Parin's Burpsuite course for 0$, yeah totally #free.
https://www.udemy.com/course/bug-bounty-hunting-with-burp-suite/?couponCode=WHITEFRIDAYHERE
Coupons are limited. Be fast
Share to all.
#bugbounty #infosec
https://www.udemy.com/course/bug-bounty-hunting-with-burp-suite/?couponCode=WHITEFRIDAYHERE
Coupons are limited. Be fast
Share to all.
#bugbounty #infosec
🔥8😢6🥰5👍3❤1🤨1
🔍 8 Best Recon Technique For Active Subdomain Enumeration
link : https://bugbountyguide.org/index.php/2022/11/26/8-best-recon-technique-for-active-subdomain-enumeration/
#bugbounty #infosec #cybersecurity
link : https://bugbountyguide.org/index.php/2022/11/26/8-best-recon-technique-for-active-subdomain-enumeration/
#bugbounty #infosec #cybersecurity
👍8🔥4👌1
Guys 👆! Which logo Looks Good For Our New Website bugbountyguide.org. I'll put whatever you choose ( high percentage will consider )👇
Anonymous Poll
17%
1
27%
2
55%
3
👍9🥰2❤1
Bug Bounty Reports in Thread 🧵
#bugbounty #Infosec
Bug : OAuth 2.0
Open Redirect Leak of authenticity_token lead to full account take over.
Organisation : Twitter
Bounty : $1400
==Start==
Impact URL:
https://mobile.twitter. com/messages/follow?recipient=/example.com
•when He click Follow
•And this cause redirect his POST request to https://example.com which contains his authenticity_token
Impact : Can be used for anything like tweeting, following, sending messages, changing username.,.,.etc
it can be used too to Add a mobile number, and then steal the account by recovering it by the mobile number.
Thanks For Reading This Amazing Bug Bounty Reports in thread 🧵 On OAuth 2.0
Hope you like it 👍
#bugbounty #Infosec
Bug : OAuth 2.0
Open Redirect Leak of authenticity_token lead to full account take over.
Organisation : Twitter
Bounty : $1400
==Start==
Impact URL:
https://mobile.twitter. com/messages/follow?recipient=/example.com
•when He click Follow
•And this cause redirect his POST request to https://example.com which contains his authenticity_token
Impact : Can be used for anything like tweeting, following, sending messages, changing username.,.,.etc
it can be used too to Add a mobile number, and then steal the account by recovering it by the mobile number.
Thanks For Reading This Amazing Bug Bounty Reports in thread 🧵 On OAuth 2.0
Hope you like it 👍
🔥13❤4👍2
Penetration Test Guide based on the OWASP and More
#bugbounty #infosec
Amazing Git Repo : https://github.com/Voorivex/pentest-guide
Check This Out : 👌👇
#bugbounty #infosec
Amazing Git Repo : https://github.com/Voorivex/pentest-guide
Check This Out : 👌👇
👍11🥰4❤1
Bugbounty Notes 📒
Inclue OWASP Top 10 And more
#bugbounty #Infsoec
Amazing Git Repo : https://github.com/Voorivex/pentest-guide
Check This Out : 👌👆
Inclue OWASP Top 10 And more
#bugbounty #Infsoec
Amazing Git Repo : https://github.com/Voorivex/pentest-guide
Check This Out : 👌👆
❤9🔥1
Master OAuth 2.0 Vulnerability
#bugbounty #infosec
Difficulty : Any
OAuth 2.0 Resources :👇
• https://owasp.org/www-pdf-archive/20151215-Top_X_OAuth_2_Hacks-asanso.pdf
• https://medium.com/@lokeshdlk77/stealing-facebook-mailchimp-application-oauth-2-0-access-token-3af51f89f5b0
• https://medium.com/a-bugz-life/the-wondeful-world-of-oauth-bug-bounty-edition-af3073b354c1
• https://gauravnarwani.com/misconfigured-oauth-to-account-takeover/
• https://medium.com/@Jacksonkv22/oauth-misconfiguration-lead-to-complete-account-takeover-c8e4e89a96a
• https://medium.com/@logicbomb_1/bugbounty-user-account-takeover-i-just-need-your-email-id-to-login-into-your-shopping-portal-7fd4fdd6dd56
• https://medium.com/@protector47/full-account-takeover-via-referrer-header-oauth-token-steal-open-redirect-vulnerability-chaining-324a14a1567
• https://hackerone.com/reports/49759
• https://hackerone.com/reports/131202
• https://hackerone.com/reports/6017
• https://hackerone.com/reports/7900
• https://hackerone.com/reports/244958
• https://hackerone.com/reports/405100
• https://ysamm.com/?p=379
• https://amolbaikar.com/facebook-oauth-framework-vulnerability/
•https://medium.com/@godofdarkness.msf/mail-ru-ext-b-scope-account-takeover-1500-abdb1560e5f9
• https://medium.com/@tristanfarkas/finding-a-security-bug-in-discord-and-what-it-taught-me-516cda561295
• https://medium.com/@0xgaurang/case-study-oauth-misconfiguration-leads-to-account-takeover-d3621fe8308b
• https://medium.com/@rootxharsh_90844/abusing-feature-to-steal-your-tokens-f15f78cebf74
• http://blog.intothesymmetry.com/2014/02/oauth-2-attacks-and-bug-bounties.html
• http://blog.intothesymmetry.com/2015/04/open-redirect-in-rfc6749-aka-oauth-20.html
• https://veracode.com/blog/research/spring-social-core-vulnerability-disclosure
• https://medium.com/@apkash8/oauth-and-security-7fddce2e1dc5
• https://xploitprotocol.medium.com/exploiting-oauth-2-0-authorization-code-grants-379798888893
Thanks You For Reading this 🙏
Hope You'll like 👍 it
#bugbounty #infosec
Difficulty : Any
OAuth 2.0 Resources :👇
• https://owasp.org/www-pdf-archive/20151215-Top_X_OAuth_2_Hacks-asanso.pdf
• https://medium.com/@lokeshdlk77/stealing-facebook-mailchimp-application-oauth-2-0-access-token-3af51f89f5b0
• https://medium.com/a-bugz-life/the-wondeful-world-of-oauth-bug-bounty-edition-af3073b354c1
• https://gauravnarwani.com/misconfigured-oauth-to-account-takeover/
• https://medium.com/@Jacksonkv22/oauth-misconfiguration-lead-to-complete-account-takeover-c8e4e89a96a
• https://medium.com/@logicbomb_1/bugbounty-user-account-takeover-i-just-need-your-email-id-to-login-into-your-shopping-portal-7fd4fdd6dd56
• https://medium.com/@protector47/full-account-takeover-via-referrer-header-oauth-token-steal-open-redirect-vulnerability-chaining-324a14a1567
• https://hackerone.com/reports/49759
• https://hackerone.com/reports/131202
• https://hackerone.com/reports/6017
• https://hackerone.com/reports/7900
• https://hackerone.com/reports/244958
• https://hackerone.com/reports/405100
• https://ysamm.com/?p=379
• https://amolbaikar.com/facebook-oauth-framework-vulnerability/
•https://medium.com/@godofdarkness.msf/mail-ru-ext-b-scope-account-takeover-1500-abdb1560e5f9
• https://medium.com/@tristanfarkas/finding-a-security-bug-in-discord-and-what-it-taught-me-516cda561295
• https://medium.com/@0xgaurang/case-study-oauth-misconfiguration-leads-to-account-takeover-d3621fe8308b
• https://medium.com/@rootxharsh_90844/abusing-feature-to-steal-your-tokens-f15f78cebf74
• http://blog.intothesymmetry.com/2014/02/oauth-2-attacks-and-bug-bounties.html
• http://blog.intothesymmetry.com/2015/04/open-redirect-in-rfc6749-aka-oauth-20.html
• https://veracode.com/blog/research/spring-social-core-vulnerability-disclosure
• https://medium.com/@apkash8/oauth-and-security-7fddce2e1dc5
• https://xploitprotocol.medium.com/exploiting-oauth-2-0-authorization-code-grants-379798888893
Thanks You For Reading this 🙏
Hope You'll like 👍 it
❤12👍9🤯1😱1
One-liner Bugbounty Tips 📌
Find Subdomains TakeOver
subfinder -d HOST >> FILE; assetfinder --subs-only HOST >> FILE; amass enum -norecursive -noalts -d HOST >> FILE; subjack -w FILE -t 100 -timeout 30 -ssl -c $GOPATH/src/github.com/haccer/subjack/fingerprints.json -v 3 >> takeover ;
#bugbounty #infosec
Find Subdomains TakeOver
subfinder -d HOST >> FILE; assetfinder --subs-only HOST >> FILE; amass enum -norecursive -noalts -d HOST >> FILE; subjack -w FILE -t 100 -timeout 30 -ssl -c $GOPATH/src/github.com/haccer/subjack/fingerprints.json -v 3 >> takeover ;
#bugbounty #infosec
👍11🔥3
Gather Domains from Content-Security-Policy
#bugbounty #Infosec
curl -vs URL --stderr - | awk '/^content-security-policy:/' | grep -Eo "[a-zA-Z0-9./?=_-]*" | sed -e '/\./!d' -e '/[^A-Za-z0-9._-]/d' -e 's/^\.//' | sort -u
Look : 👆
#bugbounty #Infosec
curl -vs URL --stderr - | awk '/^content-security-policy:/' | grep -Eo "[a-zA-Z0-9./?=_-]*" | sed -e '/\./!d' -e '/[^A-Za-z0-9._-]/d' -e 's/^\.//' | sort -u
Look : 👆
👍6👌1
👍6🔥2❤1🥰1
Complete OSCP Guide With Active Directory
Amazing Article Contains :
• lots of tips
• Recommended Tools For Active Directory
• Recommended Labs To Solve For Active Directory
• Cheatsheet
• Resources
Take 👇 : Look
https://bugbountyguide.org/index.php/2022/11/29/oscp-preparation-with-active-directory/
#bugbounty #infosec #oscp
Amazing Article Contains :
• lots of tips
• Recommended Tools For Active Directory
• Recommended Labs To Solve For Active Directory
• Cheatsheet
• Resources
Take 👇 : Look
https://bugbountyguide.org/index.php/2022/11/29/oscp-preparation-with-active-directory/
#bugbounty #infosec #oscp
🔥10❤🔥5👍3🤩1
Bug Bounty Tips 👌
#bugbounty #infosec
It explains what tool you can use for whatever bug is it is
Credit: Patrik
Take a look :☝️
Wait for some time, if not clear
#bugbounty #infosec
It explains what tool you can use for whatever bug is it is
Credit: Patrik
Take a look :☝️
Wait for some time, if not clear
👍7🤩2🥰1
Unique Rate limit bypass worth 1800$ 👍
https://medium.com/@manavbankatwala29/unique-rate-limit-bypass-worth-1800-6e2947c7d972
#hacking #bugbounty #cybersecurity
https://medium.com/@manavbankatwala29/unique-rate-limit-bypass-worth-1800-6e2947c7d972
#hacking #bugbounty #cybersecurity
❤6👍2🔥2👏1
image.png
118.9 KB
The Bug Hunter's Methodology v4.0 - Recon Edition Breakdown ,thanks to @jhaddix
Check This Out :
https://www.linkedin.com/pulse/bug-hunters-methodology-v40-recon-edition-breakdown-henry-osias/?trackingId=IsAm3if31xPE2Ib6fCS02g%3D%3D
#bugbounty #infosec
Check This Out :
https://www.linkedin.com/pulse/bug-hunters-methodology-v40-recon-edition-breakdown-henry-osias/?trackingId=IsAm3if31xPE2Ib6fCS02g%3D%3D
#bugbounty #infosec
🔥3❤2
On a serious Note : Are you guys really enjoying my posts | Love you all ♥
Anonymous Poll
79%
Yes 😀
2%
No 😒
7%
Little bit
12%
So much 👌
❤16