Broken Pickle, Container Escape, DOMPurify, DNS, and Youtube/Google Bug Bounty...
📚 Exploring the DOMPurify library: Hunting for Misconfigurations (2/2)
Part two of the DOMPurify article is here. Make sure you check it out. There is a plethora of bad patterns when using DOMPurify: Exploring the DOMPurify library: Hunting for Misconfigurations (2/2).
🤯 Fragility of The Internet: How Sacrificial Nameservers allowed potential DNS hijacking of 1.6+ million domains
It's DNS again! An excellent post on hijacking DNS due to the process in place when domains are marked for deletion: Fragility of The Internet: How Sacrificial Nameservers allowed potential DNS hijacking of 1.6+ million domains.
🫙 How Wiz found a Critical NVIDIA AI vulnerability: Deep Dive into a container escape (CVE-2024-0132)
A well-written post from the team at Wiz on a container escape with full details (and code): How Wiz found a Critical NVIDIA AI vulnerability: Deep Dive into a container escape (CVE-2024-0132).
🐍 Malicious ML models discovered on Hugging Face platform
An ML model leveraging a broken pickle payload to gain RCE... You can read more in Malicious ML models discovered on Hugging Face platform.
🎥 Leaking the email of any YouTube user for $10,000
A must-read if you're planning to hunt on YouTube as part of the Google Bug Bounty: Leaking the email of any YouTube user for $10,000.
