2024 is 53% complete.

#GIVEAWAY: Want to own an exclusive hacker collectible? 🃏 We're giving away our super-popular Hacker Trading Cards! These feature hackers right from our ITMOAH report. 😱 Here’s how to win: 1️⃣ Follow us 2️⃣ Retweet + like this post 3️⃣ Tag a friend who’d want in That’s it.

Final giveaway of the year🎁: 4️⃣Hand-On Web Exploitation (Course Only hhub.io/2024holidays) 3️⃣Shodan Codes 2️⃣Caido licenses 1️⃣Hands-On Web Exploitation (Certificate+Course Bundle) To enter drop a 🫶🏼and RT

Now the year officially starts Tip: If You find IDOR and don't know how to obtain victims id try this, In my case I find an endpoint where my IDs of that object leak then I add a Id parameter on my endpoint and paste victim id and on another Endpoint I can delete that object 1/n

Tip: Always look for 401 status code and look if they are using NTLM Authentication You can use this shodan dork: Org:"Target Inc" http.status:401

Small bounty small motivation 🙂 Tip: IDOR in body/header is more vulnerable than ID in URL.

Super excited to share that I just received my first ever bug bounty — and even better, it was a collaboration with my friends Darkry Toshit bharti #bugbounty #firstbounty #TogetherWeHitHarder

Bug- Critical Privilege Escalations (Organization Takeover) TIP: Always find a way to chain the vulnerabilities and low severity privilege escalations and IDOR become critical.

Dig into overlooked features and forgotten code to uncover bugs that have been hiding for years.