Marcel SIneM(S)US · @simsus
218 followers · 5439 posts · Server social.tchncs.de
#iPhone mit #Apple-#Jailbreak: Sicherheitsforscher können sich wieder bewerben | Mac & i https://www.heise.de/news/iPhone-mit-Apple-Jailbreak-Sicherheitsforscher-koennen-sich-wieder-bewerben-9290995.html #Hacking #BugBounty
#iphone #apple #jailbreak #hacking #bugbounty
da_am · @anthony
62 followers · 16 posts · Server mast.mrrl.me$50 usd to the person that can port over the PCOIP client (teradici, HP whatever it is these days) to NixOS.
https://docs.teradici.com/find/product/software-and-mobile-clients/2023.06/software-client-for-linux
#bugbounty #nix
Konstantin Weddige · @weddige
147 followers · 1008 posts · Server gruene.socialWhile bug bounty programmes can be a valuable tool for companies to maintain a high level of security, it can be very frustrating to report vulnerabilities through them.
I do not want to discuss the scope of the programme or the impact of the vulnerability with an analyst whose primary goal is to reduce the bounty. My primary goal is to get the vulnerability fixed. If you insist on haggling over the bounty, do it after that.
sollee (e/Δ) · @sollee
11 followers · 24 posts · Server cyberplace.socialwall of shame for unpaid bug bounties
https://bug-bounty-wall-of-shame.github.io/
#crypto #defi #dev #code #programming #blockchain #bugbounty
#crypto #defi #dev #code #programming #blockchain #bugbounty
GitHub · @github
77 followers · 132 posts · Server techhub.socialNine years of the GitHub Security Bug Bounty program
Check it out! 👇
https://github.blog/2023-08-14-nine-years-of-the-github-security-bug-bounty-program/
#bugbounty #security #community
dusoft · @dusoft
65 followers · 579 posts · Server fosstodon.orgAny tips on doing ethical vulnerability disclosure? I have tried to contact the affected company multiple times to no avail.
They don't have any bounty or security contact info published.
#security #vulnerability #disclosure #hacking #bugs #bugbounty
#security #vulnerability #disclosure #hacking #bugs #bugbounty
Joe Lucas · @josephtlucas
61 followers · 122 posts · Server fosstodon.orgProject Jupyter launched a bug bounty for Server, Lab, and Hub. Go check it out!
https://blog.jupyter.org/european-commission-funds-jupyter-bug-bounty-program-b7b96f9831e6
Nicola Ferrini · @nicferr
45 followers · 2404 posts · Server mastodon.uno
L’evoluzione del #bugbounty passa dal crowd https://www.cybersecurity360.it/soluzioni-aziendali/bug-bounty-scoperte-nuove-vulnerabilita/
👾 Rene Rehme · @renereh1
665 followers · 147 posts · Server neos.social
It looks like an angle bracket is filtered on the backend. I need this operator for a time-based injection because there is no response output. Alternative filter evasion? #sqli #sqlinjection #payload #BugBounty #bugbountytipHelp.
#sqli #sqlinjection #payload #bugbounty #bugbountytiphelp
Marcel SIneM(S)US · @simsus
203 followers · 4568 posts · Server social.tchncs.deDie nächsten Pentests für das E-Voting - inside-it.ch https://www.inside-it.ch/die-naechsten-pentests-fuer-das-e-voting-20230712 #BugBounty #eVoting
ApisNecros · @ApisNecros
94 followers · 1029 posts · Server ioc.exchangeBeen out of the game for a bit on account of life moving fast, but after only a couple hours I managed to find a completely transparent #SQLInjection vuln on a target. After building a strong case, it's now reported. Feels good, man 💪
#sqlinjection #cybersecurity #infosec #hacking #hacktheplanet #bugbounty
WildTuna 🇷🇺 · @wildtuna
65 followers · 751 posts · Server social.exo.icuПри эксплуатации XSS не забывайте об элементе <math>, который может сделать любой HTML-элемент кликабельным при использовании браузера Firefox.
<math>
<xss href="javascript:alert(1337)">
Click Me
</xss>
</math>
Lauritz · @lauritz
76 followers · 27 posts · Server ruhr.socialAdditionally, it comes with some handy features such as basic Parameter Guessing, Proxy Configuration, Throttling, Exclusion for certain strings, Non-Headless mode, ...
PSA: I only tested it on macOS Ventura for now.
(3/3)
Lauritz · @lauritz
75 followers · 20 posts · Server ruhr.social[Blog Post] Unauthenticated #XSS to ATO using #SSO Gadget Chain
Just blogged about a vulnerability chain I recently discovered in a private bug bounty program:
https://security.lauritz-holtmann.de/post/csti-xss-sso-gadget-chain/
TL;DR: If you encounter an SSO implementation, make sure to test the /callback endpoint for XSS within the OAuth/OIDC "error_description" parameter.
Always try to escalate "non-exploitable" XSS-vulns (Self-XSS, only possible when user has no active session, …) using SSO gadgets.
#xss #sso #bugbounty #vuejs #oidc #oauth
Profoundly Nerdy · @profoundlynerdy
95 followers · 470 posts · Server bitbang.social@craigmaloney Worse, I don't know of a single bank with a #bugbounty. New code equals new bugs.
Vasileiadis A. (Cyberkid) 🛡 · @Cyberkid1987
137 followers · 401 posts · Server defcon.social
Rules for Android Application Security
A collection of Semgrep rules derived from the #OWASP #MASTG for Android apps
Use the rules to scan them against decompiled APK files to find vulnerabilities
https://github.com/mindedsecurity/semgrep-rules-android-security
#owasp #mastg #bugbounty #pentesting
Vasileiadis A. (Cyberkid) 🛡 · @Cyberkid1987
117 followers · 371 posts · Server defcon.social
Recon Tools
#infosec #cybersecurity #cybersecuritytips #pentesting #redteam #informationsecurity #CyberSec #networking #networksecurity #infosecurity #cyberattacks #security #linux #cybersecurityawareness #bugbounty #bugbountytips
#infosec #cybersecurity #cybersecuritytips #pentesting #redteam #informationsecurity #cybersec #networking #networksecurity #infosecurity #cyberattacks #security #linux #cybersecurityawareness #bugbounty #bugbountytips
Vasileiadis A. (Cyberkid) 🛡 · @Cyberkid1987
117 followers · 370 posts · Server defcon.social
Time to Crack MD5 Hash
#infosec #cybersecurity #cybersecuritytips #pentesting #redteam #informationsecurity #CyberSec #networking #networksecurity #infosecurity #cyberattacks #security #linux #cybersecurityawareness #bugbounty #bugbountytips
#infosec #cybersecurity #cybersecuritytips #pentesting #redteam #informationsecurity #cybersec #networking #networksecurity #infosecurity #cyberattacks #security #linux #cybersecurityawareness #bugbounty #bugbountytips
Vasileiadis A. (Cyberkid) 🛡 · @Cyberkid1987
117 followers · 364 posts · Server defcon.social
💉 AWS WAF Clients Left Vulnerable to SQL Injection Due to Unorthodox MSSQL Design Choice
By @GoSecure_Inc
#infosec #cybersecurity #bugbounty
Vasileiadis A. (Cyberkid) 🛡 · @Cyberkid1987
115 followers · 359 posts · Server defcon.social
Encrypted Reverse Shell for Pentester
https://www.hackingarticles.in/encrypted-reverse-shell-for-pentester/
#infosec #cybersecurity #cybersecuritytips #pentesting #redteam #informationsecurity #CyberSec #networking #networksecurity #infosecurity #cyberattacks #security #linux #cybersecurityawareness #bugbounty #bugbountytips
#security #linux #cybersecurityawareness #bugbounty #bugbountytips #infosec #cybersecurity #cybersecuritytips #pentesting #redteam #informationsecurity #cybersec #networking #networksecurity #infosecurity #cyberattacks