Tweet

It's Steiner254

Dec 21 • 21 tweets • 7 min read

Day 1⃣9⃣/2⃣0⃣ -- [Subdomain Takeover]
➡️ Subdomain Takeover occurs when an attacker gains control over a subdomain of a target domain.
➡️ Below are some of the best Tips & References for Subdomain Takeover (Feel Free To Share)
🧵🧵👇👇
#BugBounty
#bugbountytip

1/n
Top 25 Subdomain Takeover Bug Bounty Reports
corneacristian.medium.com/top-25-subdoma…

2/n
Fastly Subdomain Takeover $2000
infosecwriteups.com/fastly-subdoma…

3/n
Subdomain Takeover via Fastly ( Steps )

4/n
Subdomain takeover on fastly.sc-cdn.net
hackerone.com/reports/154425

5/n
Subdomain Takeover in Azure: making a PoC
godiego.co/posts/STO-Azur…

6/n
A Guide To Subdomain Takeovers
hackerone.com/application-se…

7/n
Hostile Subdomain Takeover using Heroku/Github/Desk + more
labs.detectify.com/2014/10/21/hos…

8/n
Pingdom Subdomain Takeover POC

9/n
$2500 Bounty || SubDomain Takeover step by step|| edalive.com || BugBounty

10/n
Subdomain Takeover Bug Bounty POC full methodology with live proof on Hackerone Target - Professor

11/n
Subdomain Takeover to Authentication bypass
hackerone.com/reports/335330

12/n
HOW I hacked thousand of subdomains
medium.com/@moSec/how-i-h…

13/n
Subdomain takeover on partners.ubnt.com due to non-used CloudFront DNS entry
hackerone.com/reports/145224

14/n
Subdomain takeover on svcgatewaydevus.starbucks.com and svcgatewayloadus.starbucks.com
hackerone.com/reports/383564

15/n
How to take over a subdomain in Google Cloud DNS
binx.io/2022/01/27/how…

https://twitter.com/abison_binoy/status/1412606224030339072

16/n

https://twitter.com/abison_binoy/status/1412606224030339072

https://twitter.com/miss_LN_/status/1140702248516968459

17/n

https://twitter.com/miss_LN_/status/1140702248516968459

18/n
Subdomain takeover on svcgatewayus.starbucks.com
hackerone.com/reports/325336

19/n
Subdomain takeover on developer.openapi.starbucks.com
hackerone.com/reports/275714

n/n
Practice Makes Perfect!
Stay Ethical & Happy Hacking :)
See you here same time tomorrow!

• • •

Missing some Tweet in this thread? You can try to force a refresh

This Thread may be Removed Anytime!

Twitter may remove this content at anytime! Save it as PDF for later use!

More from @Steiner254

It's Steiner254

@Steiner254

Dec 21

Day 2⃣0⃣/2⃣0⃣ -- [Closing/Summary Of The 20-Day BootCamp]
➡️ The 20-Day BootCamp - Understanding, Detecting, Exploiting & Preventing Different Vulnerabilities.
➡️ Below are the Days from 0⃣1⃣ to 2⃣0⃣(Feel Free To Share)
🧵🧵👇👇
#BugBounty
#bugbountytips
#CyberSecurity

Day 0⃣1⃣

https://twitter.com/Steiner254/status/1590657312280436738?s=20&t=BsBU6KwFYlq4FfxzI0GUWA

Day 0⃣2⃣

https://twitter.com/Steiner254/status/1591045100481794048?s=20&t=BsBU6KwFYlq4FfxzI0GUWA

Read 21 tweets

It's Steiner254

@Steiner254

Dec 20

Day 1⃣8⃣/2⃣0⃣ -- [XXE - XML External Entity]
➡️ XXE - is an application-layer cybersecurity attack that exploits an XXE vulnerability to parse XML input
➡️ Below some of the best Tips & References for XXE (Feel Free To Share)
🧵🧵👇👇
#BugBounty
#bugbountytip

1/n
XML external entity (XXE) injection
portswigger.net/web-security/x…

2/n
XML External Entity (XXE) Processing
owasp.org/www-community/…

Read 21 tweets

It's Steiner254

@Steiner254

Dec 18

Day 1⃣7⃣/2⃣0⃣ -- [ATO - Account Takeover]
➡️ ATO - is an attack whereby hackers take ownership of online accounts using stolen passwords and usernames.
➡️ Below some of the best Tips & References for ATO (Feel Free To Share)
🧵🧵👇👇
#BugBounty
#bugbountytips

1/n
Account Takeover Vulnerability

2/n
Account Takeover #Lab-1 | BePractical

>> We got couple of labs here...

Read 22 tweets

It's Steiner254

@Steiner254

Dec 10

Day 1⃣2⃣/2⃣0⃣ -- [RCE - Remote Code Execution]
➡️ Every Bug Bounty Hunter/Hacker wants to hit an RCE.
➡️ Below some of the best Tips & References for RCE (Feel Free To Share)🧵🧵👇👇
🧵🧵👇👇
#BugBounty
#bugbountytips

1/n
Simple Remote Code Execution Vulnerability Examples for Beginners
ozguralp.medium.com/simple-remote-…

2/n
Web & Reverse Shells for testing RCE
github.com/thevillagehack…

Read 20 tweets

It's Steiner254

@Steiner254

Nov 20

Day 0⃣8⃣/2⃣0⃣ -- [Hacking File Upload Functionality]
➡️ Hitting P1's - RCE, SQL Injection, SSRF, Stored XSS, LFI, XXE, IDOR e.t.c
➡️ ➰ Below some of the best Tips & References (Feel Free To Share)🧵🧵👇👇
🧵🧵👇👇
#BugBounty
#bugbountytips
#cybersecuritytips

1/n
File Upload Vulnerabilities Checklist
0xn3va.gitbook.io/cheat-sheets/w…

2/n
Exif Data Not Stripped From Uploaded Images
kathan19.gitbook.io/howtohunt/exif…

Read 25 tweets

It's Steiner254

@Steiner254

Nov 17

Day 0⃣7⃣/2⃣0⃣ -- [Hacking Different Web Application Functionalities]
➡️ Groups & Teams
➡️ Email Contact
➡️ Submit Feedback
➡️ ➰ Below are Functionalities, Tips & References (Feel Free To Share)🧵🧵👇👇
🧵🧵👇👇
#BugBounty
#bugbountytips
#cybersecuritytips

o/n
➡️ Chat Box/Support/Customer Care
➡️ Comment Functionality
➡️ Subscribe/Unsubscribe
➡️ Ecommerce Platform
➡️ Search Functionality
➡️ WebSockets
➡️ User-Agents
➡️ Cookies & Sessions
➡️ JSON Web Tokens

1/n
Blind SSRF on chatbox
hackerone.com/reports/1220688

Read 18 tweets

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Share this page!

It's Steiner254

People who liked this thread also liked...

Try unrolling a thread yourself!

More from @Steiner254

It's Steiner254

It's Steiner254

It's Steiner254

It's Steiner254

It's Steiner254

It's Steiner254

Did Thread Reader help you today?

Don't want to be a Premium member but still want to support us?

Send Email!