#bughunter — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #bughunter, aggregated by home.social.
-
El lado del mal - "Bug Hunter": Guía, herramientas y técnicas del Bug Bounty en la era de Inteligencia Artificial. Nuevo libro en 0xWord https://www.elladodelmal.com/2026/04/bug-hunter-nuevo-libro-en-0xword.html #0xWord #Libro #BugHunting #BugHunter #0xWord
-
https://github.com/brotheralameen1/Discordforschool/security/advisories/GHSA-63xr-98vc-whx5
Published Security Advisory for OneTrust SDK V6.33.0 Vulnerable to Prototype Pollution causing DoS in the system by editing Prototype Value. Currently, submitted this to MITRE CVE to request publication of my CVE to the National Vulnerability Database and awaiting their response. You can click the link above to learn more about the exploit.
#exploit #javascript #prototype #pollution #ethical #ethicalhacking #penetration #testing #cybersecurity #informationsecurity #infosec #cybersec #bughunting #bugbounty #bugbountyhunting #bughunter #webapplication #webapplicationsecurity #security
-
Check it out, here’s another #news #article I’ve been #referenced in:
https://www.13secnews.com/bug-bounty-da-nubank-e-considerado-farsa-desmotivando-hunters/
The article itself is in #Spanish but you can use the #Google #Translate to get in in #English.
#CyberSecurity #BugBounty #EthicalHacking #BugBountyHunting #BBH #BugHunter #BugHunting #WhiteHat #WhiteHatHacker #WhiteHatHacking #PenetrationTesting #PenTesting #PenTest
-
Check it out, here’s another #news #article I’ve been #referenced in:
https://www.13secnews.com/bug-bounty-da-nubank-e-considerado-farsa-desmotivando-hunters/
The article itself is in #Spanish but you can use the #Google #Translate to get in in #English.
#CyberSecurity #BugBounty #EthicalHacking #BugBountyHunting #BBH #BugHunter #BugHunting #WhiteHat #WhiteHatHacker #WhiteHatHacking #PenetrationTesting #PenTesting #PenTest
-
👋 Hi, I’m Alison Breacher (she/her), a cybersecurity researcher focused on finding vulnerabilities and helping make everyday systems more secure. I enjoy digging into the details to turn security gaps into solutions. When I’m not reverse engineering or testing systems, I’m usually learning new tools or collaborating on projects with the infosec community.
Always up for a good challenge and excited to see where this journey takes me next. #Cybersecurity #BugHunter #VulnResearch
-
[Перевод] Как я получил $5000 за Out-of-Scope XSS
Несколько месяцев назад я получил приглашение участвовать в частной программе bug bounty на платформе HackerOne. Сначала я провел свои обычные тесты и обнаружил различные уязвимости, такие как недостаток управления доступом (BAC), утечка авторизационных токенов других пользователей и т.д. После того как я сообщил об этих уязвимостях программе, я заметил, что XSS считается вне области покрытия согласно их политике. Бизнес программы заключался в том, чтобы предоставлять услуги по созданию систем управления контентом и конструкторов веб-сайтов. При создании аккаунта, пользователи получают уникальный поддомен вида <YOUR-SUB>.target.com, который они могут настраивать. Учитывая структуру приложения, XSS был ограничен возможностью воздействия только на собственный поддомен, и программа исключила XSS на <YOUR-SUB>.target.com из области покрытия. Это подтолкнуло меня к поиску уязвимости self-XSS и попытке связать ее с другой уязвимостью, чтобы показать более серьезные последствия. Мне удалось найти несколько цепочек XSS, которые увеличивали ее воздействие. Поскольку на данный момент только одна цепочка была подтверждена, я напишу отчет только о ней. Когда остальные отчеты будут решены, я планирую опубликовать отдельные материалы для каждой из них. Теперь давайте перейдем к самой истории. Найти self-XSS не заняло много времени.
https://habr.com/ru/articles/853742/
#bugbounty #bughunter #xss #xss_уязвимость #cors #информационная_безопасность
-
Asher has spotted another solo housefly on bathroom wall. He's still in the bathroom, trying to catch it.
#CatsOfMastodon #SDFcats #CatLovers #CaturdayEveryday #CatsOfTheFediverse #BugHunter #focused
-
I recently made a highly efficient subdomain discovery wordlist by scanning the entire IPv4 space for SSL certs.
I've written a full article on the project, which is, in fact, my first public InfoSec article ever!
I would love to hear what you think!
You can read it here:
https://n0kovo.github.io/posts/subdomain-enumeration-creating-a-highly-efficient-wordlist-by-scanning-the-entire-internet/(boosts and shares highly appreciated ❤️)
#infosec #writeup #redteam #pentesting #recon #reconnaissance #enumeration #subdomain #subdomains #wordlist #masscan #osint #bugbounty #bughunter #hacking
-
I recently made a highly efficient subdomain discovery wordlist by scanning the entire IPv4 space for SSL certs.
I've written a full article on the project, which is, in fact, my first public InfoSec article ever!
I would love to hear what you think!
You can read it here:
https://n0kovo.github.io/posts/subdomain-enumeration-creating-a-highly-efficient-wordlist-by-scanning-the-entire-internet/(boosts and shares highly appreciated ❤️)
#infosec #writeup #redteam #pentesting #recon #reconnaissance #enumeration #subdomain #subdomains #wordlist #masscan #osint #bugbounty #bughunter #hacking
-
I recently made a highly efficient subdomain discovery wordlist by scanning the entire IPv4 space for SSL certs.
I've written a full article on the project, which is, in fact, my first public InfoSec article ever!
I would love to hear what you think!
You can read it here:
https://n0kovo.github.io/posts/subdomain-enumeration-creating-a-highly-efficient-wordlist-by-scanning-the-entire-internet/(boosts and shares highly appreciated ❤️)
#infosec #writeup #redteam #pentesting #recon #reconnaissance #enumeration #subdomain #subdomains #wordlist #masscan #osint #bugbounty #bughunter #hacking
-
I recently made a highly efficient subdomain discovery wordlist by scanning the entire IPv4 space for SSL certs.
I've written a full article on the project, which is, in fact, my first public InfoSec article ever!
I would love to hear what you think!
You can read it here:
https://n0kovo.github.io/posts/subdomain-enumeration-creating-a-highly-efficient-wordlist-by-scanning-the-entire-internet/(boosts and shares highly appreciated ❤️)
#infosec #writeup #redteam #pentesting #recon #reconnaissance #enumeration #subdomain #subdomains #wordlist #masscan #osint #bugbounty #bughunter #hacking
-
I recently made a highly efficient subdomain discovery wordlist by scanning the entire IPv4 space for SSL certs.
I've written a full article on the project, which is, in fact, my first public InfoSec article ever!
I would love to hear what you think!
You can read it here:
https://n0kovo.github.io/posts/subdomain-enumeration-creating-a-highly-efficient-wordlist-by-scanning-the-entire-internet/(boosts and shares highly appreciated ❤️)
#infosec #writeup #redteam #pentesting #recon #reconnaissance #enumeration #subdomain #subdomains #wordlist #masscan #osint #bugbounty #bughunter #hacking
-
I recently made a highly efficient subdomain discovery wordlist by scanning the entire IPv4 space for SSL certs.
I've written a full article on the project, which is, in fact, my first public InfoSec article ever!
I would love to hear what you think!
You can read it here:
https://n0kovo.github.io/posts/subdomain-enumeration-creating-a-highly-efficient-wordlist-by-scanning-the-entire-internet/(boosts and shares highly appreciated ❤️)
#infosec #writeup #redteam #pentesting #recon #reconnaissance #enumeration #subdomain #subdomains #wordlist #masscan #osint #bugbounty #bughunter #hacking