Free labs to learn #cloud pentesting :

flaws.cloud

flaws2.cloud

github.com/OWASP/Serverle…

n0j.github.io/2017/10/02/aws…

github.com/torque59/AWS-V…

github.com/wickett/lambha…

github.com/BishopFox/iam-…

Thread 1/n.

#aws #cloud security #cloupentesting

Bypass CORS MISCONFIGURATION technique

1) origin : evil.com
-> No Response
2) origin : site.com.evil.com
-> No Response
3) origin : evil.com
-> Access-control-allow-origin : evil.com

Tip : without use https://

#Learn365 Day - 78: WAF Evasion Techniques

Learn365 Repo: github.com/harsh-bothra/l…

Article by Paweł Hałdrzyński: blog.isec.pl/waf-evasion-te…

#bugbountytips #appsec #infosec #websec

this is my favorite explanation of how the vaccine works so far.

THEY HAVE FORK HANDS...AND THEY'RE COMING.

use #CVE -2021-26855 ssrf dump email content...

Ps: In the X-BackEndCookie cookie you will find a SID.

github.com/GreyOrder/CVE-…
github.com/3gstudent/Home…
docs.microsoft.com/zh-cn/exchange…

Have you been lookin for a crash course on XXE bugs? It's a class of bugs often missed by even the most seasoned hackers. 🤓

Here is everything you need to know to start finding XXE bugs. Godspeed! Happy hacking! bugcrowd.com/blog/how-to-fi…

Top 25 Vulnerability Parameters based on frequency:-

XSS.
SSRF.
SQLi.
RCE.
LFI.
Open redirect.

github.com/lutfumertceyla…

URL shorteners often reveal links to sensitive information, tokens and documents! Did you know there's a better way of bruteforcing them with a little help from urlte.am? Thanks for the #BugBountyTip , 'gmbtbpvvshezrobb'! 😀 #BugBountyTip s