How I Found 6 Reflected XSS — and Turned Them into Account Takeover
https://potatohuman.medium.com/how-i-found-6-reflected-xss-and-turned-them-into-account-takeover-3c0ace797b0a?source=rss------bug_bounty-5
https://potatohuman.medium.com/how-i-found-6-reflected-xss-and-turned-them-into-account-takeover-3c0ace797b0a?source=rss------bug_bounty-5
About MeContinue reading on Medium » (https://potatohuman.medium.com/how-i-found-6-reflected-xss-and-turned-them-into-account-takeover-3c0ace797b0a?source=rss------bug_bounty-5)
Account Takeover Via Reflected XSS
https://medium.com/@eng.mahmoudbughunter/account-takeover-via-reflected-xss-6cd982ebff8d?source=rss------bug_bounty-5
https://medium.com/@eng.mahmoudbughunter/account-takeover-via-reflected-xss-6cd982ebff8d?source=rss------bug_bounty-5
الحمد لله والصلاة والسلام على رسول الله وعلى آله وصحبه أما بعدContinue reading on Medium » (https://medium.com/@eng.mahmoudbughunter/account-takeover-via-reflected-xss-6cd982ebff8d?source=rss------bug_bounty-5)
Account Takeover Via Reflected XSS
الحمد لله والصلاة والسلام على رسول الله وعلى آله وصحبه أما بعدContinue reading on Medium »
Read more...
الحمد لله والصلاة والسلام على رسول الله وعلى آله وصحبه أما بعدContinue reading on Medium »
Read more...
Medium
Account Takeover Via Reflected XSS
الحمد لله والصلاة والسلام على رسول الله وعلى آله وصحبه أما بعد
Guía Avanzada de Penetration Testing en APIs (Parte 2) Explotación Práctica, Mitigación y Reporte…
Metodología avanzada de pentesting en APIs. Incluye fases de explotación práctica (IDOR, Mass Assignment, SSRF, JWT), mitigación y reporte.Continue reading on Medium »
Read more...
Metodología avanzada de pentesting en APIs. Incluye fases de explotación práctica (IDOR, Mass Assignment, SSRF, JWT), mitigación y reporte.Continue reading on Medium »
Read more...
Medium
Guía Avanzada de Penetration Testing en APIs (Parte 2) Explotación Práctica, Mitigación y Reporte PoC
Metodología avanzada de pentesting en APIs. Incluye fases de explotación práctica (IDOR, Mass Assignment, SSRF, JWT), mitigación y reporte.
CORS Vulnerability with Basic Origin Reflection
CORS Vulnerability Explained: Basic Origin Reflection and How It Leads to Data Exposure.Continue reading on OSINT Team »
Read more...
CORS Vulnerability Explained: Basic Origin Reflection and How It Leads to Data Exposure.Continue reading on OSINT Team »
Read more...
Medium
CORS Vulnerability with Basic Origin Reflection
CORS Vulnerability Explained: Basic Origin Reflection and How It Leads to Data Exposure.
Weekly Purple Team Episode: CVE-2025-59287 - Exploiting & Detecting the Critical WSUS RCE
https://www.reddit.com/r/redteamsec/comments/1oq0q6o/weekly_purple_team_episode_cve202559287/
<!-- SC_OFF -->I've just released a new episode covering CVE-2025-59287, the unauthenticated WSUS RCE (CVSS 9.8) that has been actively exploited in the wild since late October. For those who haven't been tracking this issue: it's an unsafe deserialization flaw in Windows Server Update Services that allows remote attackers to execute SYSTEM-level code without authentication. CISA added it to the KEV catalog within 24 hours of confirmed exploitation, and we've seen everything from reconnaissance to infostealer deployment (Skuld) to pre-ransomware activity. 🔴 Red Team Perspective:
How easy this is to exploit.
pre-built scripts for exploitation
How the exploit works in detail. 🔵 Blue Team Perspective:
Building robust detection rules for exploitation indicators
Process telemetry analysis (wsusservice.exe → cmd.exe → powershell.exe)
SIEM/EDR strategies for catching post-exploitation activity
Many of the Sigma rules and writeups are incorrect on this one. Have a look. The goal is to show both how the attack works AND how to build detections that catch it - understanding the red side makes you better at blue. <!-- SC_ON --> submitted by /u/Infosecsamurai (https://www.reddit.com/user/Infosecsamurai)
[link] (https://youtu.be/GKp9hnysMOE) [comments] (https://www.reddit.com/r/redteamsec/comments/1oq0q6o/weekly_purple_team_episode_cve202559287/)
https://www.reddit.com/r/redteamsec/comments/1oq0q6o/weekly_purple_team_episode_cve202559287/
<!-- SC_OFF -->I've just released a new episode covering CVE-2025-59287, the unauthenticated WSUS RCE (CVSS 9.8) that has been actively exploited in the wild since late October. For those who haven't been tracking this issue: it's an unsafe deserialization flaw in Windows Server Update Services that allows remote attackers to execute SYSTEM-level code without authentication. CISA added it to the KEV catalog within 24 hours of confirmed exploitation, and we've seen everything from reconnaissance to infostealer deployment (Skuld) to pre-ransomware activity. 🔴 Red Team Perspective:
How easy this is to exploit.
pre-built scripts for exploitation
How the exploit works in detail. 🔵 Blue Team Perspective:
Building robust detection rules for exploitation indicators
Process telemetry analysis (wsusservice.exe → cmd.exe → powershell.exe)
SIEM/EDR strategies for catching post-exploitation activity
Many of the Sigma rules and writeups are incorrect on this one. Have a look. The goal is to show both how the attack works AND how to build detections that catch it - understanding the red side makes you better at blue. <!-- SC_ON --> submitted by /u/Infosecsamurai (https://www.reddit.com/user/Infosecsamurai)
[link] (https://youtu.be/GKp9hnysMOE) [comments] (https://www.reddit.com/r/redteamsec/comments/1oq0q6o/weekly_purple_team_episode_cve202559287/)
Selling my pc to get a laptop for pentesting
https://www.reddit.com/r/Pentesting/comments/1oqjcjd/selling_my_pc_to_get_a_laptop_for_pentesting/
<!-- SC_OFF -->I have a pc that i would use anything for fps games, editing , streaming etc. I just recently started learning the networking basics that I need to learn to get into pentesting but Ive thinking of selling my pc and getting a good laptop what would be a good laptop for pentesting well technically that can handle anything. there is just so many to choose from but always reading reviews has me rethinking my decision. ive always wanted to start pentesting since highschool but due to financial issues I wasnt able to start but now I can since ive been working and I can buy my own stuff. Any advice would be appreciated my budget is between 700-900. Unless I do pentesting on my pc but I heard is better to keep pentesting separately. Any advice?🙏🏼 <!-- SC_ON --> submitted by /u/Unusual_Grocery_2000 (https://www.reddit.com/user/Unusual_Grocery_2000)
[link] (https://www.reddit.com/r/Pentesting/comments/1oqjcjd/selling_my_pc_to_get_a_laptop_for_pentesting/) [comments] (https://www.reddit.com/r/Pentesting/comments/1oqjcjd/selling_my_pc_to_get_a_laptop_for_pentesting/)
https://www.reddit.com/r/Pentesting/comments/1oqjcjd/selling_my_pc_to_get_a_laptop_for_pentesting/
<!-- SC_OFF -->I have a pc that i would use anything for fps games, editing , streaming etc. I just recently started learning the networking basics that I need to learn to get into pentesting but Ive thinking of selling my pc and getting a good laptop what would be a good laptop for pentesting well technically that can handle anything. there is just so many to choose from but always reading reviews has me rethinking my decision. ive always wanted to start pentesting since highschool but due to financial issues I wasnt able to start but now I can since ive been working and I can buy my own stuff. Any advice would be appreciated my budget is between 700-900. Unless I do pentesting on my pc but I heard is better to keep pentesting separately. Any advice?🙏🏼 <!-- SC_ON --> submitted by /u/Unusual_Grocery_2000 (https://www.reddit.com/user/Unusual_Grocery_2000)
[link] (https://www.reddit.com/r/Pentesting/comments/1oqjcjd/selling_my_pc_to_get_a_laptop_for_pentesting/) [comments] (https://www.reddit.com/r/Pentesting/comments/1oqjcjd/selling_my_pc_to_get_a_laptop_for_pentesting/)
Guía Avanzada de Penetration Testing en APIs (Parte 2) Explotación Práctica, Mitigación y Reporte…
https://medium.com/@jpablo13/gu%C3%ADa-avanzada-de-penetration-testing-en-apis-parte-2-explotaci%C3%B3n-pr%C3%A1ctica-mitigaci%C3%B3n-y-reporte-0a3faf4ea9b9?source=rss------bug_bounty-5
https://medium.com/@jpablo13/gu%C3%ADa-avanzada-de-penetration-testing-en-apis-parte-2-explotaci%C3%B3n-pr%C3%A1ctica-mitigaci%C3%B3n-y-reporte-0a3faf4ea9b9?source=rss------bug_bounty-5
Metodología avanzada de pentesting en APIs. Incluye fases de explotación práctica (IDOR, Mass Assignment, SSRF, JWT), mitigación y reporte.Continue reading on Medium » (https://medium.com/@jpablo13/gu%C3%ADa-avanzada-de-penetration-testing-en-apis-parte-2-explotaci%C3%B3n-pr%C3%A1ctica-mitigaci%C3%B3n-y-reporte-0a3faf4ea9b9?source=rss------bug_bounty-5)
CORS Vulnerability with Basic Origin Reflection
https://osintteam.blog/cors-vulnerability-with-basic-origin-reflection-8316a2cadc3c?source=rss------bug_bounty-5
https://osintteam.blog/cors-vulnerability-with-basic-origin-reflection-8316a2cadc3c?source=rss------bug_bounty-5
CORS Vulnerability Explained: Basic Origin Reflection and How It Leads to Data Exposure.Continue reading on OSINT Team » (https://osintteam.blog/cors-vulnerability-with-basic-origin-reflection-8316a2cadc3c?source=rss------bug_bounty-5)
Bug Bounty Hunting — Complete Guide (Part-130)
🧩 What is Content-Security-Policy: object-src?Continue reading on Medium »
Read more...
🧩 What is Content-Security-Policy: object-src?Continue reading on Medium »
Read more...
Medium
Bug Bounty Hunting — Complete Guide (Part-130)
🧩 What is Content-Security-Policy: object-src?
Bug Bounty Hunting — Complete Guide (Part-131)
⚠️ Summary of prefetch-src (Deprecated)Continue reading on Medium »
Read more...
⚠️ Summary of prefetch-src (Deprecated)Continue reading on Medium »
Read more...
Medium
Bug Bounty Hunting — Complete Guide (Part-131)
⚠️ Summary of prefetch-src (Deprecated)