from adversaries trying to attack your organization and our democracy

GitHub - rmusser01/Infosec_Reference: An Information Security Reference That Doesn’t Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

An information security reference that doesn 39 t suck https rmusser net git admin 2 infosec reference for non ms git hosted version git hub rmusser01 infosec reference an information secu

BullGuard 2021 | Antivirus and VPN for your home and business

Bull guard delivers award winning cybersecurity and vpn solutions to keep people and small businesses safe security and privacy for all your devices on windows mac android and i os

TBHM2.1 (p)

The bug hunters methodology v2 1

$7.5k Google services mix-up - Ezequiel Pereira

Testing

How I exploited ACME TLS-SNI-01 issuing Let’s Encrypt SSL-certs for any domain using shared hosting - Detectify Labs

The original research reports on security issues found in acme tls sni 01 which caused let s encypt to sunset it

VPN Leak - VoidSec

Vpn leaks users i ps via web rtc i ve tested hundred vpn and proxy providers and 19 of them leaks users i ps via web rtc 16

Escape and Evasion Egressing Restricted Networks

A command kill chain consists of payload delivery code execution on a target system and establishing a command and control c2 channel outside of a network there are many ways to achieve each of these steps for example microsoft office macro for delivery power shell for code execution and http

Be careful what you copy: Invisibly inserting usernames into text with Zero-Width Characters

Don t want to read try the demo

Domato Fuzzer’s Generation Engine Internals — sigpwn

Domato is a dom fuzzer developed by ifsecure it has a generation engine inside that when given grammar rule engine automatically generates codes which can be used as input to crash your target while trying to write my own grammar rule for my fuzzing target i got curious of how it is implement

Side-channel attacking browsers through CSS3 features | Security Research - Evonide

Introduction to Web Application Security - Blackhoodie US 2018

This slide deck is structured to start from the basics of web application security and explores common web attacks the first half is packed with theory while

Finding real IPs of origin servers behind CloudFlare or Tor

Tor hidden services and reverse proxy providers cloud flare are useless when making simple mistakes this is how you can reveal origin i ps because of them

Why Facebook’s api starts with a for loop

The curious case of json hijacking

How I could have stolen your photos from Google - my first 3 bug bounty writeups - Written by

Web Application Penetration Testing Notes

Xxe valid use case this is a nonmalicious example of how external entities are used xml version 1 0 standalone no doctype copyright element copyright pcdata entity c system http www xmlwriter net copyright xml copyright c copyright resource https xmlwriter net x

Hacking with a Heads Up Display

The segment team s latest thinking on all things data product marketing and growth

Alexa Top 1 Million Security - Hacking the Big Ones - Written by

The Bug Bounty program that changed my life

This is a real story or not that occured in mid 2017 or not about a private program or not on hackerone or not believe me or not but it changed my life i would like to thanks all the people from this company i talked with they were very nice with me very fast to fix the bugs and i always got

List of bug bounty writeups

Implications of Loading .NET Assemblies - Written by

WCTF2019: Gyotaku The Flag - Written by

https://www.rtcsec.com/article/slack-webrtc-turn-compromise-and-bug-bounty/

DOS File Path Magic Tricks

By carrie roberts or one equals one

How I got my first big bounty payout with Tesla

Today i m finally doing my write up on how i got my first bug bounty what i learned from the experience and some tips on how with a