Find out what websites are BuiltWith

I hope you are having a great time, I would like to share an issue which i discovered in less than 10 minutes and got rewarded $XXXX bounty within 24 hours of the submission. So the story begins wh…

Hey guys so this blog post is about an Issue in Snapchat's Website, due to Improper Input Validation one can add custom text & urls in SMS send by Snapchat here's a Short POC of the issue.

Run PowerShell command without invoking powershell.exe - Mr-Un1k0d3r/PowerLessShell

Introduction Continuing on with the Windows exploit journey, it’s time to start exploiting kernel-mode drivers and learning about writing exploits for ring 0. As I did with my OSCE prep, I’m mainly blogging my progress as a way for me to reinforce concepts…

PowerShell has built-in functionality to save sensitive plaintext data to an encrypted object called SecureString. Malicious actors have exploited this functionality as a means to obfuscate PowerShell commands. This blog post discusses SecureString, examples…

A demo vulnerable application for stealing sensitive information by abusing Google Chrome cache - GitHub - MayurUdiniya/Chrome-CORS: A demo vulnerable application for stealing sensitive information...

Hi everyone, today I will talk about an interesting account takeover flaw which I found around a year back. The root cause of this issue…

Hi everyone,This is my first Google bug bounty writeups, I want to tell you about CSRF vulnerability on Google Digital Garage. Have you ever heard of the Google Gigital Garage? an online courses from Google that is designed for you to grow your career or…

Exploitation paths allowing you to (mis)use the Windows Privileges to elevate your rights within the OS. - gtworek/Priv2Admin

»_ everything is not as it seems. 🎃 «input»; p=-alert(1)}//\ $result* var n = {a: "-alert(1)}//\", b: "-alert(1)}//\"}; «input»; p=\&q=-alert(1)// $result* var n = {a: "\", b: "-alert(1)}//"}; #BugBounty #BugBountyTip #WAF #infosec

In this post, I will reveal a security flaw in Autopilot, Microsoft's new solution to deploy Windows machines to end users. I will show you how end users easily can get administrator rights during the installation process.

After digging into Windows 10 and discovering a rather interesting method for bypassing user account control, I decided to spend a little more time investigating other potential techniques for gett…