LiveOverflow 🔴
@liveoverflow.bsky.social
Ah cool thanks! I was wondering where this is from. I was just thinking of "Fancy Bear" en.wikipedia.org/wiki/Fancy_B...
Fancy Bear - Wikipedia
en.wikipedia.org
January 29, 2025 at 3:47 PM
Ah cool thanks! I was wondering where this is from. I was just thinking of "Fancy Bear" en.wikipedia.org/wiki/Fancy_B...
This was really a good conversation!
1. OP is capable to self-reflect and be humble
2. Commenters are knowledgable and they asked the right questions
3. And OP genuinely engaged with the responses
Source: www.reddit.com/r/bugbounty/...
1. OP is capable to self-reflect and be humble
2. Commenters are knowledgable and they asked the right questions
3. And OP genuinely engaged with the responses
Source: www.reddit.com/r/bugbounty/...
From the bugbounty community on Reddit
Explore this post and more from the bugbounty community
www.reddit.com
January 24, 2025 at 2:14 PM
This was really a good conversation!
1. OP is capable to self-reflect and be humble
2. Commenters are knowledgable and they asked the right questions
3. And OP genuinely engaged with the responses
Source: www.reddit.com/r/bugbounty/...
1. OP is capable to self-reflect and be humble
2. Commenters are knowledgable and they asked the right questions
3. And OP genuinely engaged with the responses
Source: www.reddit.com/r/bugbounty/...
This is the kind of issue where you need to change your perspective. If you are stuck with "we as the attacker want to directly access cached data", you will miss the obvious.
Turns out, we can control the cache parameter, by forcing the victim to visit the link with our value!!
Turns out, we can control the cache parameter, by forcing the victim to visit the link with our value!!
January 24, 2025 at 2:14 PM
This is the kind of issue where you need to change your perspective. If you are stuck with "we as the attacker want to directly access cached data", you will miss the obvious.
Turns out, we can control the cache parameter, by forcing the victim to visit the link with our value!!
Turns out, we can control the cache parameter, by forcing the victim to visit the link with our value!!
OP clarifies it's not the browser cache. Server-side cache would still be exploitable, right?
But no... OP explains that it's not exploitable, because an attacker cannot guess the random cache key parameter :(
But no... OP explains that it's not exploitable, because an attacker cannot guess the random cache key parameter :(
January 24, 2025 at 2:14 PM
OP clarifies it's not the browser cache. Server-side cache would still be exploitable, right?
But no... OP explains that it's not exploitable, because an attacker cannot guess the random cache key parameter :(
But no... OP explains that it's not exploitable, because an attacker cannot guess the random cache key parameter :(
Those are the real bug bounty tricks nobody talks about :P Faking bugs!!!
Jokes aside, that's not the end of the story!
A fellow hunter asks some clarifying questions. Browser cache? Server side cache? Or maybe even a service worker?
Jokes aside, that's not the end of the story!
A fellow hunter asks some clarifying questions. Browser cache? Server side cache? Or maybe even a service worker?
January 24, 2025 at 2:14 PM
Those are the real bug bounty tricks nobody talks about :P Faking bugs!!!
Jokes aside, that's not the end of the story!
A fellow hunter asks some clarifying questions. Browser cache? Server side cache? Or maybe even a service worker?
Jokes aside, that's not the end of the story!
A fellow hunter asks some clarifying questions. Browser cache? Server side cache? Or maybe even a service worker?
Checkout his new talk from 38c3 "Fearsome File Formats": media.ccc.de/v/38c3-fears...
Fearsome File Formats
Specifications are enough, they say…
10 years after 31c3's "Funky File Formats" …
Have things improved?
With so many open-source parse...
media.ccc.de
January 6, 2025 at 10:28 AM
Checkout his new talk from 38c3 "Fearsome File Formats": media.ccc.de/v/38c3-fears...
My video "What is a File Format?" is also based on his work.
www.youtube.com/watch?v=VVdm...
www.youtube.com/watch?v=VVdm...
What is a File Format?
YouTube video by LiveOverflow
www.youtube.com
January 6, 2025 at 10:28 AM
My video "What is a File Format?" is also based on his work.
www.youtube.com/watch?v=VVdm...
www.youtube.com/watch?v=VVdm...
Thank you @gf256.bsky.social and SuperFashi for taking time to make this 🥰
This video in particular reminds me of the the classic live CTF recordings that helped me break through an educational wall, and motivated me to start LiveOverflow
This video in particular reminds me of the the classic live CTF recordings that helped me break through an educational wall, and motivated me to start LiveOverflow
December 31, 2024 at 10:10 AM
Thank you @gf256.bsky.social and SuperFashi for taking time to make this 🥰
This video in particular reminds me of the the classic live CTF recordings that helped me break through an educational wall, and motivated me to start LiveOverflow
This video in particular reminds me of the the classic live CTF recordings that helped me break through an educational wall, and motivated me to start LiveOverflow