HTML injection by itself won’t be get you crits, but when combined with knowledge of both browser and desktop application behaviour, it can lead to impact.

Here's a breakdown of an exploit Ben Sadeghipour used to get a 40k bounty.

1. Found a HTML injection in a desktop app.

#Topmate

We have launched dozens of features on topmate so far.

Everyone talks about the best feature but what about the one you don't like?

Tell us which is the worst feature you have come across?

Don't forget to share why :P

always play with Post Request and stop using sqlmap 🤗
Ghauri is really excellent in this field
Payload ; 0'XOR(if(now()=sysdate(),sleep(3),0))XOR'Z
Just scored a reward Intigriti, check my profile: app.intigriti.com/profile/mitsec #HackWithIntigriti #bugbounty #bugbounty tip

🔖 AWS Security Services Best Practices

Best practices for configuring AWS security services. From the AWS team.

aws.github.io/aws-security-s…

Want to level up your web3 career?

I've just applied to @cyfrinupdraft, the ultimate web3 developer learning platform.

And is completely free!

cyfrin.deform.cc/early-access?r…

Learning PYTHON is so hard,

So, I've built a Complete PYTHON Guide in 24 days.

Includes this book:

→ syntax
→ keywords
→ and functions.

𝐖𝐨𝐫𝐭𝐡 $𝟐𝟗, 𝐛𝐮𝐭 𝐟𝐫𝐞𝐞 𝐭𝐨𝐝𝐚𝐲!

To get it, just:

1. Follow me
2. Like and Repost this post
3. Comment “PY”

✨ FREE Docker Course Giveaway 🐳

Like and Retweet and check your DM 😄

#docker

So it seems like everybody hates hacking GraphQL like me, so lets post some resources so we can all get better at it!

Giving away this fantastic Complete CISCO CCNA Course from @certbros :

To get it,

• Like
• Reply 'CCNA' and I will DM any random Winners🏆.

Make sure to retweet so that others can benefit as well.

Giveaway Alert! 🎁

Here’s your chance to attend our members-only live event on 18th July.

One lucky winner will get our Pro Annual subscription priced at $399 for FREE.

To enter:
1️⃣ Follow us on Twitter.
2️⃣ Tag a fellow AppSec Enthusiast in the comments.
3️⃣ Retweet this post

Harvard University is offering free online courses.

No Payment Needed.

Here are 12 FREE courses to become skilled in 2023 [ Thread ]:

I have a one year PentesterLab voucher for one random person retweeting and replying to this tweet with #nahamcon2023 :)

If you want to spend without watching bank account

You have to work without watching the clock

If you’re learning API hacking this seems like a fun way to learn the basics of how apps interact with APIs, the idea is you build tools that use the API to play the game spacetraders.io

Godfather Orwa 🇯🇴 Ben Sadeghipour Hey!

If you are looking to clear OSCP this year then make sure to grab a copy of the OSCP Notion Template that I launched.

Practice, check items of list, pass OSCP!

Find your copy here: thebinarybot.gumroad.com/l/oscplist

MobSF - Mobile Security Framework 📱🔐 created by Ajin Abraham

All-in-one mobile pentesting:
🔍Static Analysis
🎯 Dynamic Analysis
🌐 REST API

A thread 🧵👇

Bug Bounty Hint

How to test for SQL injection

1) Select params for testing in:

🔹 URL query
🔹 POST body
🔹 Headers
🔹 Cookies

It can be any parameter. Typically, I test integer parameters first.

🧵 1/8

iOS Penetration Testing Cheat Sheet
#MobileSecurity #iOSsecurity by Ivan Šincek
github.com/ivan-sincek/io…

Check out my latest article: Threat Modeling : Everything You Need to Know for Web Application Security linkedin.com/pulse/threat-m… via LinkedIn