HackerOne
@hackerone
9.77K subscribers
633 photos
30 videos
76 files
2.69K links
Community : @Sec0x01
@Bug0x
Admin : @Offensive
Download Telegram
About
Blog
Apps
Platform
Join
HackerOne
9.77K subscribers
HackerOne
https://veteransec.com/2018/10/19/hacktober-ctf-2018-binary-analysis-larry/
1.42K viewsxDD
HackerOne
https://www.reddit.com/r/netsec/
Reddit
Technical Information Security Content & Discussion
/r/netsec is a community-curated aggregator of technical information security content. Our mission is to extract signal from the noise — to provide value to security practitioners, students, researchers, and hackers everywhere.
1.44K viewsxDD
HackerOne
https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/
G0Tmi1K
Basic Linux Privilege Escalation - g0tmi1k
Before starting, I would like to point out - I'm no expert. As far as I know, there isn't a
1.58K viewsxDD
HackerOne
https://boredpentester.com/reversing-esp8266-firmware-part-1/
Bored Pentester
Reversing ESP8266 Firmware (Part 1) - Bored Pentester
Reversing ESP8266 firmware for fun and secrets!
1.73K viewsxDD
HackerOne
https://myexperiments.io/linux-privilege-escalation.html
myexperiments.io
MyExperiments - Local Linux privilege escalation overview
This article will give an overview of the basic Linux privilege escalation techniques. Different scopes will be explained like the kernel, the permission file...
1.84K viewsxDD
HackerOne
You can be a kernel hacker!
https://jvns.ca/blog/2014/09/18/you-can-be-a-kernel-hacker/
2.08K viewsxDD, edited  
HackerOne
https://www.youtube.com/watch?v=ojigFgwrtKs
YouTube
iOS 12.1 allows bypass the passcode to see all contacts private information. Feature? Flaw?
Follow me on Twitter for more coming.
http://twitter.com/intent/follow/user?screen_name=vbarraquito

With the release of iOS 12.1 on October 30, Apple left NOT PROTECTED by passcode, easily accessible, YOUR CONTACT INFORMATION (your personal phone numbers…
1.64K viewsAmir Kiani
HackerOne
https://medium.com/@Skylinearafat/a-very-useful-technique-to-bypass-the-csrf-protection-for-fun-and-profit-471af64da276
Medium
A very useful technique to bypass the CSRF protection for fun and profit.
Hi folks, It’s always pleasure to share some good stuff with you guys. The heading of the story may give you an idea that today I’m going…
1.44K viewsAmir Kiani
HackerOne
https://www.youtube.com/watch?v=22CKQ_xed9s
YouTube
James Kettle - Exploiting CORS Misconfigurations for Bitcoins and Bounties - AppSecUSA 2016
Recorded at AppSecUSA 2016 in Washington, DC
https://2016.appsecusa.org/

Exploiting CORS Misconfigurations for Bitcoins and Bounties

Hear the story of how a specification’s innocent intentions toward security and simplicity mingled with Real World Code…
1.56K viewsAmir Kiani
HackerOne
Forwarded from Bug Bounty (Amir Kiani)
https://www.youtube.com/watch?v=iSDoUGjfW3Q
YouTube
BSidesMCR 2018: Practical Web Cache Poisoning: Redefining 'Unexploitable' by James Kettle
394 viewsAmir Kiani
HackerOne
https://www.youtube.com/watch?v=bzKjtMCb4Ls
1.38K viewsxDD
HackerOne
https://www.youtube.com/watch?v=9sN5fiPP7gk
YouTube
Red Alert 2.0 :New Android Banking Trojan (malware).
Red Alert 2.0 :New Android Banking Trojan .

HELLO FRIENDS

Dosto aaj m aapko iss video m btaonga ki "RED ALERT 2.0" kya hai.

Friends red alert ek trah ka maleware hai. ye hmaare bank ki saari information ko steal krke apne developer ko send kr deta hai.…
1.42K viewsxDD
HackerOne
https://scorpiosoftware.net/2018/10/31/public-windows-kernel-programming-class/
Pavel Yosifovich
Public Windows Kernel Programming Class
After a short twitter questionaire, I’m excited to announce a Remote Windows Kernel Programming class to be scheduled for the end of January 2019 (28 to 31). If you want to learn how to write…
1.39K viewsxDD
HackerOne
https://github.com/AMOSSYS/MemITM
GitHub
GitHub - AMOSSYS/MemITM: Tool to make in memory man in the middle
Tool to make in memory man in the middle. Contribute to AMOSSYS/MemITM development by creating an account on GitHub.
1.26K viewsxDD
HackerOne
https://www.nospaceships.com/2018/09/19/packet-capture-on-windows-without-drivers.html
NoSpaceships Ltd
Packet capture on Windows without drivers
Introduction
1.29K viewsxDD
HackerOne
Request Encoding to bypass web application firewalls

https://soroush.secproject.com/blog/2017/09/additional-notes-on-a-forgotten-http-invisibility-cloak-talk/

https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2017/august/request-encoding-to-bypass-web-application-firewalls/

https://www.slideshare.net/SoroushDalili/waf-bypass-techniques-using-http-standard-and-web-servers-behaviour
SlideShare
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour - Download as a PDF or view online for free
1.77K viewsAmir Kiani
HackerOne
Bug Bounty
https://www.youtube.com/watch?v=iSDoUGjfW3Q
https://hackerone.com/reports/303730
HackerOne
GSA Bounty disclosed on HackerOne: Defacement of catalog.data.gov...
An attacker can deface various pages on catalog.data.gov, leading to them executing malicious JavaScript when visited by a normal user.

The root problem is that the server trusts the...
1.59K viewsAmir Kiani
HackerOne
https://medium.com/tenable-techblog/uac-bypass-by-mocking-trusted-directories-24a96675f6e
Medium
UAC Bypass by Mocking Trusted Directories
Hello Everyone,
1.43K viewsAmir Kiani
HackerOne
https://www.zdnet.com/article/flaws-in-self-encrypting-ssds-let-attackers-bypass-disk-encryption/
ZDNET
Flaws in self-encrypting SSDs let attackers bypass disk encryption
Master passwords and faulty standards implementations allow attackers access to encrypted data without needing to know the user-chosen password.
1.52K viewsAmir Kiani
HackerOne
https://github.com/whid-injector/WHID

Opensource Low Cost Hacking Tool for Conducting HID Attacks and Bypass AirGapped Environments
GitHub
GitHub - whid-injector/WHID: WiFi HID Injector - An USB Rubberducky / BadUSB On Steroids.
WiFi HID Injector - An USB Rubberducky / BadUSB On Steroids. - whid-injector/WHID
1.51K viewsAmir Kiani