BugXplorer

elttam is an independent security company providing research-driven security assessment services. We combine pragmatism and deep technical insight to help our customers secure their most important assets.

Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid. - streaak/keyhacks

In this blog post, we will explore a new way of exploiting the vulnerability on PHP, using direct calls to iconv(), and illustrate the vulnerability by targeting Roundcube, a popular PHP webmail.

LIKE and SUBSCRIBE with NOTIFICATIONS ON if you enjoyed the video! 👍 There's a lot of hype around AI at the moment. Join Jason Haddix (@jhaddix) as he cuts through all the BS to show you 5 practical ways to use AI to supercharge your bounty hunting RIGHT NOW. Jason will cover AI for Recon, JavaScript analysis, Vulnerabilty Discovery, Payload Generation, and Reporting. 📚 If you want to learn bug bounty hunting from me: bugbounty.nahamsec.training 💻 If you want to practice soem of my free labs and challenges: app.hacking.hub.io 🔗 LINKS: 📖 MY FAVORITE BOOKS: Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities -

Hacking APIs: Breaking Web Application Programming Interfaces -

Black Hat GraphQL: Attacking Next Generation APIs -

🍿 WATCH NEXT: If I Started Bug Bounty Hunting in 2024, I'd Do this -

2023 How to Bug Bounty -

Bug Bounty Hunting Full Time -

Hacking An Online Casino -

WebApp Pentesting/Hacking Roadmap -

MY OTHER SOCIALS: 🌍 My website -

👨‍💻 My free labs -

🐦 Twitter -

📸 Instagram -

👨‍💻 Linkedin -

WHO AM I? If we haven't met before, hey 👋! I'm Ben, most people online know me online as NahamSec. I'm a hacker turned content creator. Through my videos on this channel, I share my experience as a top hacker and bug bounty hunter to help you become a better and more efficient hacker. FYI: Some of the links I have in the description are affiliate links that I get a a percentage from.

Scalpel is a Burp extension for intercepting and rewriting HTTP traffic, either on the fly or in the Repeater using Python 3 scripts.

This is a resource factory for anyone looking forward to starting bug hunting and would require guidance as a beginner. - bittentech/Bug-Bounty-Beginner-Roadmap

While implementing PHP, the team did not notice the Best-Fit feature of encoding conversion within the Windows operating system. This oversight allows unauthenticated attackers to bypass the previous protection of CVE-2012-1823 by specific character sequences. Arbitrary code can be executed on remote PHP servers through the argument injection attack.