drak3hft7
@drak3hft7.bsky.social
OSCP | eCPPT | CRTP | Bug Hunter & Penetration Tester | Synack Red Team Member | Top 15 Yeswehack
Reposted by drak3hft7
40+ Google Dorks For Low Hanging Fruits
https://bitpanic.medium.com/40-google-dorks-for-low-hanging-fruits-d8fc3d5d7a8d?source=rss------bug_bounty-5
https://bitpanic.medium.com/40-google-dorks-for-low-hanging-fruits-d8fc3d5d7a8d?source=rss------bug_bounty-5
January 20, 2025 at 5:06 PM
40+ Google Dorks For Low Hanging Fruits
https://bitpanic.medium.com/40-google-dorks-for-low-hanging-fruits-d8fc3d5d7a8d?source=rss------bug_bounty-5
https://bitpanic.medium.com/40-google-dorks-for-low-hanging-fruits-d8fc3d5d7a8d?source=rss------bug_bounty-5
Amazing swag 🤠 thanks @yeswehack.bsky.social #bugbounty
December 22, 2024 at 5:20 PM
Amazing swag 🤠 thanks @yeswehack.bsky.social #bugbounty
Reposted by drak3hft7
Articles worth reading discovered last week:
🗞 flatt.tech/research/pos...
🗞 snyk.io/articles/rem...
🗞 nastystereo.com/security/rub...
🗞 blog.doyensec.com/2024/12/03/c...
🗞 nastystereo.com/security/r-s...
🗞 satoooon1024.hatenablog.com/entry/2024/1...
🗞 portswigger.net/research/byp...
🗞 flatt.tech/research/pos...
🗞 snyk.io/articles/rem...
🗞 nastystereo.com/security/rub...
🗞 blog.doyensec.com/2024/12/03/c...
🗞 nastystereo.com/security/r-s...
🗞 satoooon1024.hatenablog.com/entry/2024/1...
🗞 portswigger.net/research/byp...
Compromising OpenWrt Supply Chain via Truncated SHA-256 Collision and Command Injection
Introduction Hello, I’m RyotaK (@ryotkak ), a security engineer at Flatt Security Inc.
A few days ago, I was upgrading my home lab network, and I decided to upgrade the OpenWrt on my router.1 After ac...
flatt.tech
December 8, 2024 at 10:48 PM
Articles worth reading discovered last week:
🗞 flatt.tech/research/pos...
🗞 snyk.io/articles/rem...
🗞 nastystereo.com/security/rub...
🗞 blog.doyensec.com/2024/12/03/c...
🗞 nastystereo.com/security/r-s...
🗞 satoooon1024.hatenablog.com/entry/2024/1...
🗞 portswigger.net/research/byp...
🗞 flatt.tech/research/pos...
🗞 snyk.io/articles/rem...
🗞 nastystereo.com/security/rub...
🗞 blog.doyensec.com/2024/12/03/c...
🗞 nastystereo.com/security/r-s...
🗞 satoooon1024.hatenablog.com/entry/2024/1...
🗞 portswigger.net/research/byp...
Reposted by drak3hft7
Did you know you can use an ancient magic cookie to downgrade parsers and bypass WAFs?! Hope you enjoy this quality bit of RFC-diving from @d4d89704243.bsky.social!
portswigger.net/research/byp...
portswigger.net/research/byp...
Bypassing WAFs with the phantom $Version cookie
HTTP cookies often control critical website features, but their long and convoluted history exposes them to parser discrepancy vulnerabilities. In this post, I'll explore some dangerous, lesser-known
portswigger.net
December 4, 2024 at 3:17 PM
Did you know you can use an ancient magic cookie to downgrade parsers and bypass WAFs?! Hope you enjoy this quality bit of RFC-diving from @d4d89704243.bsky.social!
portswigger.net/research/byp...
portswigger.net/research/byp...
Reposted by drak3hft7
🚨 CORS vulnerabilities in Go 🚨
Misusing strings.HasSuffix, Contains, or HasPrefix? You might be leaving the door wide open! 🔓
Learn how these patterns lead to bypasses 🐛👇
👉 pentesterlab.com/blog/golang-...
Misusing strings.HasSuffix, Contains, or HasPrefix? You might be leaving the door wide open! 🔓
Learn how these patterns lead to bypasses 🐛👇
👉 pentesterlab.com/blog/golang-...
PentesterLab Blog: CORS Vulnerabilities in Go: Vulnerable Patterns and Lessons
Dive into common CORS vulnerabilities found in Go codebases, with real-world examples of flawed origin validation. Understand how these mistakes occur and why Go developers need robust solutions to se...
pentesterlab.com
December 2, 2024 at 9:50 PM
🚨 CORS vulnerabilities in Go 🚨
Misusing strings.HasSuffix, Contains, or HasPrefix? You might be leaving the door wide open! 🔓
Learn how these patterns lead to bypasses 🐛👇
👉 pentesterlab.com/blog/golang-...
Misusing strings.HasSuffix, Contains, or HasPrefix? You might be leaving the door wide open! 🔓
Learn how these patterns lead to bypasses 🐛👇
👉 pentesterlab.com/blog/golang-...
Reposted by drak3hft7
What is an API? What makes them special? And what kind of APIs are out there? #apisecurity #apis #bugbountytips #BugBounty
November 30, 2024 at 8:00 AM
What is an API? What makes them special? And what kind of APIs are out there? #apisecurity #apis #bugbountytips #BugBounty
Just got a reward for a high vulnerability submitted on @yeswehack.bsky.social -- Violation of Secure Design Principles (CWE-657). yeswehack.com/hunters/drak... #YesWeRHackers #bugbounty
drak3hft7 hunter profile - YesWeHack
drak3hft7 hunter profile
yeswehack.com
December 2, 2024 at 10:39 AM
Just got a reward for a high vulnerability submitted on @yeswehack.bsky.social -- Violation of Secure Design Principles (CWE-657). yeswehack.com/hunters/drak... #YesWeRHackers #bugbounty
Reposted by drak3hft7
Encoding isn't magic ✨: It doesn’t bypass filters or hack systems unless something decodes it.
Learn how to avoid this common security misconception:
pentesterlab.com/blog/encodin...
#AppSec #CyberSecurity #BugBounty
Learn how to avoid this common security misconception:
pentesterlab.com/blog/encodin...
#AppSec #CyberSecurity #BugBounty
PentesterLab Blog: Encoding Is Not Magic
When talking with aspiring hackers, bug bounty hunters, or application security engineers, it often feels that there’s some misunderstanding around encoding. ...
pentesterlab.com
December 1, 2024 at 12:31 AM
Encoding isn't magic ✨: It doesn’t bypass filters or hack systems unless something decodes it.
Learn how to avoid this common security misconception:
pentesterlab.com/blog/encodin...
#AppSec #CyberSecurity #BugBounty
Learn how to avoid this common security misconception:
pentesterlab.com/blog/encodin...
#AppSec #CyberSecurity #BugBounty