RCE in Progress WS_FTP Ad Hoc via IIS HTTP Modules (CVE-2023-40044)
0x01
How to build custom scanners for web security research automation
In this post, I’ll share my approach to developing custom automation to aid research into under-appreciated attack classes and (hopefully) push the boundaries of web security. As a worked example, ...
👩💻IW Weekly #79: RCE in Google Chrome, CVE-2023-40044, OIDC misconfiguration to ATO, accessing millions of call recordings and many more..
To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 Job Alerts and a Special Item 🫢
Bug Bytes #212 – XSS Payloads, IDOR prediction and Cloud Security
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps us up to date with a comprehensive list of write-u...
👩💻IW Weekly #78: OAuth Misconfiguration, Account Takeover, Virtual Hosts, SQL Injection, Hacker Tweets, Advanced Root Detection Bypass Techniques and many more..
Welcome to the #IWWeekly78 - the Monday newsletter that brings the best in Infosec straight to your inbox. To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 Job Alerts and a Special Item ...
👩💻IW Weekly #77: Azure AD privilege escalation, CVE-2022-3910, Web Cache deception attack, GraphQL enumeration techniques, IDOR and many more..
Welcome to the #IWWeekly77 - the Monday newsletter that brings the best in Infosec straight to your inbox. To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 Job Alerts and a Special Item...
Bug Bytes #211 – Hacking Casinos, Microsoft’s Key Mishap, Read the Docs and ImageMagick Strikes Again
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps us up to date with a comprehensive list of write-u...
👩💻IW Weekly #76: Android Native Libraries, Proton Mail’s Security, Source Code & Secrets exposed on Top Websites, Zero Click Mass ATO, CSP Protection Bypass on Google, Hacking Online Casino and many more..
Welcome to the #IWWeekly76 - the Monday newsletter that brings the best in Infosec straight to your inbox. To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 Job Alerts and a Special Ite...
Bug Bytes #210 – Zenbleed, Interview Questions, Challenge Coins and SQL Injections
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps us up to date with a comprehensive list of write-u...
👩💻IW Weekly #75: Privilege Escalation by request manipulation, PII Disclosure by manipulating parameters, PII leak using misconfigured API, CRLF to XSS, Blind SSRF with Out-of-band Detection and many more..
Welcome to the #IWWeekly75 - the Monday newsletter that brings the best in Infosec straight to your inbox. To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 Job Alerts and a Special Ite...