BugXplorer
@bugxplorer
7.69K subscribers
196 photos
3 videos
56 files
3.8K links
Contacts:
mail: joelblack@protonmail.com
tg: @joe1black

Other:
twitter: https://x.com/BugXpl0rer
Download Telegram
About
Blog
Apps
Platform
Join
BugXplorer
7.69K subscribers
BugXplorer
https://blog.projectdiscovery.io/announcing-the-nuclei-templates-community-leaderboard-and-rewards/
ProjectDiscovery
Announcing the Nuclei Templates Community Leaderboard and Rewards! — ProjectDiscovery Blog
We’re thrilled to unveil our latest milestones: over 9,000 stars and 900 unique contributors on the templates project, along with a staggering 20,000 stars on the Nuclei repository. This phenomenal growth is a testament to our community’s unwavering dedication…
🔥5👍2
2.41K viewsj b
BugXplorer
https://youtu.be/3VJKmARDzJ4?si=rNIUix-MDAF-I2Qx
YouTube
Introducing the URL validation bypass cheat sheet
URL validation bypasses are the root cause of numerous vulnerabilities including many instances of SSRF, CORS misconfiguration, and open redirection. These work by using ambiguous URLs to trigger URL parsing discrepancies and bypass validation. However, many…
1🔥4
2.47K viewsj b
BugXplorer
Forwarded from Standoff 365
🚀 Т-Банк расширяет программу на Standoff Bug Bounty! 🚀

Т-Банк добавляет новые возможности для исследования инновационных продуктов на основе технологий искусственного интеллекта как для физических лиц, так и для бизнеса. 🌟

### Продукты для физических лиц:
1. Умная камера — анализ изображений и видео с возможностью распознавания лиц и объектов.
2. Чат-боты поддержки и толк-бот— автоматизированная онлайн-поддержка для удобства клиентов.
3. T-Fusion —AI-инструмент для генерации изображений.
4. Ассистенты для физических лиц:
Финассистент — ваш виртуальный помощник в управлении финансами.
Шопинг-ассистент — рекомендации по покупкам и скидкам.
Тревел-ассистент — планирование поездок и поиск лучших предложений.
Секретарь — управление временем и задачами в одном месте.

### Продукты для бизнеса:
1. VoiceKit — AI-инструмент для автоматизации голосовых взаимодействий и поддержки клиентов.

🛡 Т-Банк ставит акцент на безопасность своих AI-решений и приглашает сообщество исследователей помочь находить и устранять потенциальные уязвимости.

Стань частью пути к более безопасному и инновационному будущему на платформе Standoff Bug Bounty! 💪

Все перечисленные продукты доступны в мобильном приложении Т-Банка для физических лиц.

Разумеется, пост про ИИ сгенерирован ИИ, так что баги можно поискать и в нем!
👍4🔥1
2.69K viewsj b
BugXplorer
https://portswigger.net/research/concealing-payloads-in-url-credentials
👍9🔥4
3.02K viewsj b
BugXplorer
https://unit42.paloaltonetworks.com/jailbreak-llms-through-camouflage-distraction/
Unit 42
Deceptive Delight: Jailbreak LLMs Through Camouflage and Distraction
We examine an LLM jailbreaking technique called "Deceptive Delight," a technique that mixes harmful topics with benign ones to trick AIs, with a high success rate. We examine an LLM jailbreaking technique called "Deceptive Delight," a technique that mixes…
🔥4👍3
2.72K viewsj b
BugXplorer
https://blog.intigriti.com/hacking-tools/top-4-new-attack-vectors-in-web-application-targets
Intigriti
Top 4 new attack vectors in web application targets
We all like to find vulnerabilities in bug bounty programs, they get us bounties, increase our ranks on platform leaderboards and help us stay motivated to look for more of them. If you've been doin...
🔥6👍2👎1
2.95K viewsj b
BugXplorer
https://portswigger.net/research/new-crazy-payloads-in-the-url-validation-bypass-cheat-sheet
🔥4👍1
2.97K viewsj b
BugXplorer
Starting today, November 1st, 2024, Learn One and SEC-100: CyberCore - Security Essentials are 20% off.

Exclusive limited-time offer available until December 31st, 2024.
SEC-100: https://offsec.com/courses/sec-100
Learn One: https://offsec.com/products/learn-one


🪳@bugxplorer
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥6👍1
3.19K viewsj b
BugXplorer
https://www.yeswehack.com/learn-bug-bounty/dom-explorer-tool-parse-html
YesWeHack
Dom-Explorer launched to reveal how browsers parse HTML, mutated XSS
Learn about Dom-Explorer, a new open-source tool for understanding how popular browsers parse HTML and uncovering mutation XSS vulnerabilities.
👍5🔥4
3.48K viewsj b
BugXplorer
https://youtu.be/mLzxwmNoAI4?si=1HkHlVsi6VSjpec4
YouTube
Digging for XSS Gold: Unearthing Browser Quirks with Shazzer
In this talk, you'll discover why Shazzer was built and how it streamlines the fuzzing process. Gareth Heyes dives deep into its unique fuzz types, exploring when and why to use each one for optimal result, as well as using the simple and advanced placeholders.…
👍4🔥4
3.51K viewsj b
BugXplorer
InfoSec Black Friday Deals 2024

All the deals for InfoSec related software/tools this coming Black Friday.

https://github.com/0x90n/InfoSec-Black-Friday

🪳@bugxplorer
Please open Telegram to view this post
VIEW IN TELEGRAM
1🔥6👍2
3.48K viewsj b, edited  
BugXplorer
Sketchy Cheat Sheet - Story of a Cloud Architecture Diagramming Tool gone wrong

https://jdomeracki.github.io/2024/11/09/sketchy_cheat_sheet/

🪳@bugxplorer
Please open Telegram to view this post
VIEW IN TELEGRAM
👍4🔥3
2.67K viewsj b, edited  
BugXplorer
Paged Out! #5
https://pagedout.institute/download/PagedOut_005.pdf

🪳@bugxplorer
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥4👍3
2.92K viewsj b
BugXplorer
Crafting your bug bounty methodology: A complete guide for beginners

https://blog.intigriti.com/hacking-tools/crafting-your-bug-bounty-methodology-a-complete-guide-for-beginners

🪳@bugxplorer
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥6👍3
3K viewsj b
BugXplorer
PimpMyBurp #11 – Master Signed Token Exploits with SignSaboteur

https://www.yeswehack.com/learn-bug-bounty/pimpmyburp-signsaboteur-burpsuite-extension

🪳@bugxplorer
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥5👍1
2.85K viewsj b
BugXplorer
URLFinder is a high-speed tool for passively gathering URLs, optimized for efficient web asset discovery without active scanning

https://github.com/projectdiscovery/urlfinder

🪳@bugxplorer
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥10👍9🤮6
3.05K viewsj b
BugXplorer
Broken authentication: A complete guide to exploiting advanced authentication vulnerabilities

https://blog.intigriti.com/hacking-tools/broken-authentication-a-complete-guide-to-exploiting-advanced-authentication-vulnerabilities

🪳@bugxplorer
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥6👍5
3.81K viewsj b
BugXplorer
Bypassing WAFs with the phantom $Version cookie

https://portswigger.net/research/bypassing-wafs-with-the-phantom-version-cookie

🪳@bugxplorer
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥4👍3
3.29K viewsj b
BugXplorer
CSPT the Eval Villain Way!

https://blog.doyensec.com/2024/12/03/cspt-with-eval-villain.html

🪳@bugxplorer
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥4👍2
2.91K viewsj b
BugXplorer
Intigriti Bug Bytes #219 - December 2024 🎅

https://blog.intigriti.com/bug-bytes/bug-bytes-219-december-2024

🪳@bugxplorer
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥3👍2
2.68K viewsj b
BugXplorer
Insecure file uploads: A complete guide to finding advanced file upload vulnerabilities

https://blog.intigriti.com/hacking-tools/insecure-file-uploads-a-complete-guide-to-finding-advanced-file-upload-vulnerabilities

🪳@bugxplorer
Please open Telegram to view this post
VIEW IN TELEGRAM
👍4🔥2
2.95K viewsj b