hack and bug bounty
@hack_com
21
subscribers
20.9K
links
Download Telegram
Join
hack and bug bounty
21 subscribers
hack and bug bounty
Cross-Site Request Forgery (CSRF) Complete Guide with Examples
Medium
Cross-Site Request Forgery (CSRF) Complete Guide with Examples
Cross-Site Request Forgery (CSRF) was one of the first vulnerabilities that I learned at the beginning of my Bug Bounty journey. Combined…
hack and bug bounty
First Valid Bug Bounty Submission — Information Leakage
Medium
First Valid Bug Bounty Submission — Information Leakage
Introduction to Bug Bounty along with First Valid Submission
hack and bug bounty
Passive Recon with Spyse (Part-II)
Medium
Passive Recon with Spyse (Part-II)
بسم الله الرحمن الرحيم In the name of Allah, the Compassionate, the Merciful
hack and bug bounty
Passive Recon with Spyse (Part-I)
Medium
Passive Recon with Spyse (Part-I)
بسم الله الرحمن الرحيم In the name of Allah, the Compassionate, the Merciful
hack and bug bounty
Getting Your First Bug (Part II)
Medium
Getting Your First Bug (Part II)
بسم الله الرحمن الرحيم
In the name of Allah, the Compassionate, the Merciful
hack and bug bounty
Getting Your First Bug (Part I)
Medium
Getting Your First Bug (Part I)
بسم الله الرحمن الرحيم In the name of Allah, the Compassionate, the Merciful
hack and bug bounty
My 1st year of Bug Bounty experience
Medium
My 1st year of Bug Bounty experience
بسم الله الرحمن الرحيم
In the name of Allah, the Compassionate, the Merciful
hack and bug bounty
My Experience of Hacking Dutch Government
Medium
My Experience of Hacking Dutch Government
Bismillahi-r-Rahmani-r-Rahim
(In the name of Allah, the Compassionate, the Merciful)
Assalamu Alaikum (peace be upon you)
hack and bug bounty
How I get my first SWAG from SIDN (Sensitive Data Expose)
Medium
How I get my first SWAG from SIDN (Sensitive Data Expose)
بسم الله الرحمن الرحيم
hack and bug bounty
How I Create My First Tool With Python (UniqMe)
Medium
How I Create My First Tool With Python (UniqMe)
Assalamu Alaikum
hack and bug bounty
Automating REST Security Part 3: Practical Tests for Real-World APIs
Blogspot
Automating REST Security Part 3: Practical Tests for Real-World APIs
Automating REST Security Part 3: Practical Tests for Real-World APIs If you have read our two previous blogposts, you should now have a goo...
hack and bug bounty
Automating REST Security Part 2: Tool-based Analysis with REST-Attacker
Blogspot
Automating REST Security Part 2: Tool-based Analysis with REST-Attacker
Our previous blog post described the challenges in analyzing REST API implementations. Despite the lack of REST standardization, we learned ...
hack and bug bounty
Automating REST Security Part 1: Challenges
Blogspot
Automating REST Security Part 1: Challenges
Although REST has been a dominant choice for API design for the last decade, there is still little dedicated security research on the subjec...
hack and bug bounty
Shadow Attacks … the smallest attack vector ever
Blogspot
Shadow Attacks … the smallest attack vector ever
In July 2020, we introduced a novel attack class called Shadow Attacks . In our recent research, we discovered a new variant of the attack w...
hack and bug bounty
ALPACA: Application Layer Protocol Confusion-Analyzing and Mitigating Cracks in TLS Authentication
Blogspot
ALPACA: Application Layer Protocol Confusion-Analyzing and Mitigating Cracks in TLS Authentication
In cooperation with the university Paderborn and Münster University of Applied Sciences, we discovered a new flaw in the specification of TL...
hack and bug bounty
Security Analysis in an OpenID Connect Lab Environment
Blogspot
Security Analysis in an OpenID Connect Lab Environment
In this post, Christian Fries shows an approach to unveil security flaws in OpenID Connect Certified implementations with well-known attack...
hack and bug bounty
Why Receipt Notifications increase Security in Signal
Blogspot
Why Receipt Notifications increase Security in Signal
This blog post is aimed to express and explain my surprise about Signal being more secure than I thought (due to receipt acknowledgments). ...
hack and bug bounty
Scanning for Padding Oracles
Blogspot
Scanning for Padding Oracles
As you might have heard, we recently got our paper on padding oracle attacks accepted to the USENIX Security Conference. In this paper, we ...
hack and bug bounty
Playing with TLS-Attacker
Blogspot
Playing with TLS-Attacker
In the last two years, we changed the TLS-Attacker Project quite a lot but kept silent about most changes we implemented. Since we do not h...
hack and bug bounty
How To Spoof PDF Signatures
Blogspot
How To Spoof PDF Signatures
One year ago, we received a contract as a PDF file. It was digitally signed. We looked at the document - ignoring the "certificate is not tr...
hack and bug bounty
Practical Bleichenbacher Attacks on IPsec IKE
Blogspot
Practical Bleichenbacher Attacks on IPsec IKE
We found out that reusing a key pair across different versions and modes of IPsec IKE can lead to cross-protocol authentication bypasses, e...
