You might like
I’m gonna give 10 random people that repost this and follow me $25,000 for fun (the $250,000 my X video made) I’ll pick the winners in 72 hours
url/?f=etc/passwd ==> 403 encode etc/passwd as base64 url/?f=L2V0Yy9wYXNzd2Q= ==> 200 #note you can use this trick in SQL , SSTI , XSS , LFI , Etc... #bugbountytips #bugbountytip
جلس أحد الشّيوخ بين طلابه يشرح "نُونيِّة القحطَاني" فلمَّا وصل إلى البيت القائل: لا تحشُ بطنَك بالطَّعامِ تسمّناً فجسوم أهل العلمِ غير سِمانِ وكان الشيخ سميناً، فقال: هذا البيت محل نظر.
It seems the new PHP 8 treat MySQL error msgs as "fatal errors" not shown anymore in regular MySQL injection triggering. How to test for it: Number Input ?id=0.or-1%23 String Input ?s='or-1%23 If it returns the 1st regular result of the page or more than 1 result, bingo! #SQLi
A thread🧵 💸Secrets of automation-kings in bug bounty💸 Finding 1day (or 1month) web exploits that haven't made their into scanners yet can make you big money. Read more to understand where and how to get an edge in this area! 🚨Retweet, follow, & like for more! 🚨 1/x
What I learnt from reading 126* Information Disclosure Writeups?? by @_Sm9l #infosec link.medium.com/RpEHVyrAYqb
link.medium.com
What I learnt from reading 126* Information Disclosure Writeups.
Let’s tackle the most valuable and mysterious bug type…
Intro to Web App Security Testing: Burp Suite Tips & Tricks trustedsec.com/blog/intro-to-… #burpsuite #proxy #repeater #intruder #scanner
Here's a really cool mind map for pentesting Active Directory xmind.net/m/5dypm8/
"My Methodology In Recon And Find Bugs & My Methodology In Hunting Using Phone" written by @GodfatherOrwa medium.com/@orwaatyat/my-… #Recon #dorking #bugbountytips
🧵 Short thread about my last P1 submission 🧵 After a few hours of playing around with the application, I found a static subdomain sub.REDACTED.com I usually analyze the javascript files of the static domains, and as a result, I found... 1/6🧵
إِنَّا كُلَّ شَيْءٍ خَلَقْنَاهُ بِقَدَرٍ ﴿49﴾
Thread Continues 2. Hacking Swagger-UI - from XSS to account takeovers vidocsecurity.com/blog/hacking-s… @GodfatherOrwa @0xJin @0x3n0 @rootxyash @remonsec @rbhichher @ADITYASHENDE17 @aditi_singghh @ghostlulz1337 @SecGus Thread Continues #bugbountytips #bugbounty #Pentesting
Evaluating Burp Suite Enterprise Edition or Burp Suite Professional? Use our new Gin and Juice shop to put Burp Scanner to the test. This is a realistic example of a modern website, containing serious vulnerabilities you might encounter in the wild. portswigger.net/blog/gin-and-j…
This is by far my favorite wordlist to use for pentesting and bug bounty hunting . Its a little old but still works very well! github.com/Bo0oM/fuzz.txt #bugbountytips #bugbounty #redteam #Pentesting #PenTest #infosec
Authorization. Easy to understand. Critical if implemented incorrectly. Want to see an example? (dumb question Corben, yes, why not) Last month, I found an auth bypass that lead to a full account takeover. Here's how I found it:
FREE LABS TO TEST YOUR PENTEST/CTF SKILLS Share with your network and friends. #cybersecurity #bugbounty #hacking #infosec #bugbountytips #ctf #pentesting 🧵 1/n
United States Trends
- 1. #AskFFT N/A
- 2. Mason Rudolph 1,642 posts
- 3. #HardRockBet N/A
- 4. Klay 37.3K posts
- 5. Good Sunday 79.6K posts
- 6. #sundayvibes 6,812 posts
- 7. Raora 3,633 posts
- 8. Full PPR 1,090 posts
- 9. Ja Morant 17.4K posts
- 10. Emanuel Wilson N/A
- 11. #AskBetr N/A
- 12. Cornbread 1,684 posts
- 13. Sean Tucker N/A
- 14. #FelizCumpleañosNico 6,604 posts
- 15. Tuten 1,533 posts
- 16. McLaren 150K posts
- 17. Michael Wilson N/A
- 18. Fritos N/A
- 19. Kamara 1,676 posts
- 20. Sunday Funday 3,319 posts
Something went wrong.
Something went wrong.