Security Articles & Resources

Discover the latest cybersecurity articles, tutorials, and resources from around the web.

Popular Tags

Bug Bounty Hacking Cybersecurity Pentesting Bug Bounty Tips Hackerone Ssrf Bug Bounty Writeup Bugbounty Writeup Infosec

Active Filters

Tag: Security
Clear All Filters

Showing 10 of 16 articles

HubSpot Full Account Takeover in Bug Bounty - InfoSec Write-ups

HubSpot Full Account Takeover in Bug Bounty - InfoSec Write-ups

Hi everybody, our story today will be about how I was able to get a Full account takeover on HubSpot Public Bug Bounty Program at Bugcrowd platform While I was testing authentication functions I came…

Omar Hashem
Jun 04, 2025 1 min read
Bug Bounty Cybersecurity Hacking +2
Recommended Design for a Secure Network Architecture

Recommended Design for a Secure Network Architecture

In this writeup, I will be discussing a new topic focusing on network security and specifically a “recommended” network architecture…

Naka
Jun 04, 2025 1 min read
Networking Cybersecurity Network Security +2
Full-Blown SSRF to Gain Access to Millions of Users’ Records and Multiple Internal Panels

Full-Blown SSRF to Gain Access to Millions of Users’ Records and Multiple Internal Panels

This write-up details an SSRF vulnerability that allowed unauthorized access to millions of sensitive data and internal services.

Skyer
May 31, 2025 1 min read
Bug Bounty Cybersecurity Hacking +2
Grafana CVE-2025–4123: Full Read SSRF & Account Takeover

Grafana CVE-2025–4123: Full Read SSRF & Account Takeover

An open redirect happens when a web application takes a URL parameter and redirects the user to the specified URL without validating it. This might not seem dangerous on its own, but this type of bug…

Alvaro Balada
May 31, 2025 1 min read
Cybersecurity Bug Bounty Infosec +1
Kubernetes Security Basics: From a Pentester’s Point of View

Kubernetes Security Basics: From a Pentester’s Point of View

Explore Kubernetes security from a pentester's point of view. Follow a hands-on walkthrough from reconnaissance to root access, focusing on network packet analysis, exploitation techniques, and cluster misconfigurations.

Bhavik Kanejiya
May 30, 2025 1 min read
Kubernetes Security
Facebook bug: A Journey from Code Execution to S3 Data Leak
Featured

Facebook bug: A Journey from Code Execution to S3 Data Leak

A Tale of Two Threats: OS Command Injection and Data Leak in Meta’s (formerly Facebook) Careers Platform

Bipin Jitiya
May 27, 2025 1 min read
Cybersecurity Technology Programming +2
Stealing First Party Access Token of Facebook Users: Meta Bug Bounty

Stealing First Party Access Token of Facebook Users: Meta Bug Bounty

Hi, I am Saugat Pokharel from Kathmandu, Nepal. I am going to talk about one of my findings on Facebook. The vulnerability led to the…

Saugat Pokharel
May 27, 2025 1 min read
Bug Bounty Cybersecurity Hacking +2
Why JWTs Valid After Logout: A Pentester’s Guide to Testing and Securing Tokens

Why JWTs Valid After Logout: A Pentester’s Guide to Testing and Securing Tokens

Discover why JWTs stay valid after logout and how refresh tokens keep apps secure. A pentester’s clear guide to testing and fixing tokens.

Sid Joshi
May 27, 2025 1 min read
Jwt Exploitation Bug Bounty Pentesting +2
MQTT Pentesting: Authentication, Authorization & Availability Attacks

MQTT Pentesting: Authentication, Authorization & Availability Attacks

Introduction:

Vaishali Nagori
May 27, 2025 1 min read
Iot Security Mqtt Pentesting +2
SSTI in mblog 3.5.1 - A tale of a glorified RCE (CVE-2024-28713) - vsociety

SSTI in mblog 3.5.1 - A tale of a glorified RCE (CVE-2024-28713) - vsociety

Write a blog analysis for a CVE

Shivam Bathla
May 26, 2025 1 min read
vsociety vicarius vulnerabilities +5
Showing page 1 of 2 (16 total articles)