A new blog on OWASP ZAP Tool

A perfect tool for beginners to start their web application security testing journey

Here is the links to that blog:

https://techofide.com/blogs/owasp-zap-a-powerful-web-application-security-testing-tool/

Join our group for more such Cyber Security content:

t.me/ethicalhackingtechofide

🔥 How to Start Bug Bounty for Beginners 🔥

🌟 Topics Covered 👇

✅ Introduction
✅ Advantages of bug bounty
✅ Steps to become bug hunter
✅ Scope of bug bounty
✅ Skills required to become bug hunter
✅ Tools required for bug hunting
✅ Common vulnerabilities in bug hunting
✅ Reporting & Communication best practices
✅ Legal and Ethical Considerations
✅ Finding and joining bug bounty programs
✅ Tips & tricks for succeeding in bug bounty

🔗 Link : https://pentestingguide.com/bug-bounty-for-beginners/

(Click on Ads to Support us🥺)

Share if you found it helpful ❤️

Especially when it comes to Bug Bounty hunting, reconnaissance is one of the most valuable things to do. There are still “easy wins“ out there which can be found, if you have a good strategy when it comes to reconnaissance.

Read: https://bit.ly/AdvanceRecon_Guide

Team insane right now😂

Scada system of Chemical factory of porkis has been compromised by Team 1-4-1 🇮🇳

Coercer

A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods.

🔥 Bad Spin : Android Binder LPE

Privilege escalation exploit from unstrusted_app for Android Binder vulnerability (CVE-2022-20421).

Run from shell:

1️⃣Compile the libbadspin.so library by typing make push in the src/ directory. This will also push the library to /data/local/tmp.

2️⃣Run adb shell.

3️⃣Run LD_PRELOAD=/data/local/tmp/libbadspin.so sleep 1. This will load the library and start the exploit.

Run from demo app:

1️⃣Compile libbadspin.so by typing make push in the src/ directory. This will copy the library to the assets directory for the demo Android app.

2️⃣Compile the demo Android app in the app/ directory. (You might need Android Studio to do this.)

3️⃣Run the app and click on the "Exploit" button.

4️⃣Consume logs using: adb logcat -s BADSPIN

Download

https://youtu.be/gQ_gmgjEbJ0https://youtu.be/gQ_gmgjEbJ0


Learn DOM XSS Vulnerability easily😊

SSH Harvester | We get ssh passwords of users in plain text.

Well, yes, yes, yes, a couple of years ago there was an article that, during authorization, the ssh server spawns 2 processes, on one of which the pass rolls in the clear, in fact, at this moment it is pulled out.

In general, they put the script, fishing goes by itself

𝙓𝙎𝙎 𝘼𝙪𝙩𝙤𝙢𝙖𝙩𝙞𝙤𝙣 😍✨

XSS automation offers efficient and accurate detection of cross-site scripting vulnerabilities, saving time and resources compared to manual testing methods.

𝙇𝙞𝙣𝙠: https://youtu.be/I5NTW8GTKvE

Please Share your Views ☺️🙌

It was not necessary to show these stupid stuff but for the shake of my son's (Top porkis hemkers) knowledge I'm showing you. Btw congratulations beta you are advance than us in that field. It's a shame though. Read Reference here .

#PKMKB FOREVER

PowerLessShell

PowerLessShell rely on MSBuild.exe to remotely execute PowerShell scripts and commands without spawning powershell.exe. You can also execute raw shellcode using the same approach.

Website administrators invest significant efforts into securing their admin panels, the gateways to sensitive data and system controls. However, understanding the vulnerabilities that can lead to bypassing these panels is essential for both developers and security professionals.

https://system32.ink/mastering-website-admin-panel-bypass-techniques-2023/