drak3hft7

Shadow Repeater:AI-enhanced manual testing Have you ever wondered how many vulnerabilities you've missed by a hair's breadth, due to a single flawed choice? We've just released Shadow Repeater, which enhances your manual testing with AI-powere

portswigger.net/research/sha...

40+ Google Dorks For Low Hanging Fruits

https://bitpanic.medium.com/40-google-dorks-for-low-hanging-fruits-d8fc3d5d7a8d?source=rss------bug_bounty-5

Amazing swag 🤠 thanks @yeswehack.bsky.social #bugbounty

‘My best attribute? Persistence’: drak3hft7’s Bug Bounty story Drak3hft7 on the value of soft skills in Bug Bounty, his journey to becoming an ethical hacker, his best bug find so far and his favourite hacking tools.

@yeswehack.bsky.social #bugbounty #cybersecurity

Compromising OpenWrt Supply Chain via Truncated SHA-256 Collision and Command Injection Introduction Hello, I’m RyotaK (@ryotkak ), a security engineer at Flatt Security Inc. A few days ago, I was upgrading my home lab network, and I decided to upgrade the OpenWrt on my router.1 After ac...

Articles worth reading discovered last week:

🗞 flatt.tech/research/pos...
🗞 snyk.io/articles/rem...
🗞 nastystereo.com/security/rub...
🗞 blog.doyensec.com/2024/12/03/c...
🗞 nastystereo.com/security/r-s...
🗞 satoooon1024.hatenablog.com/entry/2024/1...
🗞 portswigger.net/research/byp...

Bypassing WAFs with the phantom $Version cookie HTTP cookies often control critical website features, but their long and convoluted history exposes them to parser discrepancy vulnerabilities. In this post, I'll explore some dangerous, lesser-known

Did you know you can use an ancient magic cookie to downgrade parsers and bypass WAFs?! Hope you enjoy this quality bit of RFC-diving from @d4d89704243.bsky.social!
portswigger.net/research/byp...

PentesterLab Blog: CORS Vulnerabilities in Go: Vulnerable Patterns and Lessons Dive into common CORS vulnerabilities found in Go codebases, with real-world examples of flawed origin validation. Understand how these mistakes occur and why Go developers need robust solutions to se...

🚨 CORS vulnerabilities in Go 🚨

Misusing strings.HasSuffix, Contains, or HasPrefix? You might be leaving the door wide open! 🔓

Learn how these patterns lead to bypasses 🐛👇

👉 pentesterlab.com/blog/golang-...

A mindmap with the following text https://tl.gd/n_1ss2vji

What is an API? What makes them special? And what kind of APIs are out there? #apisecurity #apis #bugbountytips #BugBounty

drak3hft7 hunter profile - YesWeHack drak3hft7 hunter profile

Just got a reward for a high vulnerability submitted on @yeswehack.bsky.social -- Violation of Secure Design Principles (CWE-657). yeswehack.com/hunters/drak... #YesWeRHackers #bugbounty

NIS 2 guide: CTEM, CVD and cost-effective compliance With just four months left until the NIS 2 Directive is mandated to come into force EU-wide, we’ve answered some FAQs about the cyber-resilience legislation.

www.yeswehack.com/security-bes...

GitHub - drak3hft7/Cheat-Sheet---Active-Directory: This cheat sheet outlines common enumeration and attack methods for Windows Active Directory using PowerShell. This cheat sheet outlines common enumeration and attack methods for Windows Active Directory using PowerShell. - drak3hft7/Cheat-Sheet---Active-Directory

github.com/drak3hft7/Ch... #cybersecurity #offensivesec #activedirectory

PentesterLab Blog: Encoding Is Not Magic When talking with aspiring hackers, bug bounty hunters, or application security engineers, it often feels that there’s some misunderstanding around encoding. ...

Encoding isn't magic ✨: It doesn’t bypass filters or hack systems unless something decodes it.

Learn how to avoid this common security misconception:

pentesterlab.com/blog/encodin...

#AppSec #CyberSecurity #BugBounty