Published a writeup about how Sreeram KL and I, found a bug that let us steal Google OAuth token from Dropbox users. blog.stazot.com/stealing-googl…

📝Just published a blog about the data leak I found at LHV and NHG Nieuws; +15k 👨‍⚕️medical doctors usernames and hashed passwords leaked due to an unprotected API endpoint. The bug existed for 3 years, fixed within 48 hours.💡Read and learn more: medium.com/@jonathanbouma…

Suyash Sharma QuillAudits github.com/Quillhash/Quil… sm4rty.medium.com/roadmap-for-we…

5 tips on how I used Burp Pro in my 85+ pentests in 2022: (thread)

I don't know if my opinion matters but #bugbounty really takes a lot of mental power. If you are someone who is planning to get started then please build up yourself mentally first. we really don't hope to see you feel lost around us 🤍

medium.com/@yaala/account…

Wordpress - XSS ( CVE-2022-29455) /wp-content/plugins/elementor/assets/js/frontend.min.js poc: https://site/#elementor-action:action=lightbox&settings=eyJ0eXBlIjoibnVsbCIsImh0bWwiOiI8c2NyaXB0PmFsZXJ0KCd4c3MnKTwvc2NyaXB0PiJ9Cg== #xss #wordpress

5- bug_bounty_checklist best checklist if you're start hunting or pentest github.com/shubhdhungana/…

Hey everyone, I just posted a write-up on my recent bug on a Hackerone Challenge: "How I Pwned 10 Admin Panels and got rewarded 8000$+?" rashahacks.com/how-i-pwned-10… Don't forget to like and retweet it. #bugbountytips #bugbountytip #bugbounty #cybersecurity #infosec

This year (2022), I have worked on creating educational resources in various forms, such as blogs, Twitter series, mindmaps and others. In case you missed them, here are all of them: # SecurityExplained Twitter Series: - github.com/harsh-bothra/S… 🧵 - 1/5

2/5 # MindMaps 1. Forget Password Vulns: xmind.net/m/nZwbdk/ 2. XML Attacks: xmind.net/m/xNEY9b/ 3. 2FA Bypass Techniques: xmind.net/m/8Hkymg/ 4. Android PT Checklist: xmind.net/m/GkgaYH/ 5. Cookie Based Auth Vulnerabilities: xmind.net/m/2FwJ7D/

It's Steiner254 HackerOne dhiyaneshgeek.github.io/web/security/2… by Dhiyaneshwaran

Blind IDOR 💥 1. Change userID 2. Get 200 status code, but no info leak 3. Check email, SMS, and export files 4. Email notification leaks PII Great write up by Vickie Li : vickieli.medium.com/how-to-find-mo… #idor #BAC #bugbountytips #bugbounty #hacking #infosec #cybersecuritytips

If an unsafe logger is used, an attacker can inject code and execute arbitrary commands, even if the page being accessed is a 404 page. Always test HTTP request headers to make sure the application is handling the headers correctly. #Security #bugbountytips #Hacking #OOB_RCE

Are you interested in learning reverse engineering in 2023? I've spent the this year studying RE, and I want to share all the resources that helped me along the way in the following tweets. Trust me, you won't be disappointed! 🧵 #infosec

I just published Exploring the World of ESI Injection Feedbacks are appreciated , let me know if you liked it or not :) Special thanks to nytr0gen link.medium.com/0WFFFk7n9vb

5 methods to bypass authentication. via Anon_Y0gi (thread)

💠 Bash for hackers | Learn the art of Bash Scripting 🔗 hacklido.com/blog/172-bash-… - - - # Tags - - - #Linux #bash #Hacking #CyberSec #cybersecuritytips #cybersecurity #infosec #infosecurity #sysadmin