Google(Chromium) suddenly decided to pay me for a UI Spoofing bug reported 3 years that had been idle, and from reward potential to no potential to potential. Ok thanks?
This #privacy audit looks like the first LeaveHomeSafe #pentest ever, way below commercial apps:
Broken SSL validation, SD Card Leaks, 2FA Logic bypass, Screenshot leaks, several Face Recognition artifacts, etc. 7asecurity.com/blog/2022/07/l…
This #privacy audit looks like the first LeaveHomeSafe #pentest ever, way below commercial apps:
Broken SSL validation, SD Card Leaks, 2FA Logic bypass, Screenshot leaks, several Face Recognition artifacts, etc. 7asecurity.com/blog/2022/07/l…
Confirmed! Masato Kinugawa demonstrated a 3-bug chain of injection, misconfiguration and sandbox escape on Microsoft Teams to earn $150K and 15 Master of Pwn points.
New writing about the story of 3 bug bounty reports in which I chain low severity bugs together for higher impact and less known browser tricks.
Includes CSS injection, Self-XSS, Drag-Drop XSS, Cookie Bomb, Login-Logout-CSRF, and more...
medium.com/@renwa/the-und…
After 5 years of work, security.txt is officially an RFC. I am pleased to announce RFC 9116: rfc-editor.org/rfc/rfc9116.
I would like to use this opportunity to thank those who made this possible. Thank you. ❤️
I've been meaning to create a blog for some time now, and I finally did it! For its first post I wrote about a vulnerability that allowed an attacker to leak the full URL of cross-origin redirects on Google Chrome, check it out!
blog.lbherrera.me/posts/appcache…
‘Soft skills are the most under-researched area of the bug bounty industry’ – ‘Reconless’ YouTubers (@0xReconless ) on filling a gap in infosec education portswigger.net/daily-swig/sof…
I have made a video to demonstrate how we can automate permission checks using my GitLab project "OpenAPI Security Scanner". Check it out!
youtu.be/K65e5QRQ1tc
Video editor: @wacms666
233K Followers 1K FollowingCofounder @hackinghub_io | Advisor @CaidoIO. I hack companies and make content about it. #NahamCon organizer. ex @hacker0x01🇮🇷
95K Followers 2K FollowingHacker, marketer. I manage socials and produce amazing technical blogs for cybersecurity orgs. Founder of @hacker_content and @haksecio
187K Followers 6K FollowingThe leading provider of crowdsourced cybersecurity solutions purpose-built to secure the digitally connected world...Unleash Ingenuity™
52K Followers 616 FollowingGrzegorz Niedziela - a hacker who documents his hacking journey by creating and curating the best content about bug bounty and offensive security.
324K Followers 3K FollowingThe only official HackerOne Twitter account.
A global leader in offensive security solutions. #HackForGood #togetherwehitharder
89K Followers 404 FollowingSlowMist is a Blockchain security firm established in 2018, providing services such as security audits, security consultants, red teaming, and more.
10K Followers 17 FollowingAnd there is fire where we walk. they/them
Find our active account here: https://t.co/Q3se8nVme8
Also, fuck you very much, @elonmusk
21K Followers 365 FollowingCyber Security Researcher, Published Author on Cybersecurity, Public Speaker, featured by @Forbes, @BBC, @WSJ - RT ≠ Endorsement #WebHackingArsenal