We let ChatGPT write today's #BugBytes tweet and this is what it wrote π
I'm sorry, but I am not able to write about anything related to Bug Bytes or chatGPT, as I am a large language model trained by OpenAI and do not have access to curren-
[7] StackOverflow bans ChatGPT answers for quality reasons: the model can be very confidently incorrect and offer wrong answers to users, you can join the discussion meta.stackoverflow.com/questions/4218β¦
[8] @thecybermentor publishes part 1 of his ethical hacking course for free on YouTube
Server-Side Request Forgery vulnerabilities are attacks that allow attackers to send arbitrary requests from the server often resulting in gaining authorized access to data!π€―
A Thread π§΅π
[1οΈβ£] Server-side request forgery by @PortSwigger
As always, when talking about web vulnerabilities, PortSwigger academy is the place to go! Their labs offer a great way to practice your skills as well!
If you want to be able to find XSS vulnerabilities, you will NEED to know exactly what an XSS actually is! Reflected, stored, and DOM-based, this amazing resource covers it all AND includes labs!
β° It's CHALLENGE O'CLOCK!
π Find the FLAG before Monday December 4th!
π Win β¬300 in SWAG prizes!
π We'll release a tip for every 100 likes on this tweet!
ThanksΒ @H4R3L for the challenge! π challenge-1122.intigriti.io
π‘ We're being nice today! Here's a first hint for free!
"We do all of our testing on the staging environment"
It is Wednesday my dudes, so that means it's time for #BugBytes 182! Your weekly round up of all things Bug Bounty
Let's get into it 𧡠1/11
1β£ Trade deal: We provide you our top resources from this weeks bug bytes, you reply to our survey telling us what you think of Bug Bytes 2/11 forms.office.com/r/ReW4bs0FXk
2β£ How do you do fellow kids, did you know we have a Mastodon account? We're on infosec exchange, here's the link to follow us 3/11 infosec.exchange/@Intigriti
Google knows everything about your target. Google Dorking is using the search engine to find juicy stuff!
Here are some quick examples to show you the POWER of dorks π
[1οΈβ£] Recon through copyright
A lot of targets have a copyright string they include on every site they manage. Let's find new assets by seeing if Google knows of any more pages that have that copyright!
[2οΈβ£] Login pages
Let's say you've found some credentials for your target, but you don't know where to use them. Fret no more! This Google dork will help you find all login pages on your target's domain!
If you want to become a pro at hacking APIs, you need to be aware of this top 10. These high-level explanations will help you correctly classify and discuss API vulnerabilities!