.
@Midhunryann1.Bug hunter 2.Traveller 3. Google, Apple, Microsoft, zoho 50+ hall of fames https://t.co/JApATvMpww Engineer
Similar User
@pratikyadav7_
@armaancrockroax
@princechaddha
@Wh11teW0lf
@walidhossain010
@my_r3in3
@FirewallFiasco
@vibs123i
@hst_kishan
@ChavdaZeel
@sa1tama0
@h1_yusuf
@w_hat_boy
@gauravnarwani97
@Savitar0x01
You can now probe for password-reset hijacking via DNS poisoning directly in Burp Suite, using the DNS Analyzer extension from @sec_consult! Can't wait to try this out. sec-consult.com/blog/detail/dn…
In the spirit of excessive automation, I've added AI-assisted summaries for every nomination for the Top 10 web hacking techniques of 2023. Take a look and let me know what you think - helpful or pointless? portswigger.net/research/top-1…
HackerOne disclosed a bug submitted by @0xacb: hackerone.com/reports/2101076 #hackerone #bugbounty
If you're looking for long term bug bounty tips, @JonathanBouman is your man. He's been hacking Amazon (almost exclusively) for more than 6 years! Here's how he stays productive:
python-multipart (which is also used by FastAPI and Starlette in form requests) is vulnerable to ReDos: github.com/Kludex/python-… 1. Find requests that use `application/x-www-form-urlencoded` as a Content-type (basically many form requests) or if you're code reviewing, you may…
Yay, I was awarded a $500 bounty on @Hacker0x01! hackerone.com #TogetherWeHitHarder
Bypass Url Parser by @TheLaluka Checking the source, I can confirm many of these methods have worked for me in the past. Including a string of auth bypasses for $30k on a bounty platform. Excited to test tool instead of doing it all manually 🤩 github.com/laluka/bypass-…
A lucky #XSS payload to #bypass a #whitelist. 1'"<S><A HRef=tel:/*%26apos;;/*%26quot;;/*%26lt;s%26gt;%26lt;Img/Src/*/O%26%2378;Error=alert(1)//%26gt; Title=tel:/*%26apos;;/*%26quot;;/*%26lt;s%26gt;%26lt;Img/Src/*/O%26%2378;Error=alert(1)//%26gt;> Ref: brutelogic.com.br/blog/bypassing…
Here's a quick hack to easily find SSRF vulnerabilities! 🤑 Open your proxy interceptor and set the following match & replace rule! This will replace any URL in your incoming requests with your canary token! 👇
After a really long time only focused on manual web security stuff, almost everything has started to feel like a QA checklist. There are definitely people doing novel research and dropping crazy bugs, but I think a lot of the big stepping stones require people to build really…
Thought I'd share this remote code execution on one of the main sites for a large H1 target from a year ago. I found this one by being persistent and using Param Miner by @albinowax . After Param Miner discovered the header it was all manual testing to detect the template engine…
The year is 2016. I was in my bedroom, staring at the screen. “ZERODIUM Payouts for Mobiles” One zero, two zero, three zero… wtf! The reward could be up to one million US dollars? That’s a one bedroom apartment in Hong Kong, whatever this RCE is, I’m going to learn…
You can find slides of my @bsidesahmedabad talk from here: docs.google.com/presentation/d… I hope you will like it feel free to dm if you have any questions.
Just created a repo for slides from BSides Ahmedabad 2024! 🚀🎉 ( @bsidesahmedabad ) Explore it here: github.com/thecyberneh/BS… If you have any slides to share, feel free to send a PR! #BugBounty
1 Bug, $50K+ in bounties: how Zendesk left a backdoor in hundreds of companies #bugbountytips gist.github.com/hackermondev/6…
Let's gooooo, my write up is ready English writeup on medium: ro0od.medium.com/from-simple-re… Arabic video in YT channel: youtu.be/lcfwvb1-GLM #bugbountytips #BugBounty
By popular request: cspbypass.com is now completely open source: github.com/renniepak/CSPB… I also added a small feature that lets you link specific searches, for example: cspbypass.com/#paypal
Upgrade your SSRF, CORS & Open Redirect testing with our new URL Validation Bypass cheat sheet, containing all known techniques! portswigger.net/web-security/s…
![[Hacker + lover of bash] I Don't know how to hack but i know how to pwnd!](https://pbs.twimg.com/profile_images/1176789748322643968/bEReriMR.jpg)
United States Trends
- 1. Justin Tucker 14,7 B posts
- 2. Ravens 46,7 B posts
- 3. Steelers 49,9 B posts
- 4. Packers 28,2 B posts
- 5. Dustin Hopkins 1.491 posts
- 6. Bears 67,4 B posts
- 7. Browns 20,6 B posts
- 8. Jordan Love 4.482 posts
- 9. #HereWeGo 7.720 posts
- 10. Drake Maye 6.058 posts
- 11. Aaron Rodgers 3.167 posts
- 12. $CUTO 9.437 posts
- 13. #OnePride 7.978 posts
- 14. McDonald 73,3 B posts
- 15. Kickers 2.739 posts
- 16. #BALvsPIT 3.379 posts
- 17. Gibbs 7.164 posts
- 18. Titans 29,7 B posts
- 19. #Jets 4.134 posts
- 20. Taysom Hill 2.013 posts
Who to follow
-
Pratik Yadav
@pratikyadav7_ -
Armaan Pathan
@armaancrockroax -
pwnmachine
@princechaddha -
Wh11teW0lf
@Wh11teW0lf -
Walid Hossain
@walidhossain010 -
Dani | Vulnerable 💔❤️🩹
@my_r3in3 -
Mauricio
@FirewallFiasco -
@v!b$123!
@vibs123i -
Kishan Kumar (n00biel3_b0y)
@hst_kishan -
Chavda Zeel
@ChavdaZeel -
TariKul IsLam
@sa1tama0 -
Yusuf Aydın
@h1_yusuf -
Deepak Holani
@w_hat_boy -
Gaurav Narwani
@gauravnarwani97 -
M. Qasim Munir
@Savitar0x01
Something went wrong.
Something went wrong.