Discover and read the best of Twitter Threads about #BugBountyTip

Most recents (24)

🧵NEW THREAD🧵
Here is how I was able to takeover the whole company's AWS infrastructure under 10 min after a new asset launch at @Hacker0x01 private program ImageImage
1. I was invited in the morning to a private program at H1 and the program updated the scope in the evening, So I decided to take a look to see if there is something to hack
2. I visited the main website in scope, to my surprise and thanks to @trufflesec Chrome extension Trufflehog which could be found here chrome.google.com/webstore/detai…
Read 11 tweets
🧵NEW Thread🧵

Here is how I found the easiest SQLi and possible RCE in less than 30 min of recon and dorking

1. I was invited to a private program at @Hacker0x01 and the first thing I usually do is to look at the scope and see if it is a wildcard domain or just a small scope. ImageImage
2. Found that the program accepts all vulnerabilities related to their assets and of course third party assets are OOS
3. I used @leak_ix search engine at leakix.net and used this dork [+target_name ++plugin:"GitConfigHttpPlugin"]
Note : this is used to search for already scanned websites that have /.git exposed
Read 13 tweets
Top free #Cybersecurity and ethical #hacking certification⚔️📓

1./Introduction to IT & Cybersecurity (Cybrary) = cybrary.it/course/introdu…

2./Mobile App Security (Cybrary) = cybrary.it/course/mobile-…

3./Introduction to Cybersecurity (edx) = edx.org/course/introdu…
4./Introduction to Cyber Security (Future Learn) = futurelearn.com/courses/introd…

5./Introduction to Encryption and Cryptography (Future Learn) = futurelearn.com/courses/encryp…

6./Fundamentals of Red Hat Linux (edx) = edx.org/course/fundame…
7./ Introduction to Cybersecurity (Codecademy) = codecademy.com/learn/introduc…

8./ Cisco Networking Academy = netacad.com/courses/all-co…

9./ SANS Cyber Aces (covers foundation areas of cybersecurity) - cyberaces.org/courses.html

10./ Opensecurity - = opensecuritytraining.info/Training.html
Read 4 tweets
Vulnexp 90 | Day69

CRLF Areas to Inspect

➡️Areas to Inspect:

#bugbountytips #bugbountytip

Thread 🧵 : 👇
Areas to Inspect:

• HTTP Headers: CRLF Injection attacks can occur in HTTP headers, such as the "User-Agent" or "Referer" headers. Attackers can insert CRLF sequences into these headers to inject additional headers or modify the response.
• Cookies: Cookies are often used to store user session information, and they can also be vulnerable to CRLF Injection attacks. An attacker can insert CRLF sequences into a cookie value to modify the response or inject additional headers.
Read 6 tweets
Vulnexp 90 | Day68

CRLF Injection

CRLF is a type of web-based attack that allows an attacker to inject malicious code or unwanted data into the HTTP response of a web application.

➡️Vulnerabilities Occur:

#bugbountytips #bugbountytip

Thread 🧵 : 👇
Vulnerabilities Occur:

• CRLF can occur when a web application fails to properly sanitize user-supplied input or validate input parameters. Specifically, they can occur in any part of the HTTP response that accepts user input, including HTTP headers, cookies, and form input.
• For example, an attacker can insert a CRLF sequence into an HTTP header to inject additional headers or modify the response. Alternatively, they may use CRLF to inject malicious code, such as JavaScript, into the response body, leading to cross-site scripting (XSS) attacks.
Read 4 tweets
In the world of bug bounty hunting, Insecure Direct Object References (IDORs) can be a goldmine. In this thread, we'll share advanced tips to sharpen your IDOR detection skills. Let's dive in! 🌊🔍

#bugbountytip #bugbountytips #CyberSecurityAwareness

1/n
Always begin with a thorough understanding of the application you're testing. Identify all possible user roles and their access rights. This knowledge is crucial for accurately identifying IDOR vulnerabilities. 🧠📝
Pay attention to API endpoints that handle user-specific data. Keep an eye out for patterns in URL parameters or request payloads. Examine how the application validates user input and authorization checks for these sensitive resources. 📡🔬
Read 6 tweets
Vulnexp 90 | Day53

➡️Insecure deserialization

when an attacker manipulates the way that HTTP requests are interpreted by a web server or a proxy server.

#bugbountytips #bugbountytip

Thread 🧵 : 👇
• Insecure deserialization is a type of vulnerability that can occur in applications that involve the serialization and deserialization of data.

• Serialization is the process of converting an object , data structure into a format that can be transmitted or stored.
• XML, or binary data. Deserialization is the process of converting the serialized data back into an object or data structure.

• When an application receives serialized data, it may deserialize it to reconstruct the original object or data structure. However,
Read 7 tweets
Here is short writeup on how I found some hardcoded credentials inside of an exe file and got paid 2000$ even the asset was OUT OF SCOPE!

📌THREAD📌

1. I got invited to a private program with new assets
2. The asset was a web application for an Electron desktop app ImageImage
3. I tried to find the executable for the In scope app just to understand what the app will looks like when installed in the machine
4. I finally downloaded the app from the official website lf the target and tried to extract the Exe with tools like Winzip (Electron app can be easily extracted)
Read 10 tweets
One of the most critical talents a cybersecurity analyst must have is detecting and blocking a malicious IP address.

Here are a few best online tools to detect malicious IP addresses:
🧵

#TheSecureEdge #BugBounty #bugbountytip #hacking #infosec
· AbuseIPDB (abuseipdb.com)
· CheckPhish (checkphish.ai)
· BrightCloud URL/IP Lookup (brightcloud.com/tools/url-ip-l…)
· IBM X-Force Exchange (exchange.xforce.ibmcloud.com)
· IPQualityScore (ipqualityscore.com/free-ip-lookup…)
· Malware Domain List (malwaredomainlist.com/mdl.php)
Read 7 tweets
[0]
Hello Hackers
I just created a tool/script to automate initial recon in #bugbounty.
[ Check the thread for more info about all MODE available in this tool ]

URL:- github.com/thecyberneh/sc…
[1]
1. EXP :- FULL EXPLOITATION MODE
contains functions as
- Effective Subdomain Enumeration with different services and open-source tools
- Effective URL Enumeration ( HTTP and HTTPS service )
- Run Vulnerability Detection with Nuclei
Subdomain Takeover Test on previous results
[2]
2. SUB : SUBDOMAIN ENUMERATION MODE contains functions as
Effective Subdomain Enumeration with different services and open source tools, You can use this mode if you only want to get subdomains from this tool or we can say Automation of Subdomain Enumeration.
Read 4 tweets
Day 1⃣9⃣/2⃣0⃣ -- [Subdomain Takeover]
➡️ Subdomain Takeover occurs when an attacker gains control over a subdomain of a target domain.
➡️ Below are some of the best Tips & References for Subdomain Takeover (Feel Free To Share)
🧵🧵👇👇
#BugBounty
#bugbountytip
1/n
Top 25 Subdomain Takeover Bug Bounty Reports
corneacristian.medium.com/top-25-subdoma…
2/n
Fastly Subdomain Takeover $2000
infosecwriteups.com/fastly-subdoma…
Read 21 tweets
Day 1⃣8⃣/2⃣0⃣ -- [XXE - XML External Entity]
➡️ XXE - is an application-layer cybersecurity attack that exploits an XXE vulnerability to parse XML input
➡️ Below some of the best Tips & References for XXE (Feel Free To Share)
🧵🧵👇👇
#BugBounty
#bugbountytip
1/n
XML external entity (XXE) injection
portswigger.net/web-security/x…
2/n
XML External Entity (XXE) Processing
owasp.org/www-community/…
Read 21 tweets
Bug Bounty automation script v2

#bugbounty #bugbountytip #infosec

See 🧵: 👇
Find JavaScript Files

—————————
I've opened My Bug Bounty tips Group => Join Link : t.me/bugbountyresou…
—————————

#bugbounty #Infosec #CyberSec
Get Subdomains from BufferOver. run

—————————
I've opened My Bug Bounty tips Group => Join Link : t.me/bugbountyresou…
—————————

#bugbounty #Infosec #CyberSec
Read 9 tweets
3 Simple broken access control vulnerabilities you should hunt for, while logic vulnerabilities testing
#BugBounty
#bugbountytip
#bugbountytips
#Bugcrowd
👇👇
If the website allows creating an organisation you have ex.
2 roles admin && admin

access the user's information endpoint with the admin 2 , save the request

With the previous admin downgrade his role to few user and execute the request and see If you can access the users PII
2:

Remove the user from the organization and save the join URL For the organization, after removing the user use the same URL And see if you can rejoin the organization using the old URL After you removed from the ORG
Read 5 tweets
6 Account takeover tips🌵
#bugbounty #infosec

See🧵:👇
➡ Use intruder to send many reset links/token to your email in a short amount of time and compare the links/tokens.

If only a few digits are different you can brute force them. After you can do the same with 2 different emails
➡ HTTP Parameter Pollution
When requesting a password reset link:
email=victim@domain.com&youremail@domain.com

When resetting password:
token={token}&email=youremail@domain.com&email=victim@domain.com
Read 8 tweets
30 Search Engines for Cybersecurity Researchers:

1. Dehashed—View leaked credentials.
2. SecurityTrails—Extensive DNS data.
3. DorkSearch—Really fast Google dorking.
4. ExploitDB—Archive of various exploits.

#cybersecurity #infosec #bugbounty
5. ZoomEye—Gather information about targets.
6. Pulsedive—Search for threat intelligence.
7. GrayHatWarefare—Search public S3 buckets.
8. PolySwarm—Scan files and URLs for threats.
9. Fofa—Search for various threat intelligence.
10. LeakIX—Search publicly indexed information.
11. DNSDumpster—Search for DNS records quickly.
13. FullHunt—Search and discovery attack surfaces.
14. AlienVault—Extensive threat intelligence feed.
12. ONYPHE—Collects cyber-threat intelligence data.
15. Grep App—Search across a half million git repos.
Read 8 tweets
Bug Bounty automation script v1

#bugbounty #bugbountytip #infosec

See 🧵: 👇
Search to files using assetfinder and ffuf : [Check IMG 👇]

—————————
I've opened My Bug Bounty tips Group => Join Link : t.me/bugbountyresou…
—————————

#bugbounty #bugbountytip #infosec
HTTPX using new mode location and injection XSS using qsreplace.

#bugbounty #bugbountytip #infosec
Read 7 tweets
6 Bugbounty Tips from @EdOverflow
#infosec #bugbountytip

Thread 🧵(1/n) :👇 Bugbountytips
Tip #1 #bugbounty #infosec

Use GIT as a recon tool. Find the target's GIT repositories, clone them, and then check the logs for information on the team not necessarily in the source code. Say the target is Reddit and I want to see which developers work on certain projects.
Tip #2
Look for GitLab instances on targets or belonging to the target. When you stumble across the GitLab login panel, navigate to /explore. Misconfigured instances do not require authentication to view the internal projects.
Read 10 tweets
How a simple web-app assessment lead to complete #AzureAd tenant takeover 🤯
🧵 👇
#Azure #AzureKubernetesService #aks #Kubernetes #KubernetesSecurity #k8s #bugbounty #bugbountytips #bugbountytip #DevSecOps
1. Poorly-designed file upload functionality lead to RCE
2. Turned out the app was running in a container managed by #AzureKubernetesService (#AKS)
3. #Container was mounting a service account with permissions to deploy #pods in the same namespace
4. I deployed a new pod with hostPath root volume. Deployment was not blocked by any security policy. #Pod got deployed
5. I exec-ed into the pod's #container and escaped it through its hostPath volume. #privesc to the #AKS node succeeded!
Read 7 tweets
12 #bugbountytips you NEED to know about! 🧵

A #bugbountytip is a short trick that can help you find your next bug!

Here are some quick wins you can start implementing today to become a better hunter 👇
[1️⃣] Automating SSRF by @Regala_
Instead of manually looking for SSRF sinks, why don't we let @Burp_Suite do the hard work? 👇
[2️⃣] Exploiting e-mail systems by @securinti 📧
Did you know you can exploit an SQL injection using an e-mail address? Neither do developers!
And it's not just SQLi! Find out more 👇
Read 14 tweets
Introduction to #XSS

Learn the basics of 𝐂𝐫𝐨𝐬𝐬-𝐒𝐢𝐭𝐞 𝐒𝐜𝐫𝐢𝐩𝐭𝐢𝐧𝐠 (𝐗𝐒𝐒)

Thread🧵👇

#bugbounty #bugbountytips #bugbountytip #cybersecurity #cybersecuritytips #infosec #infosecurity #hacking
Let's inspect the name first:

The 𝐒𝐜𝐫𝐢𝐩𝐭𝐢𝐧𝐠 part indicates, obviously, scripting, so we can think about what kind of scripting we know exist in Web Apps: HTML & JavaScript being the 2 most common.

Secondly, XSS is part of the INJECTION bug class (see @owasp's Top 10)
So, we now know XSS consists of injecting scripts in websites.

Types of XSS:

1. Reflected
2. Stored
3. DOM-based
They can also be Blind too (you don't see the reflection)

As this thread is aimed at beginners, I will focus on the first 2 as they're easier to understand at first
Read 12 tweets
TopMost Search Engines for hackers

1. Dehashed—View leaked credentials.
2. SecurityTrails—Extensive DNS data.
3. DorkSearch—Really fast Google dorking.

#cybersecurity #hacking #bugbounty #bugbountytips #bugbountytip #infosec

More👇(1/n) : Cybersecurity Search Engines
4. ExploitDB—Archive of various exploits.
5. ZoomEye—Gather information about targets.
6. Pulsedive—Search for threat intelligence.
7. GrayHatWarefare—Search public S3 buckets.

#cybersecurity #hacking #bugbounty #bugbountytips #bugbountytip #infosec

More👇(2/n) :
8. PolySwarm—Scan files and URLs for threats.
9. Fofa—Search for various threat intelligence.
10. LeakIX—Search publicly indexed information.
11. DNSDumpster—Search for DNS records quickly.

#cybersecurity #hacking #bugbounty #bugbountytips #bugbountytip #infosec

More👇(3/n) :
Read 7 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!