InfoSec Write-ups » Bug Bounty
75 FOLLOWERS
InfoSec Write-ups offers awesome write-ups from the world's best hackers intopics ranging from bug bounties, CTFs, Hack the Box walkthroughs, hardware challenges, and real-life encounters.
InfoSec Write-ups » Bug Bounty
6d ago
In online shopping, we will find a wonderful feature most sites offer: discount codes, which provide great discounts on some products. So, what happens when hackers find a loophole that allows them to create thousands of discount codes?
We have a target let’s call “xyz.com”.
Usually, I start testing on a main domain and here I want to say that many researchers say that you will not find any bug in the main domain and this is a mistake. You should search and then move to the subdomains.
First, I start using the web application like any other user to understand the website and all its funct ..read more
InfoSec Write-ups » Bug Bounty
6d ago
Bug Tracking (Part of Bug Bounty)What is a bug?
Security bug or vulnerability is “a weakness in the computational logic (e.g., code) found in software and hardware components that, when exploited, results in a negative impact to confidentiality, integrity, OR availability.
What is Bug Bounty?
A bug bounty or bug bounty program is IT jargon for a reward or bounty program given for finding and reporting a bug in a particular software product. Many IT companies offer bug bounties to drive product improvement and get more interaction from end users or clients. Companies that oper ..read more
InfoSec Write-ups » Bug Bounty
6d ago
How to find and exploit subdomain takeovers Photo by Jennifer Uppendahl on UnsplashTable of contents
In this short article the following will be covered
Subdomain takeovers explained
How to find and Exploit them
A challenge
Subdomain takeovers explained
Subdomain takeover is when an attacker can host (malicious) content on a subdomain of someone else. This usually happens because a person/company uses a service for example Github Pages. After a while they stop using the service, delete the repository that was used to serve the content of the subdomain.
BUT they forgot to ..read more
InfoSec Write-ups » Bug Bounty
6d ago
1. Raspberry Pi
Use: A low-cost, highly customizable mini-computer used for various purposes such as network penetration testing, programming, and automating attacks. It can be configured for offensive cybersecurity projects.
2. WiFi Pineapple
Use: A wireless network auditing tool designed for network penetration testing. It is used for creating rogue access points, man-in-the-middle attacks, and network reconnaissance.
3. USB Rubber Ducky
Use: Disguised as a normal USB drive, this gadget delivers pre-configured keystrokes quickly when plugged into a machine, executing payloads like ..read more
InfoSec Write-ups » Bug Bounty
6d ago
Multiple Vulnerabilities in Linux CUPS (CVSS 9.9)
Multiple CUPS Vulnerabilities — RCE in Linux CUPS (CVE-2024–47076 / CVE-2024–47175 / CVE-2024–47176 / CVE-2024–47177)
Descriptions:
Several newly disclosed vulnerabilities in the Common UNIX Printing System (CUPS) pose a critical threat to Linux systems. These flaws allow remote attackers to exploit weaknesses in CUPS, potentially leading to unauthorized code execution without user interaction. The flaws affect default configurations, making millions of systems vulnerable if left unpatched.
Odin Dork:
services.modules.http.headers.server ..read more
InfoSec Write-ups » Bug Bounty
6d ago
Hii Guys,
My last writeup got lots of love. if you have not read that blog then you can Check out this blog “Master Subdomain HUNTING | Art of finding hidden assets” so i have continued the 2nd part so you can check Out the following blog post. The blog contain following thigs
Overview
Common subdomain enumeration tools
Overiew
Installation
commands
“Master subdomain HUNTING Part 2”
Master subdomain HUNTING Part 2
This blog contain the full information about the subdomain enumeration passive and active ways with most common tools
2fa Bypass all possible methods You can check o ..read more
InfoSec Write-ups » Bug Bounty
6d ago
Hi Kings & Queens, I’m YoungVanda and in this write-up, I’ll talk about a very simple CVE which led to over +20 high—critical vulnerabilities in a couple of hours and over +500 reputation. Yeah buddy, lightweight baby. In the Name of the One Who Gives Glory
If you only want to read the technical part, please start reading from the Technical Part Header.
Some Hunting Vibes
Since I was a little boy, I always wanted to be a Gangster. Sorry, I meant a farmer. ???????????? ???
https://medium.com/media/85ec3cbda79f15d8a4c394a581147f8e/href
Like World War II soldiers’ dreams, l ..read more
InfoSec Write-ups » Bug Bounty
1w ago
Explore how a basic GitHub search revealed significant security issues in Hotstar’s admin panel. This write-up outlines the flaws discovered and offers guidance on how to address and prevent similar vulnerabilities.
Hello Everyone I am Vishal Vishwakarma [@rootxvishal] I hope you enjoy it and learn something new from it.
Introduction
Hotstar, one of India’s leading streaming platforms, has gained immense popularity for its extensive library of movies, TV shows, and live sports. As with many large-scale online services, securing sensitive areas such as admin panels is critical. Recently, I ..read more
InfoSec Write-ups » Bug Bounty
1w ago
Open-source intelligence (OSINT) is an essential tool for cyber security professionals. It involves gathering information from publicly available sources to identify potential threats, vulnerabilities, and targets. This article provides a comprehensive guide on how to conduct OSINT investigations effectively.
Why We Use OSINT Tools:
OSINT tools are essential because they help automate the process of collecting, organizing, and analyzing vast amounts of publicly available information.
Key Reasons to Use OSINT Tools: 1.Efficient Information Gathering
OSINT tools automate the search for ..read more
InfoSec Write-ups » Bug Bounty
1w ago
How To Do Malware Analysis ? Malware analysis involves examining malicious software to understand its functionality, origin, and potential impact. Here’s a general outline of steps involved in malware analysis
1. Obtain the Malware Sample: Obtain a copy of the malware to be analyzed. This could be from various sources such as online repositories, honeypots, or directly from infected systems (using proper precautions to contain it).
2. Initial Assessment: Gather basic information about the malware, such as its file size, hash values (MD5, SHA1, SHA256), file type, and any initial ..read more