We recently found a vulnerability affecting Hyundai and Genesis vehicles where we could remotely control the locks, engine, horn, headlights, and trunk of vehicles made after 2012. To explain how it worked and how we found it, we have ꙅɿɘƚɔɘqꙅ as our mock car thief:

More car hacking! Earlier this year, we were able to remotely unlock, start, locate, flash, and honk any remotely connected Honda, Nissan, Infiniti, and Acura vehicles, completely unauthorized, knowing only the VIN number of the car. Here's how we found it, and how it works:

Oh

How to do a $50k social engineering pentest in a couple minutes via OpenAI playground. 1/2: Create a EC2 instance with EvilGenX 3. Limit your firewall via iptables to only accept target IP addresses 4. Purchase a domain 🧵 1/2

🚀 Osmedeus v4.2.0 has been released with a new template engine. The workflow now supports dynamic threads, allowing you to slow down and speed up the scan based on your demands. github.com/j3ssie/osmedeu… #security #infosec #osint #recon #attacksurface #bugbounty #bugbountytips

Cheat codes I know in my 30’s that I wish I knew in my 20’s:

Deprecated #Linux commands and their replacement. For more info please see cyberciti.biz/faq/linux-ip-c… my page.

We've provided tips and resources you can use to prepare for the #OSCP. All in one place. Download the e-book: offs.ec/3BEpfkg #pen200 #penetrationtesting #cybersecuritytraining #ethicalhacking #roadtooscp #oscp

Mega-thread on IDORs

Look for these file extensions in your pentests and appsec assessments. (thread)

This is how to find sql-Injection 100% of the time For site.com/?q=HERE /?q=1 /?q=1' /?q=1" /?q=[1] /?q[]=1 /?q=1` /?q=1\ /?q=1/*'*/ /?q=1/*!1111'*/ /?q=1'||'asd'||' <== concat string /?q=1' or '1'='1 /?q=1 or 1=1 /?q='or''=' credit:Today Cyber News #BugBountyTips

For those freshly interested in offensive ML/AI/GAI, this primer from Katie Paxton-Fear at bugcrowd #levelup0x07 continues to be *awesome* - Introduction to AI & Machine Learning - w/InsiderPhD bit.ly/41oTLZH

100 tools every self respecting web app hacker should know Burp Suite OWASP ZAP Metasploit Framework sqlmap Nmap Dirbuster WPScan Arachni BeEF Hydra XSSer Sqlninja Cain and Abel Netcat THC Hydra Nikto Skipfish Vega sqlsus John the Ripper THC-SSL-DOS Sublist3r Wfuzz Shodan

ChatGPT is in trouble. Google's free competitor Bard just got a MASSIVE new update. Here's 8 things Bard can do that ChatGPT can't:

AI just killed Excel. No more complex formulas and watching 10-hour tutorials. Introducing Rows, the only AI Excel tool you will ever need (It's 100% free) 👇

Are you familiar with Local File Inclusion (LFI) & how attackers use it to exploit your defenses? Understanding LFI and how to mitigate it is an integral part of managing cyber risks. Find out more in today's blog, "An Introduction to File Inclusion." tcm-sec.com/local-file-inc…

No more hours of video editing. ChatGPT can now create a video commercial with the script, voice-over, music and everything with just two prompts. I will show you how in 4 easy steps 👇

Pretend to be busy or waiting for your computer when you should actually be doing real work! hakin9.org/genact-a-nonse… #infosec #cybersecurity #redteam #pentest #pentesting #hacking #hackers #coding #opensource #Linux #windows

Everything you need to know to understand basics of OSINT Read here: hakin9.org/product/future… #infosec #cybersecurity #redteam #pentest #pentesting #hacking #hackers #coding #opensource #Linux #windows

some ways to bypass 403 1- using space symbols exmaple: /admin -> 403 /admin%09 -> 200 /admin%20 -> 200 2- use traversal Example: /admin -> 403 /..;/admin -> 200 you can fuzz with traversal sometimes that's end with results Example: /..;/FUZZ #bugbountytips #BugBounty