Here's a write-up on a Browser-Powered Desync bug that I discovered in the Azure CDN service known as Front Door. The entire concept is built upon the excellent research by @albinowax. Initially identified within the @intigriti program. blog.jeti.pw/posts/knocking-… #bugbounty

Knocking on the Front Door (client side desync attack on Azure CDN) - @0xJeti blog.jeti.pw/posts/knocking-…

I created a tool called "Creatures Of Habit" which accepts a GitHub username/organisation finds all public repos and extracts endpoints from popular web frameworks github.com/BuildHackSecure/c…

I plan to expand this by listing all the org repo, finding all the contributors and then scanning their public repos

When researching Palo Alto PAN-OS, @assetnote's Security Research team discovered an authentication bypass due to flaws in its architecture. Our team digs a lot deeper than surface-level CVEs; this research is an example. slcyber.io/blog/nginx-apache…

With 12h more of hacking (and A LOT of reports to be processed, so it's all subject to change), we're 3rd as a team 🇵🇱 of the H1 Ambassador World Cup qualis Plus individually, we occupy 2 out of top 3 spots for bounties with DrBrix absolutely killing it in the 1st I'm so happy!

🔥🔥🔥 #HackerHideout0524 #hh0524

I recently found a decade old Server-Side Browser on a #BugBounty program. Exploiting it was a bit of a ride. I wrote up the experience so others may learn from my (many) mistakes! blog.ajxchapman.com/posts/20…

Today @bugcrowd, we're expanding our product line to offer VDP's for free bugcrowd.com/blog/introducin…, marking the next evolution of our VDP product, following our removal of incentives some time back. This marks a change in the industry, providing a no cost entry point for customers to build up reporting portals, to support hackers in bringing vulnerabilities to them, in a fast, and effective manner. It also allows customers to build exposure to the value of the hacking community, and then pursue other offerings in the managed bug bounty space, or pen testing space, in a paid model, that incentivises findings and discovery, whilst VDP is intended to capture existing known findings. Also, hackers, we hear you, we love you and we know there's more to change around VDP's. This isn't our only change. We're aware of the need to change terms for them, and it's currently an active discussion, as well as better separating VDP from MBB which we've done by removing incentives, and having this offering not list in our program portals. If you've other feedback, we would love to hear it, and welcome it - my slack is always open and you can reach me on HIVE, Bug Bounty Forum, or here over DM

Hey, Polish hackers! 🗣️ The first meeting of the Poland HackerOne Club is tomorrow, April 23! Join @gregxsunday and @_pkusik for an exciting agenda of lectures and networking. RSVP here to reserve your spot: bit.ly/49NCGfT

Browser-powered desync #bugbounty #bugbountytips #bugbountyhunter

I'm proud to be the H1 ambassador for Poland🇵🇱 All the polish hackers interested, DM me to join to hack and have fun together😏

Poland has now a H1 Brand Ambassador! Congrats @gregxsunday

I'm really close to 50k subscribers on YouTube and it's my birthday🥳 Can we make it to 50% of the silver button today?😏 Subscribe if you haven't already, RT if you have! youtube.com/channel/UCZDyl7G…

Ok fam. I’m giving away TWO free tickets to my course which takes place in two/three weeks. All you have to do to win is like, retweet this tweet, and reply with “tbhmlive.com!” I’ll pick winners next week! If you haven’t seen my course, check out the link!

I created a little blog, feel free to check it :) blog.hks.ec/

CTF Player vs Bug Bounty Hunter

🐝 Hive Five 141: 🎙️ Bug Bounty Podcast is back 🌐 The archivist behind archive.today 🚀 CVE-2023-40044 🕵️‍♂️ Exploiting HTTP Parsers Inconsistencies 💾 The complete source code to Sub7 Take them by swarm 💪

Exploiting ASP .NET TemplateParser to get RCE in Sitecore (CVE-2023-35813) and SharePoint (CVE-2023-33160) by @mwulftange in two parts: part 1 at code-white.com/blog/exploiti… is live now and part 2 will follow in a few days...stay tuned!

🐞 #BugBountyTips 🐞 👨‍💻 Tired of juggling multiple terminals for bughunting or other administrative tasks? Let me introduce you to a game-changer: tmux! 🧵👇

🐝 Another week, another Hive Five The Bee's Knees: ➕ From 0 to $100k in 1 year of bug bounty @Rhynorater ➕Why @infosec_au became so deeply invested in server-side security ➕ A definite guide to LLM prompting @hrishioa ➕ Free courses & certificates