MonkeHacks #48 Codebase Redesign, Celebrations, Climbing

🐵 MonkeHacks #48
Codebase Redesign, Celebrations, Climbing

#bugbountytips #hacktheplanet #bugbounty monke.ie/p/monkehacks...

Enjoy the videos and music that you love, upload original content and share it all with friends, family and the world on YouTube.

SSRFs can be tough to make critical without cloud metadata, especially against a target like GitLab that strengthens its infra with every SSRF. Yet @joaxcar.bsky.social broke through with the first critical SSRF on GitLab since 2020. Enjoy our explanation from Sweden! 🇸🇪

One of my favorite bugs from last year

Here's what's in the latest issue of BBRE Newsletter 🔥

Kids these days don't even know how much opportunity they have to learn hacking from actual pros.

I know there is a lot of content out there, so it can be hard to find the good stuff. But 10 years ago you had to be lucky to find at least something.

Anyway, watch this 👇

Flare-On 2024 Solutions and Commentary YouTube video by BasteG0d69

My videos for Flare-On 2024 are live! Watch me reverse engineer all the challenges from start to end. 🎉🥳

+ Commentary video featuring SuperFashi, where we review the chals together.

* 45 hours of content
* 400+ GB of raw footage

Merry Christmas! Link: www.youtube.com/watch?v=vwW9...

⚠️Challenge time again⚠️

It is based on a real-world situation. Use the HTML injection to leak the flag to an external domain ☃️

This time, send solutions in DM; we don't want to spoil the fun. I also might want to patch any obvious blunder I made creating it

joaxcar.com/xss/outer.ht...

MonkeHacks #43 Year in Review, Technique Drop, Taking Care

🐵 MonkeHacks #43
Year in Review, Technique Drop, Taking Care

📝In this issue, I drop a fun technique for bypassing redirect checks in certain situations. Enjoy :)

#bugbountytips #hacktheplanet #bugbounty monke.ie/p/monkehacks...

A small code-golf web challenge (free research from you, for me), how short can you make a "fetch content and execute it inline".

There is a CSP in a meta tag.
Goal: get the content from the file hack.js and have it inserted in the page. like in the image

joaxcar.com/xss/self.html

Here's what's in the latest issue of BBRE Newsletter 🔥

🫡 2024 YTD #BugBounty stats update:

📄 7 issues Reported (4 Crit, 2 High, 1 Medium)
💰 4 issues Paid
⚪ 1 Informational
🔴 1 OOS

Will try it, seems to be fun!

Doing some @portswigger.net advent calendar this year as well. Join me on advent.j15.se

Its not affiliated with Portswigger but it will link you to one of their chapters each day (random for max excitement)

Its created 100% using Cursor so any bugs is AI’s fault

Can I ask the reason why a RCE is a low/medium severity bug in this case? Attack complexity or scope is not core asset?

Back to the Basics - Web Fundamental to 100k a Year in Bug Bounty (Ep. 99) YouTube video by Critical Thinking - Bug Bounty Podcast

This week we've got a rare episode that is also a bit more beginner friendly!

0xLupin (of Lupin and Holmes) and @rhynorater.bsky.social breakdown some of the hacker mentality that really caused some breakthrough in their hacker growth.

Check it out!
youtu.be/yxc2jVKE-jo

Dope!

Alright, new platform so I'm going to start sharing some things that I'm excited about to keep the momentum flowing!

Rn, I think the 403 Bypasser Caido plugin from Bebiks is freaking amazing.

This is a tool to automate the bypassing of walled-off endpoints.

This plugin does 3 things right:

Any bug bounty people around? I'm creating a starter pack of people to follow but it's pretty brief currently! Let me know if you'd like to be added: go.bsky.app/GD7hKPX

🫡

Bug bounty hunters & content creators Join the conversation

The "bug bounty hunters and content creators" starter pack is now up to 60 users! Follow this to get instantly connected to the bug bounty community & let me know if I've missed you off!

go.bsky.app/GD7hKPX

Trying to make a list of programs that have hosted a live event on hackerone
-epic games
-tiktok
-zoom
-salesforce
-uber
-PayPal
-DoD
-shopify
-airbnb
-yahoo
-Starbucks
-Amazon
Which did I miss #Bugbounty

I really needed this list! Thanks

Hello World!