Logo
Critical Thinking Discord is now available at https://ctbb.show/discord
20 hours, 48 minutes ago
Full video: https://youtu.be/HwbEmHJGpcM 📧 Subscribe to BBRE Premium: https://bbre.dev/premium ✉️ Sign up for the mailing list: https://bbre.dev/nl 📣 Follow Justin on Twitter: https://twitter.com/Rhynorater 📣 Follow me on Twitter: https://bbre.dev/tw This video is a part of the interview with Justin Gardner, the host of the Critical Thinking Bug Bounty Podcast who's been a full-time hunter for about 4 years. We talk about his methodology, tooling and many more! BBRD podcast is also available on most popular podcast platforms: https://open.spotify.com/show/6tLoJ5foOoZPPELwrHPBO4 https://podcasts.google.com/feed/aHR0cHM6Ly93d3cuc3ByZWFrZXIuY29tL3Nob3cvNTA3Mzc4MS9lcGlzb2Rlcy9mZWVk https://podcasts.apple.com/us/podcast/bug-bounty-reports-discussed/id1583400215?uo=4
A Random $10,000 bug #bugbounty #bugbountytips #bugbountyhunter
20 hours, 49 minutes ago
Full video: https://youtu.be/kAF_OW7XjwM 📕 The full case study: http://members.bugbountyexplained.com/rce-where-to-look-for-them-rce-case-study/ 📧 Subscribe to BBRE Premium: https://bbre.dev/premium ✉️ Sign up for the mailing list: https://bbre.dev/nl 📣 Follow me on Twitter: https://bbre.dev/tw This is a short from a video that's part of an RCE case study where I studied 126 disclosed RCE bug bounty reports to learn how are people actually making money with RCEs. I go through different functionalities in which RCEs were common.
Time spent on a target feat. @rhynorater #bugbounty #bugbountytips #bugbountyhunter
1 day, 21 hours ago
Full video: https://youtu.be/HwbEmHJGpcM 📧 Subscribe to BBRE Premium: https://bbre.dev/premium ✉️ Sign up for the mailing list: https://bbre.dev/nl 📣 Follow Justin on Twitter: https://twitter.com/Rhynorater 📣 Follow me on Twitter: https://bbre.dev/tw This video is a part of the interview with Justin Gardner, the host of the Critical Thinking Bug Bounty Podcast who's been a full-time hunter for about 4 years. We talk about his methodology, tooling and many more! BBRD podcast is also available on most popular podcast platforms: https://open.spotify.com/show/6tLoJ5foOoZPPELwrHPBO4 https://podcasts.google.com/feed/aHR0cHM6Ly93d3cuc3ByZWFrZXIuY29tL3Nob3cvNTA3Mzc4MS9lcGlzb2Rlcy9mZWVk https://podcasts.apple.com/us/podcast/bug-bounty-reports-discussed/id1583400215?uo=4
Monitoring JS files to know first about new features feat. @rhynorater #bugbounty #bugbountytips
2 days, 20 hours ago
Full video: https://youtu.be/HwbEmHJGpcM 📧 Subscribe to BBRE Premium: https://bbre.dev/premium ✉️ Sign up for the mailing list: https://bbre.dev/nl 📣 Follow Justin on Twitter: https://twitter.com/Rhynorater 📣 Follow me on Twitter: https://bbre.dev/tw This video is a part of the interview with Justin Gardner, the host of the Critical Thinking Bug Bounty Podcast who's been a full-time hunter for about 4 years. We talk about his methodology, tooling and many more! BBRD podcast is also available on most popular podcast platforms: https://open.spotify.com/show/6tLoJ5foOoZPPELwrHPBO4 https://podcasts.google.com/feed/aHR0cHM6Ly93d3cuc3ByZWFrZXIuY29tL3Nob3cvNTA3Mzc4MS9lcGlzb2Rlcy9mZWVk https://podcasts.apple.com/us/podcast/bug-bounty-reports-discussed/id1583400215?uo=4
$30,000 CSRF #bugbounty #bugbountytips #bugbountyhunter
3 days ago
Full video: https://youtu.be/kAF_OW7XjwM 📕 The full case study: http://members.bugbountyexplained.com/rce-where-to-look-for-them-rce-case-study/ 📧 Subscribe to BBRE Premium: https://bbre.dev/premium ✉️ Sign up for the mailing list: https://bbre.dev/nl 📣 Follow me on Twitter: https://bbre.dev/tw This is a short from a video that's part of an RCE case study where I studied 126 disclosed RCE bug bounty reports to learn how are people actually making money with RCEs. I go through different functionalities in which RCEs were common.
How to deal with irregular income of bug bounty? feat. @rhynorater #bugbounty
3 days, 20 hours ago
Full video: https://youtu.be/HwbEmHJGpcM 📧 Subscribe to BBRE Premium: https://bbre.dev/premium ✉️ Sign up for the mailing list: https://bbre.dev/nl 📣 Follow Justin on Twitter: https://twitter.com/Rhynorater 📣 Follow me on Twitter: https://bbre.dev/tw This video is a part of the interview with Justin Gardner, the host of the Critical Thinking Bug Bounty Podcast who's been a full-time hunter for about 4 years. We talk about his methodology, tooling and many more! BBRD podcast is also available on most popular podcast platforms: https://open.spotify.com/show/6tLoJ5foOoZPPELwrHPBO4 https://podcasts.google.com/feed/aHR0cHM6Ly93d3cuc3ByZWFrZXIuY29tL3Nob3cvNTA3Mzc4MS9lcGlzb2Rlcy9mZWVk https://podcasts.apple.com/us/podcast/bug-bounty-reports-discussed/id1583400215?uo=4
You were awarded a $4 bounty feat. @rhynorater #bugbounty #bugbountytips #bugbountyhunter
4 days, 20 hours ago
Full video: https://youtu.be/HwbEmHJGpcM 📧 Subscribe to BBRE Premium: https://bbre.dev/premium ✉️ Sign up for the mailing list: https://bbre.dev/nl 📣 Follow Justin on Twitter: https://twitter.com/Rhynorater 📣 Follow me on Twitter: https://bbre.dev/tw This video is a part of the interview with Justin Gardner, the host of the Critical Thinking Bug Bounty Podcast who's been a full-time hunter for about 4 years. We talk about his methodology, tooling and many more! BBRD podcast is also available on most popular podcast platforms: https://open.spotify.com/show/6tLoJ5foOoZPPELwrHPBO4 https://podcasts.google.com/feed/aHR0cHM6Ly93d3cuc3ByZWFrZXIuY29tL3Nob3cvNTA3Mzc4MS9lcGlzb2Rlcy9mZWVk https://podcasts.apple.com/us/podcast/bug-bounty-reports-discussed/id1583400215?uo=4
"Can I access this report database?” #bugbounty #bugbountytips #bugbountyhunter
4 days, 23 hours ago
Full video: https://youtu.be/kAF_OW7XjwM 📕 The full case study: http://members.bugbountyexplained.com/rce-where-to-look-for-them-rce-case-study/ 📧 Subscribe to BBRE Premium: https://bbre.dev/premium ✉️ Sign up for the mailing list: https://bbre.dev/nl 📣 Follow me on Twitter: https://bbre.dev/tw This is a short from a video that's part of an RCE case study where I studied 126 disclosed RCE bug bounty reports to learn how are people actually making money with RCEs. I go through different functionalities in which RCEs were common.
Turning a verbose error into an RCE #bugbounty #bugbountytips #bugbountyhunter
5 days ago
Full video: https://youtu.be/kAF_OW7XjwM 📕 The full case study: http://members.bugbountyexplained.com/rce-where-to-look-for-them-rce-case-study/ 📧 Subscribe to BBRE Premium: https://bbre.dev/premium ✉️ Sign up for the mailing list: https://bbre.dev/nl 📣 Follow me on Twitter: https://bbre.dev/tw This is a short from a video that's part of an RCE case study where I studied 126 disclosed RCE bug bounty reports to learn how are people actually making money with RCEs. I go through different functionalities in which RCEs were common.
I finally see the gopher protocol working in real life #bugbounty #bugbountytips #bugbountyhunter
5 days, 16 hours ago
Full video: https://youtu.be/kAF_OW7XjwM 📕 The full case study: http://members.bugbountyexplained.com/rce-where-to-look-for-them-rce-case-study/ 📧 Subscribe to BBRE Premium: https://bbre.dev/premium ✉️ Sign up for the mailing list: https://bbre.dev/nl 📣 Follow me on Twitter: https://bbre.dev/tw This is a short from a video that's part of an RCE case study where I studied 126 disclosed RCE bug bounty reports to learn how are people actually making money with RCEs. I go through different functionalities in which RCEs were common.
New Potential IP revealing using UNC Path in Windows File Picker
23 hours, 39 minutes ago
Tor disclosed a bug submitted by newfunction: https://hackerone.com/reports/376004
New SQL Injection in parameter REPORT
23 hours, 45 minutes ago
Tor disclosed a bug submitted by wiloos: https://hackerone.com/reports/269347
New Use of unitialized value in crypto_pk_num_bits (src/common/crypto.c:971)
23 hours, 47 minutes ago
Tor disclosed a bug submitted by geeknik: https://hackerone.com/reports/274998
New Zip bomb
23 hours, 47 minutes ago
Tor disclosed a bug submitted by zerx: https://hackerone.com/reports/263663
New [rt.torproject.org] No Rate Limitting on Login Form
23 hours, 47 minutes ago
Tor disclosed a bug submitted by 0xspade: https://hackerone.com/reports/265706
New solving TOR vulnerability, in other to make bruteforce difficult
23 hours, 48 minutes ago
Tor disclosed a bug submitted by joelisto: https://hackerone.com/reports/268320
New Report Regarding Security Vulnerability
23 hours, 48 minutes ago
Tor disclosed a bug submitted by srkfan: https://hackerone.com/reports/269243
New Multiple Path Transversal Vulnerabilites
23 hours, 48 minutes ago
Tor disclosed a bug submitted by myselfphoton: https://hackerone.com/reports/273377
New Tor Project - Full Path Disclosure
23 hours, 48 minutes ago
Tor disclosed a bug submitted by yox: https://hackerone.com/reports/269426
New https://get.ooni.torproject.org/
23 hours, 49 minutes ago
Tor disclosed a bug submitted by ba4fe4ca95021d367f8a574: https://hackerone.com/reports/274285
Reptar: a vulnerability in Intel processors | Kaspersky official blog
1 day, 14 hours ago
Reptar, a vulnerability in Intel processors. What it involves and who it threatens (spoiler — primarily cloud providers).
Why Nothing Chats is unsafe | Kaspersky official blog
4 days, 20 hours ago
The Nothing Chats app promised to give Android users access to iMessage, but turned out to be so insecure that it was removed from Google Play within 24 hours.
How to update Android without bugs, data loss, security risks or other nuisances | Kaspersky official blog
5 days, 22 hours ago
Android updates: pros, cons, tips for safe installation
Transatlantic Cable podcast, episode 325 | Kaspersky official blog
6 days, 3 hours ago
Episode 325 of the Kaspersky podcast looks at AI generated music, hacker arrested for helping drug dealers & more.  SEO tags: QR, Artificial Intelligence, AI music, Google, YouTube, podcast, hackers,
How Ducktail steals Facebook accounts | Kaspersky official blog
6 days, 12 hours ago
How attackers steal Facebook Ads and Business accounts with Ducktail malware (with infected archives and a malicious browser extension).
Bug Bytes #217 – How to Submit Vulnerabilities, Writing a Great WriteUp and 2 years of Bug Bounty
6 days, 21 hours ago

Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources. This issue covers the weeks from November 6th to November 19th Intigriti News From my notebook

The post Bug Bytes #217 – How to Submit Vulnerabilities, Writing a Great WriteUp and 2 years of Bug Bounty appeared first on Intigriti.

Understanding the Kaspersky Compromise Assessment Service
1 week, 4 days ago
Kaspersky SOC experts explain the differences among compromise assessment, incident response, penetration testing, and MDR
Transatlantic Cable podcast, episode 324 | Kaspersky official blog
1 week, 5 days ago
Episode 324 of the Kaspersky podcast looks at Meta and Google in the docks, more on deepfakes & port operator pulls internet after a cyberattack.
WhatsApp spyware modifications in Telegram | Kaspersky official blog
1 week, 5 days ago
Spyware-infected WhatsApp modifications being distributed through Telegram channels and WhatsApp mod sites.
What is a zero-click exploit? | Kaspersky official blog
1 week, 6 days ago
Zero-click exploits are attacks that don’t require any active user actions. We explain why they’re dangerous and how to defend against them.
The xss rats
3 days, 12 hours ago
This is how to rake a lock 🔐 #lockpicking
3 days, 22 hours ago
Lock? Lol 🔐🔥 #lockpicking
1 week, 1 day ago
#lockpicking my money box 📦
1 week, 2 days ago
Padlock 🔐 #lockpicking speed running
1 week, 2 days ago
Cylinder lock 🔐 #lockpicking speedrun
1 week, 2 days ago
Practicing #lockpicking
1 week, 2 days ago
Picking My First Lock In Less Than A Minute
1 week, 3 days ago
Uncle rat's courses: https://thexssrat.podia.com Become a member of this channel to unlock special perks: https://www.youtube.com/channel/UCjBhClJ59W4hfUly51i11hg/join You can now Buy me a block of cheese: https://www.buymeacoffee.com/thexssrat Patreon: https://www.patreon.com/TheXSSRat Instagram: thexssrat Follow me on twitter to be notified when i release a new video: https://twitter.com/theXSSrat Come join our discord :D i hang out there often! https://discord.gg/8rUtHj9
One change at a time
1 week, 5 days ago
Unlocking Cash: 2000$ in 20 seconds thanks to Grafana
2 weeks ago
https://twitter.com/impratikdabhi https://infosecwriteups.com/unlocking-cash-easy-p1-bug-in-grafana-dashboard-with-default-credentials-fa36ddf271da
Improvements to fingerprinted technologies, IP data, and the attack surface
4 weeks, 1 day ago

We’ve made several improvements to how users can interact with their fingerprinted technologies data, grouping IP data by several parameters, and viewing the latest changes ...

The post Improvements to fingerprinted technologies, IP data, and the attack surface appeared first on Blog Detectify.

Job-to-be-Done: Quickly resolve exposures and vulnerabilities
1 month ago

It’s not unlikely that your team has a sufficient amount of vulnerability data that they must assess, prioritize, and remediate. Whether that’s a newly discovered ...

The post Job-to-be-Done: Quickly resolve exposures and vulnerabilities appeared first on Blog Detectify.

Enhancing the Detectify Crowdsource reward system with more continuous and lucrative payouts
1 month ago

The post Enhancing the Detectify Crowdsource reward system with more continuous and lucrative payouts appeared first on Detectify Labs.

Jobs-to-be-Done: See the current state of security and understand what is exposed and how it has evolved over time
1 month, 2 weeks ago

How do you see the current state of security in your organization when security is constantly evolving? New assets, vulnerabilities, and even human errors like ...

The post Jobs-to-be-Done: See the current state of security and understand what is exposed and how it has evolved over time appeared first on Blog Detectify.

Introducing Jobs-to-be-Done: a way to help our users achieve their goals
2 months ago

As someone working within AppSec or ProdSec security, the scope and responsibilities of your role have likely changed over the last few years. This is ...

The post Introducing Jobs-to-be-Done: a way to help our users achieve their goals appeared first on Blog Detectify.

Recently added crowdsourced vulnerabilities – September 2023
2 months ago

Here is a list of all new modules recently added from our community of ethical hackers. You can find a complete list of new vulnerabilities ...

The post Recently added crowdsourced vulnerabilities – September 2023 appeared first on Blog Detectify.

Improvements to the IP page – more flexibility and new methods to interact with data
2 months, 1 week ago

We know how frustrating it can be to discover new assets that don’t follow your internal security policies, such as using a geolocation that isn’t ...

The post Improvements to the IP page – more flexibility and new methods to interact with data appeared first on Blog Detectify.

Spot risks with our new IP view
3 months, 2 weeks ago

The post Spot risks with our new IP view appeared first on Detectify Blog.

Spot risks with our new IP view
3 months, 2 weeks ago

Customers often tell us of instances where someone in their team spins up a new machine that isn’t using an approved geolocation, or that they ...

The post Spot risks with our new IP view appeared first on Blog Detectify.

Here’s how External Attack Surface Management and Penetration Testing compare
4 months ago

“How does Detectify’s External Attack Surface Management platform compare to Penetration testing” or “What I’m really looking for is Penetration testing” are two statements we ...

The post Here’s how External Attack Surface Management and Penetration Testing compare appeared first on Blog Detectify.

Strengthening the SDLC with Security Advisory Services (SAS)
4 months ago
We see untapped potential in how customers use our HackerOne solutions every day, which inspired the creation of our latest offering: HackerOne Security Advisory Services (SAS).
Amazon's Security Researcher Collaboration: Highlights from H1-213
4 months ago
“At Amazon, protecting our customers’ information is our top priority. Part of those efforts includes our bug bounty program through HackerOne, which allows participating researchers to submit findings directly to the company. We work with researchers across the security industry that reach out about potential issues that may impact our customers, and we take steps to investigate and fix them. Events like H1-213 provide our security teams with the unique opportunity to engage a diverse group of ethical, independent researchers.”
- Travis Lee, Senior Manager, Offensive Security
Zoom and Salesforce: The Role of Hackers in Addressing Security Challenges
4 months ago
“You can’t find everything, and it’s crucial to leverage the best talent where you can find it,” says Michael Adams, Chief Information Security Officer at Zoom.
Five Takeaways from Ohio Secretary of State's VDP Success Story
4 months, 1 week ago
"Cybersecurity is on everyone’s radar, but not everyone knows all the specific details to ensure protection. We know bad actors are constantly looking for cracks in our defenses and applications. That's why it's so important for us to work with ethical hackers. They know what vulnerabilities the bad actors are looking for, and they know how to find them before the bad guys can."
- Jillian Burner, CISO, Ohio Secretary of State
Security Should Never Sleep: Adopting Continuous Testing for Evolving Threats
4 months, 1 week ago
Compounding security debt from daily new releases creates serious challenges for security organizations — especially considering the scarcity of skilled personnel. Point-in-time security measures and an overreliance on automation and AI create a false sense of security that often leaves the door open for attackers.
Generative AI and Security: HackerOne's Predictions
4 months, 2 weeks ago
GAI capabilities will soon be table stakes for any software company as their customers will simply expect it. Those who do not take advantage of this technological evolution will decline into irrelevancy and be replaced by better and more productive alternatives. A world where Generative AI is ubiquitous will soon be here. What does that mean for security? We have two main predictions.
Takeaways from a Conversation Between Hackers and Program Managers
4 months, 3 weeks ago
In recent years, HackerOne has brought hackers and customers together more frequently. Bug bounty and pentests are where these two parts of the HackerOne community have historically met, but fostering open conversations outside of paid engagements has further reinforced the sense of community and collaboration that HackerOne embodies.
Grammarly CISO Suha Can Discusses the Impact of Preemptive Security with HackerOne
5 months, 2 weeks ago
Suha Can, the CISO of Grammarly, recently joined HackerOne’s CTO & Co-founder, Alex Rice, for a discussion on user trust, the benefits of Grammarly’s bug bounty program, and the advantages of preemptive security measures.
Seven Essential Components Of A Top-Tier Attack Surface Management Program
5 months, 3 weeks ago
Audit the Security Posture of DevOps with HackerOne Source Code Assessments
5 months, 3 weeks ago