Contribute to googleprojectzero/Hyntrospect development by creating an account on GitHub.

Background

How to Find Secret token , apikey, etc in js files & source code using bash (xkeys) | recon youtube.com/watch?v=_7EM7f… #bugbounty #recon #bash #bugbountytips The post How to Find Secret token , apikey, etc in js files & source code using bash (xke… appeared…

Or how iOS apps on macOS work under the hood Posted by Samuel Groß, Project Zero This short post explains how code compiled for iOS ...

RCE for Pega Infinity >= 8.2.1, Pega Infinity <= 8.5.2 - samwcyo/CVE-2021-27651-PoC

Fuzzing the Linux kernel Andrey Konovalov, xairy.io May 20th 2021

In this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, Kc Udonsi and Yazhi Wang of the Trend Micro Research Team detail a recent code execution vulnerability in the Microsoft Internet Information Services (IIS) for Windows.…

Join the journey into Plone CMS that lead us to discover an authenticated RCE vulnerability

In May of 2021, Microsoft released a patch to correct CVE-2021-31181 – a remote code execution bug in the supported versions of Microsoft SharePoint Server. This bug was reported to the ZDI program by an anonymous researcher and is also known as ZDI-21…

This article was originally posted to blog.liquidsec.net on June 1, 2021.

Prototype Pollution is a problem affecting JavaScript applications, and now you can use Detectify's page-fetch tool to find it in the wild.

After spending two weeks looking for security bugs in the pre-installed apps on Samsung devices, we were able to find multiple dangerous vulnerabilities.

This article is about how I found a vulnerability on Apple forgot password endpoint that allowed me to takeover an iCloud account. The vulnerability is completely patched by Apple security team and it no longer works. Apple Security Team rewarded me $18,000…

.NET for post-exploitation is here to stay. It has been bundled with most C2 frameworks, common tools have been ported, AMSI has been added (then bypassed) and new and clever ways have been found to launch unmanaged code. The process of loading a .NET assembly…

Detectify Crowdsource ethical hackers found an undocumented authentication bypass in Adobe Experience Manager. Comments from Adobe added.