Similar User
@inhibitor181
@gwendallecoguic
@hd_421
@sergeybelove
@dnkolegov
So, you can upload a file to the web app.. Bonus! Repo with slightly old exploits for image upload: github.com/barrracud4/ima… XMind source: github.com/hackerscrolls/… Thanks to hacktricks and @HolyBugx for new tricks (at least for us) book.hacktricks.xyz/pentesting-web…
My File Upload Checklist, detailed version of @hunter0x7 checklist, and also some extra methods I personally use and gathered during the time. #BugBounty #BugBountyTip #BugBountyTips #TogetherWeHitHarder #InfoSec
Found a hidden HTTP param? Look deeper, maybe there is a mass assignment/autobinding vulnerability. Sometimes changes in objects are hidden too and you need to closely explore the app. Source: itzone.com.vn/en/article/mas… #CyberSecurity #BugBountyTip #BugBounty
Looking for a stable reverse proxy for pivoting? Check frp! Useful when you've hacked a server and want to establish a channel to the internal network. A lot of options for pivoting, multiplatform and easy to use. github.com/fatedier/frp #CyberSecurity #Pentest #RedTeam
We often get confused how Samesite affects cookies in different attacks in modern browsers. So, we have made a memo and now share it with you. #CyberSecurity #BugBountyTip #BugBounty
We have combined all the tricks we know about SSRF into a single mindmap. If we missed something, write about it in the comments! High resolution: raw.githubusercontent.com/hackerscrolls/… XMind source: github.com/hackerscrolls/… #CyberSecurity #BugBountyTip #BugBounty
Incredible mindmap about hacking iOS applications by @hd_421 Pay attention, we have prepared two versions: 1. Full Security Assessments 2. Shorter BugBounty version XMind source: github.com/hackerscrolls/… #CyberSecurity #BugBountyTip #BugBounty #iOS
We continue to talk about attacks on CORS. This time, we have prepared a set of ideas for bypassing lists of allowed hosts. #CyberSecurity #BugBountyTip #BugBounty
There is a popular opinion: bad CORS like <Access-Control-Allow-Origin: *> is unexploitable. Browser won't send cookies in this case. It is a delusion. You can exploit it with a Chrome cache feature! For example: hackerone.com/reports/761726 #BugBountyTip #CyberSecurity #BugBounty
Next up on #HITBLockdown002 Track 1: "The Weakest Element of Acquiring Bank Infrastructure" Presented by Ilia Bulatov & Gleb Cherbov Starts 17:00 SGT at youtu.be/Yp7W4hiLpJY Ask questions via our Slido channel #askinthebox
#HITBLockdown002 D2T1 - The Weakest Element of Acquiring Bank Infrastructure - Ilia Bulatov & Gleb Cherbov - conference.hitb.org/hitb-lockdown0…
Last time we showed you how to use encodings in <a>. Now we've made a scheme what symbols in which points you can inject to bypass WAF, filters, sanitizers. gist.github.com/hackerscrolls/… #BugBounty #CyberSecurity #BugBountyTip
Sometimes you can control the href value in HTML tag<a>. So it's a good place for XSS payload! We've created a scheme how to use various encodings in href to bypass filters. gist.github.com/hackerscrolls/… @XssPayloads #BugBountyTip #Bypass
You asked for something about OAuth — we did. Here is a mindmap about hacking OAuth 2.0. We tried to cover all possible ways even with low impact. Our inspiration was homakov.blogspot.com/search?q=oauth Thanks to @homakov for outstanding articles. #BugBountyTip #CyberSecurity #BugBounty
Faced with CSRF protection? Try to bypass it! Save these 6 common CSRF bypasses that we use too. #BugBountyTip
SSRF + CRLF + HTTP Pipeline + Docker API = RCE… How dangerous is Request Splitting, a vulnerability in Golang or how we found the RCE in Portainer and hacked Uber link.medium.com/dSWQ6ewPL6
Sometimes there is no time to install/configure a fully functioning server. Here are 6 simple servers which can be used during pentest. Catch SSRF callbacks and exploit OOB attacks! Check the replies, there are commands to install and run them. #BugBountyTip #Pentest 1/7
We have prepared a mindmap for you with 16 ways how to perfom 2FA security testing. It is based on our practical experience and articles by @0xw2w and @ahack_ru bit.ly/2T95RWU blog.deteact.com/common-flaws-o… #BugBountyTip #TogetherWeHitHarder
Sometimes restrictions on "/admin" page can be easily bypassed. You should always check this simple tricks for easy win! #BugBountyTip #BugBounty #YourNextBugTip
WebArchive greatly expands your knowledge about the target. WayBackUrls is an awesome tool written by @TomNomNom It fetches all the URLs from WebArchive for a domain and it's subdomains. github.com/tomnomnom/wayb… #BugBountyTip
United States Trends
- 1. Lakers 38,2 B posts
- 2. Heisman 17,5 B posts
- 3. #SmackDown 55,5 B posts
- 4. UNLV 11,6 B posts
- 5. Boise State 11,6 B posts
- 6. Trae 29,4 B posts
- 7. #VancouverTSTheErasTour 45,8 B posts
- 8. Hawks 20 B posts
- 9. Giannis 24,3 B posts
- 10. Army 332 B posts
- 11. Gabe Vincent 2.125 posts
- 12. #BlueBloods 4.723 posts
- 13. Tulane 6.538 posts
- 14. #ANonsenseChristmas 19,8 B posts
- 15. #OPLive 3.107 posts
- 16. sabrina 87,8 B posts
- 17. Northwestern 6.998 posts
- 18. $VIRGIN 9.144 posts
- 19. Jrue 4.094 posts
- 20. Heyman 4.497 posts
Something went wrong.
Something went wrong.