In the early hours of a day in a month in 2024, watchTowr Labs was sent a chat log:



13:37 -!- dav1d_bl41ne [[email protected]] has joined #!hack (irc.efnet.nl)
13:37 -!- dav1d_bl41ne changed the topic of #!hack to: mag1c sh0w

Why write this?

We're excited to tell you about Nuclei Templates release v9.9.0! This new version includes newly added Kubernetes Cluster Security templates. In this blog post, we'll discuss automating Kubernetes security review, creating custom k8s security checks, and…

Learn first-hand from a hacker about a remote code execution vulnerability: how to identify it, its risks, and remediation.

IDOR —short for insecure direct object reference— vulnerabilities are one of the most commonly found web security vulnerabilities in modern web applications and APIs. It is no wonder that they are often recommended to new bug bounty hunters who are just starting…

This blog post details an application denial-of-service (DoS) vulnerability in WebRTC media servers handling DTLS-SRTP. Exploitation, detection and mitigation.

Get to know the importance of vulnerability assessment reporting for securing IT systems and data in our insightful guide.

Use code NahamSec10 to get 10% off from Pentest-Tools ⚒️ https://shorturl.at/GQGBH

LIKE and SUBSCRIBE with NOTIFICATIONS ON if you enjoyed the video! 👍

📚 If you want to learn bug bounty hunting from me: https://bugbounty.nahamsec.training
💻 If you want…

Swedish bug hunter Eldar Zeynalli, aka ‘HakuPiku’, discusses life as a Bug Bounty hunter.

Among other things, he talks about how Capture-the-Flag competitions (CTFs) got him hooked on hacking, the fun aspects of Bug Bounty in comparison to pentesting, his…

Fuzzing applications needs no introduction, and I have written about some interesting problems related to fuzzing in the past [0][1][2][3]. At scale, fuzzing has traditionally focused on compiled binaries and detecting crashes and other memory corruption…

Episode 74: In this episode of Critical Thinking - Bug Bounty Podcast Justin sits down with Roni "Lupin" Carta for a deep dive into supply chain attacks and dependency confusion. We explore the supply chain attacks, the ethical considerations surrounding…

Charlie Kroon provides tips for getting the most out of your one-on-one meetings.

Intigriti reveals all the tips and tricks for building a cybersecurity team that will fortify your defenses and drive security posture.

We are excited to announce a strategic investment from Brighton Park Capital (BPC), a leading growth equity firm with a track record of scaling innovative technology companies. This partnership will e

A Pwn2Own SpiderMonkey JIT Bug: From Integer Range Inconsistency to Bound Check Elimination then RCE - bjrjk/CVE-2024-29943

Explore this post and more from the redditsecurity community

3 Days of back to back recon with special guests and live targers!

Dynamic languages are safe from memory corruptions bugs, right?