7⃣Hacking GraphQL APIs? You NEED InQL for Burp, fantastic plug in which has some great QOL for API hackers github.com/doyensec/inql
8⃣Jevon Davis talks Azure and AzureHound in their latest blog, should be of interest to anyone who wants to hack Windows based systems! infosecwriteups.com/securing-azure…
9⃣Should you want to donate any bounties to the ongoing difficulties in Turkey and Syria post-earthquake we now support donations via the 1212 relief fund, to set this up change your default invoice details to DONATE-1212 ❤️❤️
Reminder, there's a lot more in our full post which you can read either by subscribing and having it show up in your email inbox or by reading the full post blog.intigriti.com/2023/02/15/bug…
• • •
Missing some Tweet in this thread? You can try to
force a refresh
Were you able to spot the vulnerability in yesterday's code snippet? 🕵️♂️
✅ Yes? Nicely done!
❌ No? Don't worry. This is your chance to learn, so let's take a look at the writeup 👇
🧵 Be sure to keep reading this thread for more resources and the winner of our swag!
Want to take a closer look at the vulnerable code snippet? 👩💻
If you want to master hacking JWT tokens, open this thread!
JWT tokens are often used to authenticate logged-in users. They do this by signing the data so that the server can verify forged tokens. But in some cases, we can bypass this protection! 🤯
This site is amazing for playing with and debugging JWT tokens. Just paste your token in to see what it's all about. Try to sign your first token and see how it changes when you change values!
The PortSwigger Academy is THE place for everything web related. This article is once again a great place for you to learn! Be sure to check out the labs as well!
With so many different kinds of databases out there, you're definitely going to want a good cheatsheet to quickly look up what you need. PayloadsAllTheThings is perfect for that!
JUST RELEASED: @securinti's talk on how to read RFC's to find unique vulnerabilities. Some highlights + video link below! 🧵👇
1) Why RFC's are interesting?
👉 RFC's are sometimes based on outdated ideas on how the internet could have looked like
👉 ...but they're still implemented in modern technology
👉 They sometimes list potential security issues and misimplementations (but nobody reads them)
2) RFC's are long. What should you look/grep for?
👉 Most RFC's already have paragraphs on security
👉 Some RFC's have corrections (errata). Older versions may be insecurely implemented!
👉 Most interesting bit? Optional parameters and extensions nobody knows about