ffuf is used by hundreds of people But only a few use the tool effectively. Here are 9 tips you want to know right away 👇 🧵 #bugbountytips #bugbounty #recon #ffuf

Stay updated with "The Top 25 Recon Tools and their purpose" 👇 #recon #BugBounty #AttackSurface #cybersecurity #recontips #infographics #bugbountytips

Finding and analyzing JavaScript files is increasingly important for identifying creative and impactful bugs. Check out this helpful video on the topic, from #NahamCon2024 👇 youtu.be/fQoxjBwQZUA?si… #BugBounty #bugbountytips #recon #recontips #cybersecurity #infosec

Logical Bugs are often invisible to scanners They live in the assumptions devs make Want to find them? Think like the app shouldn’t work Here are 6 strategies to uncover logic bugs (with examples): #bugbounty #websec #cybersecurity

Do you want to find more vulnerabilities with recon? 🤑 Open this thread (step-by-step guide)! 🧵 👇

What is the thing you find frustrating about the Recon? And in Bug Bounty ?

Nice list of non-latin alphabet payloads by Yassin Mohamed github.com/yassinmohamed1…

Today, we're releasing the new Searchlight Cyber (Searchlight Cyber) tools website, which allows you to use several of our open-source tools for free via a web interface. You can self-register at tools.slcyber.io (+ all our wordlists will be released there from now on!)

SQL injection vulnerabilities remain widespread – and potentially lucrative for #BugBounty hunters 💉Our ‘Vulnerability Vectors’ series kicks off with techniques – such as blind SQLi, time-based attacks and OOB callbacks – for this classic CWE 👇 yeswehack.com/learn-bug-boun…

How to manually check for CL.TE Request Smuggling Vulnerabilities: 1️⃣ See if a GET request accepts POST 2️⃣ See if it accepts HTTP/1 3️⃣ Disable "Update Content-Length" 4️⃣ Send with CL & TE headers: POST / HTTP/1.1 Host: <HOST-URL> Content-Length: 6 Transfer-Encoding: chunked 0

Recon Methodology: JavaScript File Hunting medium.com/@marduk.i.am/r… #bugbounty #bugbountytips #bugbountytip

Bug Hunters Tip 💥 Always search your targets in SwaggerHub 🔥 While digging through a target’s SwaggerHub docs, I discovered an exposed valid token, helping me to escalate my privs on the target 💪 Got more useful tips for finding secrets during recon? Drop your tips below 👇

Which one are you? #BugBounty #recon #enumeration

Stoked to share my first ever writeup of how I found a blind XXE just by playing with a PDF upload feature and spotting an old, vulnerable iText library. Hope you like it! saurinn.github.io/blog/xxe-oob-v… #bugbountytips

There's no secret recipe or roadmap to find high & critical bugs. Although there are many niche bugs which require a lot of experience to find and exploit. Other than that it's all about.. 1/n

Regex is a powerful tool nobody talks about enough. Whether you’re hunting secrets, combing through massive data dumps, or using it for your recon game, it always delivers! Check out my video here: 👉🏼 youtu.be/SWP8o_W0U3M

Jason Haddix literally shows how to master Recon in a comprehensive way 👇🔗🎥 #recon #recontips #bugbounty