Discover and read the best of Twitter Threads about #bugbounties

Most recents (3)

Profile picture
Purab Parihar
@purab_parihar
Want to find RCE on Web Applications? 🚀

Here are some ways to escalate or direct RCEs in Bug Bounties

A thread🧵

#bugbounty #bugbounties #wapt #rce #zeroday
1. LFI with Log Poisoning :
➼ Apache Log: hackingarticles.in/apache-log-poi…
➼ SSH Log:hackingarticles.in/rce-with-lfi-a…
➼ SMTP Log:liberty-shell.com/sec/2018/05/19…
➼ FTP Log: secnhack.in/ftp-log-poison…

(2/n)
2. Via File Upload :
âž¼ Upload .php reverse shell
âž¼ If not, Bypass Restrictions :
(a) Double Extension
(b) Random Upper & Lower Case Names
(c) Changing Mime Type
(d) Null Byte
(e) Magic Byte
âž¼ If image allowed, use ExifTool and add PHP reverse shell in comment metadata
(3/n)
Read 7 tweets
Profile picture
Appsecco
@appseccouk
We are just starting our session @hasgeek. @abh1sek talking about data breaches and how they happen.

hasgeek.com/rootconf/data-…

Join the live stream on the webpage.

#datasecurity
Thank you @hasgeek for giving us this amazing platform to talk about what we love most #datasecurity #appsec
#cloudsecurity
Agenda for the session
Read 29 tweets
Profile picture
ph055a
@ph055a
I hate the certification industry, it prevents talented people from participating, particularly younger and less well off. If you want to learn online #investigations I'll teach you everything I can with live support absolutely free. osint.team #OSINT #infosecjobs
If you can get an employer to pay then go for @SANSInstitute because @mcafeeinstitute stinks of stock photography and shyster marketing. Not to mention these people kick ass. @jms_dot_py @WebBreacher @kirbstr @baywolf88
An @OReillyMedia subscription ($39) and @jms_dot_py course register.automatingosint.com/python-course ($45). These are what young #infosec / #OSINT investigators. Should be spending money on. Keeping low monthly payments allows people to get the skills while paying for quality.
Read 6 tweets

Related hashtags

#hacker #OWASP #phished #LinkedIn #infrastructuresecurity #security #Kubernetes #whitepapers #docker #OpenSource #assets #zeroday #ThreatModelling #HR #InformationIsBeautiful #CSC_Bhim #Equifax #cloudsecurity #AWSCloud #ThreatModel #patchmanagement #databreaches #StrutsFramework #capitalone

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!