Category: pentesting

Black Hat USA 2019: Top Mobile AppSec Talks
Android, Black Hat USA 2019

Black Hat USA 2019: Top Mobile AppSec Talks

Black Hat USA 2019: Top Mobile AppSec Talks The NowSecure team is gearing up for an incredible week at Black Hat USA 2019 in Las ... Read More

What do Netcat, SMTP and self XSS have in common? Stored XSS
bug-bounty, BugBountywriteup

What do Netcat, SMTP and self XSS have in common? Stored XSS

If you are reading this you are probably wondering what is this? is this some kind of a joke? The answer is No, and it ... Read More

Wrong Swipe, Tinder!
bug-bounty, BugBountywriteup

Wrong Swipe, Tinder!

Note: The following article was published on 16/07/2019 on https://FogMarks.comToday’s case-study does not involve any vulnerability at all.Yes — you heard me. No XSSes, no open redirects, ... Read More

UnkL4b/GitMiner: Tool for advanced mining for content on Github
penetration testing, UNKL4B

UnkL4b/GitMiner: Tool for advanced mining for content on Github

filename:.npmrc _auth npm registry authentication data filename:.dockercfg auth docker registry authentication data extension:pem private private keys extension:ppk private puttygen private keys filename:id_rsa or filename:id_dsa private ... Read More

How to get started in CyberSecurity? Part – 1
BugBountywriteup, computer-security

How to get started in CyberSecurity? Part – 1

Few days back I surpassed 1k followers on medium & I thought to address the most common question that I get from people. “How to ... Read More

1-Click Account Takeover in Virgool.io — a Nice Case Study
bug-bounty, BugBountywriteup

1-Click Account Takeover in Virgool.io — a Nice Case Study

1-Click Account Takeover in Virgool.io — a Nice Case StudyHello, Virgool is a light, Iranian version of meduim.com, recently I found 1-click account takeover vulnerability in their product.Virgool gives ... Read More

Burning down the house with IoT
A Zero Day Latest News, Internet of Things

Burning down the house with IoT

For years we’ve been trying to set fire to ‘smart’ things by hacking them. We got some charring on the iKettle, but nothing more. Then ... Read More

Think Twice Before Adopting Security By Obscurity in Kotlin Android Apps
Android, Kotlin

Think Twice Before Adopting Security By Obscurity in Kotlin Android Apps

Think Twice Before Adopting Security By Obscurity in Kotlin Android Apps My mission as a mobile security researcher at NowSecure and during my doctorate days ... Read More

Zoom Zero Day: 4+ Million Webcams & maybe an RCE? Just get them to visit your website!
BugBountywriteup, cybersecurity

Zoom Zero Day: 4+ Million Webcams & maybe an RCE? Just get them to visit your website!

A vulnerability in the Mac Zoom Client allows any malicious website to enable your camera without your permission. The flaw potentially exposes up to 750,000 ... Read More