1 |
- Learn Javascript
- The Tool Box karma v2 and 4-ZERO-3 - Talk
- Finding and exploiting unintended functionality in main web app APIs - Writeup
- Workflow for Javascript Recon
|
2 |
- Learn Javascript
- Read BugBounty BootCamp - Book
- Learn Python
|
3 |
- Learn Javascript
- AWS Lambda Command Injection - Writeup
- A tale of zero click account takeover - Writeup
|
4 |
|
5 |
- Learn Javascript [Revision]
|
6 |
- Solved DOM based XSS Labs on Portswigger
|
7 |
- Solved DOM based XSS Labs on Portswigger
- Learn Python
|
8 |
- A Cool Account Takeover Vulnerability due to lack of Client Side Validation - WriteUp
|
9 |
- WebSockets not Bound by SOP and CORS? - WriteUp
|
10 |
- Unauth Cache Purging - WriteUp
- How I was able to change victim’s password using IDN Homograph Attack - WriteUp
|
11 |
- Controlling the web message source - Lab
- JavaScript for Hackers - Video
- HACKING postMessage() - Video
- Introduction postmessage vulnerabilities - Writeup
- Postmessage vulnerability demo -Lab
|
12 |
- A simple Data Exfiltration! Excel magic - Writeup
|
13 |
- One Token to leak them all : The story of a $8000 NPM_TOKEN - Writeup
- Introduction to GraphQL - GraphQL Exploitation Part1 - Video
|
14 |
- Finding The Origin IP Behind CDNs - Writeup
|
15 |
- Hunting postMessage Vulnerabilities - White Paper
|
16 |
- 120 Days of High Frequency Hunting - WriteUp
- Hunting postMessage Vulnerabilities - White Paper
|
17 |
- How to find new/more domains of a company? - Recon Stuff - Writeup
|
18 |
- Read BugBounty BootCamp - Book
|
19 |
- The Tale of a Click leading to RCE - Writeup
|
20 |
- PostMessage Vulnerabilities - WriteUp
|
21 |
- DVGA - Damn Vulnerable GraphQL Application Part 2 - Video
|
22 |
- Chrome DevTools Crash Course - Video
|
23 |
- Crontab for Linux Admins - Video
|
24 |
- Template Injection in Action: 2-hour workshop on Template Injection (SSTI)
- Read BugBounty BootCamp - Book
|
25 |
- Hacking REST APIs: A beginner's guide - Course
|
26 |
- Read BugBounty BootCamp - Book
- Read zseano's methodology - Book
|
27 |
- Read zseano's methodology - Book
|
28 |
- Read zseano's methodology - Book
- Params — Discovering Hidden Treasure in WebApps - Writeup
|
29 |
- WebSockets and Hacking - Writeup
|
30 |
- Pentesting API Top 10 - Talk
|
31 |
- Read BugBounty BootCamp - Book
- Bypassing SSRF Protection to Exfiltrate AWS Metadata from LarkSuite - Writeup
|
32 |
- Android: Quick History on Smartphones - Video
- Intro to App Development - Video
- Top 25 Browser Extensions for Pentesters and Bugbounty Hunters (2022) - Writeup
|
33 |
- Intro to Android Architecture and Security - Video
- What is an Android Operating System & Its Features - Writeup
- Android Internals 101: How Android OS Starts You Application - Writeup
- Android Security Part 1- Understanding Android Basics - Writeup
|
34 |
- Mobile Application Penetration Testing - TCM Course
|
35 |
- Read BugBounty BootCamp - Book
|
36 |
- Solved 1-10 Challenges of InjuredAndroid
- Recon methodology of @GodfatherOrwa - Video
|
37 |
- Read BugBounty BootCamp - Book
|
38 |
- 1,2 Exercises: Android App Reverse Engineering 101
|
39 |
- 3,4 Exercises: Android App Reverse Engineering 101
|
40 |
- Android App Reverse Engineering LIVE! Part 1 - Workshop
|
41 |
- Android Architecture + Static Analysis with apktool + gf + jadx
- Insecure Logging & Storage + Setup Genymotion & pidcat
|
42 |
- Troubleshooting connection between WSL and android emulator
|
43 |
- Mobexler : A Mobile Application Penetration Testing Platform - Video
|
44 |
- Android Pentesting Lab Setup - Writeup
|
45 |
- Hacking Android Deeplink Issues and Insecure URL Validation - Video
|
46 |
- SINGLE-SIGN-ON SECURITY ISSUES : BugBounty BootCamp - Book
|
47 |
- Solved Flag 12 & 13 of Injured Android
|
48 |
- Android SSL Pinning Bypass for Bug Bounties & Penetration Testing - Video
- SSL Pinning in Android Part 1 - Writeup
- SSL Pinning in Android Part 2 - Writeup
- What is Android Rooting? - Writeup
- Four Ways to Bypass Android SSL Verification and Certificate Pinning - Writeup
|
49 |
- Bypassing OkHttp Certificate Pinning - Writeup
- Disabling SSL Pinning in Android Apps using Frida / Objection - Writeup
- How To Bypass Apps Root Detection In Android - Writeup
- Bug Bounty on Android : setup your Genymotion environment for APK analysis - Writeup
|
50 |
- The Ultimate Guide to Android SSL Pinning Bypass - Guide
|
51 |
- OAuth terminologies and flows explained - Video
- OAuth 2.0 Hacking Simplified — Part 1 — Understanding Basics - Writeup
- OAuth 2.0 Hacking Simplified — Part 2 — Vulnerabilities and Mitigation - Writeup
|
52 |
- Bug Bounty — Bypassing Endpoints - Writeup
|
53 |
- How I made 25000 USD in bug bounties with reverse proxy - Writeup
|
54 |
- Intercepting Android Emulator SSL traffic with burp using magisk - Writeup
|
55 |
- Subdomains Tools Review: a full and detailed comparison of subdomain enumeration tools - Writeup
|
56 |
- Lab: Authentication bypass via OAuth implicit flow
|
57 |
- Web Authentication and Authorization Zine - Zine
|
58 |
- Forced OAuth profile linking - Lab
- OAuth account hijacking via redirect_uri - Lab
- Stealing OAuth access tokens via an open redirect - Lab
|
59 |
- ANDROID APP SECURITY BASICS (Static analysis - Part 1) - Video
|
60 |
- HACKING ANDROID WebViews (Static analysis - Part 2) - Video
- Getting Started with Android Application Security - Writeup
- Android Pentest: Automated Analysis using MobSF - Writeup
- Static Analysis of Android Application & Tools Used - Writeup
- Complete Android Pentesting Guide - Writeup
|
61 |
- Android App Security & Testing - Writeup
- Exploiting Android activity android:exported="true" - Writeup
- Exploiting Activity in medium android app - Writeup
|
62 |
- Android Penetration Testing: Drozer - Writeup
|
63 |
- Android Pentest: Deep Link Exploitation - Writeup
|
64 |
- Android Applications Pentesting (Static Analysis) - HackTricks
|
65 |
- OAuth Sign Up AND Log In (1-6 Slides) - Slides
|
66 |
- Authentication bypass due to weak verification of SAML Token - Writeup
|
67 |
- Bypassing Google Authentication on Periscope's Administration Panel - Writeup
|
68 |
- Burp Bounty v2 Documentation
- Architect: Major Design Decisions - OAuth
- Classic Web Application: Authorization Code Grant Flow - OAuth
|
69 |
- Authorizationcode_tester - Tester: Exploit Mistakes
|
70 |
- Pwning a Server using Markdown - Writeup
|
71 |
- Critical XSS in chrome extension - Writeup
|
72 |
- Penetrate the Protected Component in Android Part 1 - Writeup
|
73 |
- Penetrate the Protected Component in Android Part 2 - Writeup
|
74 |
- From Recon via Censys and DNSdumpster, to Getting P1 by Login Using Weak Password - Writeup
|
75 |
- How Tapjacking Made a Return with Android Marshmallow and Nobody Noticed - Writeup
|
76 |
- How I was able to find 50+ Cross-site scripting (XSS) Security Vulnerabilities on Bugcrowd Public Program? - Writeup
|
77 |
- Android Development (1:45 Hrs) - Video
|
78 |
- Android Development: Java Refresher - Video
|
79 |
- Android Development: Activities & Layouts - Video
|
80 |
- Android Development: MultiScreen Apps - Video
|
81 |
- How I Found multiple SQL Injection with FFUF and Sqlmap in a few minutes - Writeup
|
82 |
- From XSS to RCE (dompdf 0day) - Writeup
|
83 |
- A Detailed Guide on httpx - Writeup
|
84 |
- Chapter 24 API Hacking : BugBounty BootCamp - Book
|
85 |
- Preparing for API Security Testing : Hacking APIs - Book
|
86 |
- How web applications work : Hacking APIs - Book
|
87 - 90 |
- The Anatomy of Web APIs : Hacking APIs - Book
|
91 |
- DIVA Android App: Walkthrough - Writeup
|
92 |
- The Anatomy of Web APIs : Hacking APIs - Book
|
93 |
- Android Penetration Testing: Frida - Writeup
|
94 |
- Diva apk analysis - Writeup
|
95 |
- API Authentication: Hacking APIs - Book
|
96 |
- Watch out the links : Account takeover! - Writeup
|
97 |
- 10 things you must do when Pentesting Android Applications - Writeup
- Dumping Android application memory with fridump - Writeup
- Mobile Risks: M1 – Improper platform usage - Writeup
- Mobile Risks: M2 – Insecure data storage - Writeup
- Mobile Risks: M3 – Insecure communication - Writeup
- Understanding the OWASP Mobile Top 10 Security Risks: Part Two (M4-M7) - Writeup
- Understanding the OWASP Mobile Top 10 Security Risks: Part Three (M8-M10) - Writeup
|
98 |
- Vulnerable Android Broadcast Receivers - Writeup
|
99 |
- API Insecurities Hacking APIs - Book
|
100 |
- How a YouTube Video lead to pwning a web application via SQL Injection worth $4324 bounty - Writeup
|
101 |
- Open Android Security Assessment Methodology - Repo
|
102 |
- API Insecurities Hacking APIs (page 72 - 81) - Book
|
103 |
- API Insecurities Hacking APIs (page 84 - 96) - Book
|
104 |
- How I made $10K in bug bounties from GitHub secret leaks - Writeup
|
105 |
- Android: How to Bypass Root Check and Certificate Pinning - Writeup
- Comparison of Different Android Root-Detection Bypass Tools - Writeup
|
106 |
- Bypassing a WAF by Finding the Origin IP - Video
|
107 |
- Inspecting Android Traffic using Proxyman + apk-mitm - Writeup
|
108 |
- NoSQL Injection in Plain Sight - Writeup
|
109 |
- Configuring an out-of-band callback listener and notification service in under 10 minutes using AWS Lambda function URLs and Discord webhooks - Writeup
|
110 |
- Supplemental Tools : Hacking APIs - Book
|
111 |
- Android Root Detection Bypass Using Objection and Frida Scripts - Writeup
|
112 |
- Configuring Frida with BurpSuite and Genymotion to bypass Android SSL Pinning - Writeup
|
113 |
- Find new domains of a company using SSL Certificates - Bug Bounty Recon - Writeup
|
114 |
- Exploiting Android Fingerprint Authentication - Writeup
|
115 |
- Testing-Local-Authentication - Owasp Guide
|
116 |
- Bypass of Biometrics & Password Security Functionality For android - Writeup
|
117 |
- Creating Code for Bypassing Android Security Checks: Frida - Video
|
118 |
- Sharpening your FRIDA scripting skills with Frida Tool - Writeup
|
119 |
- Hacking Android Apps with Frida - Video
|
120 |
- ATO without any interaction : aws cognito misconfiguration - Writeup
|
121 |
- NahamCon CTF 2022 Write-up: Click Me! Android challenge - Writeup
|
122 |
- Android Application Security [chapter 0x1] - Introduction to Frida - Writeup
|
123 |
- Getting started with Frida on Android Apps - Writeup
|
124 |
- Exploration of Native Modules on Android with Frida - Writeup
|
125 |
- How to exploit GraphQL endpoint: introspection, query, mutations & tools - Writeup
|
126 |
- DVGA Batch Query Attack GraphQL Exploitation : Part 3 DVGA - Video
|
127 |
- The $16,000 Dev Mistake - Writeup
|
128 |
- FirstBlood : HackEvent BugBountyHunter.com - Reports
|
129 |
- Exploring Native Functions with Frida on Android - Writeup
|
130 |
- Add JNI(C/C++) into your existing Android app - Writeup
|
131 |
- Demystifying Frida - Video
|
132 |
- How to hook Android Native methods with Frida (Noob Friendly) - Writeup
|
133 |
- Instrumenting Native Android Functions using Frida - Writeup
|
134 |
- Forging OAuth tokens using discovered client id and client secret - Writeup
|
135 |
- Getting started with Android NDK: Android Tutorial - Writeup
|
136 |
- Can analyzing javascript files lead to remote code execution? - Writeup
|
137 |
- XML External Entity (XXE) : The Ultimate Guide - Writeup
|
138 |
- Bug Bounty Redacted #3: Hacking APIs & XSS, SQLi, WAF Bypass in a regional web application - Video
|
139 |
- PHP Command Injection ->Time Based SQL $2000 bounty - Writeup
|
140 |
- How Did I Leak 5.2k Customer Data From a Large Company? (via Broken Access Control) - Writeup
|
141 |
- My Bug Bounty Adventure (Fuzzing + Information Disclosure) - Writeup
|
142 |
- Exploiting CRLF Injection can lands into a nice bounty - Writeup
|
143 |
- PayPal IDOR via billing Agreement Token (closed Informative, payment fraud) - Writeup
|
144 |
- How I Hacked NASA to execute arbitrary commands in their server! - Writeup
|
145 |
- SQL injection through HTTP headers - Writeup
|
146 |
- Automate your recon With Censys HOW Pro hacker use Censys - Writeup
|
147 |
- How I Found a company’s internal S3 Bucket with 41k Files - Writeup
|
148 |
- Bypassing File Upload Restriction using Magic Bytes - Writeup
|
149 |
- Story about more than 3.5 million PII leakage in Yahoo!!! (Using an IOS) - Writeup
|
150 |
- How to find & access Admin Panel by digging into JS files - Writeup
|
151 |
|
152 |
- Understanding And Identifying Insecure Deserialization - Writeup
|
153 |
- Dependency Confusion : A Supply Chain Attack - Writeup
|
154 |
|
155 |
- This is why you shouldn’t trust your Federated Identity Provider - Writeup
|
156 |
- If It’s a Feature!!! Let’s Abuse It for $750 - Writeup
|
157 |
- Business Logic Errors - Art of Testing Cards - Writeup
|
158 |
- Hacking Nginx: Best ways - Writeup
|
159 |
- Frida hooking android part 1 - Writeup
|
160 |
- Frida hooking android part 2 - Writeup
|
161 |
- Frida hooking android part 3 - Writeup
|
162 |
- Frida hooking android part 4 - Writeup
|
163 |
- Frida hooking android part 5: Bypassing AES encryption - Writeup
|
164 |
- Exploiting esoteric android vulnerability - Workshop by Sharan & Sanjay at BSides Ahmedabad 2021 - Video
|
165 |
- Andromeda- GUI based Dynamic Instrumentation Toolkit powered by Frida - Shivang Desai - Video
|
166 |
- How I found a Critical Bug in Instagram and Got 49500$ Bounty From Facebook - Writeup
|
167 |
- Hacking into WordPress themes for CVEs and Fun - Writeup
|
168 |
- Bug Bounty Redacted #4: Writing to S3 buckets & Insecure JWT Implementation - Writeup
|
169 - 177 |
- Android development - Video
|
178 - 183 |
|
184 - 189 |
- Linux Privilege Escalation for Beginners - Course
|
190 |
- Admin account takeover via weird Password Reset Functionality - Writeup
|
191 |
- Access control worth $2000 : everyone missed this IDOR+Access control between two admins - Writeup
|
192 |
- How I was able edit target website’s AWS files from the file upload function? - Writeup
|
193 |
- XXE in Public Transport Ticketing Mobile APP - Writeup
|
194 |
- RCE IN EC2 INSTANCE VIA SSH WITH PRIVATE KEY EXPOSED ON PUBLIC GITHUB REPOSITORY – $XX,000 USD - Writeup
|
195 |
- How I was able to Regain access to account deleted by Admin leading to $$$ - Writeup
|
196 |
- OAuth Misconfiguration Leads To Pre-Account Takeover - Writeup
|
197 |
- How to find Origin IP - Writeup
|
198 |
- PII Disclosure of Apple Users ($10k) - Writeup
|
199 |
- Android and Java API : Frida - Documentation
|
200 |
- Behind the Bug: Password reset poisoning - Writeup
|
201 |
- Websocket Hijacking to steal Session_ID of victim user - Writeup
|
202 |
- How to use Burp Suite Like a PRO? PART – 1 - Writeup
|
203 |
- Ultimate Tips And Tricks To Find More Cross-Site Scripting Vulnerabilities - Writeup
|
204 |
- Setting iOS App Testing Environment with Burp-suite & Corellium - Writeup
|
205 |
- How I Test For Web Cache Vulnerabilities + Tips And Tricks - Writeup
|
206 |
- Information Disclosure to Account Takeover - Writeup
|
207 |
- You MUST sanitize PHP mail() inputs — or else RCE! - Writeup
|
208 |
- Mail Server Misconfiguration leads to sending a fax from anyone’s account on HelloFax (Dropbox BBP) for a bounty of $4,913 - Writeup
|
209 |
- How to prevent hackers from reverse engineering your Android apps - Writeup
|
210 |
- How this team accidentally found a SSRF in Slack exposing AWS credentials! A $4000 bug bounty - Writeup
|
211 - 212 |
- Linux Privilege Escalation - Pentester acacademy bootcamp
|
213 - 214 |
- Solve linuxprivesc Room - Tryhackme
|
215 - 217 |
- Frida Scripting Guide for Java - Writeup
|
218 |
- Exploring Native Functions with Frida on Android : part 3 - Writeup
|
219 |
- Exploring Native Functions with Frida on Android : part 4 - Writeup
|
220 |
- Stored XSS to Account Takeover : Going beyond document.cookie : Stealing Session Data from IndexedDB - Writeup
|
221 |
- SQL Injection filter bypass to perform blind SQL Injection - Writeup
|
222 |
- Abusing URL Shortners for fun and profit - Writeup
|
223 |
- Android WebView Hacking : Enable WebView Debugging - Writeup
|
224 |
- Defeat the HttpOnly flag to achieve Account Takeover : RXSS - Writeup
|
225 -230 |
- Android App Hacking - Black Belt Edition - Udemy Course
|
231 |
- Solving CTF with Frida : Part 1 - Writeup
|
232 |
- Solving CTF with Frida : Part 2 - Writeup
|
233 |
- Solving CTF with Frida : Part 3 - Writeup
|
234 |
- Solving CTF with Frida : Part 4 - Writeup
|
235 - 240 |
- Watched Android CTF video from Youtube channel Umar_0x01 - Video
|
241 |
- Bypassing ModSecurity for RCEs - Writeup
|
242 |
- Bypassing Amazon WAF to pop an alert() - Writeup
|
243 |
- Exploiting Android’s Task Hijacking - Writeup
|
244 - 248 |
- Windows Privilege Escalation for Beginners - TCM Course
|
249 |
- Cool Recon techniques every hacker misses! - Writeup
|
250 |
- Intruder and CSRF-protected form, without macros - Writeup
|
251 |
- New technique 403 bypass - Writeup
|
252 |
- Exploiting XSS with Javascript/JPEG Polyglot - Writeup
|
253 |
- Hacking Android Foreground Services Escalation Of Privileges by Rony Das - Nullcon Goa
- Jailbreaking iOS in the post-apocalyptic era by CoolStar & Tihmstar - Nullcon Goa
|
254 |
- Can write single Exploit payload which can exploit both HTML and JS injection - Tweet
|
255 |
- A context insensitive sqli payload polyglot - Tweet
|
256 |
- Find References: The most underrated and underused feature of @Burp_Suite - Tweet
|
257 |
- Reversing an Android sample which uses Flutter - Writeup
|
258 - 261 |
- Windows Privilege Escalation for Beginners - TCM Course
|
262 |
- Escalation Path Executable Files - WindowsPriv
- Escalation Path Startup Applications - WindowsPriv
- Escalation Path DLL Hijacking - WindowsPriv
|
263 |
- Escalation Path Service Permissions (Paths) - WindowsPriv
|
264 |
- Escalation Path CVE-2019-1388 - WindowsPriv
|
265-267 |
- Capstone Challenge - WindowsPriv
|
268-270 |
|
271 |
- Network Pivoting using Metasploit and Proxychains - Writeup
|
272 |
- Metasploit: Pivoting - Writeup
|
273 - 274 |
- Explore Hidden Networks With Double Pivoting - Writeup
|
275 |
- Pivoting Entire Network with Chisel - Video
|
276 |
- Deep dive in double network Pivoting with Metasploit and ProxyChains - Video
|
277 |
- lazyadmin - Tryhackme Room
|
278 |
|
279 |
- Vulnnetinternal - Tryhackme Room
|
280 |
|
281 |
- Buffer Overflow for #OSCP and #eCPPT in 20 minutes - Video
|
282 |
- Pivoting in Metasploit to Hack Deeper into a Network - Writeup
|
283 - 285 |
- Reading Github Repos on ECPPT - Repo
|
286 |
- Upgrade Normal Shell To Meterpreter Shell - Writeup
|
287 |
- Home Lab: ProxyChains, eCPPT prep - Video
|
288 |
- Pivoting: Metasploit(meterpreter)+Proxychains - Writeup
|
289 |
- Metasploit: Portproxy(tunneling meterpreter session inside another meterpreter session)+socat+chisel - Writeup
|
290 |
- How to Implement Pivoting and Relaying Techniques Using Meterpreter - gitbooks
|
291 - 292 |
|
293 - 302 |
- Going through INE PDF Material
|
303 - 310 |
|
311 |
- AWS SSRF to Root on production instance - Writeup
|
312 |
- Weird Vulnerabilities Happening on Load Balancers, Shallow Copies and Caches - Writeup
|
313 |
- Chaining Path Traversal with SSRF to disclose internal git repo data in a Bank Asset - Writeup
|
314 |
- Making API Bug Bounties A Breeze! - Writeup
|
315 |
- Chaining Cache Poisoning To Stored XSS - Writeup
|
316 |
- $6000 with Microsoft Hall of Fame, Microsoft Firewall Bypass, CRLF to XSS, Microsoft Bug Bounty - Writeup
|
317 |
- The Zaheck of Android Deep Links! - Writeup
|
318 |
- How I Got $10,000 From GitHub For Bypassing Filtration oF HTML tags - Writeup
|
319 |
- All about: CORS Misconfiguration - Writeup
|
320 |
- Winning QR with DOM-Based XSS - Writeup
|
321 |
- JSON Deserialitzation Attack - Writeup
|
322 |
- $250 for Email account enumeration using NameToMail tool - Writeup
|
323 |
- How i found 8 vulnerabilities in 24h - Writeup
|
324 |
- Account Takeovers Believe the Unbelievable - Writeup
|
324 |
- Account Takeovers Believe the Unbelievable - Writeup
|
325 |
|
326 |
- Domain hacks with unusual Unicode characters - Writeup
|
327 |
- Deep Link Exploitation: Introduction & Open/unvalidated Redirection - Writeup
|
328 |
- Exploiting Android WebView Vulnerabilities - Writeup
|
329 |
- SSRF via DNS Rebinding CVE-2022–4096 - Writeup
|
330 |
- Unique Rate limit bypass worth 1800$ - Writeup
|
331 |
- Getting started with Code Review - Security Boat Meetup
|
332 |
- Firebase Exploit bug bounty - Writeup
|
333 |
- A Guide to DNS Takeovers: The Misunderstood Cousin of Subdomain Takeovers - Writeup
|
334 |
- Calculating CVSS - Writeup
|
335 |
- Multiple Vulnerabilities found in Airtel Android Application - Writeup
|
336 |
- Remote Command Execution in a Bank Server - Writeup
|
337 |
- How I made $31500 by submitting a bug to Facebook - Writeup
|
338 |
- Manipulating AES Traffic using a Chain of Proxies and Hardcoded Keys - Writeup
|
339 |
- Understanding IMAP/SMTP injection - Writeup
|
340 |
- Bug Writeup: RCE via SSTI on Spring Boot Error Page with Akamai WAF Bypass - Writeup
|
341 |
- Nuclei v2.8.0 - Fuzz all the way! - Writeup
|
342 |
- Race Condition vulnerability in Azure Video Indexer allowed trial account users use Advance / Premium feature - Writeup
|
343 |
- Exploiting Missing HSTS - Writeup
|
344 |
- Kony Mobile Frameworks Reverse Engineering Write Up Wreck IT 2022 CTF Quals - Writeup
|
345-346 |
- JavaScript prototype pollution: practice of finding and exploitation - Writeup
|
347-348 |
- How to Hack WebSockets and Socket.io - Writeup
|
349 |
- Doing it the researcher’s way: How I Managed to Get SSTI which lead to arbitrary file reading on One of the Leading Payment Systems in Asia - Writeup
|
350 |
- Unusual Cache Poisoning between Akamai and S3 buckets - Writeup
|
351 - 352 |
- Infoseccomm event - Event
|
353 |
- Param Hunting to Injections - Writeup
|
354 |
- How I was able to steal users credentials via Swagger UI DOM-XSS - Writeup
|
355 |
- Understanding Memcache Injection - Writeup
|
356 |
- GraphQL Pentesting for Dummies! Part-1 - Writeup
|
357 - 359 |
- Gaining Access to Protected Components In Android - Writeup
- Penetrate the Protected Component in Android Part -1 - Writeup
- Penetrate the Protected Component in Android Part -2 - Writeup
- Android Hacking-Exploiting Content Providers
|
360 |
- Hack crypto secrets from heap memory to exploit Android application - Writeup
|
361 |
- $350 XSS in 15 minutes - Writeup
|
362 |
- Command-Line Data-Wrangling by Tomnomnom - Video
|
363 |
- Unauthorized Sign-up on Subdomain of Subdomain leading to Organization takeover worth $2000 - Writeup
|
364 |
- Exploring the World of ESI Injection - Writeup
|
365 |
- SSRF vulnerabilities caused by SNI proxy misconfigurations - Writeup
|