INTIGRITI Profile picture
Feb 15 11 tweets 5 min read
It's that time again, it's #BugBytes! Let's take a look at what's been happening this week in #BugBounty and Pentesting!
blog.intigriti.com/2023/02/15/bug…
1⃣We all love recon, but once you've hoarded all of those domain names, what comes next?? @NahamSec has the answers!
2⃣ Speaking of recon Twitter discusses Shodan tips and learning resources
3⃣@mattiazignale walks us through containers in their blog Attacking and securing Docker containers infosecwriteups.com/attacking-and-…
4⃣@HackingSimplif1 sits down with @harshbothra_ to talk about his cyber security journey
5⃣@dayzerosec talks about a super interesting bug with Cross-Window-Message Origin validation dayzerosec.com/podcast/185.ht…
6⃣Looking for new bugs, check out this series of machine learning for hackers blog posts by @VidhiWaghela
infosecwriteups.com/when-clusterin…
7⃣Hacking GraphQL APIs? You NEED InQL for Burp, fantastic plug in which has some great QOL for API hackers github.com/doyensec/inql
8⃣Jevon Davis talks Azure and AzureHound in their latest blog, should be of interest to anyone who wants to hack Windows based systems! infosecwriteups.com/securing-azure…
9⃣Should you want to donate any bounties to the ongoing difficulties in Turkey and Syria post-earthquake we now support donations via the 1212 relief fund, to set this up change your default invoice details to DONATE-1212 ❤️❤️
Reminder, there's a lot more in our full post which you can read either by subscribing and having it show up in your email inbox or by reading the full post
blog.intigriti.com/2023/02/15/bug…

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with INTIGRITI

INTIGRITI Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @intigriti

Feb 17
Were you able to spot the vulnerability in yesterday's code snippet? 🕵️‍♂️
✅ Yes? Nicely done!
❌ No? Don't worry. This is your chance to learn, so let's take a look at the writeup 👇
🧵 Be sure to keep reading this thread for more resources and the winner of our swag!
Want to take a closer look at the vulnerable code snippet? 👩‍💻

Here's the tweet we've been talking about 👇
We promised to give away a 25€ SWAG voucher! 👕

So let's give it away! 🎫
Congratulations @mka_sec, you win!
Read 5 tweets
Feb 7
Passive recon using "Certificate Transparency": A deep dive 🧵

We all use tools like Amass, ReconFTW & subfinder for finding new subdomains. Let's demystify these tools by looking at how they work 🪄

Today: Recon through Certificate Transparency
What is it? How does it work? 👇
1️⃣ SSL Certificates
These allow users to verify a website's identity. They allow HTTPS to work and thus are at the base of how the modern web works!

These certs are issued by a CA. But what if a CA issues a cert mistakenly or even maliciously? How do users not get duped by that?
2️⃣ Certificate Transparency
This is where CT comes into play. It's an open framework for monitoring certs 🔎

This means that all certificates are publicly disclosed! 🤗

Domain owners can now get a list of all certs issued to their domain 📜
BUT we as hackers can now ... 👨‍💻
Read 8 tweets
Jan 31
If you want to master hacking JWT tokens, open this thread!

JWT tokens are often used to authenticate logged-in users. They do this by signing the data so that the server can verify forged tokens. But in some cases, we can bypass this protection! 🤯

A Thread 🧵👇
[1️⃣] JWT.io by @auth0

This site is amazing for playing with and debugging JWT tokens. Just paste your token in to see what it's all about. Try to sign your first token and see how it changes when you change values!

👇 jwt.io
[2️⃣] JWT attacks by @PortSwigger

The PortSwigger Academy is THE place for everything web related. This article is once again a great place for you to learn! Be sure to check out the labs as well!

👇 portswigger.net/web-security/j…
Read 9 tweets
Jan 9
If you want to master SQL injections, open this thread!

SQL injection attacks are vulnerabilities that can allow attackers to access ANY data in a victim's database!🤯

A Thread 🧵👇
[1️⃣] SQL injection by @PortSwigger

When talking about web vulnerabilities, PortSwigger academy is the place to go! Their labs offer a great way to practice your skills as well!

👇 portswigger.net/web-security/s…
[2️⃣] Cheatsheet by @pentest_swissky

With so many different kinds of databases out there, you're definitely going to want a good cheatsheet to quickly look up what you need. PayloadsAllTheThings is perfect for that!

👇 github.com/swisskyrepo/Pa…
Read 12 tweets
Dec 20, 2022
JUST RELEASED: @securinti's talk on how to read RFC's to find unique vulnerabilities. Some highlights + video link below! 🧵👇
1) Why RFC's are interesting?
👉 RFC's are sometimes based on outdated ideas on how the internet could have looked like
👉 ...but they're still implemented in modern technology
👉 They sometimes list potential security issues and misimplementations (but nobody reads them)
2) RFC's are long. What should you look/grep for?
👉 Most RFC's already have paragraphs on security
👉 Some RFC's have corrections (errata). Older versions may be insecurely implemented!
👉 Most interesting bit? Optional parameters and extensions nobody knows about
Read 10 tweets
Dec 19, 2022
Compete in our mini-CTF and win 100$ in Intigriti SWAG! 👕

We've hidden 7 flags in all of our socials ⛳
Can you find them all? 😎

The first person to DM us with all the flags wins! 🔥
[1️⃣] Spot The Vulnerability 📜

Hackers love spotting vulnerabilities! Spot the vulnerability in this code snippet and get your first flag!

🔗 go.intigriti.com/nahamcon
[2️⃣] Emoji’s on Mastodon 😃

Hmm, the Intigriti Mastodon account posted some weird emojis. What could they mean?
Read 10 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(