2246
🛡️ Cybersecurity enthusiast | 💻 Helping secure the digital world | 🌐 Web App Tester | 🕵️♂️ OSINT Specialist Admin: @laazy_hack3r
Please do boost the channel so that you guys can enjoy other features.
Читать полностью…
Exploring Deserialization Attacks and Their Effects
https://haymiz.dev/security/2024/09/07/deserialization-attacks/
A very easy bug anyone can find: malikirtizameg/a-very-easy-bug-anyone-can-find-8d2b11a768c7?source=rss------bug_bounty-5" rel="nofollow">https://medium.com/@malikirtizameg/a-very-easy-bug-anyone-can-find-8d2b11a768c7?source=rss------bug_bounty-5
Читать полностью…
How to Find IDOR Vulnerabilities: A Guide for Bug Bounty Hunters and Developers: https://cyberw1ng.medium.com/how-to-find-idor-vulnerabilities-a-guide-for-bug-bounty-hunters-and-developers-3d2ba2a766f5?source=rss------bug_bounty-5
Читать полностью…
Automating the CORS Vulnerability Scan: https://angixblack.medium.com/automating-the-cors-vulnerability-scan-66d57752cc36?source=rss------bug_bounty-5
Читать полностью…
How i got 100$ bounty: mukkumukku110/how-i-got-100-bounty-b3dd58e82e00?source=rss------bug_bounty-5" rel="nofollow">https://medium.com/@mukkumukku110/how-i-got-100-bounty-b3dd58e82e00?source=rss------bug_bounty-5
Читать полностью…
Subdomain Takeovers for Beginners: hichamalmakroudi/subdomain-takeovers-for-beginners-a51ed74db543?source=rss------bug_bounty-5" rel="nofollow">https://medium.com/@hichamalmakroudi/subdomain-takeovers-for-beginners-a51ed74db543?source=rss------bug_bounty-5
Читать полностью…
🔖JavaScript for hackers: Learn to think like a hacker
🖥 Book Details: 🔗Link
👤 Author: Gareth Heyes
#infosec #cybersecurity #hacking #pentesting #security #book #pentest #BugBounty #BugBountyBooks
🔹 Share & Support Us 🔹
💬 Channel : @Hide_Club
Xss lab: https://brutelogic.com.br/gym.php
https://brutelogic.com.br/gym.php?p=gitbook
30 level
NUCLEI101 FOR BUG BOUNTY CHEATSHEET
Sun, 18 Jun 2023 17:07:46 GMT
https://medium.com/p/3eaf3c35b39
Read this book after owasp top 10
You will learn more vulnerabilities
1 page in 1 day
🔥Quick NextJS Website Recon Tip by renniepak
A quick way to find "all" paths for Next.js websites:
👇DevTools->Console
console.log(__BUILD_MANIFEST.sortedPages)Читать полностью…
javascript:console.log(__BUILD_MANIFEST.sortedPages.join('\n'));
🚨 Ever wonder why your API calls are getting blocked?
Cross-Origin Resource Sharing (CORS) can be the culprit! When your JavaScript tries to communicate with an API on a different domain, the browser steps in to protect you. CORS ensures that only approved domains can make those requests. Learn how to manage these "preflight" checks and configure your server correctly to allow legitimate cross-origin requests.
Hit save to stay in the know and never let CORS block your code! 🔒
👉 Follow us for more cybersecurity tips and tricks!
🌐 Visit us at www.cipherops.xyz
📲 @cipherops.tech
https://www.instagram.com/p/C_fObBqShyT/?igsh=dWloN2lpeGx0ZHU0
try this amazing FFUF Oneliner that i use mostly to bypass WAfs and for good & refine results for information disclosure bugs. you can use any wordlist:
ffuf -w seclists/Discovery/Web-Content/directory-list-2.3-big.txt -u https://example.com/FUZZ -fc 400,401,402,403,404,429,500,501,502,503 -recursion -recursion-depth 2 -e .html,.php,.txt,.pdf,.js,.css,.zip,.bak,.old,.log,.json,.xml,.config,.env,.asp,.aspx,.jsp,.gz,.tar,.sql,.db -ac -c -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0" -H "X-Forwarded-For: 127.0.0.1" -H "X-Originating-IP: 127.0.0.1" -H "X-Forwarded-Host: localhost" -t 100 -r -o results.jsonЧитать полностью…
First IDOR
Severity : critical 9-10
Eg : exmaple.com/parameter.aspx?id=4471
SQL Injetion: adhikarisudip869/sql-injetion-f6f5f4291cbc?source=rss------bug_bounty-5" rel="nofollow">https://medium.com/@adhikarisudip869/sql-injetion-f6f5f4291cbc?source=rss------bug_bounty-5
Читать полностью…
BugBounty platforms List: loyalonlytoday/bugbounty-platforms-list-ed3a5af3a8a2?source=rss------bug_bounty-5" rel="nofollow">https://medium.com/@loyalonlytoday/bugbounty-platforms-list-ed3a5af3a8a2?source=rss------bug_bounty-5
Читать полностью…
Live Bug Bounty & Penetration Testing on Real Websites: Step-by-Step Guide (Part 1): shaikhminhaz1975/live-bug-bounty-penetration-testing-on-real-websites-step-by-step-guide-part-1-971ccc9b9587?source=rss------bug_bounty-5" rel="nofollow">https://medium.com/@shaikhminhaz1975/live-bug-bounty-penetration-testing-on-real-websites-step-by-step-guide-part-1-971ccc9b9587?source=rss------bug_bounty-5
Читать полностью…
Hunting for Corporate Accounts: Exploiting IDOR and Parameter Pollution in Web Applications: tusharpuri6/hunting-for-corporate-accounts-exploiting-idor-and-parameter-pollution-in-web-applications-1792294e0c48?source=rss------bug_bounty-5" rel="nofollow">https://medium.com/@tusharpuri6/hunting-for-corporate-accounts-exploiting-idor-and-parameter-pollution-in-web-applications-1792294e0c48?source=rss------bug_bounty-5
Читать полностью…
XSS — Cross Site Scripting: codingboltacademy/xss-cross-site-scripting-65e1981817df?source=rss------bug_bounty-5" rel="nofollow">https://medium.com/@codingboltacademy/xss-cross-site-scripting-65e1981817df?source=rss------bug_bounty-5
Читать полностью…
😈 [ Scott Sutherland @_nullbind ]
[BLOG] Hijacking SQL Server Credentials using Agent Jobs for Domain Privilege Escalation
🔗 https://www.netspi.com/blog/technical-blog/network-pentesting/hijacking-sql-server-credentials-with-agent-jobs-for-domain-privilege-escalation/
🐥 [ tweet ]
Guide to Using Nuclei: learntheshell/guide-to-using-nuclei-9c37869be30e?source=rss------bug_bounty-5" rel="nofollow">https://medium.com/@learntheshell/guide-to-using-nuclei-9c37869be30e?source=rss------bug_bounty-5
Читать полностью…
7 free online #OSINT Tools
GHUNT - Google account info
Sherlock - nickname enumeration
Holehe - search accounts by email
Ignorant - search accounts by phone
Whois domain lookup
WhatsApp profile info
HudsonRock - email leaks lookup
osint.rocks
Tip by twitter.com/0xtechrock
@OsintGit
What a morning🫡
I started this channel last year in the name of "BugBounty tips by cipherops.xyz"
It took me total of 10months to reach 1k subscribers, but I was happy when I saw that and it took me just 1 month to get 500 subscribers.
All you need to do is just start😄
The best thing of this year..... 💓💓
🔵 How to make money on Telegram {Full Guide} 🔤
1. Start doing Airdrops today ! When new crypto currency launches and pay people for small tasks like channel join and refers, it is called Airdrop.
There are many telegram bots for Airdrops which are legit like KuCoin , Tomarket etc
2. Make a channel and start collecting audience. If you have audience, then you can sell courses and things, you can earn by Ad revenue, you can earn by doing Promotions.
There are always a easy way and a hard way for everything. If you want hard way, then you can make content and share it in channel with your channel link in the post so that organic members come when audience share your post. OR by the easy way you can invest some money to buy paid promotions and easily scale up your earnings abd reach. (Easy way is better in my view)
3. Now on your channel, you can refer, you can sell, you can promote. Earnings will increase in proportion to activeness in your channel. So NEVER force anyone to join your channel. [It's so cheap]
4. Join public groups and star reselling stuff like Bank accounts, ott accounts, subscriptions, tg accounts or any stuff. Market on Telegram Groups is so big. You haven't seen it yet.
5. It's important to keep your mind calm and bring consistency in your work to make it work. So eat healthy, meditate 10 mins daily and live with good mindset people. Your company decides your future.
🙂 Must join our Channel @bugbounty_tech
Give Reactions fast and share post else no more methods 💧