Auth. Bypass In (Un)Limited Scenarios - Progress MOVEit Transfer (CVE-2024-5806)
https://labs.watchtowr.com/auth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806/
https://labs.watchtowr.com/auth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806/
watchTowr Labs - Blog
Auth. Bypass In (Un)Limited Scenarios - Progress MOVEit Transfer (CVE-2024-5806)
In the early hours of a day in a month in 2024, watchTowr Labs was sent a chat log:
13:37 -!- dav1d_bl41ne [[email protected]] has joined #!hack (irc.efnet.nl)
13:37 -!- dav1d_bl41ne changed the topic of #!hack to: mag1c sh0w
13:37 -!- dav1d_bl41ne [[email protected]] has joined #!hack (irc.efnet.nl)
13:37 -!- dav1d_bl41ne changed the topic of #!hack to: mag1c sh0w
My AWS “Segmentation Test” Methodology for Pentesters v1.0
https://medium.com/@alt3kx/my-aws-segmentation-test-methodology-for-pentesters-v1-0-bc110753c1e9
https://medium.com/@alt3kx/my-aws-segmentation-test-methodology-for-pentesters-v1-0-bc110753c1e9
Medium
My AWS “Segmentation Test” Methodology for Pentesters v1.0
Why write this?
How Serialized Cookies Led to RCE on a WordPress Website
https://www.hackerone.com/vulnerability-management/wordpress-custom-theme-rce
https://www.hackerone.com/vulnerability-management/wordpress-custom-theme-rce
HackerOne
How Serialized Cookies Led to RCE on a WordPress Website
Learn first-hand from a hacker about a remote code execution vulnerability: how to identify it, its risks, and remediation.
IDOR: A complete guide to exploiting advanced IDOR vulnerabilities
https://blog.intigriti.com/2024/06/25/idor-a-complete-guide-to-exploiting-advanced-idor-vulnerabilities/
https://blog.intigriti.com/2024/06/25/idor-a-complete-guide-to-exploiting-advanced-idor-vulnerabilities/
Intigriti
IDOR: A complete guide to exploiting advanced IDOR vulnerabilities - Intigriti
IDOR —short for insecure direct object reference— vulnerabilities are one of the most commonly found web security vulnerabilities in modern web applications and APIs. It is no wonder that they are often recommended to new bug bounty hunters who are just starting…
A Novel DoS Vulnerability affecting WebRTC Media Servers
https://www.rtcsec.com/article/novel-dos-vulnerability-affecting-webrtc-media-servers/
https://www.rtcsec.com/article/novel-dos-vulnerability-affecting-webrtc-media-servers/
Rtcsec
A Novel DoS Vulnerability affecting WebRTC Media Servers
This blog post details an application denial-of-service (DoS) vulnerability in WebRTC media servers handling DTLS-SRTP. Exploitation, detection and mitigation.
Exploring Authorization and Authentication Vulnerabilities
https://www.redsentry.com/blog/exploring-authorization-and-authentication-vulnerabilities
https://www.redsentry.com/blog/exploring-authorization-and-authentication-vulnerabilities
Redsentry
Exploring Authorization and Authentication Vulnerabilities
Vulnerability assessment reporting: A guide for cybersecurity professionals
https://blog.intigriti.com/2024/06/26/vulnerability-assessment-reporting/
https://blog.intigriti.com/2024/06/26/vulnerability-assessment-reporting/
Intigriti
Vulnerability Assessment Reporting: A Guide for Cybersecurity Professionals
Get to know the importance of vulnerability assessment reporting for securing IT systems and data in our insightful guide.
YesWeHack Hunter Interviews – #8 HakuPiku: “Bug hunting makes me feel like a detective”
https://www.youtube.com/watch?v=5kbHBckDZyI
https://www.youtube.com/watch?v=5kbHBckDZyI
YouTube
YesWeHack Hunter Interviews – #8 HakuPiku: “Bug hunting makes me feel like a detective”
Swedish bug hunter Eldar Zeynalli, aka ‘HakuPiku’, discusses life as a Bug Bounty hunter.
Among other things, he talks about how Capture-the-Flag competitions (CTFs) got him hooked on hacking, the fun aspects of Bug Bounty in comparison to pentesting, his…
Among other things, he talks about how Capture-the-Flag competitions (CTFs) got him hooked on hacking, the fun aspects of Bug Bounty in comparison to pentesting, his…
Fuzzing scripting languages’ interpreters’ native functions using AFL++ to find memory corruption and more
https://joshua.hu/aflplusplus-fuzzing-scripting-languages-natively
https://joshua.hu/aflplusplus-fuzzing-scripting-languages-natively
Joshua.Hu Joshua Rogers’ Scribbles
Fuzzing scripting languages’ interpreters’ native functions using AFL++ to find memory corruption and more
Fuzzing applications needs no introduction, and I have written about some interesting problems related to fuzzing in the past [0][1][2][3]. At scale, fuzzing has traditionally focused on compiled binaries and detecting crashes and other memory corruption…
Supply Chain Attack Primer - Popping RCE Without an HTTP Request (feat 0xLupin) (Ep. 74)
https://www.youtube.com/watch?v=5bgFIP-3VqI
https://www.youtube.com/watch?v=5bgFIP-3VqI
YouTube
Supply Chain Attack Primer - Popping RCE Without an HTTP Request (feat 0xLupin) (Ep. 74)
Episode 74: In this episode of Critical Thinking - Bug Bounty Podcast Justin sits down with Roni "Lupin" Carta for a deep dive into supply chain attacks and dependency confusion. We explore the supply chain attacks, the ethical considerations surrounding…
How to build a top-class cybersecurity team—and when to outsource
https://blog.intigriti.com/2024/06/27/building-a-cybersecurity-team/
https://blog.intigriti.com/2024/06/27/building-a-cybersecurity-team/
Intigriti
How to build a top-class cybersecurity team (and when to outsource)
Intigriti reveals all the tips and tricks for building a cybersecurity team that will fortify your defenses and drive security posture.
17 vulnerabilities in Sharp Multi-Function Printers - IT Security Research by Pierre
https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html
https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html
GitHub - bjrjk/CVE-2024-29943: A Pwn2Own SpiderMonkey JIT Bug: From Integer Range Inconsistency to Bound Check Elimination then RCE
https://github.com/bjrjk/CVE-2024-29943
https://github.com/bjrjk/CVE-2024-29943
GitHub
GitHub - bjrjk/CVE-2024-29943: A Pwn2Own SpiderMonkey JIT Bug: From Integer Range Inconsistency to Bound Check Elimination then…
A Pwn2Own SpiderMonkey JIT Bug: From Integer Range Inconsistency to Bound Check Elimination then RCE - bjrjk/CVE-2024-29943
Bytecode Breakdown: Unraveling Factorio's Lua Security Flaws
https://memorycorruption.net/posts/rce-lua-factorio/
https://memorycorruption.net/posts/rce-lua-factorio/
memorycorruption.net
Bytecode Breakdown: Unraveling Factorio's Lua Security Flaws
Dynamic languages are safe from memory corruptions bugs, right?