kedrisec
@kedrisec
Followers
647
Following
2K
Media
13
Statuses
361
Joined November 2015
RT @inbbupdates: $15k RCE Through Monitoring Debug Mode. #infosec #bugbounty #TogetherWeHitHarder #inbbupdatesblo….
medium.com
Have you ever come across an endpoint that you instinctively knew was vulnerable, but you couldn’t quite understand what was happening on…
0
35
0
RT @BattleDashDev: Just published a new write-up - Hacking 700 Million Electronic Arts Accounts
battleda.sh
(Ethically). Here's how I did it.
0
86
0
RT @thezdi: CVE-2024-30043: @chudyPB details this #SharePoint XXE he discovered. He calls it one of the craziest XXEs he has ever seen, bot….
zerodayinitiative.com
Yes, the title is right. This blog covers an XML eXternal Entity (XXE) injection vulnerability that I found in SharePoint. The bug was recently patched by Microsoft. In general, XXE vulnerabilities...
0
83
0
RT @fransrosen: I often export proxy items from Burp to extract certain data. Example: filter out all response headers where request param….
github.com
For unpacking base64:ed "Save items"-content from Burp (From search + proxy history) - fransr/unpack-burp
0
74
0
RT @ndevtk: Bug write-up for Google Extensions thanks @ThomasOrlita and others for the help :) this writeup does in….
ndevtk.github.io
The reward total in the post title does not include other people’s bugs that this writeup includes but does include that bug from Proton that’s notably not a Google extension. This may not reflect...
0
116
0
RT @molejarka: @nnwakelam Maybe this will help:
securing.pl
What you should consider when trying to securely integrate with SAML Identity Provider.
0
1
0
RT @therceman: How to pay less to researchers:. 1) researcher finds a bug.2) you check for previous reports containing the same logic / bug….
0
3
0
RT @vulnano: How @Hacker0x01 support solves payments issues? Just closes the tickets without explanation.
0
2
0
RT @theXSSrat: "IDOR is simple" . And apples are blue .
xmind.app
A Mind Map about IDOR Techniques submitted by EnJCGefUkO on Jun 24, 2021. Created with Xmind.
0
91
0
RT @kaimi_io: Article from the previous post translated in English. 20 years of #payment processing problems. #sec….
kaimi.io
Thanks to @yarbabin for the logo Electronic payment systems have existed on the Internet for a long time, and some bugs in them are twenty years old. We’ve found critical vulnerabilities allowing us…
0
7
0
RT @ska_vans: How I stopped hunting on @Hacker0x01 after years because they stole my $50k. #HackerOne #BugBounty .
medium.com
You may have heard about Belarusian security researcher xnwup and the story of blocking his $25k on HackerOne. It was pretty resonant at…
0
101
0
RT @Jhaddix: = Infosec super-thread =. A big part of my presos is tools/resources I like for offensive security & bug hunting. Here's a t….
docs.google.com
The Bug Hunter’s Methodology Application Hacking v1
0
226
0
I'm really sorry to hear that. I think that's this policy is very unfair and it should be cancelled because it's just stealing the money. I'm still don't understand how the sanctions disturb h1 to pay out the money in crypto. @Hacker0x01 ?.
0
0
0
RT @HolyBugx: My File Upload Checklist, detailed version of @hunter0x7 checklist, and also some extra methods I personally use and gathered….
0
710
0
RT @PortSwiggerRes: The top 10 web hacking techniques of 2020, by .@albinowax with help from @filedescriptor, @irsdl, @Agarri_FR and the en….
portswigger.net
Welcome to the Top 10 (novel) Web Hacking Techniques of 2020, our annual community-powered effort to identify the must-read web security research released in the previous year. Over the past few weeks
0
242
0