SVG: https://blog.it-securityguard.com/pbbt.svg PDF: https://blog.it-securityguard.com/pbbt.pdf XMIND: https://blog.it-securityguard.com/pbbt.xmind PNG: https://blog.it-securityguard.com/pbbt.png
Patrik’s Bug Bounty 🛠️Tools🛠️ Read More »
Dear Readers – it’s been a while. First and foremost: This blog post is mostly inspired by the Gotham Security : jolokia-vulnerabilities-rce-xss write-up. None of what you are about to read is really new; I just found it difficult to find a complete write-up which describes the most common misconfigurations, so I decided to spin
How I made more than $30K with Jolokia CVEs Read More »
📖Intro 📖 During the process of RECON you often get thousands of domains you have to look at. A suitable way to decrease the time you spend on each website is to take a screenshot of each website. There are several tools available such as EyeWitness (https://github.com/ChrisTruncer/EyeWitness) or ScreenShotter (https://github.com/BladeMight/ScreenShotter). Unfortunately, I had issues setting them
[Tools] Visual Recon – A beginners guide Read More »
Dear readers, Long story short, doing bug bounties for mobile devices is hard. With this article I want to show you a rather simple way to be able to bypass certificate pinning for all some of your Android mobile targets. The method described here is based on research and an awesome blogpost+script written by Piergiovanni Cipolloni. Whenever there
The Stony Path of Android 🤖 Bug Bounty – Bypassing Certificate Pinning Read More »
[pdf-embedder url=”https://wss.sh/wp-content/uploads/2017/10/IOT_Mosquitto_Pfehrenbach.pdf” title=”SOA_Jurreit_Fehrenbach”]
[pdf-embedder url=”https://wss.sh/wp-content/uploads/2017/04/SOA_Jurreit_Fehrenbach_korrigiert.pdf” title=”SOA_Jurreit_Fehrenbach”]
[Paper] Analysis of security vulnerabilities in Microsoft Office 365 in regard to SAML Read More »
tldr; A Private Bug Bounty Program had a globally readable .htpasswd file. I cracked the DES hash, got access to development and staging environments and was rewarded a shitload of$. [Tools used] dirbuster https://www.owasp.org/index.php/Category:OWASP_DirBuster_Project John http://www.openwall.com/john/ [\Tools used] Today I want to share something with you that I recently discovered in a private Bug Bounty Program. Due
[BugBounty] Decoding a $😱,000.00 htpasswd bounty Read More »
Dear Readers, once in a while I enjoy blogging about things unrelated to bug bounties. And so, as it happens, on a quiet Thursday night as I was about to go to bed, I received the following e-mail: Hmmm unwanted login from a location near Berlin? My younger brother lives in Berlin, I wondered if
[Research] Phishermans Friend – Getting control over a phishing backend Read More »
Dear Readers, Today I want to share a short write-up about a stored cross-site scripting (XSS) issue I found on the Google Cloud Console. I consider it a lucky find. Some of you may remember the tweet I sent to Frans Rosén after he discovered a vulnerability on Google Payments: As it turned out, among
[BugBounty] Sleeping stored Google XSS Awakens a $5000 Bounty Read More »
There is no excerpt because this is a protected post.
Protected: Digging into the Shopify POS Firmware (Part 1) Read More »
English 
German