François ProulxinboostsecurityOpening the Pandora’s box — Supply Chain Insider Threats in Open Source projectsGiving repo “Write” in OSS project is risk. We look at insider threats in the context of a responsible disclosure for AWS Karpenter.Mar 15
Saransh Saraf aka (MR23R0)I Hacked Every Single Staff Account on AirIndia within 1.5 Minutes :)Hello Beautiful creative people, hope you’re doing great.Feb 5, 20225
François ProulxinboostsecurityThe tale of a Supply Chain near-miss incidentWe disclosed to Chainguard in December 2023 that a GitHub Actions workflow we discovered was vulnerable to a “pwn request”, potentially…Feb 131Feb 131
Japz DivinoinPinoy White HatBypass HackerOne 2FA requirement and reporter blacklistSeverity: Medium (5.0) — High (7.1) Weakness: Improper Authorization Bounty: $10,000 Summary:Oct 31, 20186Oct 31, 20186
Harm van den BrinkHow a Charge Point Operator accidentally leaked authentication information of all its potential…In october 2023 I found a massive leak in the cloud platform (via an application programming interface) of one of the bigger charge point…Nov 30, 20231Nov 30, 20231
François ProulxinboostsecurityOpening the Pandora’s box — Supply Chain Insider Threats in Open Source projectsGiving repo “Write” in OSS project is risk. We look at insider threats in the context of a responsible disclosure for AWS Karpenter.Mar 15
Saransh Saraf aka (MR23R0)I Hacked Every Single Staff Account on AirIndia within 1.5 Minutes :)Hello Beautiful creative people, hope you’re doing great.Feb 5, 20225
François ProulxinboostsecurityThe tale of a Supply Chain near-miss incidentWe disclosed to Chainguard in December 2023 that a GitHub Actions workflow we discovered was vulnerable to a “pwn request”, potentially…Feb 131
Japz DivinoinPinoy White HatBypass HackerOne 2FA requirement and reporter blacklistSeverity: Medium (5.0) — High (7.1) Weakness: Improper Authorization Bounty: $10,000 Summary:Oct 31, 20186
Harm van den BrinkHow a Charge Point Operator accidentally leaked authentication information of all its potential…In october 2023 I found a massive leak in the cloud platform (via an application programming interface) of one of the bigger charge point…Nov 30, 20231
Satya PrakashWebsites that have Hall of Fame, VDP or Responsible Disclosure ProgramBelow is the List of Websites that has VDP or Responsible Disclosure Programs along with the links that contain Hall of FameDec 1, 2022
Rj07CVE-2023–35078 Unveiled: Ethical Vulnerability Discovery and Reporting By Me and My Hunting Buddy…Introduction: In our regular vulnerability hunt,themalwarebug and I set on several services, narrowing down to a few select IP addresses…Nov 18, 2023
Jonathan BoumanLaravel debug mode left on at Zouikwatzeggen.nlCoordinated vulnerability disclosure of a bug in an application used to submit reports of improper behaviour.Jun 30, 2023