【Acronis 100刀】www.cyberlynx.lu 子域名劫持漏洞 https://hackerone.com/reports/1256389
【Mail.ru】url跳转组合CRLF注入导致app.doma.uchi.ru上的 XSS https://hackerone.com/reports/1132209
寻找原型污染及其 JS 库上的易受攻击代码 https://infosecwriteups.com/hunting-for-prototype-pollution-and-its-vulnerable-code-on-js-libraries-5bab2d6dc746
使用 GitHub Actions 绕过必要的审查 https://medium.com/cider-sec/bypassing-required-reviews-using-github-actions-6e1b29135cc7
寻找0day漏洞的方法学 https://blog.riotsecurityteam.com/0day-chains
Prometheus一些api接口暴露的敏感信息 https://jfrog.com/blog/dont-let-prometheus-steal-your-fire/
JWT测试小工具 https://github.com/mazen160/jwt-pwn
