Bug bounty is means hacking is mostly done on production targets. And we can be as careful as possible, we’ll still break things at times. Here’s a thread with some Oh Sh*t bug bounty moments from the community. https://x.com/hacker_/status/1509986966384877569
#83
Arc Browser UXSS, Local Fil Read, Arbitrary File Creation and Path Traversal to RCE
And if you are in the mood for some browser hacking, check out this writeup by Renwa. It’s about an Arc browser which is a software I have never heard about but it pays up to $20,000. It’s Chromium-based but it did expose some custom endpoints to install extensions...
HeroCTF v6 Writeups
Kévin Mizu’s blog is always a quality read when it for CTF writeups. In this one, he describes three challenges from HeroCTF. The one I think is most likely to become useful is the second one that describes how does the client-side caching work and how it can be...
Paranoids’ Vulnerability Research: NetIQ iManager Security Alerts
I think this writeup by The Paranoids went a little bit under the hood yet it’s a really good quality blogpost. Similarly to Assetnote’s writeups, it not only shows us the exploit but also the vulnerable code, the obstacles and their bypasses. Of course, the most...
200K $ in 2 weeks : A clickbait title but (hopefully) valuable advice
If you want to learn more about LHEs, this blogpost is great. Doomerhunter describes how he got into Live Hacking Events and how he, with Geluchat, made $200k on AWS during the H1-0131. It’s a nice, honest advice and I can only agree with everything that has been said...
Cookies, Caching & Attacking Chrome Extensions with MatanBer CT 95&96
All of you should listen to all the Critical Thinking podcasts. That’s the only reason I’m not putting every single episode in the newsletter and I only do it once in a while. Like now when I’m sharing with you the episode with MatanBer about hacking browser...
Practical Exploitation of DoS in Bug Bounty – Roni Lupin Carta
What I’m noticing this year in a lot of top hunters is how they are able to somehow test functionality that others don’t. There are a few methods through which they achieve that. Some of them spend thousands of dollars using the website. Others spend hours looking at...