Bug Bounty
The secrets of Google Tag Manager👀 #BugBountyTips @bsysop 👇
Sorry For Inactive a lot 😐
Here is the Amazing Writeups Regards SQLi with deep understanding
https://medium.com/@bug4y0u/how-i-got-4-sqli-vulnerabilities-at-one-target-manually-using-the-repeater-tab-ed4eb1f84147
Here is the Amazing Writeups Regards SQLi with deep understanding
https://medium.com/@bug4y0u/how-i-got-4-sqli-vulnerabilities-at-one-target-manually-using-the-repeater-tab-ed4eb1f84147
Medium
How I Got 4 SQLI Vulnerabilities At One Target Manually Using The Repeater Tab
Hi everyone, I’m Yousseff, A Junior Computer Science Student, and Cyber Security Enthusiast, Always hungry for a deep understanding of the…
🔥18👍6⚡1
Bsides Ahmedabad
Shubham Shah: Hacking on Bug
Bounties for 10 years - https://drive.google.com/file/d/1aeNq_5wVwHRR1np1jIRQM1hocrgcZ6Qu/view?pli=1
Godfather Orwa: The Power of Recon - https://docs.google.com/presentation/d/1AA0gX2-SI_9ErTkBhtW0b-5BH70-1B1X/edit?pli=1#slide=id.p1
André Baptista: https://0xacb.com/2022/11/21/recollapse/
Shubham Shah: Hacking on Bug
Bounties for 10 years - https://drive.google.com/file/d/1aeNq_5wVwHRR1np1jIRQM1hocrgcZ6Qu/view?pli=1
Godfather Orwa: The Power of Recon - https://docs.google.com/presentation/d/1AA0gX2-SI_9ErTkBhtW0b-5BH70-1B1X/edit?pli=1#slide=id.p1
André Baptista: https://0xacb.com/2022/11/21/recollapse/
🔥20❤2
Amazon S3 bucket Misconfiguration
There are many ways to find an open buckets for your target :
1. Using this tool https://github.com/initstring/cloud_enum
2. Using this website https://buckets.grayhatwarfare.com , blocked in many countries make sure to use VPN
Thread 🧵
https://x.com/Maakthon/status/1713941004431110261?s=20
#bugbountytips #aws #s3 #buckets
There are many ways to find an open buckets for your target :
1. Using this tool https://github.com/initstring/cloud_enum
2. Using this website https://buckets.grayhatwarfare.com , blocked in many countries make sure to use VPN
Thread 🧵
https://x.com/Maakthon/status/1713941004431110261?s=20
#bugbountytips #aws #s3 #buckets
🔥11👍4❤1
1)Make Your tools speak.
https://medium.com/@whalebone71/a-lot-of-information-can-be-collected-during-the-reconnaissance-process-c930e2042fa2
2)Law Proving Ground Practice Walkthrough
https://medium.com/@0xrave/law-proving-ground-practice-walkthrough-bc9d7f7b2941
3)HackTheBox Analytics
https://medium.com/@tanish.saxena26/hackthebox-analytics-39c148fd5d93
4)HackTheBox Topology
https://medium.com/@tanish.saxena26/hackthebox-topology-d41d112a6f71
#bug #bugs #bugbounty #bugbountytip #bugbountytips #hacking #hacker #ethicalhacking #ethicalhacker #ethicalhackers #cybersecurity
https://medium.com/@whalebone71/a-lot-of-information-can-be-collected-during-the-reconnaissance-process-c930e2042fa2
2)Law Proving Ground Practice Walkthrough
https://medium.com/@0xrave/law-proving-ground-practice-walkthrough-bc9d7f7b2941
3)HackTheBox Analytics
https://medium.com/@tanish.saxena26/hackthebox-analytics-39c148fd5d93
4)HackTheBox Topology
https://medium.com/@tanish.saxena26/hackthebox-topology-d41d112a6f71
#bug #bugs #bugbounty #bugbountytip #bugbountytips #hacking #hacker #ethicalhacking #ethicalhacker #ethicalhackers #cybersecurity
❤10🔥3😁1
Burp Suite 101 For Beginners🔥
#1 - Introduction and Installation:
🔗 http://hacklido.com/blog/621
#2 - Understanding Navigation, Dashboard, Configuration:
🔗http://hacklido.com/blog/624
#3 - Exploring Burp Proxy and Target Specification:
🔗http://hacklido.com/blog/625
#4 - Exploring Burp Repeater and Burp Comparer:
🔗http://hacklido.com/blog/628
#5 - Going deep Into intruder:
🔗http://hacklido.com/blog/631
#BurpSuite #Hacking #Infosec #CyberSecurity #RedTeam
#1 - Introduction and Installation:
🔗 http://hacklido.com/blog/621
#2 - Understanding Navigation, Dashboard, Configuration:
🔗http://hacklido.com/blog/624
#3 - Exploring Burp Proxy and Target Specification:
🔗http://hacklido.com/blog/625
#4 - Exploring Burp Repeater and Burp Comparer:
🔗http://hacklido.com/blog/628
#5 - Going deep Into intruder:
🔗http://hacklido.com/blog/631
#BurpSuite #Hacking #Infosec #CyberSecurity #RedTeam
HACKLIDO
Burpsuite 101: Introduction and Installation
Hello, missed followers! It’s been a while, and I want to start by sincerely regretting taking an unexpected break. 😞 You were eagerly awaiting new con...
❤18
4 tools to find hidden query parameters! 🛠
A thread! 👇
https://x.com/intigriti/status/1720396304478536139?s=20
A thread! 👇
https://x.com/intigriti/status/1720396304478536139?s=20
🔥6👍5❤1
The team at @OpenAI just fixed a critical Account takeover vulnerability I reported few hours ago affecting #ChatGPT.
https://x.com/naglinagli/status/1639343866313601024?s=20
https://x.com/naglinagli/status/1639343866313601024?s=20
X (formerly Twitter)
Nagli (@galnagli) on X
The team at @OpenAI just fixed a critical account takeover vulnerability I reported few hours ago affecting #ChatGPT.
It was possible to takeover someone's account, view their chat history, and access their billing information without them ever realizing…
It was possible to takeover someone's account, view their chat history, and access their billing information without them ever realizing…
🔥8
🔥First Step Toward Web Application Testing : 😎
We will always come across various web applications that are designed and configured differently. One of the most current and widely used methods for testing web applications is the https://github.com/OWASP/wstg/tree/master/document/4-Web_Application_Security_Testing. ❄️
One of the most common procedures is to start by reviewing a web application's front end components, such as HTML, CSS and JavaScript (also known as the front end trinity), and attempt to find vulnerabilities such as Sensitive Data Exposure { https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure } and Cross-Site Scripting (XSS) { https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS) } . 🌓
Once all front end components are thoroughly tested, we would typically review the web application's core functionality and the interaction between the browser and the webserver to enumerate the technologies the webserver uses and look for exploitable flaws. We typically assess web applications from both an unauthenticated and authenticated perspective (if the application has login functionality) to maximize coverage and review every possible attack scenario. ✨
We will always come across various web applications that are designed and configured differently. One of the most current and widely used methods for testing web applications is the https://github.com/OWASP/wstg/tree/master/document/4-Web_Application_Security_Testing. ❄️
One of the most common procedures is to start by reviewing a web application's front end components, such as HTML, CSS and JavaScript (also known as the front end trinity), and attempt to find vulnerabilities such as Sensitive Data Exposure { https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure } and Cross-Site Scripting (XSS) { https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS) } . 🌓
Once all front end components are thoroughly tested, we would typically review the web application's core functionality and the interaction between the browser and the webserver to enumerate the technologies the webserver uses and look for exploitable flaws. We typically assess web applications from both an unauthenticated and authenticated perspective (if the application has login functionality) to maximize coverage and review every possible attack scenario. ✨
GitHub
wstg/document/4-Web_Application_Security_Testing at master · OWASP/wstg
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services. - OWASP/wstg
❤13👍1
🤔Question of the day: How to Spot CORS Misconfigurations?
Tweet by jayesh35_ : https://x.com/Jayesh25_/status/1730131194702958603?s=20
Tweet by jayesh35_ : https://x.com/Jayesh25_/status/1730131194702958603?s=20
❤19
🦗CVE : CVE-2023-38146
CVE Series : #1
A High-Risk Windows Themes Vulnerability
• Type: Remote Code Execution (RCE) ⚠️
• Affected Software: Windows 11
• CVSS Score: 8.8 (High Severity)
Dive into the details 🧵:👇
https://x.com/vulncure/status/1732049554504052876?s=20
CVE Series : #1
A High-Risk Windows Themes Vulnerability
• Type: Remote Code Execution (RCE) ⚠️
• Affected Software: Windows 11
• CVSS Score: 8.8 (High Severity)
Dive into the details 🧵:👇
https://x.com/vulncure/status/1732049554504052876?s=20
❤7👍2🤣1
🦗CVE : CVE-2023-49733
CVE Series : #2
Improper Restriction of XML External Entity Reference in Apache Cocoon
• Type: inject malicious code into XML documents
• Affected Software: Apache Cocoon
• CVSS Score: 9.8 (Critical Severity)
• Impact: RCE
Dive into the details 🧵:👇
https://x.com/vulncure/status/1732817325261283513?s=20
CVE Series : #2
Improper Restriction of XML External Entity Reference in Apache Cocoon
• Type: inject malicious code into XML documents
• Affected Software: Apache Cocoon
• CVSS Score: 9.8 (Critical Severity)
• Impact: RCE
Dive into the details 🧵:👇
https://x.com/vulncure/status/1732817325261283513?s=20
❤6🔥5👍1