Day 0⃣1⃣/2⃣0⃣ -- [Bug Bounty Reconnaissance/Information Gathering]
➡️ Being Day 1, Recon is usually the first approach when handling your target.
➡️ Below are some of the Best Checklists/Bug Bounty RECON references & Tips🧵🧵👇👇 #BugBounty #bugbountytips #cybersecuritytips
1/n The Bug Hunter's Methodology v4.0 - Recon Edition by @Jhaddix
Day 0⃣3⃣/2⃣0⃣ -- [How To Hack A Login Page!]
➡️ Day 3, How To Hack A Login Page "Exploiting Vulnerabilities On A Login Page"
➡️ Below are Tips & References (Feel Free To Share)🧵🧵👇👇 #BugBounty #bugbountytips #cybersecuritytips
Day 0⃣2⃣/2⃣0⃣ -- [Registration/SignUp Page Vulnerabilities]
➡️ Day 2, we will cover potential vulnerabilities that can affect a Registration/Sign-Up Page of a web application
➡️ Below are Tips & References (Feel Free To Share)🧵🧵👇👇 #BugBounty #bugbountytips #cybersecuritytips
Bug Bounty Pro Tips
If You Have Any, Please Feel Free To Add To The Thread #bugbountytips #bugbountytip #cybersecuritytips
Pro Tip — Android applications can suffer from LFI and stored XSS just by injecting <iframe/src=/etc/hosts> into input fields.
Tip for finding SSRF
To demonstrate XSS impact, don’t use alert(‘alert’). Determine whether session is stored in cookies or local storage and put that in the popup. cookie: alert(document.cookie) LocalStorage: alert(localStorage.getItem(‘access_token’))