I wrote a small guide with some common techniques to bypass WAF, focus on SQL injection.. incogbyte.github.io/sqli_waf_bypass #bugbountytips #bugbountytip

how to detect if someone is using burp suite? it's possible ? incogbyte.github.io/detecting-burp/

I wrote a little bit about a pentest that I did, and I got domain admin incogbyte.github.io/domain-admin/ #BugBounty #PenTest

Check this out if you want to learn about a lesser known IDOR variant, how to leverage markdown for hacking, what Jason Haddix & Frans Rosén are up to these days & more! #hacking #websec #InfoSec #bugbountynews #T5HN #pentesting #bugbounty #pentest pentester.land/newsletter/202…

thanks Philips it's a honour contribute.. philips.com/a-w/security/c…

I wrote a small tool to grab subdomains from Shodan github.com/incogbyte/shos… yeah.. i know that this already exist but.. i made another ;) #peace #golang

Those who haven't seen my tool on h@cktivitycon, this one [github.com/incogbyte/shos…] and the conference also so you didn't see [youtube.com/watch?v=qLTe6Z… ] thanks to JS0N Haddix 寿つかさ HackerOne #bugbountytips #BugBounty

📲 We are pleased to present the utility developed by our researcher Impact for Flutter apps traffic monitoring. Just make app trust installed certificates by repacking it with reFlutter and hunt bugs using Burp Suite. No root, no VPN, no more hassle! github.com/ptswarm/reFlut…

I added a template, for nuclei to identify a XSS without authentication in Lucee check. github.com/projectdiscove… #bugbountytips #nuclei

small write up about PHPIPAM CVE-2022-23046 with exploit, incogbyte.github.io/post/2022-01-2… #bugbounty #bugbountytips #infosec #beginner

thanks Informatica it's an honor to contribute =) informatica.com/trust-center/s…

I'm sharing a script using frida, to bypass sslpinning more common (Android). gist.github.com/incogbyte/1e0e… codeshare.frida.re/@incogbyte/and… #BugBounty #bugbountytips #fridadotre Frida

With the arrival of palera1n, I made a script, using frida, to bypass jb checks based on relative paths and also include some bypass for more common antitampers like ptrace, geppid. codeshare.frida.re/@incogbyte/ios… Frida and thans to euphoria ⚡️ for the GUI♥️

I just completed the #burpchallenge. I found a logic bug where after requesting a password reset, the link sent to the email had a token that did not expire and had a predictable pattern, after understand the pattern, it was possible to account takeover of any user

Thanks JS0N Haddix mentioned shosubgo github.com/incogbyte/shos… at SANS Offensive Operations . Awesome talk, and good tips for cloud recon 👾👾👾

Our #r2Frida trainees put their knowledge in practice and it publicly! n0psn0ps.github.io/2024/06/07/mac… If you have lost the opportunity, you have another chance to learn from it in our next ringzerø.training && @[email protected] Training in Las Vegas with Grant 🌱🏴󠁧󠁢󠁳󠁣󠁴󠁿 and me. ringzer0.training/doubledown24-m…

It's been a while – here's a brand new reversing short on how to interpret log messages in Apple's binaries! youtu.be/-uIeRISQaiI #reversingshorts

Shosubgo now accepts a wordlist of subdomains. Checkout GitHub.com/incogbyte/shos… v3.0 thanks 🙏

In this post, I dive into how Flutter apps generally encrypt requests using RSA, how to analyze the compiled binaries, and how I reverse using frida, blutter Check it out here: incogbyte.github.io/posts/flutter-… thanks Frida Edu Novella Worawit Wang #infosec