3186
Talk and help about bugbounty
Hi, anyone done with CRTO-2 ? I want help regarding EDR bypass
Читать полностью…
Hii guys, I'm new into bug bounty learning, please I need someone who can guide me... How to learn bug bounty
Читать полностью…
Anyone notice burpsuit isn't properly forwarding request again? The request works perfectly without it, it works well with ZAP proxy, but for some reasons it isn't working well with Burp, please I'll love to hear possible solutions, thank you.
Читать полностью…
This is impossible and takes a very long time. I have programmed a script that does this in Python by. rockyou.txt
Читать полностью…
I know, I thought there was hope of decrypting it, but unfortunately
Читать полностью…
Does anyone have an idea how to decrypt this password?
$P$B3zMKWv/rJBL6grfCZmVVZjqGoilIz0
But without Brute force , because I tried it and it did not work and it takes a lot of time
Hey guys I've done bbounty for a while and also made some money. I am trying to restart and I came across a mentorship program claiming to teach niche techniques like organization level business logic bugs, sso attacks etc. The guy is charging 400$ and I don't see any reviews
Any advice? If I shouldn't do this then can anybody link resources/write-ups or getting good at business logic, manual hunting and niche bugs
Can someone tell me how to check DNS configuration of a website
Читать полностью…
If you find login panel and this will be valid creds
Читать полностью…
💰 Apple Will Pay Up To $ 1 Million To Anyone Who Hacks there Private AI Cloud
Yes, you heard correctly. Apple announced that it will pay up to $1 million to security experts to identify flaws that might compromise the security of its private AI cloud.
Apple stated in a post on its security blog that it would provide a maximum $1 million reward to anyone who discovered weaknesses that allowed harmful code to be remotely executed on its Private Cloud Compute servers.
Additionally, Apple is making public the source code for “certain essential components” of Private Cloud Compute.
The Virtual Research Environment, according to Apple, is a collection of tools that let anyone run their “own security analysis of Private Cloud Compute” directly on their Mac.
.git can be Exploited ?
Here are few blogs to exploit .git Directory
https://wh11tew0lf.medium.com/git-folder-bug-bounty-tips-87bf8dab399
ryuukhagetsu/bug-bounty-dir-listing-on-directory-git-4367a359967e" rel="nofollow">https://medium.com/@ryuukhagetsu/bug-bounty-dir-listing-on-directory-git-4367a359967e
levshmelevv/10-000-bounty-for-exposed-git-to-rce-304c7e1f54" rel="nofollow">https://medium.com/@levshmelevv/10-000-bounty-for-exposed-git-to-rce-304c7e1f54
https://sl4x0.medium.com/how-a-git-file-leads-to-zendesk-panel-takeover-11e8d2812076
https://osintteam.blog/git-directory-exposed-leads-to-credentials-disclosure-1d1737638279?gi=756125de593c
https://satyasai1460.medium.com/how-git-folder-can-be-exploited-to-access-sensitive-data-eb805c38fd6c
tanyago/exploiting-exposed-git-file-to-access-webmail-credentials-4b47a3afff38" rel="nofollow">https://medium.com/@tanyago/exploiting-exposed-git-file-to-access-webmail-credentials-4b47a3afff38
mahmud0x/exposed-git-to-bitbucket-account-owners-all-repository-access-7949b158d7bd" rel="nofollow">https://medium.com/@mahmud0x/exposed-git-to-bitbucket-account-owners-all-repository-access-7949b158d7bd
Dhamuharker/critical-git-repository-leaked-internal-data-9508e0476a0e" rel="nofollow">https://medium.com/@Dhamuharker/critical-git-repository-leaked-internal-data-9508e0476a0e
cuncis/gitgraber-a-tool-for-finding-sensitive-information-in-github-repositories-5bb092e253f5" rel="nofollow">https://medium.com/@cuncis/gitgraber-a-tool-for-finding-sensitive-information-in-github-repositories-5bb092e253f5
Uses GPU to significantly increase bruteforce speed
Читать полностью…
hash function is unreversible -> only bruteforce
Читать полностью…
manual hunting is such an umbrella term man, almost every vuln comes in it.
regarding that course, if there are no reviews to it, I think its better not to try your 400$ there.
regarding resources to any bug class...
1. WebSec Academy, (blogs and labs)
2. search twitter with keywords of the bug you want (like business logic) and reading tweets and blogs / writeups of OG hackers.
3. search in hackerone reports
4. your choice (whatever you got your hands on)
thewizardsvoice/cloud-security-exposed-keep-your-data-safe-from-cyber-attacks-7398de5a0a0c" rel="nofollow">https://medium.com/@thewizardsvoice/cloud-security-exposed-keep-your-data-safe-from-cyber-attacks-7398de5a0a0c
Читать полностью…
i have one question if i delete the account from one website and after the next day if i want to create a new account with the same mail, it will show that the email address already exists can I report it or it
Читать полностью…
I found an open redirect and I want to chain it need help
Читать полностью…