Bug bounty hunting tips, tools, and write-ups
Hi everyone. Almost a month has passed, so it is time to update how is the challenge going. Honestly, it is not going so great. I was doubting if I should even share my progress. However, I decided to be transparent as I realized that any outcome is still an outcome. I spent a total …
Bug bounty is one of the hot topics nowadays. If you are actively following cybersecurity people on social networks (especially Twitter), you had probably noticed this. Once in a while you could see that one or another person found high severity vulnerability, and was rewarded with a significant bug bounty. On the other hand, this …
According to the NVD database, over 6000 vulnerabilities were published in Q2 of 2022. This is a really astonishing number considered that these are only the vulnerabilities with CVE assigned. There were plenty vulnerabilities found in the custom software that does not receive such ID. The rate the vulnerabilities are being found is not slowing …
Subdomain takeover is one of the vulnerabilities that might really hurt for the company if exploited. If you want to identify it, specialized tools and methodologies have to be used. This is the type of vulnerability that requires technical knowledge, experience, and a little bit of luck to find. Today we are going to cover …
Bug bounty hunting is a career many are dreaming of. Working on different systems, finding critical bugs, and getting paid tens of thousands of dollars for it, is a part of the dream. However, in the reality everything is x1000 times harder than it sounds. Before becoming proficient with it, you must spend hours and …
Moodle is one of the most popular learning management systems (LMS) that provides environment for learning, testing, and training. This software is used by a big number of organizations across the globe. As this software provides a platform for educational organizations, it is mainly used by schools and universities. However, because of the COVID-19 pandemic, …
If you are security testing a web application, there is a great chance that it is hosted on the cloud. And there is reason for this – cloud has gained massive popularity, and the industry is projected to grow to 800 billion by 2025. Because the AWS is dominating the market with over 32% market …
The majority of people associate zero-day vulnerabilities with a black hat, criminal hackers. Government agencies all across the globe, on the other hand, are equally eager in getting them, usually to use in surveillance or their own cyberattacks. In reality, the tremendous rivalry on both sides to be the first to know about zero-day vulnerabilities …
Remote code execution, that is also known as arbitrary code execution vulnerability is one of the most dangerous vulnerabilities. If a publicly accessible website is affected by this security issue, this could lead to a total takeover of the system. As a result, data confidentiality, integrity, and availability might be affected. One of the biggest …