Here's a couple of things worth a try to get an IDOR

Comment below if you've other useful tips & techniques.

🧵👇

#bugbounty #bugbounty tips #infosec

Black Friday is here! Get FREE recurring API credits if you like + retweet this tweet.

If we get up to 100 RTs everyone gets 100 recurring monthly API credits. If we get over 100 RTs, everyone gets the # of API credits in the amount of RTs.

Cut out time: November 28th 10AM EST.

Black Friday warmup🔥

Get a chance to win a SecurityTrails swag pack:
Comfy t-shirt ✔️
Classic (and a favorite) hacker hoodie ✔️
Stickers ✔️

Just RT this tweet and make sure to follow SecurityTrails, A Recorded Future Company - one winner will be chosen randomly on November 26th 2021 at 00:00 EST.

Finished my first week part-time bounty hunting with Synack on the Synack Red Team. It’s been an awesome experience and the VulnOps triage team is world class!

Hitting F12 in a browser is not hacking. If your code leaks personal data via public development tools that any person can see by simply pressing F12 on a keyboard then you have a huge data leak issue, not a hacking situation, on your hands. Fix your website.

🎵 If you're having cert issues I feel bad for ya son, I got $99 problems but the bill ain't one...🎵

All you have to do is pass the Burp Suite cert exam before 15th Dec and we'll refund you your $99 exam fee.
#burpsuitecertified #99problems

TIL that since hashcat 6+, you can pass your wordlists in the .zip or .gz format and it will decompress them on-the-fly.... pretty great for space savings on my 150GB+ of wordlists.

Burp Suite > Proxy > Options > TLS Pass Through.
Add these:
.*\.google\.com
.*\.gstatic\.com
.*\.mozilla\.com
.*\.googleapis\.com
.*\.pki\.goog
No more noise in your logs! #bugbountytips #Bugbounty #CyberSecurity

Trying to get into .NET lately I ended up putting together a new project as a result.

LittleCorporal is an automated Maldoc generator that leverages VBA, Donut, and thread hijacking to load a user specified shellcod blob into a remote process.

Project: github.com/connormcgarr/L…

yarh- for some reason on win11 the SAM file now is READ for users.
So if you have shadowvolumes enabled you can read the sam file like this:

I dont know the full extent of the issue yet, but its too many to not be a problem I think.

I've written a tool to escalate from domain user to a full AD compromise using ESC8 by SpecterOps 🇺🇦. You can see in the pictures below how, when combined with a method to coerce authentication, it is extremely powerful.

Along with the release of our blog post on #XLSEntanglement we have published a git repo with POC code and some examples

github.com/BC-SECURITY/Of…

Got some feedback that a guide to customizing C2Concealer would be helpful, so this is part 1/3 in a series on how to customize our tool to automatically generate c2 malleable profiles for #cobaltstrike

Process Creation is Dead, Long Live Process Creation — Adding BOFs Support to PEzor

Since the release of Beacon Object Files (BOFs), I wanted to support them as a new kind of output format in PEzor... Let’s dive into this short journey!

iwantmore.pizza/posts/PEzor4.h…

Finally ready! Check out filesec.io to find out what file extensions are being used by attackers and in what way. Drop any feedback or suggestions in my DMs.

Yet another comspec-based #LOLBin to be added to your blue- or red-tinted repos.
For couple dozens of predefined commands, 'help xxx' will launch '%comspec% /c xxx /?'
The finding itself is nearly year old, and it's high time I converted it into something practical.

alert() is dead, long live print() - by James Kettle and Gareth Heyes \u2028
portswigger.net/research/alert…

If you find an SSRF vulnerability in an ASP application, try reading trace.axd file. It contains logs of HTTP requests, you can find sensitive information in there.