You might like
I've been looking at source code review and had trouble finding real world vulns that link to the problematic source code. Ended up building a quick tool to parse //osv.dev and make the data more searchable. Data is refreshed every 6 hours. oss-vulns.alecmaly.com
TLDR: Don't accept Power Apps / Power Platform permissions prompts unless you trust the source. Blog post: alecmaly.com/blog/2024/02/2… YouTube POC: youtu.be/lNHcZscX5Uw?si… #m365 #powerplatform #powerapps #powerautomate #hacking #infosec
alecmaly.com
[$15,000 Bounty] M365 Phish: Power Platform Privilege Escalation and Pivoting
Exploring the M365 Power Platform as a means of privilege escalation and flexing control over a phishing victim’s SharePoint, OneDrive, Outlook, and Microsoft Teams data.
I found 2 stored XSS vulnerabilities in ChatGPT. The XSS bug was the easy part, but sharing it required bypassing CSP, leveraging a mass assignment issue for client-side path traversal (thanks @ctbbpodcast) to force a request to a BFLA endpoint. 🧵 [1/5]
![RonMasas's tweet image. I found 2 stored XSS vulnerabilities in ChatGPT.
The XSS bug was the easy part, but sharing it required bypassing CSP, leveraging a mass assignment issue for client-side path traversal (thanks @ctbbpodcast) to force a request to a BFLA endpoint.
🧵 [1/5]](https://pbs.twimg.com/media/GGtYMTFXAAEV3IH.jpg)
Ok fam. I’m giving away TWO free tickets to my course which takes place in two/three weeks. All you have to do to win is like, retweet this tweet, and reply with “tbhmlive.com!” I’ll pick winners next week! If you haven’t seen my course, check out the link!
🪐 Cantina Code Demo Release 🪐 A new era for security reviews is starting. We will continue to roll out updates and features to make this the best code review experience across any industry. Available to all Cantina researchers to explore below👇
Plenty of big news coming this week with our first competition only 1 week away 👀 What better way to kick off Monday than with a classic Cantina Cipher 🪐 - Prizes - • 1st Correct Answer: $250 USDC • Random Retweet Raffle: Cantina T-shirt (Want a hint? See Below 👇)
This was a fun high severity bug. If you rely on gps spoofing browser extensions for physical security, this may be worth a read. Grateful to ExpressVPN for allowing disclosure. Blog: alecmaly.com/blog/2023/08/2… #BugBounty #bugcrowd #CyberSecurity #cybersec
alecmaly.com
[$1250 - High Severity] Bypassing Brower Extension’s Geolocation Spoofing with a Malicious Website...
Bypassing the spoof geolocation feature in browser extensions to disclose the physical location of a user. I share two high severity bugs. Bug 1 is a generic payload that works across multiple...
NEW VIDEO!: I was told this was simple - AMD $5,000 Ultimate Tech Upgrade youtu.be/qdoOwCXuePg Enter the giveaway for three AMD Ryzen™ 7 7800X3D CPUs below! lmg.gg/7800x3d-giveaw… #sponsoredby @AMD
We are giving away 5 FREE enrollments for our signature course: *Practical Windows Forensics* on the @TCMSecurity Academy! Retweet and follow @bluecapesec for a chance to win - we'll pick the winners on Friday 5pm EST! #forensics #dfir #giveaway
1,000,000 people use TryHackMe!🔥 🎉 We're giving away a bunch of year-long subscriptions to TryHackMe, plus limited edition t-shirts! Share this post and leave us a comment to enter👇 Here's our journey, the launch of new training labs, and a thank you! tryhackme.com/resources/blog…
Just got worked exploit PoC for path traversal in Apache HTTP Server 2.4.49 (CVE-2021-41773) with my collab again @yabeow #bugbountytips 👀
Binary exploitation / reverse engineering course github.com/guyinatuxedo/n… A collection of resources for linux reverse engineering github.com/michalmalik/li… A tool to fastly get all javascript sources/files github.com/003random/getJS #bugbounty,#bugbountytips
New blog post outlining how to use my .NET RPC Client tooling from PowerShell and C# to test and exploit local RPC security vulnerabilities. Also an early xmas present for those who enjoy long standing design flaws in UAC :-) googleprojectzero.blogspot.com/2019/12/callin…
holy fucking shit its a crab bubble sort
Four years ago, we officially announced PentesterLab PRO (after a soft-launch late November)... What a journey! Thanks everyone for your support!
We recently released PentesterLab Pro pentesterlab.com/pro !! Private exercises and one certificate of completion are already available!!
We promised something awesome, so here you go! Kali 2019.4 is live! kali.org/news/kali-linu… New theme and desktop environment, new Kali Undercover mode, updated way of doing documentation, package your own tools, full Kali desktop on NetHunter, and more!
Defenders should deploy this settings: HKLM\SYSTEM\CurrentControlSet\Control\Lsa Dword: RunAsPPL Value: 1 Protects dumping of Lsass with a simple registry value. Encountered that on an engagement recently. 🤯 Mimikatz driver needed to bypass Details docs.microsoft.com/en-us/windows-…
Everyone knows Driver Signature Enforcement.... 🙃 The problem is: Attackers can load any signed driver and abuse its functionality. For example, the process hacker driver can be abused to dump the memory of lsass.exe. Read about it in my blog😋 repnz.github.io/posts/abusing-…
I'm publishing my work on the practical testing and breaking of JWT authentication. mazinahmed.net/blog/breaking-… The scripts that can make your JWT testing easier: github.com/mazen160/jwt-p… Feedback are always welcome!
United States Trends
- 1. Doran 51.9K posts
- 2. #Worlds2025 91K posts
- 3. #T1WIN 46.3K posts
- 4. Faker 65.9K posts
- 5. Good Sunday 56.2K posts
- 6. Guma 13K posts
- 7. Silver Scrapes 4,216 posts
- 8. #sundayvibes 4,037 posts
- 9. O God 7,901 posts
- 10. #T1fighting 4,839 posts
- 11. #sundaymotivation 1,470 posts
- 12. Keria 20.4K posts
- 13. Oner 17.2K posts
- 14. Blockchain 200K posts
- 15. Faye 55.7K posts
- 16. Option 2 4,645 posts
- 17. yunho 21K posts
- 18. John Denver N/A
- 19. OutKast 24.9K posts
- 20. Vergil 9,201 posts
Something went wrong.
Something went wrong.