Anthropic Expands Their Model Safety Bug Bounty Program
https://www.hackerone.com/customer-stories/anthropic-expands-bug-bounty-program
https://www.hackerone.com/customer-stories/anthropic-expands-bug-bounty-program
HackerOne
Anthropic Expands Their Model Safety Bug Bounty Program | HackerOne
Anthropic is expanding its private program on HackerOne!
Concealing payloads in URL credentials
https://portswigger.net/research/concealing-payloads-in-url-credentials
https://portswigger.net/research/concealing-payloads-in-url-credentials
👍7
Vulnerabilities of Realtek SD card reader driver, part 1
https://zwclose.github.io/2024/10/14/rtsper1.html
https://zwclose.github.io/2024/10/14/rtsper1.html
ZwClose
Vulnerabilities of Realtek SD card reader driver, part 1
I discovered multiple vulnerabilities in RtsPer.sys, an SD card reader driver developed by Realtek. These vulnerabilities enable non-privileged users to leak the contents of kernel pool and kernel stack, write to arbitrary kernel memory, and, the most interesting…
👍2
How Hai’s Report Summarization Turns Complex Data Into Actionable Insights
https://www.hackerone.com/ai/hai-report-summarization
https://www.hackerone.com/ai/hai-report-summarization
HackerOne
How Hai’s Report Summarization Turns Complex Data Into Actionable Insights | HackerOne
Learn how Hai, HackerOne's AI Security agent, summarizes reports, provides remediation advice, and creates content.
$150,000 Evmos Vulnerability Through Reading Documentation
https://medium.com/@jjordanjjordan/150-000-evmos-vulnerability-through-reading-documentation-d26328590a7a
https://medium.com/@jjordanjjordan/150-000-evmos-vulnerability-through-reading-documentation-d26328590a7a
Medium
$150,000 Evmos Vulnerability Through Reading Documentation
Life as a Web3 security researcher often consists of deep diving into technical subjects that can be difficult to grasp. Because of this…
👍1
Hello everyone,
I’m looking for a talented individual with full-stack expertise to join our team. Currently, I only have the frontend developed, so this role will be essential for leading the technical aspects of our project.
I'm building a new community and need someone who’s passionate about creating something impactful from the ground up. We'll work closely as a team, and we can discuss the benefits of this collaboration.
“If you want to go fast, go alone; if you want to go far, go together.”
As always, we’re open to hearing from advisors, business angels, or companies interested in collaborating with us.
Looking forward to connecting!
hello@thebugbountyhunter.com
#bugbounty #community #fullstack #startups #business
I’m looking for a talented individual with full-stack expertise to join our team. Currently, I only have the frontend developed, so this role will be essential for leading the technical aspects of our project.
I'm building a new community and need someone who’s passionate about creating something impactful from the ground up. We'll work closely as a team, and we can discuss the benefits of this collaboration.
“If you want to go fast, go alone; if you want to go far, go together.”
As always, we’re open to hearing from advisors, business angels, or companies interested in collaborating with us.
Looking forward to connecting!
hello@thebugbountyhunter.com
#bugbounty #community #fullstack #startups #business
❤4👍1
260 - Hardwear.IO NL, DEF CON 32, and Filesystem Exploitation
https://dayzerosec.com/podcast/260.html
https://dayzerosec.com/podcast/260.html
dayzerosec
Hardwear.IO NL, DEF CON 32, and Filesystem Exploitation
In this week's episode, Specter recaps his experiences at Hardwear.IO and a PS5 hypervisor exploit chain presented there. We also cover some of the recently released DEF CON 32 talks. After the conference talk, we get into some filesystem exploit tricks and…
❤2👍1
Hack My Career: Meet Alek Relyea
https://www.hackerone.com/culture-and-talent/hack-my-career-meet-alek-relyea
https://www.hackerone.com/culture-and-talent/hack-my-career-meet-alek-relyea
HackerOne
Hack My Career: Meet Alek Relyea | HackerOne
Alek is a perfect example of persistence and adaptability, even without a traditional tech background, which can lead to success in the tech industry. In this blog, Alek shares his story and offers a valuable perspective for anyone considering a career change.How…
❤2
Forwarded from Android Security & Malware
Nine writeup for some Android specific chromium behavior vulnerabilities
1) intent:// restrictions bypassed via firebase dynamic links (Fixed, Awarded $3000)
2) Bypass to issue 40060327 via market:// URL (Fixed, Awarded $2250)
3) Add to home screen spoof (Fixed, Awarded $1125)
4) Iframe sandbox allow-popups-to-escape-sandbox bypass via intent (Asked, Not fixed)
5) Controlling Google assistant (Asked, Not fixed)
6) Controlling Clock (Accepted, Not fixed)
7) URL Spoof via intent (Fixed, Awarded $3133.70)
8) BROWSABLE intent:// bypass (Fixed, Duplicate)
9) BROWSABLE intent:// bypass (Fixed, Awarded $4500.00)
https://ndevtk.github.io/writeups/2024/08/01/awas/
1) intent:// restrictions bypassed via firebase dynamic links (Fixed, Awarded $3000)
2) Bypass to issue 40060327 via market:// URL (Fixed, Awarded $2250)
3) Add to home screen spoof (Fixed, Awarded $1125)
4) Iframe sandbox allow-popups-to-escape-sandbox bypass via intent (Asked, Not fixed)
5) Controlling Google assistant (Asked, Not fixed)
6) Controlling Clock (Accepted, Not fixed)
7) URL Spoof via intent (Fixed, Awarded $3133.70)
8) BROWSABLE intent:// bypass (Fixed, Duplicate)
9) BROWSABLE intent:// bypass (Fixed, Awarded $4500.00)
https://ndevtk.github.io/writeups/2024/08/01/awas/
Writeups
Android web attack surface
The following is a writeup for some Android specific chromium behaviors.
❤2👍2🤔1
Take control of your security posture: The Burp Suite Enterprise Edition winter update
https://portswigger.net/blog/take-control-of-your-security-posture-the-burp-suite-enterprise-edition-winter-update
https://portswigger.net/blog/take-control-of-your-security-posture-the-burp-suite-enterprise-edition-winter-update
PortSwigger Blog
Take control of your security posture: The Burp Suite Enterprise Edition winter update
Find out how to take control of your security posture by editing issue severity, marking accepted risks, and more in Burp Suite Enterprise Edition
👍2
New crazy payloads in the URL Validation Bypass Cheat Sheet
https://portswigger.net/research/new-crazy-payloads-in-the-url-validation-bypass-cheat-sheet
https://portswigger.net/research/new-crazy-payloads-in-the-url-validation-bypass-cheat-sheet
❤5
Using AFL++ on bug bounty programs: an example with Gnome libsoup - Almond Offensive Security Blog
https://offsec.almond.consulting/using-aflplusplus-on-bug-bounty-programs-an-example-with-gnome-libsoup.html
https://offsec.almond.consulting/using-aflplusplus-on-bug-bounty-programs-an-example-with-gnome-libsoup.html
👍1
How I Accessed Microsoft’s ServiceNow — Exposing ALL Microsoft Employee emails, Chat Support Transcripts & Attachments
https://medium.com/@moblig/how-i-accessed-microsofts-servicenow-exposing-all-microsoft-employee-emails-chat-support-5f8d535eb63b
https://medium.com/@moblig/how-i-accessed-microsofts-servicenow-exposing-all-microsoft-employee-emails-chat-support-5f8d535eb63b
Medium
How I Accessed Microsoft’s ServiceNow — Exposing ALL Microsoft Employee emails, Chat Support Transcripts & Attachments
Attackers don’t hack in: They log in with your credentials
👍5
Paranoids’ Vulnerability Research: NetIQ iManager Security Alerts | Paranoids | Yahoo Inc.
https://www.yahooinc.com/paranoids/paranoids-vulnerability-research-netiq-imanager-security-alerts
https://www.yahooinc.com/paranoids/paranoids-vulnerability-research-netiq-imanager-security-alerts
Yahooinc
Paranoids’ Vulnerability Research: NetIQ iManager Security Alerts | Paranoids | Yahoo Inc.
Stay informed on the latest security threats with Yahoo Inc.'s Paranoids Vulnerability Research. Protect your business with NetIQ iManager security alerts.
👍2
More Models, More ProbLLMs: New Vulnerabilities in Ollama | Oligo Security
https://www.oligo.security/blog/more-models-more-probllms
https://www.oligo.security/blog/more-models-more-probllms
www.oligo.security
More Models, More ProbLLMs: New Vulnerabilities in Ollama | Oligo Security
Oligo’s research team recently uncovered 6 vulnerabilities in Ollama, one of the leading open-source frameworks for running AI models. Four of the flaws received CVEs and were patched in a recent version, while two were disputed by the application’s maintainers…
👍1
GitHub - Escape-Technologies/graphinder: 🕸️ Blazing fast GraphQL endpoints finder using subdomain enumeration, scripts analysis and bruteforce. 🕸️
https://github.com/Escape-Technologies/graphinder
https://github.com/Escape-Technologies/graphinder
GitHub
GitHub - Escape-Technologies/graphinder: 🕸️ Blazing fast GraphQL endpoints finder using subdomain enumeration, scripts analysis…
🕸️ Blazing fast GraphQL endpoints finder using subdomain enumeration, scripts analysis and bruteforce. 🕸️ - Escape-Technologies/graphinder
👍2
Exploiting Fortune 500 Through Hidden Supply Chain Links - Lupin & Holmes
https://www.landh.tech/blog/20241028-hidden-supply-chain-links/
https://www.landh.tech/blog/20241028-hidden-supply-chain-links/
👍3