Posted by hugeh0ge, Ricerca Security NOTE: We have decided to make our PoC exclusively available to our customers to avoid abuse by scr...

Contribute to james0x40/chrome-webrtc-pocs development by creating an account on GitHub.

How I Hacked Into Your Corporate Network Using Your Own Antivirus Agent by Angelo Ruwantha Recently I was busy with …

JWT Attack to change the algorithm RS256 to HS256. Contribute to 3v4Si0N/RS256-2-HS256 development by creating an account on GitHub.

Welcome back my aspiring cyber warriors! In my earlier tutorial, I showed you some of the basics of using Shodan, "the world's most dangerous search engine". In this tutorial, we will expand and extend your knowledge of the capabilities of Shodan to find…

This is the story of how I was able to get remote code execution on Hubspot 's servers by exploiting a vulnerability in  HubL expression la...

Recently I learnt few new stuff when solving SQL Injection found during pentest and also bugbounty. One of the new technique that seems new...

The number of zeros in http://127.0.0.1 doesn't matter, So we can use the following payloads to bypass SSRF protection: http://127.1 http://127.000000000000000.001 http://127.000.000.00000000000000001 ... #bugbounty #bugbountytips

Everything you need about Burp Extension Generation - rsrdesarrollo/generator-burp-extension

If a web application allow you to upload a .zip file, zip:// is an interesting PHP wrapper to turn a LFI into a RCE. #BugBounty #BugBountyTips #InfoSec

Content Discovery list critical once #1/3 /_session_start_/%0atest /+CSCOU+/../+CSCOE+/files/file_list.json /josso/%5C../web-console /gui/file_viewer.php?encrypt=N&target_folder=utilities&uploaded_filename=../../../../../../../etc/passwd #bugbounty #BugBountyTips…

Hello Friends,

People who aren’t familiar with townscript, it is a ticketing platform for event managers to sell their tickets online operating on 27+…

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, pas...