Triagers don’t care about your methods tbh. I was a triager at HackerOne for a while. Most of my teammates weren’t bug bounty hunters at all. The few that were were so much better than the average joe, they couldn’t care less about « stealing payloads » or learning from reports

I have a potential subdomain takeover. The CNAME is like https://<name>-c207e81233-1462895681.eu-central-1.elb.amazonaws.com/ If anyone has experience in takingover elb.amazonaws.com, please send me a DM #bugbounty #collab

Phone phreaking is a type of hacking that allows you to explore the telephone network by exploiting the phone systems and phone company employees.

Hacking is exploiting security controls either in a technical, physical or human-based element.

📒 URL validation bypass cheat sheet 📄 This cheat sheet contains payloads for bypassing URL validation. These wordlists are useful for attacks such as server-side request forgery, CORS misconfigurations, and open redirection. portswigger.net/web-security/s… #bugbounty #bugbountytips

Implement multi-factor authentication wherever possible. It adds an extra layer of security to your accounts. #BestPractices #Pentesting #ethicalhacking #Awareness

🕷️Exploiting Unconventional SQLis Manually 💉 A thread 🧵 1/n #sqli #synack #srt

Say hello to the Polyglot Payload. The complete payload for the XSS Polyglot Challengev2 is now available on the xss.report platform. Source: web.archive.org/web/2019061711… Thanks FD and crlf #xss #polyglot #polyglotxss

Basic Static Analysis Script (to find possible #XSS in source code) #!/bin/bash # 1) save it as xssaminer # 2) allow execution: chmod +x xssaminer # 3) run it & check usage: ./xssaminer if [ -z $1 ] then echo -e "Usage:\n$0 FILE\n$0 -r FOLDER" exit else f=$1 fi sources=(GET

You can bypass path-based WAF restrictions by appending raw/unencoded non-printable and extended-ASCII characters like \x09 (Spring), \xA0 (Express), and \x1C-1F (Flask):

This repository contain a lot of web and API vulnerability checklist , a lot of vulnerability ideas and tips. #bugbounty #bugbountytip #bugbountytips github.com/Az0x7/vulnerab…

This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter Source: github.com/Az0x7/vulnerab…

Try this powerful XSS bypass. Many WAFs have not blacklisted this event handler, so you can take advantage of it

🚀 **Hack Like a Pro:** Extract IPs from Shodan HTML in Seconds! 🔥 Sick of digging through HTML? Let `grep` do the work! 💻 ```bash grep -oP '(?<=<strong>).*?(?=</strong>)' ip.html > ips ``` 1️⃣ **Save Shodan page source as HTML** 2️⃣ **Run this command** 3️⃣ **BOOM 💥** — All

𝐀𝐥𝐥 𝐏𝐚𝐢𝐝 𝐂𝐨𝐮𝐫𝐬𝐞𝐬 (𝐅𝐫𝐞𝐞 𝐟𝐨𝐫 𝐅𝐢𝐫𝐬𝐭 𝟓𝟎𝟎𝟎 𝐏𝐞𝐨𝐩𝐥𝐞)😍👇 1. Artificial Intelligence 2. Machine Learning 3. Cloud Computing 4. Ethical Hacking 5. Data Analytics 6. AWS Certified 7. Data Science 8. BIG DATA 9. Python 10. MBA And for 48 hrs, it's 100%

Extract all ip from shodan without any premium account

another advance methodlogy for mass Hunting SQL Injection on bbp/vdp

Best oneliner for Finding mass xss vulnerability:

Red Team & Blue Team Tools🔴🔵 🔗github.com/Ignitetechnolo…

Email Verification Bypasses ? Here are 10 Blogs about Email Verification Vulnerabilites ! 1. medium.com/@mohamed.yasse… 2. medium.com/@akrachliy/ema… 3. shrirangdiwakar.medium.com/how-i-turned-0… 4. mo9khu93r.medium.com/discovered-a-u… 5. medium.com/@mo9khu93r/how… 6. bevijaygupta.medium.com/email-verifica… 7.