BugPoC

BugPoC is a platform to build and share proof-of-concepts for Bug Bounty Submissions, PenTest Deliverables, & Red Team Reports. Create your free account today at bugpoc.com/join

"We can instantly fill their room with hundreds of crawling spiders and screeching bats!" trib.al/vkx2Kq6

Vision Pro bug fixed; websites can no longer fill your room with bats 9to5mac.com/2024/06/21/vis… by @benlovejoy

CVE-2024-27812 ryanpickren.com/vision-pro-hack

Spatial Computing Hack Exploits Apple Vision Pro Flaw to Fill Room With Spiders, Bats securityweek.com/spatial-comput…

Critical Vulnerabilities Allow Hackers to Take Full Control of Wago PLCs securityweek.com/critical-vulne…

@alexm_py @AustinSturm ❤️❤️ you guys

@AustinSturm Cc @bugpoc_official

Got tipsy with a solid friendo in the nations capital, AMA

A group of MacOS vulnerabilities—fixed by Apple at the end of last year—could allow an attacker to "punch a hole" in your Safari browser, granting them access to your online accounts, to turn on your mic, or even take over your webcam. 😳 wired.trib.al/sIiHSjb

Great research once again from Ryan Pickren for those looking for Apple bugs: Gaining unauthorized camera access via Safari UXSS ryanpickren.com/safari-uxss

$100,500 @Apple bug bounty 🤯 Safari UXSS, Gatekeeper bypass, local file execution, and filesystem access CVE-2021-30861 CVE-2021-30975 #bugbountytips #apple ryanpickren.com/safari-uxss

If you never used @bugpoc_official this is a nice challenge where it could come in handy :)

Got SSRF/LFI using Open Graph Protocol , Server was parsing thumbnail using og:image property , Crafted a page by putting <meta property="og:image" content="file:///etc/passwd"/> to pull local file, Similar approach used to solve @bugpoc_official CTF⬇️ #bugbounty #bugbountytips

@_d3f4u17_ @Hacker0x01 Don’t worry, we have lots of awesome stuff coming soon! Stay tuned for more CTFs and product announcements!

It's sad 😥 to see @bugpoc_official shutting down their bug bounty program on @Hacker0x01 , I really loved all the awesome CTFs hosted by bugpoc.

Want to learn how to chain an Encryption Oracle + SSRF + Dir Traversal + Heapdump? Check out this great write-up by @dunglt140150 about our latest CTF! 📝 Huge thanks to all hackers that made write-ups! More CTFs coming soon! 🪲🔨 ltidi.medium.com/bugpoc-hack-th…

New video! I just made a walkthrough of @bugpoc_official's Doggo CTF in partnership with @amazon's security team. Some fun with device fingerprinting, a path traversal, and more! youtu.be/G2n6AdTQmqU BTW the CTF is still up, if anyone wants to give a try!

Thanks for the fun memory leak challenge @bugpoc_official @NahamSec! Wrote a thing or two on how to approach & solve the challenge, alternative solutions, and shared some tools/tips as well. Enjoy! :) creastery.com/blog/bugpoc-ap…

My CTF challenge write up. Thanks @bugpoc_official @NahamSec ! vamitrou.medium.com/bugpoc-amazon-…

Here is my write-up for the Hack The Amazon Interview #ctf: world.hey.com/alois/hack-the… Thanks @bugpoc_official @NahamSec

Writeup for BugPoC CTF - Memory Leak Challenge: ltidi.medium.com/bugpoc-hack-th… Much obliged @bugpoc_official !

Huge THANK YOU to all the hackers that participated in our latest CTF! Congrats to the following raffle winners: @RobinZekerNiet @TechBrunchFR @Akshanshjaiswl @y_sodha Check H1 for a $250 prize! Don't forget to publish blog write-ups before 05/05 10pm EDT. Our fave gets $250!