#DidYouKnow? #KNOXSS is the only #XSS tool that can pop an alert box in a DOUBLE INJECTION (2 inputs) in 2 different reflection contexts! Check the test page below, which requires a bypass on an alpha-based filter and a JSON encode function: brutelogic.com.br/lab/multix0.ph…

Can you Drop some good resources about source code reviewing, SAST tools.. Tushar Verma 🇮🇳 Harsh Bothra Mayur Parmar  Hemant Patidar The XSS Rat - Proud XSS N00b :-) 🇷🇴 cristi

I found a tool called DorkSearch which facilitates in forming #google #dork queries. Check it out: Link🔗: dorksearch.com But be cautious because "Misuse of Google Dorking can be viewed as hacking in some countries"

#KNOXSS API is officially launched! 😎 API Guidelines knoxss.me/?page_id=2729

How to start Bug Bounty Hunting Follow this thread 🧵 Note:I m assuming that you have cleared your basics #bugbounty #bugbountytip #bugbountytips

#bugbountytips 🧵 1/x Starting from almost scratch. Testing Environment: DO Ubuntu VPS, 2 vCPUs. 4GB mem / 60GB Disk, ($20/mo) This works for most general tasks. In most VPS intensive tasks (content discovery, fuzzing, etc) memory is your bottleneck.

#WAF #Bypass (Akamai's Kona) <a href="javas%09cript:[1].map(top['ale'+'rt'])"> Built with tricks you find in xsscheatsheet.com! PoC Vector: brutelogic.com.br/gym.php?p05=%3… PoC Bypass:

Top 7 #Shodan Dorks : A thread 🧵👇

anyone familiar with this kind of takeover? is it possible to takeover? #cybersec #infosec #takeover

Do you remember when you joined Twitter? I do! #MyTwitterAnniversary

Best Investments in Cyber security 🧵 1/100

20 Top Videos to Master Recon 👑 #bugbountytips 🧵👇🏻

So it seems like everybody hates hacking GraphQL like me, so lets post some resources so we can all get better at it!

My twitter circle ☕

Don't even bother activating #windows. It's so easy to get all the locked features without paying or using some weird activator (a thread👇)

Ways to bypass JSON Web Token controls:✅Tip2 ▶️KID manipulation: { "alg" : "HS256", "typ" : "JWT" "kid" : "1" } If field is controlled by the user, it can be manipulated by attackers to lead: ▶️Directory traversal: “kid”: “../../etc/groups” #bugbountytips #infosecurity

Not only Passwords, You can also crack ✅NTLM hashes ✅/etc/shadow files ✅Password protected Zip files ✅Password protected RAR Archives ✅SSH keys With John The Ripper A 🧵

Thanks for helping me to reach 1k subs on YouTube. Subscribing doesn't cost penny !! So, if you still haven't subscribed my channel yet, I think you can. youtube.com/c/FrozenFlame0…

Access control worth $2000 (everyone missed this IDOR+Access control between two admins.) medium.com/pentesternepal…

Checkout this AMASS Cheat-sheet: Amass is a tool that facilitates reconnaissance and helps you finding more information on a target. #bugbountytips #bugbountytip #bughunting