🚨 Critical Uber API Vulnerability | UUIDs Are NOT Security ($2,000 Bounty)
Real-world BOLA vulnerability affecting Uber APIs. In this video I explain how missing object-level authorization allowed access to sensitive restaurant analytics using UUID manipulation + Burp Suite.
🎥 https://youtu.be/LLagPYt-cjc
#cybersecurity #bugbounty #api #owasp
Real-world BOLA vulnerability affecting Uber APIs. In this video I explain how missing object-level authorization allowed access to sensitive restaurant analytics using UUID manipulation + Burp Suite.
🎥 https://youtu.be/LLagPYt-cjc
#cybersecurity #bugbounty #api #owasp
YouTube
Critical Uber API Vulnerability | UUIDs Are NOT Security ($2,000 Bounty) | BOLA Vulnerability PoC
🚨 Critical Uber API Vulnerability — UUIDs Are NOT Security ($2,000 Bounty)
In this video, we perform a deep technical analysis of a real-world Uber API vulnerability involving BOLA (Broken Object Level Authorization) — one of the most critical and common…
In this video, we perform a deep technical analysis of a real-world Uber API vulnerability involving BOLA (Broken Object Level Authorization) — one of the most critical and common…
https://t.me/yetimdasturchi/3654 aytganlariday oxiri vazelin bilan tugaydi bu ketishda))
🤣21🗿12💩4😁3🔥2❤1
Source: https://github.com/twintproject/
Twint or use Snscrape For Free
Platforms Supported by snscrape:
Twitter (X)
TikTok
YouTube
Reddit
GitHub
Facebook Pages (limited)
Wikipedia
Instagram (partial support)
Others (if applicable)
#OSINT #Twint #TI #X #CyberSecurity #Snscrape
Twint or use Snscrape For Free
Platforms Supported by snscrape:
Twitter (X)
TikTok
YouTube
GitHub
Facebook Pages (limited)
Wikipedia
Instagram (partial support)
Others (if applicable)
#OSINT #Twint #TI #X #CyberSecurity #Snscrape
❤1🤔1
Qilayotgan ishlaringiz umuman yaxshi emas aslida....
Undan ko'ra haqiqiy proof bo'lishga harakat qilinglar! BF da buni elon qilish sizlarga hech nima bermaydi... Subdomainlarga qarasak men ham hech qachon bularga etibor bermagan ekanim oldinlari. Ko'zdan chetda qolgan subdomainlardan SQLi chiqish ehtimoli juda yuqori bo'ladi. To'g'ri BlackHat tajriba orttirish uchun yaxshidir ammo buni jar solish yaxshi emas, shunchalik info ga qiziqsang o'zing uchun olib qoy bo'ldi.... Aytgancha bu qonunga xilof hisoblanadi,,,,
#BF #DataLeak #SomeSubdomains
Undan ko'ra haqiqiy proof bo'lishga harakat qilinglar! BF da buni elon qilish sizlarga hech nima bermaydi... Subdomainlarga qarasak men ham hech qachon bularga etibor bermagan ekanim oldinlari. Ko'zdan chetda qolgan subdomainlardan SQLi chiqish ehtimoli juda yuqori bo'ladi. To'g'ri BlackHat tajriba orttirish uchun yaxshidir ammo buni jar solish yaxshi emas, shunchalik info ga qiziqsang o'zing uchun olib qoy bo'ldi.... Aytgancha bu qonunga xilof hisoblanadi,,,,
#BF #DataLeak #SomeSubdomains
🔥12🌭5🤣4💯2👍1😁1🍾1😎1👾1
TGPages Atlas (https://tgpages.com/atlas/map/)
An interactive map of Telegram channels that helps you quickly find communities by topic and assess their interests. This is a convenient visual catalog for a basic analysis of the Telegram ecosystem. It's a useful resource for quickly finding similar channels, tracking thematic connections, and understanding audience distribution around a specific topic.
Link to the service (https://tgpages.com/atlas/map/)
#OSINT
An interactive map of Telegram channels that helps you quickly find communities by topic and assess their interests. This is a convenient visual catalog for a basic analysis of the Telegram ecosystem. It's a useful resource for quickly finding similar channels, tracking thematic connections, and understanding audience distribution around a specific topic.
Link to the service (https://tgpages.com/atlas/map/)
#OSINT
❤2
Pwn2Own Berlin 2026, Day Two: $385,750 more, Microsoft Exchange falls, and the running total crosses $900K
https://securityaffairs.com/192209/security/pwn2own-berlin-2026-day-two-385750-more-microsoft-exchange-falls-and-the-running-total-crosses-900k.html
https://securityaffairs.com/192209/security/pwn2own-berlin-2026-day-two-385750-more-microsoft-exchange-falls-and-the-running-total-crosses-900k.html
Security Affairs
Pwn2Own Berlin 2026, Day Two: $385,750 more, Microsoft Exchange falls, and the running total crosses $900K
Day two of Pwn2Own Berlin 2026 saw $385,750 earned for 15 zero-days, bringing the total to $908,750 and 39 vulnerabilities over two days.
🔥3❤1
🚨 Attackers are buying stolen employee credentials every day and try to attack companies, protect yourself from this threat ...
Xleak.io helps companies monitor leaked corporate credentials across dark web and infostealer logs before they turn into breaches.
Find employees combo (email:pass) for verified business domains and prevent attacks against your customers as well!
Bug bounty hunters could also benefit to look for leaked credentials for their targeted programs and earn bounties
Get your company report immediatly and access now at:
xleak.io
Bonus: Dedicated API access for Enterprises is available!
#bugbountytips #bugbounty #hackerone #CyberSecurity #ThreatIntel #Infostealer #DarkWeb
Xleak.io helps companies monitor leaked corporate credentials across dark web and infostealer logs before they turn into breaches.
Find employees combo (email:pass) for verified business domains and prevent attacks against your customers as well!
Bug bounty hunters could also benefit to look for leaked credentials for their targeted programs and earn bounties
Get your company report immediatly and access now at:
xleak.io
Bonus: Dedicated API access for Enterprises is available!
#bugbountytips #bugbounty #hackerone #CyberSecurity #ThreatIntel #Infostealer #DarkWeb
❤3
Forwarded from Yetim dasturchi kundaligi
Kripto kurslar qancha bo'lyapti ekan bolajonlar?)
Menimcha sizlar meni taniysizlar. Nu menam endi sizlarni tanishni boshladim.
P.S: O'sha nosvoydan chekib yaxshilab o'ylab ko'rganinglar durust. Qariya sifatida maslahat beraman: bilimni boshqa yaxshi ishlar uchunam ishlatsa bo'ladi. Hali ham kech emas.
Menimcha sizlar meni taniysizlar. Nu menam endi sizlarni tanishni boshladim.
P.S: O'sha nosvoydan chekib yaxshilab o'ylab ko'rganinglar durust. Qariya sifatida maslahat beraman: bilimni boshqa yaxshi ishlar uchunam ishlatsa bo'ladi. Hali ham kech emas.
❤3🔥1
Forwarded from infosec
• Судя по всему, кто-то нашел github токен сотрудника Grafana, который предоставил доступ к Grafana Labs на GitHub и позволил выгрузить всю кодовую базу. Однако вместо репорта по программе bug bounty, гений решил потребовать выкуп за удаление скачанных исходников. К слову, выкуп никто не заплатил, а вот что будет с исходниками — пока неясно.
➡️ https://www.kucoin.com/
#Новости
#Новости
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
Forwarded from Turan Security
Toshkentda kiberxavfsizlik, sun'iy intellekt va bulutli texnologiyalar bo'yicha xalqaro konferensiya
🗓 21-may | Soat 9:30 da boshlanadi
📍 Uztelecom ofisi, Mo'minov ko'chasi, 4/2
Uztelecom va Code IB ushbu xalqaro konferensiyaga IT va axborot xavfsizligi mutaxassislarini, shuningdek, biznes vakillarini taklif qiladi.
Dastur uchta tematik yo'nalishni o'z ichiga oladi:
🔐 Kiberxavfsizlik
🌐 Sun'iy intellekt
☁️ Bulutli texnologiyalar
📶 Nima uchun ishtirok etish kerak?
— Eng yaxshi amaliyotlar va real hayotdagi holatlar
— Bozor yetakchilari tajribasi
— Biznes barqarorligi va samaradorligi uchun texnologiyalar
— Professionallar bilan aloqalar
🔗 Oldindan ro'yxatdan o'tish bilan ishtirok etish bepul. Joylar cheklangan.
International Conference on Cybersecurity, AI, and Cloud Technologies in Tashkent
🗓 May 21 | Starts at 9:30 AM
📍 Uztelecom Office, 4/2 Muminov Street
Uztelecom and Code IB invite IT and information security specialists, as well as business representatives, to the international conference.
Program includes three thematic tracks:
🔐 Cybersecurity
🌐 Artificial Intelligence
☁️ Cloud Technologies
📶 Why attend?
— Real-world cases
— Experience of market leaders
— Technologies for business sustainability and efficiency
— Networking with professionals
🔗 Free participation with advance registration. Space is limited
@turansecurity | www.turansec.uz | info@turansec.uz
Uztelecom va Code IB ushbu xalqaro konferensiyaga IT va axborot xavfsizligi mutaxassislarini, shuningdek, biznes vakillarini taklif qiladi.
Dastur uchta tematik yo'nalishni o'z ichiga oladi:
— Eng yaxshi amaliyotlar va real hayotdagi holatlar
— Bozor yetakchilari tajribasi
— Biznes barqarorligi va samaradorligi uchun texnologiyalar
— Professionallar bilan aloqalar
International Conference on Cybersecurity, AI, and Cloud Technologies in Tashkent
Uztelecom and Code IB invite IT and information security specialists, as well as business representatives, to the international conference.
Program includes three thematic tracks:
— Real-world cases
— Experience of market leaders
— Technologies for business sustainability and efficiency
— Networking with professionals
@turansecurity | www.turansec.uz | info@turansec.uz
Please open Telegram to view this post
VIEW IN TELEGRAM
🤮4❤🔥3👍2🔥1🤔1
Forwarded from CyberSecurityTechnologies
SOC_Analyst_Career_Guide.pdf
36 MB
#Tech_book
#Cyber_Education
"SOC Analyst Career Guide
Become highly skilled in security tools, tactics, and techniques to jumpstart your SOC analyst career", 2025.
// This book focuses on breaking into cybersecurity the right way, through grit, curiosity, and practical execution. Being a SOC analyst is not glamorous. It involves long hours, messy data, and living on the edge of someone else’s breach. Yet for those who thrive on chaos, who find purpose in connecting dots that others overlook, and who take satisfaction in stopping threats before anyone else even notices, this is where you belong
#Cyber_Education
"SOC Analyst Career Guide
Become highly skilled in security tools, tactics, and techniques to jumpstart your SOC analyst career", 2025.
// This book focuses on breaking into cybersecurity the right way, through grit, curiosity, and practical execution. Being a SOC analyst is not glamorous. It involves long hours, messy data, and living on the edge of someone else’s breach. Yet for those who thrive on chaos, who find purpose in connecting dots that others overlook, and who take satisfaction in stopping threats before anyone else even notices, this is where you belong
Forwarded from NetStalkers
Огромная практическая брошюра (PDF) по подготовке к интервью в Security Operations Center — с фокусом на Junior+ / Middle линий L1 / L2 с разбором практических заданий, реальных вопросов\ответов с боевого интервью, STAR-кейсами (для США\ЕС) и другими ништяками от White2hack
Это авторская переработка и компиляция большого массива открытых материалов, официальных обучающих курсов, вендорской документации, assessment-подходов и практических инженерных паттернов. Документ не претендует на роль полного руководства конкретного вендора; содержание будет со временем обновляться, расширяться и уточняться.
К брошюре идет Starter Kit (ZIP) — собранный набор полезных скриптов, шаблонов, плейбуков, IoC, экспресс-чеклистов и прикладных заготовок, которые можно брать за основу для тренировки, самообучения и повседневной работы SOC-инженера.
#cybersec
Please open Telegram to view this post
VIEW IN TELEGRAM