3186
Talk and help about bugbounty
I have the details of the address but I want the page number on which it is.
Because the page number has the private key associated with the address.
I already have a script but now it is rate limiting my queries.
I thought someone might find the page number th other way and I can offer him the reward
privatekeyfinder is using solscan api call as well
Читать полностью…
Does anyone have Nahamsec's Intro to Bug Bounty Hunting and Web Application Hacking on Udemy? I will provide Hacktify's BBHv1/BBHv2 for it's exchange
Читать полностью…
DEF CON 32 presentations
https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/
Just published a new writeup.
Have a read: https://vijetareigns.medium.com/from-detection-to-notification-security-automation-to-earn-4ea1a13576bc
Severe Vulnerability (RCE) Found In Acronis Cyber Infrastructure (ACI)
👥 Customers were alerted by Acronis to patch a serious Cyber Infrastructure security a defect that allows attackers to use default credentials to bypass authentication on affected servers.
📖 Read the article 👉🏻https://hackingblogs.com/vulnerability-found-in-acronis-infrastructure/
you have a big js file ? no time to analyze it all
search for these :
URLSearchParams
window.location
window.location.search
URL.searchParams
fetch()
XMLHttpRequest
FormData
window.location.hash
window.location.href
URL.hash
#bugbountytips
Ai and Machine learning
https://collegesamaj.in/ai-and-machine-learning/
JTW Attack & Tools 🧵
1. Check for sensitive data in the JWT
Check if any user info or any sensitive info is there in payload section.
2. None algorithm
Change "alg:" to none "alg:none"
{
"alg": "none",
"typ": "JWT"
}
3. Change algorithm from RS256 to HS256
Get the Public key from the Application
Now generate new JWT token.
Use the generated token in the request and try changing payload.
4. Signature not being checked
Switch to JSON Web Token Tab or JOSEPH.
Change Payload section and Remove the Signature completely or try changing some characters in signature
5. Crack secret key
6. Null kid
Tools -
JWT Tool - github.com/ticarpi/jwt_to…
JWT Editor extension
jwtXploiter - github.com/DontPanicO/jwt…
👾 AWS Hacked : Error In Configuration Affects 110,000 Domains
ENV file vulnerabilities resulted in massive exploitation. Over 110,000 domains have been affected by a significant ransomware campaign
🗿it is recommended that organisations wishing to secure their cloud environments employ temporary credentials, stick to the least privilege principles, and enable all available event logs.
This is the website url: https://privatekeyfinder.io/private-keys/solana/
I want to find the page number related to this solana address:
4Be9CvxqHW6BYiRAxW9Q3xu1ycTMWaL5z8NX4HR3ha7t
Any python scripts developer here?
I have a 15 USD work?
Hi! Can you please help me solve the problem with acunetix? Is there anyone here who understands acunetix very well?
Читать полностью…
Ищу людей с Binance, Bybit, HTX, Mexc, bitget. аккаунты давать мне не нужно, профит неплохой. Пишите сюда @andreww_top1
Читать полностью…
does anyone know how to bypass x-xss-protection: 1; mode=block header ??>?
Читать полностью…
Master ur favourite bug type while learning others
Читать полностью…
Looking for a collaboration for a program on hackerone anyone
Читать полностью…
https://infosecwriteups.com/lfi-with-phpinfo-to-rce-78318f0dc9ce
Читать полностью…
Does anyone here know how to pwn cgi-bin on php 5.16 for CTF
Читать полностью…
https://collegesamaj.in/ai-and-machine-learning/
Читать полностью…
Excited to announce a free crash course on cybersecurity ! This offer is limited to the first 100 enrollments. I look forward to making it free for another set of 100 once this coupon expires. Access it here: https://www.udemy.com/course/cc-certified-in-cybersecurity-crash-course/?couponCode=E58412E0F91CDFDEF56B
Читать полностью…
Any Idea, not getting alert popup. Maybe it's mitigated or what??
Читать полностью…