Ayrix Bytes

🔹 InstaBrute: Two Ways to Brute-force Instagram Account Credentials

📆 Thu, 19 May 2016 21:22:45 +0000

#️⃣ #Mobile_Security #Web_Security

722 views⚡️ New Writeup ⚡️, 19:24

📍️ Read Writeup 📍

Ayrix Bytes

🔹 How I Could Compromise 4% (Locked) Instagram Accounts

📆 Sun, 27 Mar 2016 22:27:59 +0000

#️⃣ #Web_Security

840 views⚡️ New Writeup ⚡️, 19:25

📍️ Read Writeup 📍

Ayrix Bytes

🔹 My Exciting Two Month Journey as a Security Analyst at Appsecco

📆 Wed, 09 Aug 2023 12:35:22 GMT

#️⃣ #careers #hacking #cybersecurity #working_with_appsecco #culture

956 views⚡️ New Writeup ⚡️, 19:25

📍️ Read Writeup 📍

Ayrix Bytes

🔹 Exploiting IAM security Misconfigurations — Part 2

📆 Tue, 18 Jul 2023 05:24:01 GMT

#️⃣ #exploitation #aws #aws_security #cloud_security #hacking

1.19K views⚡️ New Writeup ⚡️, 19:25

📍️ Read Writeup 📍

Ayrix Bytes

🔹 Getting shell and data access in AWS App Runner

📆 Mon, 29 May 2023 16:08:31 GMT

#️⃣ #privilege_escalation #hacking #aws #apprunner #cloud_security

1.6K views⚡️ New Writeup ⚡️, 19:26

📍️ Read Writeup 📍

Ayrix Bytes

🔹 Exploiting IAM security Misconfigurations — Part 1

📆 Thu, 18 May 2023 06:18:42 GMT

#️⃣ #aws_security #exploitation #cloud_security #hacking #aws_policies

❤1

2.04K views⚡️ New Writeup ⚡️, 19:26

📍️ Read Writeup 📍

Ayrix Bytes

$7000 Bounty: Mastering Narrow Recon for Bug Hunting Success

https://blog.voorivex.team/7000-bounty-on-a-single-web-application

Voorivex Team

$7000 Bounty on a Single Web Application

A walkthrough of $7,000 worth of bugs found across a single web application.

🔥7

2.76K views• Ayrix •, 16:58

Ayrix Bytes

چند روز پیش یه چلنج XSS توییت کردم که راه حلش میشد این پیلود:

https://ayrix.info/xss.php?l01=javascript://\x250aalert`XSS`

اما حالا توی پارامتر l02 دیگه از x\ نمیتونید استفاده کنید :)
دوست داشتید روش وقت بزارید و بزنیدش باحاله❤️

❤13👍3👌1🍾1

1.88K viewsAmirabbas Ataei, edited 18:37

Ayrix Bytes

این پیلود رو امروز شانسی دیدم:

[2023].find(alert)

کاربردی که خیلی نیست ولی خب جالبه :)

👍17❤2😁1🆒1

1.7K viewsAmirabbas Ataei, 17:54

Ayrix Bytes

واقعا چرا اوایل فکر میکردم واید ریکان رو بیشتر دوست دارم؟ الان وقتی عمیق میشم تو فیچر های وبسایت و باگ های لاجیک میزنم میفهمم لذت واقعی حین کار چیه.. 👾

🔥21👍4☃1😢1👌1🤝1

1.49K viewsAmirabbas Ataei, edited 20:25

Ayrix Bytes

اینو حتما ببینید، خفن بود.👌🏼
‌
https://www.youtube.com/watch?v=HwbEmHJGpcM

YouTube

Everything about full-time bug bounty - Justin “rhynorater” Gardner from @criticalthinkingpodcast

📧 Subscribe to BBRE Premium: https://bbre.dev/premium
✉️ Sign up for the mailing list: https://bbre.dev/nl
📣 Follow Justin on Twitter: https://twitter.com/Rhynorater
📣 Follow me on Twitter: https://bbre.dev/tw

In this episode of the podcast, I interview…

❤7👍1🔥1🤔1🍌1🍓1

1.47K viewsAmirabbas Ataei, edited 07:07

Ayrix Bytes

SSRF Tips:

https://twitter.com/Rhynorater/status/1689400476452679682?t=SqcExNx6AkZidEiXyFDpMw&s=19

X (formerly Twitter)

Justin Gardner (@Rhynorater) on X

I've made over 100k on SSRF vulnerabilities.

They aren't always as simple as pointing it at localhost or AWS Metadata service.

Here are some tricks I've picked up over the past 5 years of web app testing:

🍓2👌1

1.41K viewsAmirabbas Ataei, edited 04:02

Ayrix Bytes

برا جاهایی که چک میکنه ایمیل ولید باشه این پیلود رو داشته باشید:

"<svg/onload=alert(1)>"@x.y

https://brutelogic.com.br/blog/xss-limited-input-formats/

🔥12👍2⚡1🐳1

1.9K viewsAmirabbas Ataei, edited 04:11

Ayrix Bytes

Always try to escalate your attack to create maximum impact :)

🤣14👎4❤2👍1

1.89K viewsAmirabbas Ataei, 15:31

Ayrix Bytes

آقا Fallparams رو کوبیدم از نو ساختم :)

https://twitter.com/ImAyrix/status/1794757938826883529?t=a-mVMSbS20spSkT7oA_lJQ&s=19

X (formerly Twitter)

Amirabbas (@ImAyrix) on X

Fallparams updated to V1.0.8:

🔥 Enhanced Crawl Mode: Speed doubled for better efficiency.
🔬 New Min-Length Flag: Set minimum character length for parameters.
👌🏼 Project Structure Overhaul: Updated and optimized code.

Install & Update:
https://t.co/r3NjLeXB9I

🔥19

2.94K viewsAmirabbas Ataei, 15:51

Ayrix Bytes

🚀 Fallparams v1.0.9 Released! 🎉

🆕 Support for specifying HTTP request method with the -X switch.
🔧 Custom request bodies for targets with specific parameter responses.
⚙️ Enhanced input file parsing.

Install/Update:
github.com/ImAyrix/fallparams

❤16🔥1

1.91K viewsAmirabbas Ataei, edited 16:09

Ayrix Bytes

🚀 Fallparams v1.0.9 Released! 🎉 🆕 Support for specifying HTTP request method with the -X switch. 🔧 Custom request bodies for targets with specific parameter responses. ⚙️ Enhanced input file parsing. Install/Update: github.com/ImAyrix/fallparams

اگه از ابزار راضی بودید و حالشو داشتید تو گیتهاب یه استار بدید یکم بیاد بالا، دمتون گرم🤗

❤️‍🔥

Please open Telegram to view this post

VIEW IN TELEGRAM

💋17👍9

2.05K viewsAmirabbas Ataei, 17:03

Ayrix Bytes

خب خب Fallparams آپدیت شد 👨‍💻

تغییرات: 😔
1. میتونید درخواست http رو بریزید توی یه فایل و به عنوان ورودی بهش بدید.
2. پروکسی هم از این به بعد میتونید ست کنید.
3. سوییچ پرطرفدار silent اضافه شد :))

یه ارور هم توی حالت headless بود که اونم فیکس شد.

Please open Telegram to view this post

VIEW IN TELEGRAM

🔥22❤4👍2⚡1

2.08K viewsAmirabbas Ataei, edited 06:45

Ayrix Bytes

یه چلنج XSS رو طبق یه باگی که real world زدم طراحی کردم، دوست داشتید روش وقت بزارید باحاله.👇

➕

https://ayrix.info/xss/

Twitter

Please open Telegram to view this post

VIEW IN TELEGRAM

👍8🔥2👎1

2.28K viewsAmirabbas Ataei, edited 10:45