theMiddle

My last article about how we're spotting headless bad bot thanks to fetch metadata and client hints blog.sicuranext.com/sec-fetch-and-…

My last article about influencing LLM output by analyzing the token probability. Using logprobs and token distribution visualizations, we reveal how prompts can be carefully crafted to guide the model’s behavior. #ai #LLMs #cybersecurity #Gemini #OpenAI blog.sicuranext.com/influencing-ll…

Today's Bug Bounty Blogs #25 1)From an Android Hook to RCE: $5000 Bounty blog.voorivex.team/from-an-androi… 2)SOQL injection in SalesForce earned me $$$$$ rooted0x01.medium.com/soql-injection… 3)OAuth Non-Happy Path to ATO blog.voorivex.team/oauth-non-happ… 4)Breaking Down Multipart Parsers: File upload validation bypass blog.sicuranext.com/breaking-down-… 5)visit these website lostsec.xyz ahmed-tarek.gitbook.io/sec-notes 6)The Blueprint to Your First $1,000+ Bounty youtube.com/watch?v=8DnphD… 7)Subdomain Enumeration ALL KINDS! youtube.com/watch?v=6gY8cA… 8)OTX_AlienVault_URL The OTX Scraper is a Bash script designed to fetch URLs associated with a given domain from AlienVault's Open Threat Exchange (OTX) platform. github.com/Suryesh/OTX_Al… 9)ex-param is an automated tool designed for finding reflected parameters for XSS vulnerabilities. github.com/rootDR/ex-param 10)QuickSSRF - CAIDO Plugin github.com/caido-communit… Are you the author of these blogs? feel free to take the credit of yours, thanks for putting the efforts. Contact me to feature your blog in the next edition. I hope you’re having a great time with this series! Don’t forget to follow me @hetmehtaa and stay tuned for more exciting content! #infosec #bugbounty #bugbountytips #bugbountyblogs #hacking #redteam #cybersecurity #100xSecurity

Ciao! If you enjoyed our latest research on the SicuraNext blog, you can vote for it in the Top 10 Web Hacking Techniques! portswigger.net/polls/top-10-w… - Breaking Down Multipart Parsers: File upload validation bypass - Response Filter Denial of Service (RFDoS) ❤️

Voting is now live for the Top Ten (New) Web Hacking Techniques of 2024! Browse the nominations & cast your votes here: portswigger.net/polls/top-10-w…

Nominations are now open for the Top 10 Web Hacking Techniques of 2024! Browse the contestants and submit your own here: portswigger.net/research/top-t…

@terjanq thanks man!

Great article from @AndreaTheMiddle

Breaking Down Multipart Parsers : File upload validation bypass : blog.sicuranext.com/breaking-down-…

Breaking Down Multipart Parsers: File upload validation bypass Author: Andrea Menin Source 👇🏻 blog.sicuranext.com/breaking-down-…

Breaking Down Multipart Parsers: File upload validation bypass blog.sicuranext.com/breaking-down-…

Come funziona il mercato delle vulnerabilità zero-day? Qual è il ruolo degli enti governativi? Quali sono le implicazioni etiche? Rispondo a queste e altre domande, nell'intervista di @rev3rsesecurity youtu.be/JkjnT-Rw-kg?si…

Response Filter Denial of Service (RFDoS): shut down a website by triggering WAF rule dlvr.it/T8J3Hz #cyber #threathunting #infosec

Response Filter Denial of Service (RFDoS): shut down a website by triggering WAF rule #RFDoS #WebsiteShutdown #WAFRule #ResponseFilter #DenialofService blog.sicuranext.com/response-filte…

It’s been a while since last publication on the hop-by-hop vulnerability affecting Akamai. Special thanks to @bsysop, @sw33tLie, the Google team, and @Bugcrowd for their invaluable support. bugcrowd.com/blog/unveiling…

Response Filter Denial of Service (RFDoS), misusing OWASP CoreRuleSet Great research by SicuraNext blog.sicuranext.com/response-filte…

Response Filter Denial of Service (RFDoS): shut down a website by triggering WAF rule blog.sicuranext.com/response-filte…

#WebApp_Security Response Filter Denial of Service (RFDoS): shut down a website by triggering WAF rule blog.sicuranext.com/response-filte…

Ataque de denegación de servicio que afecta a sitios web protegidos por un WAF La técnica RFDoS aprovecha la capacidad de un atacante para publicar contenido como comentarios o reseñas para engañar al WAF y bloquear el servidor blog.sicuranext.com/response-filte…

#AWS Denial of Wallet: Parliamone! youtu.be/rYQwuQCAmFk

WordPress website fingerprint techniques blog.sicuranext.com/how-attackers-…