Patrik Fehrenbach

Weekly Vulnerability Trends Report – 2024-07-12

This Week’s Vulnerability Landscape Welcome to our weekly vulnerability trends report. This week, we’ve analyzed 2000 vulnerabilities to bring you the most important security insights. Top Affected Vendors This chart shows the vendors with the most reported vulnerabilities this week. The top affected vendors are: qualcomm: 4518 vulnerabilities adobe: 1002 vulnerabilities cisco: 475 vulnerabilities hanwhavision: […]

Weekly Vulnerability Trends Report – 2024-07-12 Read More »

Weekly Vulnerability Trends Report – 2024-07-06

This Week’s Vulnerability Landscape Welcome to our weekly vulnerability trends report. This week, we’ve analyzed 2000 vulnerabilities to bring you the most important security insights. Top Affected Vendors This chart shows the vendors with the most reported vulnerabilities this week. The top affected vendors are: microsoft: 467 vulnerabilities adobe: 286 vulnerabilities apple: 205 vulnerabilities jetbrains:

Weekly Vulnerability Trends Report – 2024-07-06 Read More »

The Art of Bug Hunting: A Photographic Journey

Hello, fellow nerds, it’s been a while! Today, let’s delve into a some analogy – the striking similarities between bug bounty hunting and photography. This comparison isn’t just for kicks; it’s a serious look at how these two fields, though seemingly worlds apart, share fundamental principles. Focusing the Lens: Spotting Vulnerabilities Photography begins with spotting

The Art of Bug Hunting: A Photographic Journey Read More »

[Tools] Visual Recon – A beginners guide

📖Intro 📖 During the process of RECON you often get thousands of domains you have to look at. A suitable way to decrease the time you spend on each website is to take a screenshot of each website. There are several tools available such as EyeWitness (https://github.com/ChrisTruncer/EyeWitness) or ScreenShotter (https://github.com/BladeMight/ScreenShotter). Unfortunately, I had issues setting them

[Tools] Visual Recon – A beginners guide Read More »

The Stony Path of Android 🤖 Bug Bounty – Bypassing Certificate Pinning

Dear readers, Long story short, doing bug bounties for mobile devices is hard. With this article I want to show you a rather simple way to be able to bypass certificate pinning for all some of your Android mobile targets. The method described here is based on research and an awesome blogpost+script written by Piergiovanni Cipolloni. Whenever there

The Stony Path of Android 🤖 Bug Bounty – Bypassing Certificate Pinning Read More »

[BugBounty] Decoding a $😱,000.00 htpasswd bounty

tldr; A Private Bug Bounty Program had a globally readable .htpasswd file. I cracked the DES hash, got access to development and staging environments and was rewarded a shitload of$. [Tools used] dirbuster https://www.owasp.org/index.php/Category:OWASP_DirBuster_Project John http://www.openwall.com/john/ [\Tools used] Today I want to share something with you that I recently discovered in a private Bug Bounty Program. Due

[BugBounty] Decoding a $😱,000.00 htpasswd bounty Read More »

de_DEGerman