In the name of Allah, the Most Gracious, the Most Merciful. Q1 2020 Bugcrowd MVP Researchers Description: Qualified as one of Q1 2020 Bugcrowd MVP (Researcher...
- Optimizing Hunting Results in VDP for use in Bug Bounty Programs - From Sensitive Information Disclosure to Accessing Hidden APIs which can be used to Retrieve Customer Data
- From Recon to Bypassing MFA Implementation in OWA by Using EWS Misconfiguration
- From 3,99 to 1,650 USD (Part I) – Simple Vertical Privilege Escalation by Changing HTTP Response
- From Recon to Optimizing RCE Results – Simple Story with One of the Biggest ICT Company in the World
- If Allah willed it, will be back soon!
- 5,000 USD XSS Issue at Avast Desktop AntiVirus for Windows (Yes, Desktop!)
- CVE-2019–18624 – Illegal Rendered at Download Feature in Several Apps (including Opera Mini) that Lead to Extension Manipulation (with RTLO)
The Qualys Research Team has discovered a critical vulnerability in #Sudo, which allows an unprivileged user to gain root privileges in its default configuration. #linux #unix #vulnerability https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit
Stripo Inc disclosed a bug submitted by kapkan: https://hackerone.com/reports/1009046 #hackerone #bugbounty
Today I'm glad to share with you my new small tool #Bughound which is a static code analysis tool based on Elasticsearch.
You can use #Bughound during your static code analysis to initially spot potential vulnerabilities in the code.
1. Hunting for Bugs in Android App
2. Template Injection in Action
3. Bypass all Powershell security features
#bugbountytips #resources #CyberSec #infosec #Linux #Microsoft #cybersecurity #Google #coding
1. SSRF exploitation in Spreedsheet to PDF converter
2. CSRF Protection Bypass in Atlassian Confluence Server
3. MSSQL Lateral Movement