ApkUrlGrep: A simple open-source tool to quickly extract endpoints from APK files. Github: github.com/ndelphit/apkur… via @delphit33 and Gerben Javado #pentesting #hackerone #infosec

You asked for something about OAuth — we did. Here is a mindmap about hacking OAuth 2.0. We tried to cover all possible ways even with low impact. Our inspiration was homakov.blogspot.com/search?q=oauth Thanks to Egor Homakov for outstanding articles. #BugBountyTip #CyberSecurity #BugBounty

Hey InfoSec friends! What was the resource (blog, book, etc.) that had the biggest impact on your skill development? Was there anyone who inspired you to learn a particular topic?

He is inspiring always!! Awesome Orange Tsai 🍊

A tricky URL spoofing bug that I reported two years ago to Mozilla and it is still working: spoof.lbherrera.me (reproducible only on Firefox).

I just published How I was able to change victim’s password using IDN Homograph Attack link.medium.com/zSmBpWKg27 Thanks to @musiclouderlml for sharing #bugbountytips

Best Self trolling award for 2020 Goes to OnePlus India OnePlus With 🙁, Without 😁 #OnePlusNord #OneplusNordLite

SQL Injection in Email Address (username) - by Dimaz Arno Tips: "injection_here"[at]email[dot]com Bypassing Email Filter which leads to SQL Injection: medium.com/@dimazarno/byp…

Burp Extensions that I use: (1/n) 1. Autorize - To Test BACs 2. Burp Bounty - Profile-based Scanner 3. Active Scan++ - Add more power to Burp's Active Scanner 4. AuthMatrix - Authorization/PrivEsc Checks 5. Broken Link Hijacking - For BLH #bugbountytips #bugbounty

👑 How did I find a critical today? well as i said it was very simple, using shodan and jaeles. 🔥shodan domain domain| awk '{print $3}'| httpx -silent | anew | xargs -I@ jaeles scan -c 100 -s /jaeles-signatures/ -u @ 🔥 @zeroc00I j3ssie (Ai Ho) #bugbountytip #KingOfBugBountyTips

My File Upload Checklist, detailed version of Ahsan Khan checklist, and also some extra methods I personally use and gathered during the time. #BugBounty #BugBountyTip #BugBountyTips #TogetherWeHitHarder #InfoSec

What amazing talent in माझी Mumbai, आपली BMC run Tamil school at Aarey Aaditya Thackeray #tamilrappers #tamil #talent #rapper #sound #beatbox #rapping #groupsingers #singers #kids #beatboxing #lockdown #talent #Surviving #Covid_19 #school #students

“Motivation will almost always beat mere talent.” ~ Norman Ralph Augustine

Bash Scripting Basics

Month of Azure Red Teaming Giveaway! I am giving away two seats of Altered Security Attacking and Defending Azure (CARTP). Please Repost, Like and Reply to participate. I will announce two random winners tomorrow. alteredsecurity.com/online-labs #RedTeam #Pentesting #Azure

⚡ Mastering GraphQL Exploitation: How to exploit GraphQL endpoints for bug bounty & profit. 1. yeswehack.com/learn-bug-boun… 2. book.hacktricks.xyz/network-servic… #infosec

OccupytheWeb Yep

Whoa, that's awesome! Catch Joseph Thacker's session!