2114
Talk and help about bugbounty
Just published a new writeup.
Have a read: https://vijetareigns.medium.com/from-detection-to-notification-security-automation-to-earn-4ea1a13576bc
Severe Vulnerability (RCE) Found In Acronis Cyber Infrastructure (ACI)
👥 Customers were alerted by Acronis to patch a serious Cyber Infrastructure security a defect that allows attackers to use default credentials to bypass authentication on affected servers.
📖 Read the article 👉🏻https://hackingblogs.com/vulnerability-found-in-acronis-infrastructure/
you have a big js file ? no time to analyze it all
search for these :
URLSearchParams
window.location
window.location.search
URL.searchParams
fetch()
XMLHttpRequest
FormData
window.location.hash
window.location.href
URL.hash
#bugbountytips
Ai and Machine learning
https://collegesamaj.in/ai-and-machine-learning/
JTW Attack & Tools 🧵
1. Check for sensitive data in the JWT
Check if any user info or any sensitive info is there in payload section.
2. None algorithm
Change "alg:" to none "alg:none"
{
"alg": "none",
"typ": "JWT"
}
3. Change algorithm from RS256 to HS256
Get the Public key from the Application
Now generate new JWT token.
Use the generated token in the request and try changing payload.
4. Signature not being checked
Switch to JSON Web Token Tab or JOSEPH.
Change Payload section and Remove the Signature completely or try changing some characters in signature
5. Crack secret key
6. Null kid
Tools -
JWT Tool - github.com/ticarpi/jwt_to…
JWT Editor extension
jwtXploiter - github.com/DontPanicO/jwt…
Hi guys, anyone have the any automated recon script for web application?
Читать полностью…
https://vijetareigns.medium.com/hunting-bugs-for-re-hunter-350-81338c4ebf20
Читать полностью…
i use google cloud shell command line. web version lasts each time for 40 minutes, but if you use CLI you can make it last for nearly 12 hours.
Читать полностью…
I have a question focussed for beginner,
Is it better to give few months to master xss as your first bug type along with hunting daily; or is it better to learn more vulns (along with hunting daily).
jack of all spades or a master of none.
Hello everyone, happy to be here, I just wanted to ask a few questions if you may, now I'm kinda knew to bug bounties like I have a Cisco intermediate background with networking I know kali 101 how to navigate, I have knowledge with burpsuite I'm not a full on pro but know a few things including I know what web application is and so on... What tips do you advise on bug bounty to get started?
Читать полностью…
Ищу людей с Binance, Bybit, HTX, Mexc, bitget. аккаунты давать мне не нужно, профит неплохой. Пишите сюда @andreww_top1
Читать полностью…
does anyone know how to bypass x-xss-protection: 1; mode=block header ??>?
Читать полностью…
Master ur favourite bug type while learning others
Читать полностью…
Looking for a collaboration for a program on hackerone anyone
Читать полностью…
https://infosecwriteups.com/lfi-with-phpinfo-to-rce-78318f0dc9ce
Читать полностью…
Does anyone here know how to pwn cgi-bin on php 5.16 for CTF
Читать полностью…
https://collegesamaj.in/ai-and-machine-learning/
Читать полностью…
Excited to announce a free crash course on cybersecurity ! This offer is limited to the first 100 enrollments. I look forward to making it free for another set of 100 once this coupon expires. Access it here: https://www.udemy.com/course/cc-certified-in-cybersecurity-crash-course/?couponCode=E58412E0F91CDFDEF56B
Читать полностью…
Any Idea, not getting alert popup. Maybe it's mitigated or what??
Читать полностью…
Hi! Who known how to crack $o5logon$ hashes from nmap script orable-stealth-brute?
Читать полностью…
https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters/blob/master/assets/basics.md
Читать полностью…
search on twitter there are many labs to practice
Читать полностью…