Similar User
@theBeched
@antyurin
@theRaz0r
@sergeybelove
@hd_421
@vah_13
@a_chaykin
A blog by me & @1lastBr3ath discussing our findings we presented in Black Hat Europe #BHEU talk titled “Exploiting CSP in Webkit to break Authentication/Authorization”. Find out how we made more than $100k in bug bounties with a bug ignored by Apple. threatnix.io/blog/exploitin…
Found a hidden HTTP param? Look deeper, maybe there is a mass assignment/autobinding vulnerability. Sometimes changes in objects are hidden too and you need to closely explore the app. Source: itzone.com.vn/en/article/mas… #CyberSecurity #BugBountyTip #BugBounty
We often get confused how Samesite affects cookies in different attacks in modern browsers. So, we have made a memo and now share it with you. #CyberSecurity #BugBountyTip #BugBounty
We have combined all the tricks we know about SSRF into a single mindmap. If we missed something, write about it in the comments! High resolution: raw.githubusercontent.com/hackerscrolls/… XMind source: github.com/hackerscrolls/… #CyberSecurity #BugBountyTip #BugBounty
I created a tool for recovering passwords from pixelized images: github.com/beurtschipper/…
Вышел выпуск подкаста №4. Наконец cобрались обсудить давно интересующу нас тему: менджмент и бизнес - особенности данных веток таланов для пентестера. Есть ли вобще другие? Уже разлит по площадкам soundcloud.com/m1mo-croc music.yandex.ru/album/10321679 podcasts.apple.com/ru/podcast/id1…
#bugbountytips One more way to increase the impact of opening arbitrary URLs in a built-in WebView is Universal XSS. They are widespread on #android! Steps:
Have you ever wonder about fast and easy-to-use SOCKS proxy over DNS? Here it is github.com/fbkcs/ThunderD… from @fbk_cs You don't even need to compile it! #CyberSecurity #RedTeam #Pentest
CSRF in 120 seconds! As you remember Cookies without SameSite are treated as SameSite=LAX in Chrome. But there is one exception that can be used as a temporary policy bypass. More detailed examples: medium.com/@renwa/bypass-… by @RenwaX23 #CyberSecurity #BugBountyTip #BugBounty
Using other hosts as a gateway, sometimes, you can get access to other VLANs or bypass the firewall. That is a task for gateway-finder! Check the improved version by @whitel1st: github.com/whitel1st/gate… #CyberSecurity #Pentest #RedTeam
Were you surprised when your cross-domain attack didn't work? Meet the new reality with SameSite Cookies. Now Chrome and Safari recognize Cookies without the SameSite attribute as SameSite=Lax by default. #CyberSecurity #BugBounty #BugBountyTip
Meet JWT heartbreaker! A Burp extension that finds thousands of weak JWT secrets lab.wallarm.com/meet-jwt-heart…
Got root access to a server? Run 3snake and grab the attention to the server. Wait for admins and grab their ssh passwords! github.com/blendin/3snake Trick by @cherboff #redteam #cybersecurity #Pentest
Yet another trick about CORS! Do not forget to check Origin: null #CyberSecurity #BugBountyTip #BugBounty
Incredible mindmap about hacking iOS applications by @hd_421 Pay attention, we have prepared two versions: 1. Full Security Assessments 2. Shorter BugBounty version XMind source: github.com/hackerscrolls/… #CyberSecurity #BugBountyTip #BugBounty #iOS
Found a Stored Self-XSS? Chain it with Login/Logout CSRF and increase the impact! Few examples: geekboy.ninja/blog/airbnb-bu… medium.com/@ch3ckm4te/sel… hackerone.com/reports/314518 #BugBounty #CyberSecurity #BugBountyTip #XSS
There are a lot of known vulnerabilities in Cisco. But available Cisco Smart Install is our favorite. This one helped us in few red teams and even bug bounty. Thanks to @sab0tag3d for an awesome exploit github.com/Sab0tag3d/SIET #redteam #pentest #cybersecurity
We continue to talk about attacks on CORS. This time, we have prepared a set of ideas for bypassing lists of allowed hosts. #CyberSecurity #BugBountyTip #BugBounty
WebSocket is a widespread technology in modern Web. Incorrect implementation can lead to a simple but critical vulnerability – WebSocket Hijacking. Example: hackerone.com/reports/535436 Try it in the @PortSwigger Lab: portswigger.net/web-security/w… #BugBountyTip #CyberSecurity #BugBounty
United States Trends
- 1. #WhyIChime 3.268 posts
- 2. #earthquake 27,3 B posts
- 3. Tsunami 115 B posts
- 4. #PrizePicks1000X 6.410 posts
- 5. Bay Area 13,7 B posts
- 6. Eureka 12,6 B posts
- 7. Sevy 1.882 posts
- 8. Venmo 26,4 B posts
- 9. $PHNIX 5.241 posts
- 10. Joni 264 B posts
- 11. Venture 22 B posts
- 12. Rowe 22,8 B posts
- 13. Hawk Tuah 88,3 B posts
- 14. Kari Lake 8.135 posts
- 15. Humboldt County 3.539 posts
- 16. $GME 16,9 B posts
- 17. Lloyd Austin 70,2 B posts
- 18. Oakland 5.689 posts
- 19. Katara 3.356 posts
- 20. #GalaxyWatchUltra N/A
Something went wrong.
Something went wrong.