In the name of Allah, the Most Gracious, the Most Merciful. I. ABSTRACT In our daily life, many people are often finding some difficulties to manage...
- From Recon via Censys and DNSdumpster, to Getting P1 by Login Using Weak Password – “password”
- Optimizing Hunting Results in VDP for use in Bug Bounty Programs - From Sensitive Information Disclosure to Accessing Hidden APIs which can be used to Retrieve Customer Data
- From Recon to Bypassing MFA Implementation in OWA by Using EWS Misconfiguration
- From 3,99 to 1,650 USD (Part I) – Simple Vertical Privilege Escalation by Changing HTTP Response
- From Recon to Optimizing RCE Results – Simple Story with One of the Biggest ICT Company in the World
- 5,000 USD XSS Issue at Avast Desktop AntiVirus for Windows (Yes, Desktop!)
- CVE-2019–18624 – Illegal Rendered at Download Feature in Several Apps (including Opera Mini) that Lead to Extension Manipulation (with RTLO)
ZDI-21-1053: Bypassing Windows Lock Screen
#infosec #pentest #redteam
Reddit disclosed a bug submitted by fransrosen: https://hackerone.com/reports/1567186 - Bounty: $10,000 #hackerone #bugbounty
CVE 2.0 has just been released! More optimized and accurate than ever, it has found over 2000 new CVE POCs in the latest run!
lsassy: Extract credentials from lsass remotely
#redteam #infosec #pentest