You wouldn’t last an hour in the asylum where they raised me.

Hacking devices are great.

Here are hacker tools you should know.

They are awesome.

pov: your mental health is tied to productivity

We are slowly moving towards a system of 30% taxation on capital gains.

[1] A lot of retail folks used to enjoy the indexation benefits on Debt mutual Funds.

This was taken away in 2023.

Rational? Well, Equities have no indexation-- why should debt have it?

[2] Next 2…

I've been seeing a lot of pentesters having trouble with delegations and exploiting them. Specifically, write access.

Learn this tool. Read the wiki. It will help you and the customer understand impact. I understand it's very easy to miss these.

github.com/CravateRouge/b…

The point of a VDP program is to keep you all busy while I find bugs on companies that pay money.

A similar tool - Lockphish - is available on GitHub. It is convincing, and a user in a hurry can be easily tricked

Lockphish is a tool for phishing the lock screen, designed to grab Windows credentials, Android PIN, and iPhone Passcode using a https link

Yay, I was awarded a $15,000 bounty on HackerOne! hackerone.com/doomerhunter #TogetherWeHitHarder

Public target, main app, core feature. Really emphasises that everyone can find bugs on public progs with a lot of reports :)

💉𝗛𝗼𝘄 𝗜 𝘂𝘀𝗲𝗱 𝗬𝗼𝘂𝗧𝘂𝗯𝗲 𝘁𝗼 𝗳𝗶𝗻𝗱 𝗮 𝘁𝗮𝗿𝗴𝗲𝘁 𝘃𝘂𝗹𝗻𝗲𝗿𝗮𝗯𝗹𝗲 𝘁𝗼 𝗦𝗤𝗟 𝗶𝗻𝗷𝗲𝗰𝘁𝗶𝗼𝗻

𝟙/𝟜

The company offered a paid service accessible through web and mobile apps. But accessing it was a challenge - no direct URL or app link was available.

Hi @m0uka_dz,
Unfortunately, this was submitted previously by another researcher, but we appreciate your work and look forward to additional reports from you.

#bugbounty #ethicalhacking #CyberSec

Just a while ago, I found a pretty interesting Stored XSS which was injected by visiting the URL:
https://www\.target\.com/redirectEndpoint.do?redirectPage=redacted&itemFromOrder=''`//><Svg+Only%3d1+OnLoad%3dconfirm(atob('WW91IGhhdmUgYmVlbiBoYWNrZWQgYnkgb3R0ZXJseSE'))>

For some…

CVE-2024-4040 Authentication Bypass && Arbitrary File Read in CrushFTP

attackerkb.com/topics/20oYjlm…

🚨URGENT🚨Allegedly, a Zero-day exploit for iOS iMessage is up for sale. There is no sample or PoC at time of this post.

#DarkWeb Informer #DarkWeb #Cybersecurity #Cyberattack #Cybercrime #Infosec #CTI #0Day #ZeroDay #iOS #iMessage #Exploit

Details:

- Attack Type: 0Click
-…

Researchers Uncover Windows Flaws Granting Hackers Rootkit-Like Powers thehackernews.com/2024/04/resear…

The team at @Sysdig wrote a great article on how they fuzzed and bypassed the AWS WAF!
buff.ly/4d69fbK

<strong><button popovertarget=x>click me</button><test onbeforetoggle=alert(document.domain) popover id=x>aaa</aaa></strong>

#bugbounty #bugbounty tips #hackers #xss

A neatly written detailed read🙌🏻
#BugBounty
#bugbountytips

I announced this a few weeks ago but I wanna make it a regular thing :)

Introducing the annual “jhaddix recon bounty”

forms.gle/fqDeCuL1Wq4J1B…

10 days left to submit!

Time-Based Blind SQL Injection in Oracle

'and 1=DBMS_PIPE.RECEIVE_MESSAGE(1,10)--

Want to strengthen you Burp Suite kung fu? check out the below to practice session management and macros!

github.com/Hipapheralkus/…

Video to help:

youtube.com/watch?v=mM3LR9…

By Andrej Šimko

Jailbreaking a Cisco appliance to run DOOM (CVE-2024-20356) : labs.nettitude.com/blog/cve-2024-…