rate my new look

Good writeup:

m4dm0e.github.io/blog/2023/01/0…

My mobile app hacking/pentesting setup and approach.

Bug Bounty Reports Explained #pentesting #appsec #cybersecurity #bugbounty

youtube.com/watch?v=tMMFx1…

Where do you see yourself as you progress through your cybersecurity journey?

Me: I see myself reaching a management position, with the caveat that I will never take my hands off pentesting or cyber-engineering. I couldn't live without the technical.

#pentesting #appsec …

From recent experiments, knowing how to talk to chatgpt4 in its own language (prompt engineering) can leverage so much good stuff, not only technically but also in all aspects of life.

For example, I often use it to find patterns that I could only find by reading 10 different…

The greatest journey is the journey of the mind since this is what determines the journey of life.

Earl Nightingale

This is gonna be epic!

In my experience, web app scanners can't match manual testing (i.e. looking at requests and responses using Burp Suite or ZAP or the like).

While they may offer some value, their high cost often doesn't justify their performance.

Curious to hear other perspectives of real-world…

How do you use dev tools in your pentests?

Me:

- for client-side code analysis (it's convenient because it's beautified)
- for DOM inspection
- for storage analysis
- for dynamic testing (I'm still trying to learn this)

#pentesting #appsec #cyberssecurity #infosec #bugbounty

on daily habits, been reading on Kindle for a while now.

My favorite Burp extensions and how I use them.

Bug Bounty Reports Explained #pentesting #appsec #cybersecurity

youtube.com/watch?v=P-8Qg5…

What type of bug bounty program is the one you like most? Tell me why you made that choice.

Me: I used to prefer * scopes and would do lots of recon. But it's been a year since I started focusing on single targets (apps).

Instead of going wide and shallow, I prefer going…

grok might be interesting...

Thanks InfoSec Community for the feature!

Have you heard?

Intigriti released a tool to check for misconfigurations! And it's open source!

#pentesting #appsec #bugbounty #cybersecurity

youtube.com/watch?v=YXxKTb…

This new Burp feature is really useful and interesting :)

#pentesting #appsec #cybersecurity #infosec

Let's test this out :) #chatgpt4

Also, did anyone find out the hard limit of replies per hour, is it unlimited since they've removed the 30 replies per 3 hours?

Common places to find SQLi:

- login forms, search bars, URL params, cookies, HTTP headers, and other inputs. These are just a few.

In what other places have you found SQLi?

#pentesting #appsec #cybersecurity #infosec

I can see this often in cybersec fellows. A good amount of privacy concerns is healthy, but some people take it to the next level.

Here are some of the most important flags I use with feroxbuster. You can probably do something similar with your favorite buster:

1. I filter out status codes: 301,302,404,500. Sometimes 300s and 500s can lead to something, but for me, most often than not, haven't.

2. I have…