API Penetration Testing Series - Part 6
Common API Vulnerabilities
Covered - Info Disclosure, BOLA, Broken Authentication, Excessive Data Exposure, BFLA, Mass Assignment, Security Misconfig, Injection and etc
My Notion Notes 🔗 : https://aacle.notion.site/Common-API-Vulnerabilities-cc18fc96ec99458aacbead44f4b4b384?pvs=4
Common API Vulnerabilities
Covered - Info Disclosure, BOLA, Broken Authentication, Excessive Data Exposure, BFLA, Mass Assignment, Security Misconfig, Injection and etc
My Notion Notes 🔗 : https://aacle.notion.site/Common-API-Vulnerabilities-cc18fc96ec99458aacbead44f4b4b384?pvs=4
🔥13👍4❤1🤩1
Ultimate 401 and 403 bypass methods
🌴🌱🍃🍂
https://www.vidocsecurity.com/blog/401-and-403-bypass-how-to-do-it-right/
🌴🌱🍃🍂
https://www.vidocsecurity.com/blog/401-and-403-bypass-how-to-do-it-right/
❤20🔥3👍1
Amazing List of All DAMN Vulnerable Labs Wher you can improve your Pentesting Skills
Categorized for different different cybersec fields
Check This out : https://twseptian.github.io/penetration%20testing/pentest/Vulnerable-Resource/
Categorized for different different cybersec fields
Check This out : https://twseptian.github.io/penetration%20testing/pentest/Vulnerable-Resource/
❤26
If you want to learn about Machine Learning and Artificial Intelligence you can check this account on thread.
To find information disclosure vulnerabilities change the headers
- Change the Accept header to:
- Also trying sending null byte like
GET /%00
If error handling is not done properly, reveals server version information, stack and route information
#bugbounty #bugbountytip
- Change the Accept header to:
- Also trying sending null byte like
GET /%00
If error handling is not done properly, reveals server version information, stack and route information
#bugbounty #bugbountytip
👍11🔥5❤2
Tips for finding hardcoded credentials
Whenever you are searching for hardcoded credentails, don't forget to read "jquery.js" files as well. Sometime you might find 3rd party hardcoded credentials
#bugbountytips #hacking #infosec
Whenever you are searching for hardcoded credentails, don't forget to read "jquery.js" files as well. Sometime you might find 3rd party hardcoded credentials
#bugbountytips #hacking #infosec
👍12
My new video is now available on Rabkimusc:
https://youtu.be/ASSzCKvA4p0 Go watch, like, comment, subscribe, and share as much as you can.
Show your support, guy's.
साधु जी सीता राम
https://youtu.be/ASSzCKvA4p0 Go watch, like, comment, subscribe, and share as much as you can.
Show your support, guy's.
साधु जी सीता राम
YouTube
Sadhu Ji Sita Ram | साधु जी सीता राम | Brajesh Braj | Kunal | Neel | New Song Bageshwar Dham Sarkar
#sadhujisitaram #bageshwardhamsarkar #newsong2023 #viral #ganeshotsav2023
Director: Brajesh Braj
Singer & Lyrics : Brajesh Braj
Music Mix & Mastered: Kunal soni
Creative Director : Maddy
Line Production : Veam Productions
DOP: Yash Verma
Produced…
Director: Brajesh Braj
Singer & Lyrics : Brajesh Braj
Music Mix & Mastered: Kunal soni
Creative Director : Maddy
Line Production : Veam Productions
DOP: Yash Verma
Produced…
❤15🤡9👍2🔥1
I requested to All hindus to please Listen & share this Song with your contacts
❤17🤡12👍2
Bug Bounty Tip ☘️
https://web.archive.org/cdx/search/cdx?url=target.com&matchType=domain&fl=original&collapse=urlkey
Change url Para. Value : url=target.com -> Help you to extract lots of interesting Endpoints, Imformation Disclosure, API Keys and many more about that Target from wayback archive
https://web.archive.org/cdx/search/cdx?url=target.com&matchType=domain&fl=original&collapse=urlkey
Change url Para. Value : url=target.com -> Help you to extract lots of interesting Endpoints, Imformation Disclosure, API Keys and many more about that Target from wayback archive
❤15👍2🙈2🌚1
CSP-bypass techniques ☘️
https://bhavesh-thakur.medium.com/content-security-policy-csp-bypass-techniques-e3fa475bfe5d
#bugbounty #bugbountytips
https://bhavesh-thakur.medium.com/content-security-policy-csp-bypass-techniques-e3fa475bfe5d
#bugbounty #bugbountytips
❤8👍4👏2
A strategy to land your first pentest job 🌴
https://blog.pentesterlab.com/a-strategy-to-land-your-first-pentest-job-25209a351689
https://blog.pentesterlab.com/a-strategy-to-land-your-first-pentest-job-25209a351689
❤14👍2🥱2😱1
Hurricane Electric operates its own global IPv4 and IPv6 network and is considered the largest IPv6 backbone in the world as measured by number of networks connected, its give a fresh domain records, more real data! 😃
Expose domains over Akamai or Cloudflare with HEDnsExtractor and httpx(
@pdiscoveryio
):
Github:https://github.com/teixeira0xfffff/HEDnsExtractor/
[+] python hednsextractor[.py "https://bgp[.he.net/net/23.192.0.0/11#_dns" | httpx -title -tech-detect -status-code | grep -i "rockstar"
Reference : https://twitter.com/ptyspawnbinbash/status/1683378527888896002?s=20
Expose domains over Akamai or Cloudflare with HEDnsExtractor and httpx(
@pdiscoveryio
):
Github:https://github.com/teixeira0xfffff/HEDnsExtractor/
[+] python hednsextractor[.py "https://bgp[.he.net/net/23.192.0.0/11#_dns" | httpx -title -tech-detect -status-code | grep -i "rockstar"
Reference : https://twitter.com/ptyspawnbinbash/status/1683378527888896002?s=20
❤8👍6
Roadmap.png
23.2 MB
❤13👏3👀1
200+books on info sec and cybersecurity. Feel free to download any and read. LINK: https://drive.google.com/drive/u/0/folders/12Mvq6kE2HJDwN2CZhEGWizyWt87YunkU
🔥15👍6❤4