- XSSTRON :-Electron JS Browser To Find XSS Vulnerabilities Automatically
-Taser : Python3 resource library for creating security related tooling
-MetaMask Clickjacking Vulnerability Analysis
-Posta. Cross-document Messaging security research tool
-RUSTSCAN — THE MODERN PORT SCANNER
-Holy FFUF! — A Beginner Guide to Fuzz with FFUF
-GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes
-Burp Macros: What, Why & How?
Introducing DOM Invader: DOM XSS just got a whole lot easier to find
-Jira-Lens Fast and customizable vulnerability scanner For JIRA written in Python
-Setup Your Private Burp Collaborator for SSRF/XXE
-Experience Burp Suite Enterprise Edition in a new live demo
-Urls de-duplication tool for better recon.
-ZKar is a Java serialization protocol analysis tool implement in Go
-Smap : a drop-in replacement for Nmap powered by shodan.io
-DumpXSS. Scanner Tool For XSS Vulnerability
-A Brief Introduction to Prototype Pollution
-Caido - Lightweight Web Security Auditing Toolkit
-AssetFinder: A Handy Subdomain and Domain Discovery Tool
-Designing sockfuzzer, a network syscall fuzzer for XNU
-Proto Find. Let's check if your target is vulnerable for client side prototype pollution
-Prototype Pollution Scanner made in Golang
-New differential fuzzing tool reveals novel HTTP request smuggling techniques
-CRLFuzz – Hacker Tools: Injecting CRLF for bounties
-OWASP Top 10: Static Analysis of Android Application & Tools Used
-S3Scanner - Scan for open S3 buckets and dump the contents
-Online - Reverse Shell Generator
-PurplePanda : Identify privilege escalation paths within and across different clouds
-A Burp Suite extension made to automate the process of finding reverse proxy path based SSRF
-STEWS is a tool suite for security testing of WebSockets
-Webrecon : Automated Web Recon Shell Scripts
-Gotator is a tool to generate DNS wordlists through permutations.
-Latest web hacking tools – Q3 2021
-Introducing Baserunner: a tool for exploring and exploiting Firebase datastores
-Turbo Intruder – Hacker Tools: Going faster than ever!
-What the fuzz?! — The truth behind content discovery
-Meg – Hacker Tools: Endpoint scan the masses!
-S3Sec - Check AWS S3 instances for read/write/delete access
-Uniscan: An RFI, LFI, and RCE Vulnerability Scanner
-Jira Scan is a simple remote scanner for Atlassian Jira
-Raider - Web authentication testing framework
-Reconator - Automated Recon for Pentesting & Bug Bounty
-Log4j2 RCE Passive Scanner plugin for BurpSuite
-A tool to find redirection chains in multiple URLs
-EMBA - The firmware security analyzer
-GradeJS analyzes production Webpack bundles without having access to the source code of a website.
-Saltzer and Schroeder's 10 secure design principles as applied to solidity smart contracts.
-Teen hacker scoops $4,500 bug bounty for Facebook flaw that allowed attackers to unmask page admins
-Security researcher earns plaudits after discovering Yandex SSRF flaw
-How I was able to reveal page admin of almost any page on Facebook
-A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228
-Cero : Scrape domain names from SSL certificates of arbitrary hosts
-Smap : passive Nmap like scanner built with shodan.io
-Shopify Plugin Bypass using P3 Client-side injection thru API Implementation Vulnerability
-A Simple and Comprehensive Vulnerability Scanner for Containers, Suitable for CI
-Run all your bug bounty VPN profiles in parallel and expose them via multiple local SOCKS proxies.
-How to find new/more domains of a company? - Recon Stuff
-xnLinkFinder : A python tool used to discover endpoints for a given target
-Decrypting Mobile App Traffic using AES Killer and Frida
-How good is Burp's API Scanning?
-CSRF Testing Guide For Bug Bounty Hunters
-BrokenLinkHijacker(BLH) is a Fast Broken Link Hijacker Tool written in Python
-A collection of hacker tools using HackerOne's API
-Vulnerabilities in exported activity WebView
-Bug Bounty Recon: Horizontal Correlation
-How I Found multiple SQL Injection with FFUF and Sqlmap in a few minutes
-A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution
-How I earned 240$ from a Zero Interface
-Reverse engineering Flutter for Android + Doldrums (Doldrums is a reverse engineering tool for Flutter apps)Tool Link = Doldrum Tool
-Introducing PacketStreamer: distributed packet capture for cloud-native platforms
-Go Dork. The fastest dork scanner written in Go
-uro - declutters url lists for crawling/pentesting
-ClusterFuzzLite - Simple continuous fuzzing that runs in CI
-Escalating XSS to Sainthood with Nagios
-Passive DNS Capture/Monitoring Framework
-Command Injection — All in one Blog
-fail2ban – Remote Code Execution
How Gopher works in escalating SSRFs
-Cloudlist is a tool for listing Assets from multiple Cloud Providers
-r2flutch - tool to decrypt iOS apps using r2frida
-400$ Bounty again using Google Dorks
-Top 10 web hacking techniques of 2020 | PortSwigger Research
-CVE-2021-41773: Path Traversal Zero-Day in Apache HTTP Server Exploited
-Discoverability by phone number/email restriction bypass
-Internal Gitlab Ticket Disclosure via External Slack Channels
-10 Types of Web Vulnerabilities that are Often Missed
-Ultimate Reconnaissance RoadMap for Bug Bounty Hunters & Pentesters
-An attacker can archive and unarchive any structured scope object on HackerOne
-Modify in-flight data to payment provider Smart2Pay
-Bugs in our Pockets: The Risks of Client-Side Scanning
-Hunting Sourcemaps On Steroids
-Make recruiting referrals on behalf of employees ($3000)
-Misconfigured Reset password that leads to Account Takeover (No user Interaction ATO)</>
-View orders and financial reports lists for any page shop ($500)
-Hunting for Prototype Pollution and it’s vulnerable code on JS libraries
-If It’s a Feature!!! Let’s Abuse It for $750
-Story of my first cash bounty on hackerone
-How I made it into the United Nations hall of fame as I slept
-Embedding Payloads and Bypassing Controls in Microsoft InfoPath
-Critical Vulnerability in Microsoft Azure Cosmos DB
-How I hacked one of the biggest Airline in the world
-Bug Bounty Short Tips as image
-How I found a bug in Apple within just in 5min
-Chaining vulnerabilities to criticality in Progress WhatsUp Gold
-A Quick Guide to Hack private variables in Solidity
-How I found my first Chrome bug
-The second part of discovered vulnerabilities in pre-installed apps on Samsung devices
-$300 Google API key leaked to Public on Live Website
-Full account takeover vulnerability in Minecraft
-5 Ways to Exploit a Domain Takeover Vulnerability
-Expect The Unexpected: Discovering fresh ZeroDay for Bounty
-How I found a critical P1 bug in 5 minutes using a cellphone — Bug Bounty
-Leaked H1's Employees Email addresses,meeting info on private bug bounty program
-Hacking the Apple Webcam (again)
-Bug Bounty FIRE Goals
-Multiple vulnerability leading to account takeover in TikTok SMB subdomain.
-Story of my hacking Dutch Government
-GitLab triages bug bounty-reported flaws with latest release
-Bypassing CSP with dangling iframes
-He is already here: Privileges escalation due to invalidating current users
-Multiple bugs chained to takeover Facebook Accounts which uses Gmail.
-Earn $200K by fuzzing for a weekend: Part 1
-Earn $200K by fuzzing for a weekend: Part 2
-Hacking the Blockchain: An Ultimate Guide
-Bounty Evaluation GitHub = $15,000 US Dollars
-A Konami Code for Vuln Chaining Combos
-2 click Remote Code execution in Evernote Android
-Spring cloud function SpEL RCE
-New Spring Framework RCE Vulnerability Confirmed - What to do?
-My First RCE from N/A to Triaged (CVE-2021–3064)
-RCE via WebDav - Power Of PUT
-HTTP Desync Attack (Request Smuggling) - Mass Session Hijacking
-How I Found Multiple Bugs On FaceBook In 1 Month And a Part For My Methodology & Tools
-RCE 0 day for GhostScript-9.50
-Low hanging fruits on Facebook Group Room
-Denial of Service via Hyperlinks in Posts
-How I got access to many PIIs through a source code leak
-F5 BIG-IP Critical Vulnerability Exploited By Attackers To Gain Unauthenticated RCE</>
-How “Forgot Password” can cost you your account
-Subdomain Enumeration Guide 2021
-Full account takeover through referral code
-Information Gathering&scanning for sensitive information
-The easiest $2500 I got it from bug bounty program
-Disclose leads form details of any Facebook Business Account or Facebook Page
-Remote code execution in cdnjs of Cloudflare
-RCE via unsafe inline Kramdown options when rendering certain Wiki pages
-MyBB Remote Code Execution Chain
-Critical Gems Takeover Bug Reported in RubyGems Package Manager
-Hunting evasive vulnerabilities
-Ability To Delete User(s) Account Without User Interaction
-URLs in img tag aren’t safely embedded. ($500)
-Low privilege user can read POS PINs via graphql and elevate his privilege
-That single GraphQL issue that you keep missing
-CVE-2021-4191: GitLab GraphQL API User Enumeration (FIXED)
-Hx01 Abusing Data Protection Laws For D0xing & Account Takeovers
-Access employees files in internal CDNs/ Access users modified/deleted content.($12500)
-Forced Browsing to Access Admin Panel
-I found IDOR Vulnerability at Microsoft Subdomain
-Fuzzing + IDOR = Admin TakeOver
-How I was able to take over accounts in websites deal with Github as an SSO provider
-IDOR leads to leak Private Details
-How I found my first bug (IDOR)
-IDOR to information disclosure + Admin Account Takeover
-$600 for IDOR (File or Folder Download)
-A Story of IDOR which leads to privacy violation…$$$
-How I found my first IDOR in HackerOne
-$5000 Google IDOR Vulnerability Writeup
-Attacking Access Control Models In Modern Web Applications
-How I Get $1350 From IDOR Just Less 1 hours
-How I earned $9000 with Privilege escalations
-How I Get $1350 From IDOR Just Less 1 hours
-IDOR in "external status check" API leaks data about any status check on the instance
-4300$ Instagram IDOR Bug (2022)
-How I was able to takeover any users account on a major telecoms website
-IDOR via GET Request which can SOLD all User Products
-Shopify Account Takeover $22,500 Bug Bounty
-Weird Google bugs, SAML padding Oracle & Apache path traversal continued
-Practical HTTP Header Smuggling: Sneaking Past Reverse Proxies to Attack AWS and Beyond
-$5,000 YouTube IDOR - Bug Bounty Reports Explained
-Host Header Injection Lead To Account Takeover
Finding DOM Polyglot XSS in PayPal the Easy Way
-XSS with Markdown — Exploit & Fix on OpenSource
-postMessage XSS in Tesla Payment page
-XSS Through The Front-Door @ GitLab
-HTML parser bug triggers Chromium XSS security flaw
-Email platform Zimbra issues hotfix for XSS vulnerability under active exploitation
-Exploiting DOM Based XSS via Misconfigured postMessage() Function
-Stored XSS To Other Users Via Messages
-Cache Poisoning via SelfXSS + Path Parameter
-Subdomain Takeover in Azure: making a PoC
-XSS via X-Forwarded-Host header
-Time-Based SQL Injection to Dumping the Database
-Blind XSS in app.pullrequest.com/████████ via /reviews/ratings/{uuid}
-Hacking Swagger-UI - from XSS to account takeovers
-Stored XSS in markdown via the DesignReferenceFilter
-XSS through base64 encoded JSON
-Stumbling across a DOM XSS on google.com
-XSS Bug in SEOPress WordPress Plugin Allows Site Takeover
-Stored XSS to RCE Chain as SYSTEM in ManageEngine ServiceDesk Plus
-Stored XSS in Notes (with CSP bypass for gitlab.com)
-Stored XSS in Google Doubleclick Studio
-Moodle: Blind SQL Injection (CVE-2021-36393) and Broken Access Control (CVE-2021-36397)
-Finding an unseen SQL Injection by bypassing escape functions in mysqljs/mysql
-WordPress 5.8.2 Stored XSS Vulnerability
-CVE-2022-24948: Apache JSPWiki preauth Stored XSS to ATO
-Stored XSS: Non-Privileged User to Anyone Using QR Code
-Javascript Hoisting in XSS Scenarios
-Palisade identifies Wormable Cross-Site Scripting Vulnerability affecting Rarible’s NFT Marketplace
-CVE-2021-26084,Atlassian Confluence OGNL
-Exploiting Redash instances with CVE-2021-41192
-Web Cache Poisoning leads to Stored XSS
-Stored XSS via Mermaid Prototype Pollution vulnerability
-PostMessage Xss vulnerability on private program
-Easy SQLi in Amazon subsidiary using Sqlmap
-Fun sql injection — mod_security bypass/a>
SQL Injection Bugs on All Verizon Media Assets
-Hunting for Bugs in File Upload Feature
-How i made 15k$ from Remote Code Execution Vulnerability
-HTTP request smuggling bug patched in mitmproxy
-Able to steal bearer token from deep link
-Unsafe content loading [Electron JS]
-Trigger custom URL in Medium Android app
-Add new managed stores without permission
-Hacking Microservices For Fun and Bounty
-Cache Poisoning & Lateral Movement @ GitLab
-Attacking File Uploads in Modern Web Applications
-Full Account Takeover via Open Redirection
-Bypassing File Upload Restriction using Magic Bytes
-Hacking a Bank by Finding a 0day in DotCMS
-Laravel 8.x image upload bypass
-How I Made $16,500 Hacking CDN Caching Servers — Part 1
-How I Made $16,500 Hacking CDN Caching Servers — Part 2
-How I Made $16,500 Hacking CDN Caching Servers — Part 3
-Bypassing default visibility for newly-added email in Facebook(Part I - Submitting I.D)
-Bypassing default visibility for newly-added email in Facebook(Part II - Trusted Contacts)
-Slack integration setup lacks CSRF protection
-My first report on HackerOne: A logic flaw in npm
-Multiple bugs leads to RCE on TikTok for Android
-Leaking Facebook user information to external websites ($2000)
-All about Password Reset vulnerabilities
-How I hacked thousand of subdomains
-How I Scored 1K Bounty Using Waybackurls
-CSRF protection bypass in GitHub Enterprise management console
-Common Nginx Misconfiguration leads to Path Traversal
-How I got Apple Hall Of Fame !
-Preventing compromised password reuse on HackerOne.com
-CVE-2022-21703: cross-origin request forgery against Grafana
-2 CSRF 1 IDOR on Google Marketing Platform
-Lack of URL normalization renders Blocked-Previews feature ineffectual
-AWS Targeted by a Package Backfill Attack
-CSRF on /api/graphql allows executing mutations through GET requests
-XXE in Public Transport Ticketing Mobile APP
-I have Found Microsoft Subdomain Website database list, database username, password
-Hijacking accounts with host manipulation using collaborator
-Demographic Misconfiguration on Facebook live
-Critical Valve Bug Lets Gamers Add Unlimited Funds to Steam Wallets
-How we spoofed ENS domains for $15k
-Basecamp disclosed on HackerOne: Insecure Bundler configuration
-Exploiting S3 bucket with path folder to Access PII info of A BANK
-Open Redirect to Account Takeover
-Enumerate internal cached URLs which lead to data exposure
-Open redirect in Instagram.com ($500)
-Open Redirect Vulnerability & Some Common Payloads
-Broken Link hijacking — What it is and how to get bounties with it!
-Exploiting weak configurations in Google Cloud Identity Platform
-WordPress XXE Vulnerability in Media Library – CVE-2021-29447
-A Brief Introduction to Prototype Pollution
-CORS misconfig that worths USD200
-Blog posts atom feed of a store with password protection can be accessed by anyone
-Enzyme Finance Price Oracle Manipulation Bug Fix Postmortem
-A Long Story of XXE Vulnerability!!
-Pwn2Own Local Escalation of Privilege Category
-Overwolf 1-Click Remote Code Execution - CVE-2021-33501
-Bypassing Box’s Time-based One-Time Password MFA
-Exploiting URL Parsing Confusion Vulnerabilities
-How i made 15k$ from Remote Code Execution Vulnerability
-Link hijacking Binance’s shortlinks through AppsFlyer
-Subdomain Takeover Via Flywheel
How I was able to Takeover Accounts on Foxit.com
-The Complete Guide to Prototype Pollution Vulnerabilities
-Misconfigured Reset password that leads to Account Takeover
-2FA Bypass via Forced Browsing
-Duo Two-factor Authentication Bypass
-Account Takeovers — Believe the Unbelievable
-Account Takeover + A Bonus Vulnerability
-Cross-Site WebSocket Hijacking (CSWSH)
-Zabbix - A Case Study of Unsafe Session Storage
-Logic Flaw Leading to RCE in Dynamicweb 9.5.0 - 9.12.7
-Writeup for an iOS 15 exploit that can achieve kernel
-WSO2 RCE (CVE-2022-29464) exploit and writeup
-Improper Authentication - any user can login as other user with otp/logout & otp/login
-A Summary of OAuth 2.0 Attack Methods
-Bypassed the subscription and got the certification
-Broken Authentication Login With Google
-Security researcher finds dangerous bug in Chromium, nabs $15,000 bounty
-OAUTH2 bearer not-checked for connection re-use
-2fa Bypass Using Response Manipulation
-OTP brute-force via rate limit bypass
-Account Takeover via SMS Authentication Flow
-Bypassing Login Page in 2 Mins
-Pre-Auth RCE in Moodle Part I - PHP Object Injection in Shibboleth Module
-Pre-Auth RCE in Moodle Part II - Session Hijack in Moodle's Shibboleth
-Web Cache Poisoning: A Tale of chaining unkeyed inputs
-EXPLOITING JSON WEB TOKEN [JWT]
-Researchers Bypass SMS-based Multi-Factor Authentication Protecting Box Accounts
-Trick to bypass rate limit of password reset functionality
-Exploiting OAuth: Journey to Account Takeover
-A tale of 0-Click Account Takeover and 2FA Bypass
-Exploiting OAuth: Journey to Account Takeover
-Account Takeover using OAuth Misconfiguration | Badoo Bug Bounty $300
-Pwning a Server using Markdown
-How I found a bug in Apple within just in 5min
-Hacking Google Drive Integrations
-1-click RCE in Electron Applications
-SSRF: Bypassing hostname restrictions with fuzzing
-Just Gopher It: Escalating a Blind SSRF to RCE for $15k
-Simple SSRF Allows Access To Internal Assets
-FogBugz import attachment full SSRF requiring vulnerability
-SSRF in ColdFusion/CFML Tags and Functions
-Stealing administrative JWT's through post auth SSRF (CVE-2021-22056)
-SSRF in PDF Renderer using SVG
-Turning bad SSRF to good SSRF: Websphere Portal
-SSRF for kube-apiserver cloudprovider scene
-Full read SSRF that can leak aws metadata and local file inclusion (www.evernote.com )
-SSRF in PDF export with PhantomJs
-Java RMI services often vulnerable to SSRF attacks – research
-SSRF Attack Examples and Mitigations
-Easy SSRF from Wayback Machine
-SSRF & LFI In Uploads Feature
-Cross Site Port Attack in Wild
-Encrypting our way to SSRF in VMWare Workspace One UEM (CVE-2021-22054)
-A Tale of Open Redirection to Stored XSS
-The story of 3 bugs that lead to Unauthorized RCE — Pascom Systems
-Internet Bug Bounty: High severity vulnerability in Apache HTTP Server could lead to RCE
-The Story of a RCE on a Java Web Application
-Bypassing required reviews using GitHub Actions
-Achieving Remote Code Execution via Unrestricted File Upload
-Node.js was vulnerable to a novel HTTP request smuggling technique
-From XSS to RCE (dompdf 0day)
-Tagged User Could Delete Facebook Story
-Arbitrary file read via the bulk imports UploadsPipeline
-How I Was Able To TakeOver Any Account On One Of Europe's Largest Media Companies
-RCE on Starbucks Singapore and more for $5600
-Bug Bounty Recon: Vertical Correlation (and the secret to succeeding)
-Critical Vulnerabilities in PHP Everywhere Allow Remote Code Execution
-Sesh Gremlin attack, RCE via password field & Pwning XMLSec for info disclosure and bounties
-RCE on CS:GO client using unsanitized entity ID in EntityMsg message
-Full Account takeover (ATO) — a tale of two bugs
-A Scientific Notation Bug in MySQL left AWS WAF Clients Vulnerable to SQL Injection
-Chaining an Blind SSRF bug to Get an RCE
-How I Escalated a Time-Based SQL Injection to RCE
-Exploiting Password Reset Poisoning for account takeover and max bounty!
-CVE-2021-26084 Remote Code Execution on Confluence Servers
-Chaining Open Redirect with XSS to Account Takeover
-FORD Session token URL lead to Reflected XSS
-Escalating SSRF to Accessing all user PII information by aws metadata
-Getting started with Android Application Security
-Android Penetration Testing: Frida
-ByPass SSL Pinning with IP Forwarding | iptables
-How to Write Frida Hook For Android
-Reconator - Automated Recon for Pentesting & Bug Bounty
-Facebook Messenger for Android indirect thread deletion vulnerability
-Exploiting Request forgery on Mobile Applications
-Step-by-step guide to reverse an APK protected with DexGuard using Jadx
-Android security guides, roadmap, docs, courses, write-ups, and teryaagh
-TikTok for Android 1-Click RCE
-10 Vulnerable Android Applications for beginners to learn Android hacking
-Android security checklist: WebView
-Mobile MitM: Intercepting your Android App Traffic On the Go
-Android security checklist: theft of arbitrary files
-Basics on commands/tools/info on how to assess the security of mobile applications
-iOS Hacking - A Beginner's Guide to Hacking iOS Apps [2022 Edition]
-iOS jailbreak dev wins $2M bounty for finding critical Optimism bug
-Hacking the Apple Webcam (again)
-How to Reverse Engineer and Patch an iOS Application for Beginners:
-Burp Suite Extensions: Rarely Utilized but Quite Useful
-Burp Suite - solving E-mail and SMS TAN multi-factor authentication with Hackvertor custom tags
-Finding CSRF Vulnerabilities with BurpSuite
-HTTP Signatures: A Burp Suite Extension Implementing HTTP Signatures
-Browser powered scanning in Burp Suite
-Learn how to write a Burp Suite extension in Kotlin – Setting up
-Using Intruder to Brute Force Authorization Header
-CaA - BurpSuite Collector and Analyzer
-x8 Hidden parameters discovery suite
-Params — Discovering Hidden Treasure in WebApps
-Life’s a Peach (Fuzzer) How to Build and Use GitLab’s Open-Source Protocol Fuzzer
-Notes about attacking Jenkins servers
-A Case Study of API Vulnerabilities
-What is BOLA? 3-digit bounty from Topcoder ($$$)
-Trigger custom URL in Medium Android app
-How to Exploit Public Firebase Realtime Database using REST API
-BigQuery SQL Injection Cheat Sheet