Discover and read the best of Twitter Threads about #BugBounty

Most recents (24)

How to Look for "Insecure CORS Configuration" vulnerabilities.

[A thread 🧵]

#appsec #bugbounty #bugbountytips #cybersecurity
[2/n]
What is Insecure CORS issue?

An insecure CORS configuration allows any website to trigger requests with user credentials to the target application and read the responses thus enabling attackers to perform privileged actions or to retrieve potential sensitive information
[3/n]

Basic Origin Reflection Test:

Req: Origin: evil[.]com
Res: Access-Control-Allow-Origin: evil[.]com

> In this test case check if your Origin Header is being reflected within the Access-Control-Allow-Origin Header. If yes, this may be a vulnerability.
Read 8 tweets
Web Applications can be complex in nature, and it's not always possible for developers to prevent vulnerabilities such as XSS.

In this thread 👇🧵,

Learn how they try to prevent XSS, and in #bugbounty it's better to know the defense.
Credits: @saferinternetpr
#infosec
1) Filtering User Input: When a user inputs data into the website, the developers want it to be filtered as strictly as possible while still getting the same output as if there was no filter.
2) Response Headers: Within HTTP response headers, developers can prevent XSS that aren't supposed to have any HTML or JavaScript, they can easily use the Content-Type and X-Content-Type-Options headers to make sure that browsers are able to respond the way it's intended.
Read 7 tweets
Cloud Metadata Dictionary useful for SSRF Testing

## IPv6 Tests

http://[::ffff:169.254.169.254]

http://[0:0:0:0:0:ffff:169.254.169.254]

#bugbountytips #bugbounty #bugbountytip
## AWS

# Amazon Web Services (No Header Required)

# from docs.aws.amazon.com/AWSEC2/latest/…

http://169.254.169.254/latest/meta-data/iam/security-credentials/dummy

http://169.254.169.254/latest/user-data

http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]

http://169.254.169.254/latest/meta-data/ami-id

http://169.254.169.254/latest/meta-data/reservation-id

http://169.254.169.254/latest/meta-data/hostname
Read 12 tweets
Here's a couple of things worth a try to get an IDOR

Comment below if you've other useful tips & techniques.

🧵👇

#bugbounty #bugbountytips #infosec
1. Change file type

If you've an endpoint such as /users/passoword you might want to try /users/password.json or other extensions like .xml etc.
2. Convert ID to json body or array

If you've {"id":111} that gives you 401, you might want to try {"id":[111]} and {"id":{"id":111}}
Read 10 tweets
15+ 🔑 USEFUL SERVICES FOR OUT-OF-BAND EXPLOITATION UPDATED 2021 🔥

😁You might have come across

Read about them below, It's a 💯 thread. 🧵
Let me know if I missed any.
#infosec #oob #CyberSecurity #bugbountytips #BugBounty @theXSSrat @ADITYASHENDE17
👇👇👇👇👇
Retweet for 📈
1. Burp Collaborator

Documentation portswigger.net/burp/documenta…
2. WebHook(.)site
🔗webhook.site
Read 20 tweets
If an LFI vulnerability exists, look for these files:

1-Linux system and user files:
/etc/passwd
/etc/shadow
/etc/issue
/etc/group
/etc/hostname
/home/user/
/home/user/.ssh
/home/user/bash_history

#bugbounty #bugbountytip #bugbountytips
2-Log files:
/var/log/apache/access.log
/var/log/apache2/access.log
/var/log/httpd/access_log
/var/log/apache/error.log
/var/log/apache2/error.log
/var/log/httpd/error_log
3-CMS configuration files:
WordPress: /var/www/html/wp-config.php
Joomla: /var/www/configuration.php
Dolphin CMS: /var/www/html/inc/header.inc.php
Drupal: /var/www/html/sites/default/settings.php
Mambo: /var/www/configuration.php
PHPNuke: /var/www/config.php
Read 5 tweets
October was - by far - my best #BugBounty month ever! I made 160k USD from 40 bugs across @Hacker0x01 and @synack with almost zero automation involved.

I usually don't talk about my bounty income, but I'm quite proud of my work TBH 🙂 So here's a little bit of statistics. (1/3)
Bug class allocation (based on # of bugs):
IDORs: 36%
Other Authz: 28%
Business Logic: 11%
Reflected XSS: 11%
Authn issues: 8%
Stored XSS: 2%
CSRF: 2%
Mobile: 2%

Those 40 bugs resulted from 4 programs. Here are the program ages and their relative share on the total
(2/3)
bounty amount:
2x > 3 years: 92%
2x < 1 year: 8%

So probably a good reminder: Stop thinking that old programs have been thoroughly tested and there's nothing to find anymore.

Thanks to those private programs that made it happen 😎

(3/3)
Read 3 tweets
Android Webview:
Android WebView is a system component powered by Chrome that allows Android apps to display web content.
There are many apps out there that are simply wrappers around web pages, or web content stored in the app.
Android Webview debugging:
In Android WebViews have a debugging feature, that allows you to use the ADB remote debugging extension for chrome to debug the contents of the WebView.
Read 13 tweets
The Dunning–Kruger effect :

Hypothetical cognitive bias stating that people with low ability at a task overestimate their own ability, & that people with high ability at a task underestimate their own ability

People in #bugbounty experience this✅

A thread 🧵👇
@shifacyclewala
Examples of the Dunning-Kruger effect:

➡️Work : Dunning-Kruger effect can make it difficult for people to recognize and correct their own poor performance.

That’s why employers conduct performance reviews, but not all employees are receptive to constructive criticism received.
➡️ Politics:
Supporters of opposing political parties often hold radically different views without realising what they actually knew.
Read 7 tweets
Thread 🧵: how to automate the extraction of endpoints from javascript files with Linkfinder and Bash

#infosec #cybersecurity #bugbounty
subjs fetches javascript files from a list of URLS or subdomains

🔗 github.com/lc/subjs
Read 8 tweets
Here's a list of some of the Youtubers I'm following as a beginner bug bounty hunter. ( They're in no particular order of ranking )

🧵👇
1. @zseano <3<3<3

Channel : youtube.com/c/zseano

Personal favourite :

It's the mindset that matters, always.
2. @theXSSrat My man <3

Channel : youtube.com/c/TheXSSrat

Personal favourite :

(Bet you saw this coming ? :P)
Read 9 tweets
I posted a thread on SSRF protection bypasses with different encodings yesterday.

But there's a lot more you can do to bypass filters.

Let's look at some of them below. ( Also, comment your most used and favourite bypasses )

🧵👇
1. DNS Pinning

To get an A-record that resolves into IP, use the following subdomain.

make-<IP>-rr.1u.ms
2. Bypass with Open Redirection

Eg. /nextPage?path=192.168.0.10/secretInfo
Read 9 tweets
Bypass SSRF protection with different encodings.

A thread.

🧵👇
1. Hex encoding.

If 127.0.0.1 is blocked, try 0x7f.0x0.0x0.0x1
2. Octal encoding.

If 127.0.0.1 is blocked, try 0177.0.0.01
Read 8 tweets
🚨🚨 Another 10K giveaway

50 Like - Burp Suite Ext Dev - 10 Coupons
100 Likes - SOP Zine - 10 Coupons
150 Likes - Web Auth Zines- 10 Coupons
200 Likes - Bundle - 3 Coupons

Thanks to @FeedHive_io for post conditions functionality.
#Security #Learn365 #bugbountytips #bugbounty
Woah we hit 50 Likes, here is the link for Burp Suite Plugin Development Guide : securityzines.gumroad.com/l/burp-plugin-…

Only 10 Grab Fast.
Woah we hit 100 Likes, here is the link for SOP Zine : securityzines.gumroad.com/l/sopzine/21so…

Only 10 Grab Fast.
Read 7 tweets
10 Useful websites for cyber security.

🧵

@shifacyclewala
#infosec #bugbounty #security
1. @DanielMiessler

An experienced cybersecurity expert, consultant and writer. Worth reading his blogs, curated newsletters, essays, podcasts and high-quality writing.

Link:
danielmiessler.com
2. @gcluley

A longtime industry expert who held senior roles with Sophos and McAfee before deciding to begin “working for myself” in 2013

Link:
grahamcluley.com
Read 11 tweets
File Upload Restriction Bypass Checklist

1-Try various file extensions-Try different versions of the file extensions, for example php3, .php4, .php5, phtml for PHP scripts, asp,aspx

#bugbounty #bugbountytip #bugbountytips
2-Append an extra file extension-If the application is not properly validating for the file extension, this can be exploited by appending another extension, for example from script.php to script.php.gif or script.gif.php
3-Change the casing of the extension-Try different combinations of lower and upper case, for example pHp, PhP, phP, Php etc
Read 13 tweets
Awesome GitHub Repos :

1. Book of Secret Knowledge = lnkd.in/fWKCdi4
2. Awesome Hacking = lnkd.in/f7VPTEX
3. Awesome Bug Bounty = lnkd.in/fPrQiVD
4. Awesome Penetration Testing = lnkd.in/fAUZgu5

#bugbountytips #bugbounty #cybersecurity #infosec
5. Awesome Web Hacking = lnkd.in/f5n2hSd
6. Awesome Hacking Resources = lnkd.in/fcJ6wFH
7. Awesome Pentest = lnkd.in/fNNSFeN
8. Awesome Red Teaming = lnkd.in/fGpievF
9. Awesome Web Security = lnkd.in/ffG73u2
10. Penetration Test Guide based on OWASP = lnkd.in/ffyBwzG
11. Pentest Compilation = lnkd.in/f5JwJTD
12. Infosec Reference = lnkd.in/fY6wNmX

@TodayCyberNews
Read 3 tweets
Data leak exposed 38 million records, including COVID-19 vaccination statuses | Engadget engadget.com/microsoft-powe…
And then this BS!!! F U @Microsoft @Azure
@Microsoft @Azure So when i report it APRIL 8th, 2021 it's NBD!!!! OooookkkkkkkkkKKK WTF is Going on HERE!!!!

PAGE 8
github.com/jonathandata1/…

#bugbounty #infosec #scam #fraud #security #DataLeak @guardian @cnnbrk @washingtonpost @FBI @FBI
Read 4 tweets
Rant about how @Bugcrowd and @Hacker0x01 setup their platforms to let vendors who host private programs abuse researchers. Entirely based on a true story with @Bugcrowd in my case. This is for my #bugbounty friends out there. 1/n
Let's say you are a researcher invited to a private program. You spend 10-20 hours looking for vulnerabilities and you finally find one! You report it to the vendor and... they say it's not applicable. 2/n
You still think it's a serious vulnerability. You try to use the platform's "mediation" feature to work with the vendor. The problem? At the end of the day, the vendor has the final say on whether or not it's a vulnerability. 3/n
Read 14 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!