你可能会喜欢
One of the biggest mistakes you probably make when trying to find an API token or sensitive information in JS files is relying only on automated tools like JSRecon without checking the files manually. I found an access token that let me into a company's internal website where i…
Here is the write-up for the vulnerability I found a few days ago medium.com/@Ibrahimsec/ho…
medium.com
How I Found an IDOR that Led to Session Hijacking
Assalam alaikum,
I was awarded a $3,000 bounty on @Hacker0x01! hackerone.com/nightm4re #TogetherWeHitHarder ATO i guess?
Saudi Arabia TEAM is on FIRE!! 🔥🔥 4 days remaining Leaderboard: leaderboards.hackerone.live/awc2024 #AmbassadorWorldCup @Hacker0x01
I was awarded a $3,000 bounty on @Hacker0x01! hackerone.com/nightm4re #TogetherWeHitHarder ATO i guess?
See you in the next round!
الحمدلله ممثلين لفريق السعودية 🇸🇦 تأهلنا الى دور الـ16 في كأس العالم هكر ون، شكراً @hacker0x01 على التنظيم الرهيب. فخورين بفريقنا ونكمل مشوارنا للقب بتوفيق الله! 🏆🚀 We made it! Team Saudi to the Sweet Sixteen in #AWC2024 🎉, Huge thanks to @Hacker0x01 for the amazing event
LY Corporation disclosed a bug submitted by @leetibrahim: hackerone.com/reports/2403554 #hackerone #bugbounty
الحمدلله تأهلنا مع ال32 فريق الى دور المجموعات وضمن الفرق الاساسية (افضل 8 فرق) في مسابقة كأس العالم هكر ون 2024 🇸🇦💪 Saudi Arabia qualified to group stage with 32 teams and as one of the main teams for the next round (Top 8) 🇸🇦💪 #AWC2024
I was awarded a $2,400 bounty on @Hacker0x01! hackerone.com/nightm4re #TogetherWeHitHarder Broken Access Control
تم قبول ممثلي المملكة العربية السعودية 🇸🇦 لمسابقة AWC 2024 هكر ون @Hacker0x01 🏆 المشاركين: @AMakki1337 @0x_rood @eman_yazji @r00t_nasser @0xRaw @0xRAYAN7 @Ahmed0Makki @Ibrah1m_0x @leetibrahim @AlHomaidNoor @abdlah_md @stuipds @Liliexx2 @omarzzu @9yk @Dr_Ro0T
My tip on how I found a subdomain takeover: 1. Got a notification that a new domain had been added to the scope 2. Subdomain enum using ffuf, resolved them using dnsx 3. Checked the CNAME of valid subdomains 4. One of the subdomains was pointing to non-registered Azure service.
Don't discount dead subdomains in bug bounty! Try enumerating them against valid target IP addresses, who knows what you might find 😏 @leetibrahim has had some success with this tip, hopefully you will too! #bugbounty #bugbountytips 👇
United States 趋势
- 1. #StrangerThings5 54.1K posts
- 2. Afghan 144K posts
- 3. Thanksgiving 552K posts
- 4. National Guard 475K posts
- 5. #AEWDynamite 14.1K posts
- 6. #Survivor49 1,970 posts
- 7. Rahmanullah Lakanwal 58.6K posts
- 8. holly 21.8K posts
- 9. Cease 26.7K posts
- 10. dustin 82.5K posts
- 11. Celtics 13.6K posts
- 12. Blood 245K posts
- 13. Rizo 1,958 posts
- 14. Operation Allies Welcome 18.9K posts
- 15. #TheChallenge41 N/A
- 16. Savannah 4,995 posts
- 17. Blue Jays 11.4K posts
- 18. Cade 33.9K posts
- 19. Derrick White 2,149 posts
- 20. Okada 7,496 posts
你可能会喜欢
-
0xRAYAN 🇸🇦
@0xRAYAN7 -
Tur.js
@Tur24Tur -
Abdelrhman Allam 🇵🇸
@sl4x0 -
Fares
@_2os5 -
/usr/bin/fares
@SirBagoza -
🇸🇦 Murtada Bin Abdullah (Rood)
@0x_rood -
Unhandled0xD
@trap_handler -
Fahad
@Pwn3dx -
𝐱𝐫𝟎𝐨𝟎𝐭𝐱 🇸🇦
@xr0o0tx -
0xRaw
@0xRaw -
Hossam A. Mesbah 🇵🇸
@m359ah -
Abdalla Abdelrhman
@0x2nac0nda -
يعقوب الحربي
@az7rb -
Al-hassan abbas | الحسن عباس
@exploit_msf -
Hussam
@iknowhatodo0x01
Something went wrong.
Something went wrong.