Rokosun · @futureisfoss
390 followers · 13762 posts · Server fosstodon.org

@aral happy 🙂

#bughunting

Last updated 1 year ago

Who Let The Dogs Out · @ashed
78 followers · 8272 posts · Server mastodon.ml
Skyper 💻🎧☕📖 · @Skyper
16 followers · 140 posts · Server fosstodon.org

I'm so glad to see that my work on ".DS_Store" parsing has finally landed on the Spider add-on of @zaproxy!

zaproxy.org/docs/desktop/addon

When turned on, this option will tell the Spider to parse ".DS_Store" files inadvertently published on websites to find potential other hidden assets.

The code of the parser has been generated from a description of the ".DS_Store" file format that I made with Kaitai Struct years ago.

formats.kaitai.io/ds_store/

#security #bughunting #infosec

Last updated 2 years ago

Wireghoul · @Wireghoul
253 followers · 107 posts · Server infosec.exchange
Sven · @srkunze
11 followers · 65 posts · Server fosstodon.org
Steve Kirby · @StevePKirby
29 followers · 148 posts · Server mastodon.lol

We've spent weeks tracking down a bug at work. Turns out that SQL Server happily updates an index's "last changed" date before anything is committed, even if the transaction is rolled back. Madness!

#sqlserver #bughunting #softwaredev

Last updated 2 years ago

Harry Sintonen · @harrysintonen
98 followers · 53 posts · Server infosec.exchange

I just submitted the last ticket of the year 2022. The past year has definitely been the year of logic flaws for me. definitely is not dead, but the fuzzing coverage being so great and memory safe languages getting more prominent it kind of leaves other types of vulnerabilities left, logic flaws being the most prominent. Caveat: This of course is just my personal experience, and YMMV depending on what you're poking at specifically.

#bugbounty #fuzzing #infosec #research #bughunting #vulnerabilities

Last updated 2 years ago

Francisco S. · @3lcid
0 followers · 5 posts · Server infosec.exchange

I want to learn . Any good guides?

#bughunting

Last updated 2 years ago

Ames :verified: :donor: · @HillClimber
86 followers · 276 posts · Server infosec.exchange

No for me... the vendor pointed out (correctly) that the bug was noted in a previous report... though it was buried as a lower-priority and hadn't been fixed. I hope they now properly prioritize it as a "critical" fix now. On to the next!

#bounty #bughunting #vulnerabilities #pentesting

Last updated 2 years ago

lorddimwit · @lorddimwit
257 followers · 803 posts · Server mastodon.social

Bismuth’s YouTube content is fascinating if you’re interested in or or .

His most recent video (youtu.be/beib_oYeaxE) is the final one in his series on the A Button Challenge, and I highly recommend you watch the whole series and definitely take a look at his other work on describing in wonderful detail how bugs are exploited in other games.

#speedrunning #reverseengineering #bughunting

Last updated 2 years ago

lorddimwit · @lorddimwit
332 followers · 1478 posts · Server mastodon.social

Bismuth’s YouTube content is fascinating if you’re interested in or or .

His most recent video (youtu.be/beib_oYeaxE) is the final one in his series on the A Button Challenge, and I highly recommend you watch the whole series and definitely take a look at his other work on describing in wonderful detail how bugs are exploited in other games.

#speedrunning #reverseengineering #bughunting

Last updated 2 years ago

hashford · @hashford
103 followers · 263 posts · Server infosec.exchange

What tools and services do people use when and doing research on ? Not touched on this at all yet and while i have found some python libs for crafting specific MIME headers im wondering if there is anything more advanced/mature/refined than me rolling it all myself?

Also, taking recommendations for services for testing, socketlab or mailgun look good and have pretty fleshed out APIs, any others?

#bughunting #exploitdev #email #smtp

Last updated 2 years ago

ReK2 :ancom: :crt_w_prompt: · @rek2
1629 followers · 2715 posts · Server hispagatos.space
Arsimael Inshan · @Arsimael
7 followers · 50 posts · Server social.khajiit.de

Warum man als demnächst mal aktualisieren sollte... (Ich weis, ich habs schon re...tootet(?) aber hier nochmal:

@tinker
THANK YOU! Thats an interesting read.

@n3ll4 evtl willst du das auch lesen ;-) Könnte nützlich werden

infosec.exchange/@tinker/10934

#mastodonadmin #mastodon #cybersec #infosec #bughunting #keepyourshituptodate

Last updated 2 years ago

Tinker ☀️ · @tinker
8558 followers · 4841 posts · Server infosec.exchange

Lol, when a bunch of hackers migrate to new services, they tend to kick the tires a bit 😂​.

Here, some hackers found a way to steal Mastodon passwords by manipulating the way Mastodon allows (and sidestepping the way Mastodon protects) HTML imbedded into posts.

It also highlights the ways that third party plugins (here Glitch, found on the Mastodon server infosec(dot)exchange and others) introduce interesting attack vectors that core maintainers don't initially control (thoughts go out to Wordpress).

The hackers then reported the issues to the Mastodon team and the Glitch team so they could issue security patches.

Big shoutout for finding/reporting the vuln:

Kudos to the Mastodon & Glitch teams for coordinating and issuing a timely security patch.

I expect we'll see a lot of more of these initially (this is good, means the website is getting more secure).

Takeaways:

  • Users: Consider changing your Mastodon password. Implement Multi-Factor Authentication.
  • Admins: Update to the latest Mastodon version. Update any plugins as well.

Full writeup here: portswigger.net/research/steal

#infosec #WebAppPentesting #hacking #bughunting

Last updated 2 years ago

Redhotcyber · @redhotcyber
144 followers · 71 posts · Server mastodon.bida.im

Sta arrivando "Betti"! Il fumetto di Red Hot Cyber sulla Cybersecurity!

Red Hot Cyber, credendo che occorra trovare dei metodi non convenzionali per stimolare le persone verso la al rischio e alla , ha realizzato la prima Graphic Novel di una collana, dal titolo: “”.

2022!

Una guerra silenziosa per la conquista dei dati fa la prima vittima. Un semplice rettore di , creatore di un segreto in grado di cambiare radicalmente la , muore in circostanze misteriose, lasciando nei guai la moglie Anna e la figlia Betti.

Per i pre ordini, potete registrarvi qua: lnkd.in/dfjWvQTc

SAVE THE DATE: GENNAIO 2023

#comics #fumetto #infosecurity #cybersecurity #bughunting #community #hacking #ethicalhacking #redhotcyber #hackerhood #programmazione #software #università #BettiRHC #hacker #cultura #consapevolezza

Last updated 2 years ago

null - Open Security Community · @null0x00
105 followers · 124 posts · Server ioc.exchange

RT @nullcon
😎Hey ! @airtelindia Business Live Bug Hunting👉 We have sent out email to all selected participants

🎉Congratulations to all selected & Happy 8-9 Sep at Grand Hyatt, Goa

👊Go

cc: @SushilSin

#BugHunters #bughunting #secure #NullconGoa2022 #infosec #bugbounty #airtel #telecom

Last updated 2 years ago

The Hacker News · @hackernews_bot
613 followers · 780 posts · Server social.platypush.tech
tXambe · @tXambe
1 followers · 323 posts · Server mastodon.social

RT @0xAsm0d3us@twitter.com

Bug Hunter Handbook: a book that contains lists of resources that will help bug bounty hunters with resources that are useful during their bug bounty journey.

gowthams.gitbook.io/bughunter-

🐦🔗: twitter.com/0xAsm0d3us/status/

#hacking #bughunting #cybersecurity

Last updated 3 years ago