Al_Moustach🇩🇿🇩🇿🇩🇿

@HoucemEddine11

الله يعطي اصعب معاركه لاقوى محاربيه God gives his toughest battles to his strongest worriers

Software Application

Oran

almoustach.vercel.app

Joined February 2019

994Posts 24Followers 203Following

Al_Moustach🇩🇿🇩🇿🇩🇿 reposted

Mohamed Reda Desoky

@mrdesoky0

Nov 9

Free Bug Bounty course by Z-wink (@the_IDORminator ) ranked #1 in the US on Bugcrowd! Learn from the best, especially if you're into IDOR & Broken Access Control: t.me/ZwinKU

Al_Moustach🇩🇿🇩🇿🇩🇿 reposted

Cloudflare has started blocking proxy tools like Burp Suite. If you encounter this error, download the “Bypass Bot Detection” extension from the BApp Store in Burp Suite. It should resolve the issue for Burp Suite.

alp0x01's tweet image. Cloudflare has started blocking proxy tools like Burp Suite. If you encounter this error, download the “Bypass Bot Detection” extension from the BApp Store in Burp Suite. It should resolve the issue for Burp Suite.

Al_Moustach🇩🇿🇩🇿🇩🇿 reposted

Het Mehta

@hetmehtaa

Nov 6

Thread: Hidden Treasures in JavaScript - The Hacker's Guide to Finding Everything

Al_Moustach🇩🇿🇩🇿🇩🇿 reposted

Mohamed Reda Desoky

@mrdesoky0

Nov 4

Just released the Ultimate IDOR Testing Checklist 🧩 I combined techniques from many sources to cover IDOR scenarios. Know a technique I missed? Drop it in the comments. Notion: mrdesoky0.notion.site/Ultimate-IDOR-… GitHub: github.com/mrdesoky0/vuln… #bugbountytips #IDOR #AppSec #InfoSec

mrdesoky0's tweet image. Just released the Ultimate IDOR Testing Checklist 🧩

I combined techniques from many sources to cover IDOR scenarios.

Know a technique I missed? Drop it in the comments.

Notion:
mrdesoky0.notion.site/Ultimate-IDOR-…

GitHub:
github.com/mrdesoky0/vuln…

#bugbountytips #IDOR #AppSec #InfoSec

Al_Moustach🇩🇿🇩🇿🇩🇿 reposted

Mohamed Metwally

@metwallysec

Nov 2

💥ازاي لقيت Critical على GitHub — الفيديو العملي ! في الفيديو الجديد عملت خطوة بخطوة: فين أدور، إزاي أستخدم GitHub dorks، وإزاي أميّز الـ false positives عشان ما تهدرش وقتك. 📺 رابط الفيديو: youtu.be/fnHO97wbZWE

metwallysec's tweet card. إزاي لقيت بيانات Critical على GitHub!

youtube.com

YouTube

إزاي لقيت بيانات Critical على GitHub!

Source: youtube.com

Al_Moustach🇩🇿🇩🇿🇩🇿 reposted

Abhishek Meena 🏵️

@aacle_

Oct 31

Part - 2 Web Cache Poisoning Quick tip: test X-Forwarded-Host + extension flips (.css/.js) — if the edge caches your reflected header or JSON as a “static” asset, every visitor can get poisoned JS or tokens. Read 5 practical PoCs & seeding recipes → medium.com/@Aacle/web-cac…

aacle_'s tweet image. Part - 2
Web Cache Poisoning

Quick tip: test X-Forwarded-Host + extension flips (.css/.js) — if the edge caches your reflected header or JSON as a “static” asset, every visitor can get poisoned JS or tokens.

Read 5 practical PoCs &amp; seeding recipes →
medium.com/@Aacle/web-cac…

Al_Moustach🇩🇿🇩🇿🇩🇿 reposted

𝕏 Bug Bounty Writeups 𝕏

@bountywriteups

Oct 30

SQL Injection — The Most Practical Guide for Beginners kd-200.medium.com/sql-injection-… #bugbounty #bugbountytips #bugbountytip

bountywriteups's tweet card. Hello everyone, I’m Nitin Yadav. Back again with another practical blog. Today we will learn everything about SQL Injection (SQLi) — what…

SQL Injection — The Most Practical Guide for Beginners

Source: kd-200.medium.com

Al_Moustach🇩🇿🇩🇿🇩🇿 reposted

Brute Logic

@BRuteLogic

Oct 28

Start your journey into #SSRF. brutelogic.net/ssrf-mastery-s…

BRuteLogic's tweet card. Learn advanced SSRF exploitation techniques from Orange Tsai, Justin Gardner, and Corben Leo. 68-page guide with systematic methodologies for bug bounty hunters.

SSRF Mastery Series - Fundamentals: Master Server-Side Request Forgery

Source: brutelogic.net

Al_Moustach🇩🇿🇩🇿🇩🇿 reposted

bugcrowd

@Bugcrowd

Oct 28

"If you’re a student, someone passionate about cybersecurity, or just someone who wants to gain experience while studying and earn some money, this article is for you." – @hbenja_m 🎤 Read how this hacker balances learning and hacking: bugcrowd.com/blog/my-experi…

Bugcrowd's tweet image. "If you’re a student, someone passionate about cybersecurity, or just someone who wants to gain experience while studying and earn some money, this article is for you." – @hbenja_m 🎤

Read how this hacker balances learning and hacking: bugcrowd.com/blog/my-experi…

Al_Moustach🇩🇿🇩🇿🇩🇿 reposted

𝕏 Bug Bounty Writeups 𝕏

@bountywriteups

Oct 27

Al_Moustach🇩🇿🇩🇿🇩🇿 reposted

YS

@YShahinzadeh

Oct 27

This one was easy: searched JS files → revealing endpoints → JSON HTTP request → exposed PII. Tip: account for lazy-loading. many hunters miss endpoints. Method: click to trigger lazy-loaded JS, then search again for endpoints. Happy hunting :]

YShahinzadeh's tweet image. This one was easy: searched JS files → revealing endpoints → JSON HTTP request → exposed PII. Tip: account for lazy-loading. many hunters miss endpoints. Method: click to trigger lazy-loaded JS, then search again for endpoints. Happy hunting :]

Al_Moustach🇩🇿🇩🇿🇩🇿 reposted

PentesterLab

@PentesterLab

Jun 30

💥🐹 4 new Go Code Review Labs just dropped! 🐹💥 Read the code, peek at the diff, find the bug. Sharpen your skills: pentesterlab.com/badges/golang-…

Al_Moustach🇩🇿🇩🇿🇩🇿 reposted

bugcrowd

@Bugcrowd

Oct 24

Hunting IDORs? Target this first 👇 (With ZwinK)

Al_Moustach🇩🇿🇩🇿🇩🇿 reposted

Omar Abdelsalam

@owvr27

Oct 24

كنت بقرأ مقال جامد جدًا على موقع @DeepStrike_io عن Penetration Testing Methodology، وبصراحة استفدت منه جدًا وساعدني أرتب أفكاري . أنصح أي حد مهتم بالمجال يقرأ المقال ده فعلاً مفيد : deepstrike.io/blog/penetrati… #CyberSecurity #deepstrike #PenTesting

owvr27's tweet card. The ultimate 2025 guide to penetration testing methodology. Learn PTES, NIST, OWASP, ATT&CK frameworks, testing phases, and compliance essentials.

Penetration Testing Methodology (2025): Complete Guide

Source: deepstrike.io

Al_Moustach🇩🇿🇩🇿🇩🇿 reposted

Md Ismail Šojal 🕷️

@0x0SojalSec

Oct 18

Find hidden Endpoint - by: Sina Yeganeh ✨ -raw.githubusercontent.com/sinaayeganeh/F… #cybersec #infosec #bugbountytips

Al_Moustach🇩🇿🇩🇿🇩🇿 reposted

DarkShadow

@darkshadow2bd

Oct 18

bugbounty tip: [easy to find critical bugs, follow this method] 1. find a api sensitive endpoint (must be leak sensitive info) 2. look headers "Cache-Control, CF-Cache-Status, Via, X-Cache, ETag, Age" confirm they store cache or not. (if stored try web cache deception) 3.…

darkshadow2bd's tweet image. bugbounty tip:
[easy to find critical bugs, follow this method]

1. find a api sensitive endpoint (must be leak sensitive info)

2. look headers "Cache-Control, CF-Cache-Status, Via, X-Cache, ETag, Age" confirm they store cache or not. (if stored try web cache deception)

3.…

Al_Moustach🇩🇿🇩🇿🇩🇿 reposted

0xZyo

@Zierax_x

Oct 15

this github Repo have nice tips, easy but that easy tips we forget it alot of time, so this a useful resource github.com/tuhin1729/Bug-…

Zierax_x's tweet card. These are my checklists which I use during my hunting. - tuhin1729/Bug-Bounty-Methodology

GitHub - tuhin1729/Bug-Bounty-Methodology: These are my checklists which I use during my hunting.

Source: github.com

Al_Moustach🇩🇿🇩🇿🇩🇿 reposted

Biscuit

@OreoB1scuit

Oct 14

i was reading #bugbounty wrriteups and i found this blog site adnanthekhan.com and its super technical i really like it

Al_Moustach🇩🇿🇩🇿🇩🇿 reposted

Md Ismail Šojal 🕷️

@0x0SojalSec

Oct 9

I was able to bypass rate limiting using this on mostly websites. #infosec #cybersec #bugbountytips

Al_Moustach🇩🇿🇩🇿🇩🇿 reposted

Mustafa Can İPEKÇİ

@mcipekci

Oct 7

We earned a $15,000 bounty on @Hacker0x01 with @saur1n! His persistence on the target paid off, uncovering SQLi leads on a major social network. The exploit was straightforward once the query structure leaked due to verbose errors, revealing the injection point by commenting.…