Sorry For Inactive a lot 😐

Here is the Amazing Writeups Regards SQLi with deep understanding

https://medium.com/@bug4y0u/how-i-got-4-sqli-vulnerabilities-at-one-target-manually-using-the-repeater-tab-ed4eb1f84147

Bsides Ahmedabad

Shubham Shah: Hacking on Bug
Bounties for 10 years - https://drive.google.com/file/d/1aeNq_5wVwHRR1np1jIRQM1hocrgcZ6Qu/view?pli=1

Godfather Orwa: The Power of Recon - https://docs.google.com/presentation/d/1AA0gX2-SI_9ErTkBhtW0b-5BH70-1B1X/edit?pli=1#slide=id.p1

André Baptista: https://0xacb.com/2022/11/21/recollapse/

Amazon S3 bucket Misconfiguration

There are many ways to find an open buckets for your target :

1. Using this tool https://github.com/initstring/cloud_enum
2. Using this website https://buckets.grayhatwarfare.com , blocked in many countries make sure to use VPN

Thread 🧵

https://x.com/Maakthon/status/1713941004431110261?s=20

#bugbountytips #aws #s3 #buckets

Store password hashes !!

Credits :
@bytebytego

1)Make Your tools speak.
https://medium.com/@whalebone71/a-lot-of-information-can-be-collected-during-the-reconnaissance-process-c930e2042fa2

2)Law Proving Ground Practice Walkthrough
https://medium.com/@0xrave/law-proving-ground-practice-walkthrough-bc9d7f7b2941

3)HackTheBox Analytics
https://medium.com/@tanish.saxena26/hackthebox-analytics-39c148fd5d93

4)HackTheBox Topology
https://medium.com/@tanish.saxena26/hackthebox-topology-d41d112a6f71

#bug #bugs #bugbounty #bugbountytip #bugbountytips #hacking #hacker #ethicalhacking #ethicalhacker #ethicalhackers #cybersecurity

Short JWT flyer by @sec_r0 ( Rohit )

Burp Suite 101 For Beginners🔥

#1 - Introduction and Installation:
🔗 http://hacklido.com/blog/621

#2 - Understanding Navigation, Dashboard, Configuration:
🔗http://hacklido.com/blog/624

#3 - Exploring Burp Proxy and Target Specification:
🔗http://hacklido.com/blog/625

#4 - Exploring Burp Repeater and Burp Comparer:
🔗http://hacklido.com/blog/628

#5 - Going deep Into intruder:
🔗http://hacklido.com/blog/631

#BurpSuite #Hacking #Infosec #CyberSecurity #RedTeam

4 tools to find hidden query parameters! 🛠

A thread! 👇

https://x.com/intigriti/status/1720396304478536139?s=20

The team at @OpenAI just fixed a critical Account takeover vulnerability I reported few hours ago affecting #ChatGPT.

https://x.com/naglinagli/status/1639343866313601024?s=20

🔥First Step Toward Web Application Testing : 😎

We will always come across various web applications that are designed and configured differently. One of the most current and widely used methods for testing web applications is the https://github.com/OWASP/wstg/tree/master/document/4-Web_Application_Security_Testing. ❄️

One of the most common procedures is to start by reviewing a web application's front end components, such as HTML, CSS and JavaScript (also known as the front end trinity), and attempt to find vulnerabilities such as Sensitive Data Exposure { https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure } and Cross-Site Scripting (XSS) { https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS) } . 🌓

Once all front end components are thoroughly tested, we would typically review the web application's core functionality and the interaction between the browser and the webserver to enumerate the technologies the webserver uses and look for exploitable flaws. We typically assess web applications from both an unauthenticated and authenticated perspective (if the application has login functionality) to maximize coverage and review every possible attack scenario. ✨

🤔Question of the day: How to Spot CORS Misconfigurations?

Tweet by jayesh35_ : https://x.com/Jayesh25_/status/1730131194702958603?s=20

🦗CVE : CVE-2023-38146

CVE Series : #1
A High-Risk Windows Themes Vulnerability

• Type: Remote Code Execution (RCE) ⚠️
• Affected Software: Windows 11
• CVSS Score: 8.8 (High Severity)

Dive into the details 🧵:👇

https://x.com/vulncure/status/1732049554504052876?s=20