A writeup of my $4133.70 Google Drive vulnerability chain.

XSS (Cross-Site Scripting) detection has long been a challenge, balancing accuracy with avoiding excessive false positives. Traditionally, this meant creating specific reflection based string matchers for each target, leading to complex and hard-to-maintain…

a post going over 4 exploits for CVE-2024-20017, a remotely exploitable buffer overflow in a component of the MediaTek MT7622 SDK.

Learn why organizations work with ethical hackers, like preventing breaches, meeting regulatory compliance, and helping the security budget.

Unauthenticated API Endpoint to Create Support Ticket Worth $500 FREE ARTICLE LINK👈 Hello hackers, I am back with a new bug bounty write-up. In this blog, I am going to show how I am able to …

LIKE and SUBSCRIBE with NOTIFICATIONS ON if you enjoyed the video! 👍

📚 If you want to learn bug bounty hunting from me: https://bugbounty.nahamsec.training
💻 If you want to practice some of my free labs and challenges: https://app.hackinghub.io


💵 FREE…

In this week's episode, we discuss Microsoft's summit with vendors on their intention to lock down the Windows kernel from endpoint security drivers and possibly anti-cheats. We also talk cryptography and about the problems of nonce reuse.

Introduction Memory management in XNU Page tables Physical use-after-free Exploitation strategy Heap spray Kernel memory read/write Conclusion Bonus: arm64e, PPL and SPTM

The Talent Acquisition team currently has a net promoter score (NPS) of 56%, while the industry standard is 50%. However, we can improve and refine our hiring practices to attract and retain the best talent while maintaining a strong employer brand. The Catalyst…

Uncover the top 6 API security challenges facing AppSec teams, and learn how to solve them with Burp Suite Enterprise Edition

CVE-2024-28987 SolarWinds Web Help Desk Hardcoded Credential Vulnerability Deep-Dive and Indicators of Compromise. This blog details a hardcoded credentials vulnerability which allows an unauthenticated attacker to read and modify all help desk tickets.

The protocol that is used by the WatchGuard Single Sign-On (SSO) agent to communicate with the respective client services is neither encrypted, nor authenticated. The unprotected information that is communicated is used to decide which firewall rules should…

What's Changed
🎉 New Features

Added linear issue tracker support by @Ice3man543 in #5601

linear:
# api-key is the API key for the linear account
api-key: ""
# allow-list sets ...

Critical severity vulnerability CVE-2024-0132 affecting NVIDIA Container Toolkit and GPU Operator presents high risk to AI workloads and environments.

On June 11th, 2024, we discovered a set of vulnerabilities in Kia vehicles that allowed remote control over key functions using only a license plate. These attacks could be executed remotely on any hardware-equipped vehicle in about 30 seconds, regardless…

Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.

Celebrating 10 years of GitHub's bug bounty program! Learn insights into bug bounty growth from a top program.

What's Changed
🎉 New Features

Added linear issue tracker support by @Ice3man543 in #5601

linear:
# api-key is the API key for the linear account
api-key: ""
# allow-list sets ...