All Network Services & Ports with Enumeration techniques

https://bugbountyguide.org/2022/12/24/all-network-services-ports-enumeration/

✨ Huge Bug Bounty Mindmap

https://bugbountyguide.org/bug-bounty/mindmaps-cheatsheets#Bug-bounty-mindmap

Web Application Security Mindmap

https://bugbountyguide.org/bug-bounty/mindmaps-cheatsheets/#Web%20Application%20Security%20Mindmap

#bugbounty #infosec

An interesting trick: you can bypass a WAF during a XSS attack on ASP(dot)NET/IIS technology by using a HTTP parameter pollution attack.

#BugBounty #BugBountyTips #InfoSec

(Credit to Acunetix)
Full article: https://acunetix.com/blog/whitepaper-http-parameter-pollution/

Tryhackme voucher at a cheap price.

At Rs 155 / 2.2$ for a month

This guy is providing @Infosec_lover | Verified by me

& All Hacking - Offensive security, bug bounty Ebooks Available DM this guy @Infosec_lover

4 🙌 Ways to become a bug bounty hunter

1️⃣ Clear your web fundamentals first

2️⃣ practice this on Tryhackme and any other place that you know well

3️⃣ Complete portswigger labs

4️⃣ Last but not the least: Read bug bounty reports as much as possible, This will give you a good understanding of how the web actually works and you would be able to think like a bug hunter

Did you know if you make the website response with a 400 error status code eg send a request with a massive long characters

You could know what is the real server of the website that hidden behind Cloudflare or other WAF’s.

My Twitter Interaction Circle! Love you all

Use These Instead Of Alert and Prompt
In XSS Payload

Example : alert(1) can be encoded as

This leads to bypass waf or blacklisted words at input field

XSS Payload can be manipulated as

<img/src/onerror=Put The Encoded Js here to prompt the alert>

Check This Out : http://jsfuck.com

#bugbounty #Infosec #hacking #cybersecurity