caon (@_caon__) 's Twitter Profile
caon

@_caon__

ID: 1608499020980174850

linkhttps://caon.io/ calendar_today29-12-2022 16:23:54

61 Tweet

701 Takipçi

189 Takip Edilen

m4ll0k (@m4ll0k) 's Twitter Profile Photo

How to access to company without being part of it with google oauth, with your gmail account.. [it only works if the company has a misconfiguration!] #bugbountytips #bugbounty

How to access to company without being part of it with google oauth, with your gmail account.. [it only works if the company has a misconfiguration!] #bugbountytips #bugbounty
Paul Seekamp (@nullenc0de) 's Twitter Profile Photo

How I just got gained access to 22 unauthorized endpoints across 116 websites (260k endpoints) in about 10 minutes. Use what your comfy with. 👇

Mehdi (@silentgh00st) 's Twitter Profile Photo

⚠️New tool release:⚠️ MapperPlus is my own private tool that helped me reduce my recon time from 10 hours to only 1 hour of recon per day. Here is how :⚠️ MapperPlus : Bulk Extraction of soucre codes for every website that have .map files exposed🌐 github.com/midoxnet/mappe…

Jayesh Madnani (@jayesh25_) 's Twitter Profile Photo

🔍 Question of the day: How can you effectively exploit Windows IIS targets? 🖥️ These targets are frequently underestimated, often dismissed due to the static blue screen they present. However, exploring these assets can often lead to substantial bounties, ranging from $500 to

j3ssie (Ai Ho) (@j3ssiejjj) 's Twitter Profile Photo

My friend Black Turtle just suggested a time-saving extension in Burp Suite that enables you to perform Burp Extension actions without having to go through a lot of boring clicks😂 github.com/portswigger/ch… #bugbountytips #bugbounty #infosec #cybersecurity

My friend <a href="/thebl4ckturtle/">Black Turtle</a> just suggested a time-saving extension in <a href="/Burp_Suite/">Burp Suite</a> that enables you to perform Burp Extension actions without having to go through a lot of boring clicks😂

github.com/portswigger/ch…

#bugbountytips #bugbounty #infosec #cybersecurity
Gareth Heyes \u2028 (@garethheyes) 's Twitter Profile Photo

I've built a brand new version of my fuzzing tool Shazzer🚀 shazzer.co.uk - Easy fuzz browser behaviour - Find bugs - Share the results with the world

caon (@_caon__) 's Twitter Profile Photo

👉 Justia is a handy tool for bug bounty hunters to find trademarks and registered products of companies. It can help uncover more assets and expand your hunting ground. 🕵️‍♂️🔍 🔗 contracts.justia.com/companies/ #bugbountytips #bugbounty #CyberSecurity

Masato Kinugawa (@kinugawamasato) 's Twitter Profile Photo

ooh, this works on Chrome Canary :D <input type="hidden" oncontentvisibilityautostatechange="alert(/ChromeCanary/)" style="content-visibility:auto">

Caido (@caidoio) 's Twitter Profile Photo

We are super happy to sponsor Bug Bounty Village Brazil of the H2HC conference 🚀 If you are in Brazil on the 14-15th of December, it is a must 🎉 instagram.com/bugbountyvilla…

We are super happy to sponsor Bug Bounty Village Brazil of the <a href="/h2hconference/">H2HC</a> conference 🚀 
If you are in Brazil on the 14-15th of December, it is a must 🎉 
instagram.com/bugbountyvilla…
bugcrowd (@bugcrowd) 's Twitter Profile Photo

Where there’s bug bounty, there’s #Bugcrowd. 😉✨ We’re honored to have supported the Bug Bounty Village Brazil at H2HC in #Brazil, big thanks to bsysop! Seeing the hacker community come together with such passion was nothing short of amazing (as always). 🥲 Huge thanks to the organizers,

Where there’s bug bounty, there’s #Bugcrowd. 😉✨

We’re honored to have supported the <a href="/BugBountyBr/">Bug Bounty Village Brazil</a> at H2HC in #Brazil, big thanks to <a href="/bsysop/">bsysop</a>! Seeing the hacker community come together with such passion was nothing short of amazing (as always). 🥲

Huge thanks to the organizers,
Gareth Heyes \u2028 (@garethheyes) 's Twitter Profile Photo

I found you could use the ISO-2022-JP escape sequences inside JS URLs! Found using this: hackvertor.co.uk/hack-pad/5 Poc: portswigger-labs.net/xss/charset.ph…

I found you could use the ISO-2022-JP escape sequences inside JS URLs!

Found using this:
hackvertor.co.uk/hack-pad/5

Poc:
portswigger-labs.net/xss/charset.ph…
ph0r3nsic 🕷️ (@ph0r3nsic) 's Twitter Profile Photo

Hi HACKERS, here are my suggestions for the Top Ten (New) Web Hacking Techniques of 2024 PortSwigger PortSwigger Research : • “Another Vision of SSRF” (ph0r3nsic 🕷️) • “Unveiling TE.0 HTTP Request Smuggling” (bsysop) • “Supply Chain Attacks: A New Era” (Caue) If you haven’t

Marlon Fabiano (@astrounder) 's Twitter Profile Photo

🚨 AI Security Failure 🚨 Anthropic I bypassed the #constitutionalclassifiers designed to block harmful content and extracted detailed chemical information on a restricted substance. Despite passing multiple safeguards, the content checker failed to flag it as harmful.

🚨 AI Security Failure 🚨 <a href="/AnthropicAI/">Anthropic</a> 

I bypassed the #constitutionalclassifiers designed to block harmful content and extracted detailed chemical information on a restricted substance.
Despite passing multiple safeguards, the content checker failed to flag it as harmful.
celesian (@c3l3si4n) 's Twitter Profile Photo

I've just released my proof-of-concept tool called pugDNS. It's an experimental high-performance DNS bruteforcer built with AF_XDP. It's up to 3x faster than massdns, and 30x faster than dnsx. github.com/c3l3si4n/pugdns

André Baptista (@0xacb) 's Twitter Profile Photo

RFC 2047 "encoded-word" is crazy! It lets you smuggle encoded payloads into email addresses and the craziest thing is that some parsers decode it before validation 👇 Shout out to Gareth Heyes \u2028 for this  🔥

André Baptista (@0xacb) 's Twitter Profile Photo

If the origin server treats a delimiter, but the cache doesn’t and the cache normalizes paths before applying static directory rules you can leverage path traversal! Take this payload: /myAccount$/..%2Fstatic/any - The cache sees: /static/any - The origin sees: /myAccount The

If the origin server treats a delimiter, but the cache doesn’t and the cache normalizes paths before applying static directory rules you can leverage path traversal!

Take this payload:
/myAccount$/..%2Fstatic/any

- The cache sees: /static/any
- The origin sees: /myAccount

The