Were you surprised when your cross-domain attack didn't work? Meet the new reality with SameSite Cookies. Now Chrome and Safari recognize Cookies without the SameSite attribute as SameSite=Lax by default. #CyberSecurity #BugBounty #BugBountyTip

Who are you? Choose your fighter 🥷

Using other hosts as a gateway, sometimes, you can get access to other VLANs or bypass the firewall. That is a task for gateway-finder! Check the improved version by whitel1st: github.com/whitel1st/gate… #CyberSecurity #Pentest #RedTeam

Hey Burp Suite, could you implement search through all available extensions, including their description? There are a lot of different extensions with tricky names. It is hard to find what you need.

#bugbountytips Easy arbitrary code execution on Android: 1. Write a hook (using Xposed or Frida) to log paths of File.exists() and mention all files ending with .so during app load 2.1. Grep for ZipFile usage (and all its methods such as entries(), getEntry(...), etc).

CSRF in 120 seconds! As you remember Cookies without SameSite are treated as SameSite=LAX in Chrome. But there is one exception that can be used as a temporary policy bypass. More detailed examples: medium.com/@renwa/bypass-… by ‌Renwa #CyberSecurity #BugBountyTip #BugBounty

WiFi Hacking Cheatsheets & Mindmap + Headless Pwnbox/RogueAP Project based on Raspberry Pi github.com/koutto/pi-pwnb… #wifi #hacking #infosec

Have you ever wonder about fast and easy-to-use SOCKS proxy over DNS? Here it is github.com/fbkcs/ThunderD… from FBK CyberSecurity You don't even need to compile it! #CyberSecurity #RedTeam #Pentest

Wrote a small extension to highlight HTTP requests in Burp based on Firefox container they are opened in github.com/rumiljonov/fir…

If anyone needs a referrer spoof in a GET request :) bugs.chromium.org/p/chromium/iss…

We have combined all the tricks we know about SSRF into a single mindmap. If we missed something, write about it in the comments! High resolution: raw.githubusercontent.com/hackerscrolls/… XMind source: github.com/hackerscrolls/… #CyberSecurity #BugBountyTip #BugBounty

A detailed mindmap explaining Unauthenticated JIRA CVEs & their simple Exploitation steps. Public Link: xmind.net/m/Jrn7f8 Feel free to comment down if any CVE/Known Misconfiguration is missing. #BugBountyTips #appsec #infosecurity

Looking for a stable reverse proxy for pivoting? Check frp! Useful when you've hacked a server and want to establish a channel to the internal network. A lot of options for pivoting, multiplatform and easy to use. github.com/fatedier/frp #CyberSecurity #Pentest #RedTeam

Just all public reports with attachment links grabbed from hackerone by zeroc00i Useful for finding attack vectors and ideas for bug bounty github.com/bminossi/AllVi… #BugBounty

Found a hidden HTTP param? Look deeper, maybe there is a mass assignment/autobinding vulnerability. Sometimes changes in objects are hidden too and you need to closely explore the app. Source: itzone.com.vn/en/article/mas… #CyberSecurity #BugBountyTip #BugBounty

Good replacement of dnschef for pentesters and bugbounty, pretty useful for any kind of SSRF attack and DNS rebinding. You can dynamically request a specific IP address just using something like a command in subdomain value. It's also available online at 1u.ms

So, you can upload a file to the web app.. Bonus! Repo with slightly old exploits for image upload: github.com/barrracud4/ima… XMind source: github.com/hackerscrolls/… Thanks to hacktricks and HolyBugx for new tricks (at least for us) book.hacktricks.xyz/pentesting-web… x.com/HolyBugx/statu…