Share this page!

INTIGRITI Profile picture
Twitter logo
Nov 16 11 tweets 5 min read
It is Wednesday my dudes, so that means it's time for #BugBytes 182! Your weekly round up of all things Bug Bounty

Let's get into it 🧵 1/11 It is Wednesday my dude with an image of a frog, this is a m
1⃣ Trade deal: We provide you our top resources from this weeks bug bytes, you reply to our survey telling us what you think of Bug Bytes 2/11 forms.office.com/r/ReW4bs0FXk
2⃣ How do you do fellow kids, did you know we have a Mastodon account? We're on infosec exchange, here's the link to follow us 3/11 infosec.exchange/@Intigriti
3⃣ I can haz unlock code? @xdavidhu shares an accidental finding after forgetting his SIM PIN which netted them $70k! 4/11 bugs.xdavidhu.me/google/2022/11…
4⃣ such tool, much discovery, wow @pdiscoveryio launches katana a new tool which offers some great crawling and spidering to add to your toolbox 5/11
github.com/projectdiscove…
5⃣ Hello There, @gregxsunday shares some tips for increasing the impact of findings for bigger bounties 6/11
6⃣ @samwcyo and the boys formed a small group of hackers and in 10 days they found 100 bugs, with 50 critical findings! 7/11
7⃣ @EdwardLichtner was a hacker until he took an JWT to the knee, check out his 2-part blog on hacking JWTs 8/11 zerodayhacker.com/hacking-a-jwt-…
8⃣ stonks @PortSwigger is running a Burp Challenge, solve 4 challenges by the 31st of December to win swag and a Burp Suite Certified Practitioner exam credit 9/11
portswigger.net/web-security/c…
9⃣ @niksthehacker presents an interesting bug chain using path traversal and SSRF to find an internal git repository, true story 10/11
blog.niksthehacker.com/chaining-path-…
If you want to read the whole absolute unit of an issue, check out the full blog post 🫵👇 11/11 blog.intigriti.com/2022/11/16/bug…

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with INTIGRITI

INTIGRITI Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @intigriti

INTIGRITI Profile picture
Nov 15
9 Google Dorks you NEED to know about! 🧵

Google knows everything about your target. Google Dorking is using the search engine to find juicy stuff!

Here are some quick examples to show you the POWER of dorks 👇
[1️⃣] Recon through copyright

A lot of targets have a copyright string they include on every site they manage. Let's find new assets by seeing if Google knows of any more pages that have that copyright! Image
[2️⃣] Login pages

Let's say you've found some credentials for your target, but you don't know where to use them. Fret no more! This Google dork will help you find all login pages on your target's domain! Image
Read 11 tweets
INTIGRITI Profile picture
Nov 14
If you want to master API security, open this thread!

APIs are used EVERYWHERE for applications to communicate, but let's see how you can HACK them! 👩‍💻

A Thread 🧵👇
[1️⃣] API Security Top 10 2019 by @owasp

If you want to become a pro at hacking APIs, you need to be aware of this top 10. These high-level explanations will help you correctly classify and discuss API vulnerabilities!

👇 owasp.org/www-project-ap…
[2️⃣] Everything API Hacking by @InsiderPhD

This one is a must watch! Over 9 hours of university-grade content on hacking APIs, GraphQL, ...

👇 youtube.com/playlist?list=…
Read 8 tweets
INTIGRITI Profile picture
Oct 25
12 #bugbountytips you NEED to know about! 🧵

A #bugbountytip is a short trick that can help you find your next bug!

Here are some quick wins you can start implementing today to become a better hunter 👇
[1️⃣] Automating SSRF by @Regala_
Instead of manually looking for SSRF sinks, why don't we let @Burp_Suite do the hard work? 👇
[2️⃣] Exploiting e-mail systems by @securinti 📧
Did you know you can exploit an SQL injection using an e-mail address? Neither do developers!
And it's not just SQLi! Find out more 👇
Read 14 tweets
INTIGRITI Profile picture
Oct 24
This XSS challenge will blow your mind🤯

🧵Here's the solution to our October XSS challenge by @0xGodson_ 👇
This challenge emulated a notes application

A user can sign up and create private notes 🗒

But what if somebody else could read your notes?🙊
[1️⃣] CSRF?
If we can post notes as our victim, that would open up some possibilities to achieve XSS, so let's look into this.
Is it really that easy? Find out! 👇
Read 22 tweets
INTIGRITI Profile picture
Oct 18
12 #recon tools you NEED to know about! 🧵

Recon, the gathering of information about your target, is becoming more and more important! 🧠

Here are the tools to help you spot subdomains, vhosts, S3 buckets, parameters and more faster and more effective than the others 👇
[1️⃣] DNS
This DNS toolkit by @pdiscoveryio can do a lot! But let's focus on reverse DNS lookups 👀
Often, you have a huge list of IP addresses 📜
Just like resolving a domain to an IP, you can also try doing the opposite using PTR records!
Et voila! Domains to continue recon! 👇
[2️⃣] Amass
This network mapping tool by @owasp is incredible, but let's hone in on doing subdomain enumeration. 🕸
The main domains companies use are often well-secured. But what about the domain that nobody knows about? Those can be riddled with bugs! 🐛
Let's find them! 👇
Read 14 tweets
INTIGRITI Profile picture
Jun 25, 2021
🔴LIVE MENTOR SESSION (starting now):
@zseano
will answer your questions for the next 4 hours!
💬 Comment with your question! 👇 Image
@Devil79830787 wants to know: "How can a complete noob (non-techie) enter the world of bug bounty(or hacking) in 2021. Top resources techniques and where to start and how to start advices"
@zseano @waters_ro asked: "What’s the bug you’ll never forget and why?"
Read 24 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

Send Email!

:(