In the name of Allah, the Most Gracious, the Most Merciful. I. ABSTRACT In our daily life, many people are often finding some difficulties to manage...
- Optimizing Hunting Results in VDP for use in Bug Bounty Programs - From Sensitive Information Disclosure to Accessing Hidden APIs which can be used to Retrieve Customer Data
- From Recon to Bypassing MFA Implementation in OWA by Using EWS Misconfiguration
- From 3,99 to 1,650 USD (Part I) – Simple Vertical Privilege Escalation by Changing HTTP Response
- From Recon to Optimizing RCE Results – Simple Story with One of the Biggest ICT Company in the World
- If Allah willed it, will be back soon!
- 5,000 USD XSS Issue at Avast Desktop AntiVirus for Windows (Yes, Desktop!)
- CVE-2019–18624 – Illegal Rendered at Download Feature in Several Apps (including Opera Mini) that Lead to Extension Manipulation (with RTLO)
New blog post!
In this article I talk about exactly how each iteration of my bug bounty automation setups has worked (there have been 3!), and what I plan to build next.
If you’re interested in bug bounty automation I think you will love this article!
Finally had a moment to test Winlogon password leaking (a.k.a. notifying) on Windows 11. No big surprise.
And the flow is:
-user enters password
-winlogon loads mpnotify.exe
-mpnotify opens RPC channel
-winlogon sends pass via RPC
-mpnotify forwards to DLL
-DLL stores it on disk
@0xBoku Four registry entries, and no reboot: https://github.com/gtworek/PSBits/tree/master/PasswordStealing/NPPSpy
Sometimes you need to be creative to bypass CORS mitigations and achieve a successful site-wide CSRF.
Here is an example: