Hazem El-Sayed ๐ต๐ธ
@zomasec
Bug Hunter | Offensive Security Engineer @DeepStrike_io
Potrebbero piacerti
Here is a write-up for how I got a Full Account takeover with a new hidden AWS Cognito Misconfiguration. Here is the link: shorturl.at/b5VbS #BugBounty #bugbountytips #bugbountytips
Sometimes when I work with teammates across multiple programs, Android app bug hunting becomes tedious and wastes time that could be spent finding web bugs. I built **apkX** to automate the repetitive startup steps, give a quick preview of an appโs internals, and let you testโฆ
๐๏ธ Hunter Cust #3 โ Hazem El-Sayed (zomasec) ุฑุญูุชู ูู ุงูุณููููุฑุชูุ ููุตุงูุญ ู ูู ุฉ ูุฃูู ุดุบู ูู ู ุฌุงู ุงูู Pentesting ๐จโ๐ป ููุงู ูุงูุนูุ ู ุตุงุฏุฑ ูููุฉุ ูุชุณููู ูููุณู ูู ุงูุณูู ุงูู ุตุฑู ๐ช๐ฌ ๐บ ุดุงูุฏ ุงูุญููุฉ: ๐ youtu.be/Zyrez7QfxBQ ๐ ุดูุฑุงู โจ@zomasecโฉ ุนูู ุงูุญูุงุฑ ุงูุฑุงูู ูุงูู ููุฏ โค๏ธ #BugBounty
youtube.com
YouTube
Hunter Cust #3 โ Hazem El-Sayed: Tips to Get Your First Job in...
I hope some one find this usefull ๐
Want to master client-side bugs? ๐ Check out this extensive GitHub repository with tens of different resources curated by @zomasec! ๐ github.com/zomasec/clientโฆ
Use NextJS? Recon Tip by renniepak A quick way to find "all" paths for Next.js websites: DevTools->Console console.log(__BUILD_MANIFEST.sortedPages) javascriptโ:console.log(__BUILD_MANIFEST.sortedPages.join('\n')); #infosec #cybersec #bugbountytips
With @Amr_MustafaAA we got this awesome bug 3> GET /api/nonsensitive/123%23non.svg The endpoint initially didnโt return sensitive data, but after being cached, it started exposing user PII. found on @yeswehack #BugBounty #bugbountytip #bugbountytips #Pentesting #websecurity
ููุงู ูุงุถุญ
ุงูุฏูู "ุงูุนูู ุงููุฉ" ุงูุฃูุฑูุจูุฉ ุนุงุฏู ุชุญุท ุงูุตููุจ ุนูู ุนูู ุฏูููุง ุฃู ุง ูู ุจูุฏ ูุณุจุฉ ุงูู ุณูู ูู ููู 90 ุจุงูู ุฆุฉ ููุงู ุงูุฏูู ุณุจุจ ูู ุชุญุฑูุฑูู ููุถุนูุง ููู ุฉ ุงูุชูุญูุฏ ุจุฌูุจ ุนูู ูู ุ ููุฐุง ุทุงุฆููุฉ ูุงูุนูุงุฐ ุจุงููู ุบุฑุฏ ูุฃูู ุนูู ูุฌู
see our changes here
Tools Updates: - ffuf: -unique filters unique responses by size.- - Subfalcon: Single-domain input, -sdt for Azure takeover. - Paramx: -at for all tags, -ap for all params(no need for gf any more). Tools Here: github.com/cyinnove Happy Automation! #CyberSecurity #Automation
If you're scratching your head after the @matanber episodes, here's a demo to show you how to: - Enable developer mode - Download extension's crx file Debugging: - Enable "Search in anonymous and content scripts" - Disable Ignore List "Content scripts injected by extensions"
To succeed in bug bounty, be a specialist feat. @snyff #bugbounty #bugbountytips #bugbountyhunter
I recently reported an RCE to Happy-DOM (a Node.js HTML parser), and itโs now fixed! The bug itself wasn't complex, but since finding an RCE in an HTML parser isnโt very common, I'm quite happy with this one :D github.com/capricorn86/haโฆ
Here is my writeup for how i could find 22 LFI In the same program using automation tricks ๐คฏ medium.com/@zomasec/how-iโฆ #bugbounty #bugbountytip #bugbountytips #websecurity #hackerone
CSRF in JSON requests is often overlooked, but it's a hidden threat! In my latest post, I break down how to spot JSON-based CSRF before generating a PoC. ๐ Check out how I caught it in a pentest at @CyberAR_LLC: #bugbountytips #csrf linkedin.com/posts/h0tak88rโฆ
ุนูุฏู ุง ุดุงูุฏุช ูุฐุง ุงูููุฏูู ู ู ุงูุชุตุงุฑุงุช ุงูููู ูู ุงูุณูุฏุงู ูุฑุฃูุช ูุฐู ุงููุฌูู ุงูุทูุจุฉ ููููุง ุงูุฏูู ูุงูุฎูู ูุฃุจุทุงู ุงูููุงุช ุงูู ุณูุญุฉ ุงูุณูุฏุงููุฉุ ุชุฐูุฑุช ุจุฏุงูุฉ ุญุฑุจ #ุงูุณูุฏุงู ุญูู ูุงูุช #ุงูุงู ุงุฑุงุช ูุญู ูุฏุนู ูููู ู ุน ู ููุดูุงุช ุงูุฏุนู ุงูุณุฑูุน ูููุถุงุก ุนูู ุงูุฅุณูุงู ูููุ! ุญูููุฉ ุงูุฅู ุงุฑุงุช ุชุฑูุฏ ูุฌูู ุงูุนุฑุจุฏุฉ ูุงููุณุงุฏ
Hello everyone , i coded a new golang package for bughunters who want to use webarchive in their tools , i am the first one that do this package in golang community with full documentation github.com/zomasec/webarcโฆ #BugBounty #bugbountytip #bugbountytips #golang #tools
United States Tendenze
- 1. Cheney 60.6K posts
- 2. Sedition 114K posts
- 3. First Take 43.5K posts
- 4. Mark Walter N/A
- 5. Treason 70K posts
- 6. #ExpediaChat 1,124 posts
- 7. Cam Newton 3,158 posts
- 8. Buss 6,459 posts
- 9. SEDITIOUS BEHAVIOR 22K posts
- 10. Stephen A 40K posts
- 11. Trump and Vance 32.5K posts
- 12. Jeanie N/A
- 13. Nano Banana Pro 18.8K posts
- 14. #Geeksgiving25 N/A
- 15. Constitution 92.3K posts
- 16. Commander in Chief 40.5K posts
- 17. Shayy 8,759 posts
- 18. Bush 58.8K posts
- 19. UNLAWFUL 60.7K posts
- 20. Godzilla 21.2K posts
Potrebbero piacerti
-
Abdelhy khaled๐ฆ
@cysky0x1 -
Mohamed Mater๎จ๐ต๐ธ
@micro0x00 -
Omar Nasser ๐ช๐ฌ๐ต๐ธ
@Sisi0_x -
Khaled Samy
@khaleedsamy12 -
Mohamed reda ameen
@AlQa3Qa3M0x0101 -
Mostafa๐ฅถ
@MElguerdawi -
Yousef
@iYousefAlotaibi -
M0hamed_Gamal0
@M0hamedGamal0 -
ุนุจุฏุงูุฑุญู ู | Abdulrahman
@73CHN0L06Y -
ุนุฑูุงุช
@ImXhandle -
Maverick๐ต๐ธ
@mavric1337 -
Osama Ayman
@OsamaAyman__ -
Salman Saif-ElDin ๐ต๐ธ
@Salman_0x00 -
Pepo Root
@mahmmoudel5ateb
Something went wrong.
Something went wrong.