SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, pas...

Exploiting Self Stored XSS to escalate and achieve Account Takeover using Logout CSRF & oAuth functionality to Steal Cookies or Change…

Learn how attackers dump credentials from wireless networks and devices, and how to prevent such attacks in your wireless environment.

Achieving authentication bypass and SQL injection using PHP’s unserialize()

This post discusses the prototype pollution vulnerability, explains how certain applications can be subject to it, and describes the rationale behind its severity classification.

In this tutorial, we are going to look at the basic structure of a Go program and run a simple Hello World program.

Impact Pi-hole is affected by a Remote Code Execution vulnerability. An authenticated user of the Web portal can execute arbitrary command with the underlying server with the privileges of the loca…

XSS Game: Learn Cross Site Scripting (XSS) by completing challenges!

Your guide to abusing 'language barriers' between web components.

Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.

​Docker is a tool designed to make it easier to create, deploy, and run applications by using containers. Containers allow a developer to package an application with all of the parts it needs, such...

Messed around a bit more since I needed to load in a script for CSP bypass as well and somehow this bypasses Akamai <SCr%00Ipt>confirm`1`</scR%00ipt> (can load scripts with src as well) 🤔 #bugbountytips #bugbountytip