🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

A nice tricks to bypass 403/401. #BugBounty #bugbountytips

Here is how I chained two bugs to exploit a UUID based IDOR and gained access to admin panel. 🧵THREAD🧵 1. How I knew that the target uses the same panel for both (normal users and admins)?! This is because of two things, the first one is through subdomain enumeration

⚠️ ATTENTION ⚠️ 📢 We're giving away a 1mo #voucher for the amazing VIP+ subscription from @HackTheBox_EU 🎁 To Enter: ✅ Follow us! ✅ ❤️+ RT this post! ✅ Tag 3 friends below! Winner announced in 48hr. Special thanks to our partners @HTB_MX! 🙏🏽 #InfoSec #GiveAway

Becoming a pro in finding client-side bugs is simple. Not easy, but simple. 1. Go through a JS tutorial and understand the basics. 2. Ready everything on this blog 8x until you understand it: ysamm.com 3. Read JS for Hackers by Gareth Heyes \u2028 4x Then go hack stuff

Ultimate 401 and 403 bypass methods vidocsecurity.com/blog/401-and-4…

I have a one year PentesterLab voucher for one random person retweeting and replying to this tweet with #nahamcon2023 :)

Can you help Bob automate SQL Injection exploitation with a new CSRF token on each request? 😕 #CAPen **📢Comment 👇& Repost this, 3 lucky winners get a free exam📢**🙌 CAPen link: secops.group/certifications… #bugbounty #bugbountytips #Pentesting

I've made over 100k on SSRF vulnerabilities. They aren't always as simple as pointing it at localhost or AWS Metadata service. Here are some tricks I've picked up over the past 5 years of web app testing:

🚨 During the last few months, I have been studying various fields within web3 security and taking notes on everything and have compiled them in Notion. As I am trying to grow my brand, I am sharing my notes with everyone who: 1. Follow me 👈🏼. 2. RT this tweet 👈🏼. (Remember to

Thinking about getting an AWS cert, but don't know which one is best to start? Have no fear, Lucy Wang is here! 🤩 Check out her latest video as she walks through the different cert paths: youtu.be/FvCt7GxvRDA Also, give her a follow! She creates amazing content!🙌

Hy BXSS Hunter I need your help I am new in bxss My payload got fired on a different subdomain How can I identify the vulnerable input field where I enter this payload and its got fired BXSS Hunter

⛏️ Nmap is one of those tools which every hacker should know to use. Most Ethical Hackers don’t dive deep into it and understand what permissions each command needs. Here are eight Nmap commands every hacker should know ⬇️ 💻

Andrew Tate Pulte I'm giving out $1000 to whoever likes and reposts this! Picking the winner in 12hrs

OTP bypasses? Here are 10 blogs for testing OTP bypasses for bug bounty 1. aravind07.medium.com/otp-bypass-pat… 2. infosecwriteups.com/otp-bypass-and… 3. logicbomb.medium.com/otp-bypass-acc… 4. infosecwriteups.com/otp-bypass-on-… 5. shahjerry33.medium.com/otp-bypass-dev… 6. medium.com/@regan_temudo/… 7. medium.com/@arrheniuspael… 8.

I have a question for anyone involved in web app pentest scoping: Imagine nobody has ever heard of WordPress before, there are no tools like wpscan, etc. A customer comes to you and wants you to test their new blogging software. It's WordPress. How many days testing would you