Relative Path File Injection (RPFI) is a technique that builds upon the Relative Path Overwrite (RPO) technique, allowing for injection of arbitrary files into the target application. MORE

Ngo on how how they discovered CVE-2024-0200, a deceptively simple, one-liner vulnerability turned it into one of the most impactful bugs in GitHub’s bug bounty history. MORE

Godfather Orwa's "The Power of Recon" talk explores top intel gathering and vulnerability spotting techniques. MORE

Digging for SSRF in NextJS apps (CVE-2024-34351). The term 'static' might imply a lack of functionality and minimal risk. Yet, these frameworks often rely on numerous underlying APIs and logic, presenting a considerable attack surface. MORE

Hacking Apple: SQL Injection to Remote Code Execution. Exploring the source code of Masa/Mura CMS. MORE

DOMPurify 3.1.3 is a highly configurable, fast, and tolerant XSS sanitizer for HTML, MathML, and SVG. MORE

Gulp v5.0.0 is a major release that includes a high-level changelog, but the complete changes are available in the individual dependency changelogs. MORE

Waymore v4.3 release: Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX, URLScan and VirusTotal. MORE

Obsidian 1.6.0, in early access, brings improved loading times, dozens of fixes, and sync improvements. MORE

BetterHelp, a mental health platform, shared users' personal data with Meta and Snapchat for advertising purposes, raising privacy concerns. MORE

PentesterLab is launching a comprehensive security code review training with over 12 hours of content. MORE

Lupin unveils Depi, a novel approach to software supply chain security, promising to revolutionize the field. MORE

Chess.com has grown from a simple chess service to a thriving $150 million ARR business by focusing on making chess accessible to everyone. MORE

The Strategy That Skyrocketed Sahil's Career. MORE

Marcus J. Carey's journey from a small town to founding a successful cybersecurity company, Threatcare, which was acquired. He also authored multiple cybersecurity books, including "Tribe of Hackers". MORE

Scott Galloway shares a "Get-Rich" formula and hard-to-hear advice for building wealth in your 30s and 40s. MORE

Mikael's PARCE framework helps land your dream job by focusing on Portfolio, Applying, Recon, Common ground, and Evolving your skills. MORE

Why Fatih prefers the iPad over a MacBook: it's more portable, has a better battery life, and is more convenient for media consumption and note-taking. MORE

Double-pressing hotkeys is a useful feature that can enhance productivity by quickly triggering frequently used workflows. MORE

An Apple productivity system leveraging shortcuts for quickly capturing and organizing notes, task management, and more. MORE

The anti-to-do list is a single tool for unlocking powerful life-changing productivity. MORE

In the absence of ROI measures, the percent of engineering time spent on value-add activities is a pretty good proxy for productivity. MORE

Mert has achieved the top position on the Bugcrowd all-time P1 and P2 leaderboard. Congrats! MORE

Renniepak is a year older. Happy birthday! MORE

Adrian has been appointed as the Head of Triage at Immunefi. Nice one! MORE

Eldar shares their bug bounty journey and reflects on the past 4 months. MORE

Roy Davis, Security Engineer and Bug Bounty Manager at Zoom, shares his ALS battle to raise awareness and support efforts to find a cure for this devastating disease. MORE

HackerOne on their AI-driven hack agent with plans to expand its capabilities further. MORE

Ayub admires infosec video creators, as they make content creation seem effortless, despite its complexity. MORE

Ramsexy is planning a 3-week van trip on the US/Canada east coast. MORE

@rjgilbert | Ryan Gilbert | Head of Content sendwithloops. Publishing workspacesxyz.

@__biancat | bianca | infra at cruise. design, neurotech, homelab enthusiast. cat & corgi hugs.

@justinsteven | xchg justin,justin | 10x full-stack hacker.

@0xtavian | Octavian | OSCP | Cloud Red Team - Lead | Penetration Testing.

Exploit Archeology, Alex exploits an old unknown Server Side Browser. MORE

Cross Window Forgery: Attackers can use the link rel="prerender" href= tag to prefetch and render a target page, enabling a stealthy attack. MORE

Even "phish-proof" MFA systems can be vulnerable to sophisticated attacks. MORE

Researchers found multiple security vulnerabilities in Microsoft's Azure Health Bot service, which could allow access to sensitive infrastructure and medical data. MORE

You can use Image Capture on Mac to transfer images and video clips from various devices, and optionally delete them from the source device. MORE

Win a free DEFCON 2024 trip. MORE

When news breaks, many turn to open source accounts and experts to make sense of events, but beware of the "Seven Deadly Sins of Bad Open Source Research." MORE

The Unspoken Secret to Achieving Success in Any Endeavor — Insights from an elite CrossFit competitor on the power of compounding accountability. MORE

"No one is stealing your success, you are your only competitor." MORE

Shubs on confidence and faith being essential in source code auditing, as they help navigate the complexities and uncertainties involved. MORE

Trash Puppy suggests that finding one's ikigai, or life's purpose, is not everything. MORE

PDF Investigator GPT summarizes and analyzes PDFs by extracting hidden Metadata that could be used in an investigation. MORE

Awesome Regex curates the best regular expression tools, tutorials, libraries, and other resources. MORE

A collection of links related to security vulnerabilities in Korean products. MORE

A collection of custom search engines curated by cqcore. MORE

The CKS Study Guide 2024 is a comprehensive resource to help you prepare for and pass the Certified Kubernetes Security Specialist exam. MORE