My organization is wanting to explore MDR/XDR solutions that would also provide coverage for our 10 EC2 servers (primarily web and web appli...
Hello everyone , I’m Hossam Hamada, Today I would like to share with you one of my discoveries in HackerOne ’s program Continue reading o...
For all the pen testers and red teamers, what software/tools do you use to write up your report after you finished your pen test? submitted...
Hi, this is my very first writeup! In this article, I’ll share how I was able to assign a verification badge to any YouTube channel. Conti...
Hello Everyone, Looking to understand how do you handle the lifecycle management of cryptographic keys, including generation, storage, rotat...
An In-Depth Guide to Preventing Web Cache Poisoning and Strengthening Your Website’s Security | Karthikeyan Nagaraj Continue reading on Me...
Hi there, I used Drata at a previous company, and thought that is was not very useful. However, I have heard great things about Vanta - wh...
Exploring the Next Steps in Web Cache Poisoning Mitigation and Emerging Innovations. As we have explored the various strategies for… Conti...
Good Morning, Cybersecurity Community! I’m seeking advice on the most effective solutions for log collection from the endpoints managed by...
In this blog, I share my experience of finding vulnerabilities (bugs) in NASA, the Timeline of Hall of Fame, and Letter of Appreciation |… ...
Malicious Links, AI-Enabled Tools, and Attacks on SMBs Among Top Cybersecurity Threats in H1 Mimecast Global Threat Intelligence Report Dar...
We use virus total and hybrid analysis to check software prior to installation however, they are limited in size of the file. Does anyone ha...
In my recent bug bounty activities, I stumbled upon a significant race condition vulnerability in a popular e-commerce platform. This… Con...
Analyzing Practical Implementations and Success Stories in Defending Against Web Cache Poisoning Attacks. As web cache poisoning attacks… ...
I’m currently doing a SOC internship (just started), and before this, I did a month-long cybersecurity internship focused on developing prog...
Strengthening Your Web Application Security Against Modern Cache Poisoning Threats. As web cache poisoning attacks become more… Continue r...
Hello, I am in a bit of a predicament regarding titels and responsibilities at my current workplace. So I wanted to ask what exactly a Sec...
Basically it is used to find the subdomains associated with the domain Continue reading on Medium » http://dlvr.it/TC2brQ
I created a post about security tools (primarily red team focused) yesterday ( https://www.reddit.com/r/cybersecurity/comments/1esy1yk/comme...
This lab contains a DOM-based vulnerability that can be exploited as part of a web cache poisoning attack. A user visits the home page… Co...
With the proliferation of XDR (specifically managed XDR that includes SIEM and SOAR), has that taken market share from (and replaced) IPS, I...
In a cybersecurity world where threats are becoming increasingly sophisticated, defending against multi-stage SQL injections requires… Con...
Capital.com launches bug bounty programme with Intigriti in Cybersecurity push FX News Group http://dlvr.it/TByPX5
Hello World! I am gonna start be self employed soon. I want to offer Web App Pentests and later then Overall Penetration Tests. I worked ...
What tools are there that I can use to map the requirements of various frameworks (NIST, GDPR, DORA, etc) to my current network's 's...
The student described the bug to TechCrunch as a client-side privilege escalation vulnerability, which allowed anyone on the internet to cre...
https://www.google.com/imgres?q=my%20earning&imgurl=https%3A%2F%2Fimages.inc.com%2Fuploaded_files%2Fimage%2F1920x1080%2Fgetty_476196983_...
Could someone help me with the following disclosure in terms of how critical such leakage would be? I want to get into bug bountys and am cu...
.بِسْÙ… اللَّÙ‡ الرَّØْمن الرَّØِيم . . اللَّهمَّ صَÙ„ِّ ÙˆَسلَّÙ… وبارك على Ù†َبِينَا Ù…ُØÙ…َّد Continue reading on Medium » http://dlvr.it/TBnSKw
I am currently a computer science engineering student in college, just starting in my 3rd of 4 years of degree. I have been working on full ...
Uncovering the Dangers and Defenses Against Insecure Deserialization in Web Applications. Insecure deserialization is a critical security… ...
As a cybersecurity professional, I often find myself thinking about machine learning. It's one of the most cutting-edge technologies out...
Managing third-party risks is crucial as businesses increasingly rely on external vendors. What strategies or tools are proving most effecti...
A internet, uma vasta rede de informações interligadas, transformou a maneira como vivemos, trabalhamos e nos comunicamos. Continue readin...
Hey guys, hope you’re doing well. Today I’ll be sharing about the a low hanging bug that could easily make you few hundred $$ as a… Contin...
I'm an all rounder Sysadmin, starting to move slightly into the management side as time goes on. More and more of my time has been de...
Uncovering the Dangers and Defenses Against Insecure Deserialization in Web Applications. Insecure deserialization is a critical security… ...
I've read all the textbook descriptions of what an API is. But I've never "seen" one so to speak. I learn better by seeing...
بِسْÙ…ِ اللَّـهِ الرَّØْÙ…َÙ€ٰÙ†ِ الرَّØِيمِ | In the name of God, the most gracious, the most merciful Continue reading on Medium » http://...
HIBP, Dehashed and a few other sources have good data sets but unfriendly interfaces on their own. What user friendly tools are out there th...
In the Name of Allah, the Most Beneficent, the Most Merciful. All the praises and thanks be to Allah, the Lord of the ‘Alamin (mankind… C...
Hello everyone! It’s been a while since my last writeup. I’ve been away from bug bounty hunting, but in this writeup, I’ll share how I… Co...
Hi everyone, I'm delving into the world of microservices and am particularly interested in the security aspects. Specifically, I'm...
بسم الله الرØمـن الرØيم Continue reading on Medium » http://dlvr.it/TBQF2x
so we are developing a platform and it would be great to have some scanning tools. we have used "pentest-tools" and ZAP, but maybe...
