Search: [bugbounty] - Stoeps' Links

OWASP WrongSecrets

Examples with how to not use secrets

bugbounty

May 2, 2023 at 9:44:56 PM GMT+2 * · permalink

https://owasp.org/www-project-wrongsecrets/

First Bug in Bugcrowd Using Github Dork

It’s been a while since my last post on medium but I’m back, I want to tell you a short story about a private bug bounty program and why you can always check public Repos on GitHub, because you will…

bugbounty · security

October 14, 2022 at 7:23:36 AM GMT+2 * · permalink

https://medium.com/@0x2nac0nda/first-bug-in-bugcrowd-using-github-dork-ef8c42944c26

Hakluke's huge list of resources for beginner hackers - Detectify Labs

This is the ultimate list of resources for beginner hackers from Hakluke which includes the best blogs, influencers, youtube channels, etc.

pentest · bugbounty · list

December 22, 2021 at 9:17:23 PM GMT+1 * · permalink

https://labs.detectify.com/2021/08/24/hakluke-list-resources-for-beginner-hackers-2021/

bug-bounty-dorks/dorks.txt at master · sushiwushi/bug-bounty-dorks · GitHub

bugbounty

June 20, 2021 at 10:33:16 PM GMT+2 · permalink

https://github.com/sushiwushi/bug-bounty-dorks/blob/master/dorks.txt

#859962 Bypass apiserver proxy filter

When the apiserver is proxying a request to a node though one of its addresses, it performs a filter validation. If the address type is a DNS record (Hostname, ExternalDNS, InternalDNS), the apiserver performs two DNS queries, one for filter validation, another for proxying the request. If the attacker sets the hostname to a custom DNS server, that is able return different values with zero TTL, it is possible to bypass that filter.

intigriti_125 · kubernetes · k8s · bugbounty

June 3, 2021 at 11:00:45 PM GMT+2 * · permalink

https://hackerone.com/reports/859962

The Web Application Hacker's Handbook - Task Checklist - Github-Flavored Markdown

recon · bugbounty · pentesting

April 5, 2021 at 6:00:57 PM GMT+2 · permalink

https://gist.github.com/jhaddix/6b777fb004768b388fefadf9175982ab

All You Need to Know About Bug Bounty Testing Environments

If you’re looking to set up a bug bounty program, we've already covered step zero, setting your scope, and the importance of focus areas, as well as some consid

bugbounty

January 11, 2021 at 8:21:59 PM GMT+1 · permalink

https://www.bugcrowd.com/blog/all-you-need-to-know-bug-bounty-testing-environments/

Bug Bytes #92 - Pwning Apple for three months, XSS in VueJS, Hacking Salesforce Lightning & Unicode byͥtes - Intigriti

Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The first series is curated by Mariem, better known as PentesterLand. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources. This issue covers the week from 04 to 11 of October. Intigriti […]

linkdump · bugbounty

October 15, 2020 at 7:02:35 AM GMT+2 · permalink

https://blog.intigriti.com/2020/10/14/bug-bytes-92-pwning-apple-for-three-months-xss-in-vuejs-hacking-salesforce-lightning-unicode-by%CD%A5tes/

We Hacked Apple for 3 Months: Here’s What We Found

Very interesting article about the Apple bugbounty program and vulnerabilities.

bugbounty · linkdump

October 8, 2020 at 9:47:40 PM GMT+2 · permalink

https://samcurry.net/hacking-apple/

Bug Bytes #91 - The shortest domain, Weird Facebook authentication bypass & GitHub Actions secrets - Intigriti

Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The first series is curated by Mariem, better known as PentesterLand. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.

linkdump · bugbounty

October 7, 2020 at 4:04:59 PM GMT+2 · permalink

https://blog.intigriti.com/2020/10/07/bug-bytes-91-the-shortest-domain-weird-facebook-authentication-bypass-github-actions-secrets/

My personal hacklab, create your own.

My personal hacklab, create your own. Contribute to johackim/docker-hacklab development by creating an account on GitHub.

docker · container · pentesting · bugbounty

October 3, 2020 at 10:12:12 AM GMT+2 * · permalink

https://github.com/johackim/docker-hacklab

Hetty is an HTTP toolkit for security research. It aims to become an open source alternative to commercial software like Burp Suite Pro, with powerful features tailored to the needs of the infosec and bug bounty community.

Hetty is an HTTP toolkit for security research. It aims to become an open source alternative to commercial software like Burp Suite Pro, with powerful features tailored to the needs of the infosec and bug bounty community. - dstotijn/hetty

Replacement for Burpsuite or ZAP

interceptproxy · bugbounty

October 3, 2020 at 9:13:18 AM GMT+2 · permalink

https://github.com/dstotijn/hetty

Bug Bytes #90 - The impossible XSS, Burp Pro tips & A millionaire on bug bounty and meditation - Intigriti

Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The first series is curated by Mariem, better known as PentesterLand. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources. This issue covers the week from 18 to 25 of September. Our […]

Huge collection of links to articles, podcasts and videos from the infosec and bugbounty community

linkdump · security · bugbounty

October 1, 2020 at 6:05:19 AM GMT+2 * · permalink

https://blog.intigriti.com/2020/09/30/bug-bytes-90-the-impossible-xss-burp-pro-tips-a-millionaire-on-bug-bounty-and-meditation/