Bsides Ahmedabad
Shubham Shah: Hacking on Bug
Bounties for 10 years - https://drive.google.com/file/d/1aeNq_5wVwHRR1np1jIRQM1hocrgcZ6Qu/view?pli=1
Godfather Orwa: The Power of Recon - https://docs.google.com/presentation/d/1AA0gX2-SI_9ErTkBhtW0b-5BH70-1B1X/edit?pli=1#slide=id.p1
André Baptista: https://0xacb.com/2022/11/21/recollapse/
Shubham Shah: Hacking on Bug
Bounties for 10 years - https://drive.google.com/file/d/1aeNq_5wVwHRR1np1jIRQM1hocrgcZ6Qu/view?pli=1
Godfather Orwa: The Power of Recon - https://docs.google.com/presentation/d/1AA0gX2-SI_9ErTkBhtW0b-5BH70-1B1X/edit?pli=1#slide=id.p1
André Baptista: https://0xacb.com/2022/11/21/recollapse/
🔥20❤2
Amazon S3 bucket Misconfiguration
There are many ways to find an open buckets for your target :
1. Using this tool https://github.com/initstring/cloud_enum
2. Using this website https://buckets.grayhatwarfare.com , blocked in many countries make sure to use VPN
Thread 🧵
https://x.com/Maakthon/status/1713941004431110261?s=20
#bugbountytips #aws #s3 #buckets
There are many ways to find an open buckets for your target :
1. Using this tool https://github.com/initstring/cloud_enum
2. Using this website https://buckets.grayhatwarfare.com , blocked in many countries make sure to use VPN
Thread 🧵
https://x.com/Maakthon/status/1713941004431110261?s=20
#bugbountytips #aws #s3 #buckets
🔥11👍4❤1
1)Make Your tools speak.
https://medium.com/@whalebone71/a-lot-of-information-can-be-collected-during-the-reconnaissance-process-c930e2042fa2
2)Law Proving Ground Practice Walkthrough
https://medium.com/@0xrave/law-proving-ground-practice-walkthrough-bc9d7f7b2941
3)HackTheBox Analytics
https://medium.com/@tanish.saxena26/hackthebox-analytics-39c148fd5d93
4)HackTheBox Topology
https://medium.com/@tanish.saxena26/hackthebox-topology-d41d112a6f71
#bug #bugs #bugbounty #bugbountytip #bugbountytips #hacking #hacker #ethicalhacking #ethicalhacker #ethicalhackers #cybersecurity
https://medium.com/@whalebone71/a-lot-of-information-can-be-collected-during-the-reconnaissance-process-c930e2042fa2
2)Law Proving Ground Practice Walkthrough
https://medium.com/@0xrave/law-proving-ground-practice-walkthrough-bc9d7f7b2941
3)HackTheBox Analytics
https://medium.com/@tanish.saxena26/hackthebox-analytics-39c148fd5d93
4)HackTheBox Topology
https://medium.com/@tanish.saxena26/hackthebox-topology-d41d112a6f71
#bug #bugs #bugbounty #bugbountytip #bugbountytips #hacking #hacker #ethicalhacking #ethicalhacker #ethicalhackers #cybersecurity
❤10🔥3😁1
Burp Suite 101 For Beginners🔥
#1 - Introduction and Installation:
🔗 http://hacklido.com/blog/621
#2 - Understanding Navigation, Dashboard, Configuration:
🔗http://hacklido.com/blog/624
#3 - Exploring Burp Proxy and Target Specification:
🔗http://hacklido.com/blog/625
#4 - Exploring Burp Repeater and Burp Comparer:
🔗http://hacklido.com/blog/628
#5 - Going deep Into intruder:
🔗http://hacklido.com/blog/631
#BurpSuite #Hacking #Infosec #CyberSecurity #RedTeam
#1 - Introduction and Installation:
🔗 http://hacklido.com/blog/621
#2 - Understanding Navigation, Dashboard, Configuration:
🔗http://hacklido.com/blog/624
#3 - Exploring Burp Proxy and Target Specification:
🔗http://hacklido.com/blog/625
#4 - Exploring Burp Repeater and Burp Comparer:
🔗http://hacklido.com/blog/628
#5 - Going deep Into intruder:
🔗http://hacklido.com/blog/631
#BurpSuite #Hacking #Infosec #CyberSecurity #RedTeam
HACKLIDO
Burpsuite 101: Introduction and Installation
Hello, missed followers! It’s been a while, and I want to start by sincerely regretting taking an unexpected break. 😞 You were eagerly awaiting new con...
❤18
4 tools to find hidden query parameters! 🛠
A thread! 👇
https://x.com/intigriti/status/1720396304478536139?s=20
A thread! 👇
https://x.com/intigriti/status/1720396304478536139?s=20
🔥6👍5❤1
The team at @OpenAI just fixed a critical Account takeover vulnerability I reported few hours ago affecting #ChatGPT.
https://x.com/naglinagli/status/1639343866313601024?s=20
https://x.com/naglinagli/status/1639343866313601024?s=20
X (formerly Twitter)
Nagli (@galnagli) on X
The team at @OpenAI just fixed a critical account takeover vulnerability I reported few hours ago affecting #ChatGPT.
It was possible to takeover someone's account, view their chat history, and access their billing information without them ever realizing…
It was possible to takeover someone's account, view their chat history, and access their billing information without them ever realizing…
🔥8
🔥First Step Toward Web Application Testing : 😎
We will always come across various web applications that are designed and configured differently. One of the most current and widely used methods for testing web applications is the https://github.com/OWASP/wstg/tree/master/document/4-Web_Application_Security_Testing. ❄️
One of the most common procedures is to start by reviewing a web application's front end components, such as HTML, CSS and JavaScript (also known as the front end trinity), and attempt to find vulnerabilities such as Sensitive Data Exposure { https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure } and Cross-Site Scripting (XSS) { https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS) } . 🌓
Once all front end components are thoroughly tested, we would typically review the web application's core functionality and the interaction between the browser and the webserver to enumerate the technologies the webserver uses and look for exploitable flaws. We typically assess web applications from both an unauthenticated and authenticated perspective (if the application has login functionality) to maximize coverage and review every possible attack scenario. ✨
We will always come across various web applications that are designed and configured differently. One of the most current and widely used methods for testing web applications is the https://github.com/OWASP/wstg/tree/master/document/4-Web_Application_Security_Testing. ❄️
One of the most common procedures is to start by reviewing a web application's front end components, such as HTML, CSS and JavaScript (also known as the front end trinity), and attempt to find vulnerabilities such as Sensitive Data Exposure { https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure } and Cross-Site Scripting (XSS) { https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS) } . 🌓
Once all front end components are thoroughly tested, we would typically review the web application's core functionality and the interaction between the browser and the webserver to enumerate the technologies the webserver uses and look for exploitable flaws. We typically assess web applications from both an unauthenticated and authenticated perspective (if the application has login functionality) to maximize coverage and review every possible attack scenario. ✨
GitHub
wstg/document/4-Web_Application_Security_Testing at master · OWASP/wstg
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services. - OWASP/wstg
❤13👍1
🤔Question of the day: How to Spot CORS Misconfigurations?
Tweet by jayesh35_ : https://x.com/Jayesh25_/status/1730131194702958603?s=20
Tweet by jayesh35_ : https://x.com/Jayesh25_/status/1730131194702958603?s=20
❤19
🦗CVE : CVE-2023-38146
CVE Series : #1
A High-Risk Windows Themes Vulnerability
• Type: Remote Code Execution (RCE) ⚠️
• Affected Software: Windows 11
• CVSS Score: 8.8 (High Severity)
Dive into the details 🧵:👇
https://x.com/vulncure/status/1732049554504052876?s=20
CVE Series : #1
A High-Risk Windows Themes Vulnerability
• Type: Remote Code Execution (RCE) ⚠️
• Affected Software: Windows 11
• CVSS Score: 8.8 (High Severity)
Dive into the details 🧵:👇
https://x.com/vulncure/status/1732049554504052876?s=20
❤7👍2🤣1
🦗CVE : CVE-2023-49733
CVE Series : #2
Improper Restriction of XML External Entity Reference in Apache Cocoon
• Type: inject malicious code into XML documents
• Affected Software: Apache Cocoon
• CVSS Score: 9.8 (Critical Severity)
• Impact: RCE
Dive into the details 🧵:👇
https://x.com/vulncure/status/1732817325261283513?s=20
CVE Series : #2
Improper Restriction of XML External Entity Reference in Apache Cocoon
• Type: inject malicious code into XML documents
• Affected Software: Apache Cocoon
• CVSS Score: 9.8 (Critical Severity)
• Impact: RCE
Dive into the details 🧵:👇
https://x.com/vulncure/status/1732817325261283513?s=20
❤6🔥5👍1
🚀Question of the day: How to approach GraphQL Targets?
Unlock the full potential of GraphQL with these pro tips for tackling your bug bounty targets:
1️⃣ Retrieve the GraphQL Schema for hidden Queries/Mutations: If introspection is enabled, you can obtain the GraphQL Schema, revealing all GraphQL Operations and Mutations using the following GraphQL Query:
{"query":"{__schema{queryType{name}mutationType{name}subscriptionType{name}types{...FullType}directives{name description locations args{...InputValue}}}}fragment FullType on __Type{kind name description fields(includeDeprecated:true){name description args{...InputValue}type{...TypeRef}isDeprecated deprecationReason}inputFields{...InputValue}interfaces{...TypeRef}enumValues(includeDeprecated:true){name description isDeprecated deprecationReason}possibleTypes{...TypeRef}}fragment InputValue on __InputValue{name description type{...TypeRef}defaultValue}fragment TypeRef on __Type{kind name ofType{kind name ofType{kind name ofType{kind name ofType{kind name ofType{kind name ofType{kind name ofType{kind name}}}}}}}}"}
Introspection Disabled? Don't worry; here are some more ideas that can help you uncover those hidden GraphQL Queries/Mutations:
1️⃣ JavaScript - Retrieve GraphQL Queries and Mutations from JavaScript files when introspection is disabled. These files may list hidden methods not accessible via the app's regular functionality. Try making direct requests to these.
2️⃣ GraphQL Operation discovery via Brute Force - Clairvoyance is an excellent tool that helps obtain the GraphQL API schema via brute force even if introspection is disabled. It produces the GraphQL schema in JSON format. You can install the tool at https://github.com/nikitastupin/clairvoyance.
3️⃣ View the Schema and Continue Testing - Upload the identified operations/schema to other tools such as GraphQL Voyager, InQL, or graphql-path-enum, and start testing for GraphQL-specific security issues.
Next up: We'll talk about JS monitoring for identifying new GraphQL Operations/Mutations that you can be alerted to and test as soon as they're discovered! 🚀💻 #BugBounty #InfoSec #GraphQL #Security #BugBountyTips #HackerOne #BugCrowd #Cybersecurity
Unlock the full potential of GraphQL with these pro tips for tackling your bug bounty targets:
1️⃣ Retrieve the GraphQL Schema for hidden Queries/Mutations: If introspection is enabled, you can obtain the GraphQL Schema, revealing all GraphQL Operations and Mutations using the following GraphQL Query:
{"query":"{__schema{queryType{name}mutationType{name}subscriptionType{name}types{...FullType}directives{name description locations args{...InputValue}}}}fragment FullType on __Type{kind name description fields(includeDeprecated:true){name description args{...InputValue}type{...TypeRef}isDeprecated deprecationReason}inputFields{...InputValue}interfaces{...TypeRef}enumValues(includeDeprecated:true){name description isDeprecated deprecationReason}possibleTypes{...TypeRef}}fragment InputValue on __InputValue{name description type{...TypeRef}defaultValue}fragment TypeRef on __Type{kind name ofType{kind name ofType{kind name ofType{kind name ofType{kind name ofType{kind name ofType{kind name ofType{kind name}}}}}}}}"}
Introspection Disabled? Don't worry; here are some more ideas that can help you uncover those hidden GraphQL Queries/Mutations:
1️⃣ JavaScript - Retrieve GraphQL Queries and Mutations from JavaScript files when introspection is disabled. These files may list hidden methods not accessible via the app's regular functionality. Try making direct requests to these.
2️⃣ GraphQL Operation discovery via Brute Force - Clairvoyance is an excellent tool that helps obtain the GraphQL API schema via brute force even if introspection is disabled. It produces the GraphQL schema in JSON format. You can install the tool at https://github.com/nikitastupin/clairvoyance.
3️⃣ View the Schema and Continue Testing - Upload the identified operations/schema to other tools such as GraphQL Voyager, InQL, or graphql-path-enum, and start testing for GraphQL-specific security issues.
Next up: We'll talk about JS monitoring for identifying new GraphQL Operations/Mutations that you can be alerted to and test as soon as they're discovered! 🚀💻 #BugBounty #InfoSec #GraphQL #Security #BugBountyTips #HackerOne #BugCrowd #Cybersecurity
GitHub
GitHub - nikitastupin/clairvoyance: Obtain GraphQL API schema even if the introspection is disabled
Obtain GraphQL API schema even if the introspection is disabled - nikitastupin/clairvoyance
🔥9👍3❤2