@ExploitforgeLTD IDOR in jwt allows attacker to transfer funds from any account to attacker controlled account, and account balance of victim can probably be enumerated via the SQLi vulnerability
Giveaway - Our instructor-led advanced bootcamps for sharpening your Red Team skills start this weekend.
Attacking and Defending Active Directory - Advanced Edition (CRTE) starts this Friday.
Advanced Windows Tradecraft - Evasion Techniques for Red Teams (CETP) starts this Saturday.
I am giving away one seat for each of the bootcamps. To participate, please Follow @nikhil_mitt and @AlteredSecurity, Like, Comment and Repost.
We will announce the random winners on Wednesday.
https://t.co/Kd0RNoINWc
#RedTeam #Evasion
Register now on #HTBAcademy through this link and gain 20 cubes to unlock courses. Kickstart your #cybersecurity career ๐
๐ Use this link and start FOR FREE: https://t.co/zUeCjkN7WC
@Bugcrowd Hey @Bugcrowd ,
Do you have systems that protect researchers from unfair duplicates or inconsistently handled reports? Since researchers canโt see beyond their own submissions, itโs difficult not to feel disadvantaged when a duplicate is issued with little or no transparency.
@Secfortress Damn! That's so messed up ๐. This means if the testing was done from an assumed breach scenario the guy won't give two shits cos "If we did not give you credentials, you'll not find the vulnerability".