INTIGRITI Profile picture
May 17 12 tweets 5 min read Twitter logo Read on Twitter
Wondering what happened this week in #BugBounty and pentesting? Procrastinating on twitter and want to pretend to be productive? Let's check out this weeks #BugBytes
PS: did you notice that the write ups and tutorials are now separated? If you're looking for more advanced security research or grow your skills! A screenshot of the latest ...
1⃣@NahamSec talks about 2 months of bug hunting, the luck, approach and choosing a program and also burn out
2⃣The @aivillage_dc announces it's AI Red Team event at this years DEFCON, putting red teamers and hackers against AI models aivillage.org/generative%20r…
3⃣Ratnakar Singh discusses his journey with an appsec internship and lists a whole bunch of skills that he learned
blog.appsecco.com/my-internship-…
4⃣The Privacy, Security, & OSINT Show argues for a stock browser, with no security or privacy hardening features inteltechniques.com/blog/2023/05/1…
5⃣ @assetnote is at it again with more sitecore research blog.assetnote.io/2023/05/10/sit…
6⃣ Want to jump on the prompt injection hype train? Here's everything you need to know simonwillison.net/2023/May/2/pro…
7⃣Or maybe get off? @LiveOverflow talks about defence
8⃣@hakluke shares a thread of tips for getting into bug bounty
9⃣ @atomiczsec talks about his first bug, a simple IDOR that got him a $1,000 bounty! link.medium.com/RT61haneSzb
That's not all folks, if you want to see all the hacking goodness you can check out the full post below or subscribe so you get it in your email inbox 😉👇
blog.intigriti.com/2023/05/17/bug…

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with INTIGRITI

INTIGRITI Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @intigriti

May 19
An introduction to file upload vulnerabilities 🧵👇 Insecure File Upload Vulner...
Let's first understand file upload vulnerabilities!

File upload vulnerabilities arise when you are able to upload files without any restrictions (or validations performed on the backend) 💡
The uploaded file can later be requested and potentially trigger the execution of the file contents...

That execution can lead to complete system compromise 😮
Read 9 tweets
Apr 14
CSRF Vulnerabilities Explained!

A mega-thread 👇🧵
Let's understand CSRF vulnerabilities first before moving on to the exploitation part.

Cross-Site Request Forgery (CSRF) vulnerabilities arise when a malicious actor is able to trick the victim's browser into conducting any unauthorized action on his behalf.
A quick example: CSRF example
Read 12 tweets
Apr 12
5 CSRF exploitation techniques 🧵👇 CSRF techniques
1) Basic CSRF

Let's take a look at a very straight-forward example: CSRF example (1)
In the illustration above, we seem to have added a user to our private group with 1 single GET request.

This means we can add our own account to any private group by only sending the link to the victim (assuming you know the private group's name).
Read 13 tweets
Mar 20
Look at this checkout page 👀

There are multiple vulnerabilities present. Can you spot them all?

We've made a list of 6 of the most common price manipulation vulnerabilities found in the checkout process 👇️
Skip ahead to the exploitation part if you already know what price manipulation vulnerabilities are! 👇

Imagine this:
Your laptop' screen suddenly turns off...
You don't know why but when you try to turn your pc back on
You see that the screen doesn't work anymore! 😱
So... this means no more bug bounty for the rest of the week? Of course not!

As you have already repaired some basic parts in a pc before, you decided to take the matter into your own hands! ✊
Read 19 tweets
Feb 17
Were you able to spot the vulnerability in yesterday's code snippet? 🕵️‍♂️
✅ Yes? Nicely done!
❌ No? Don't worry. This is your chance to learn, so let's take a look at the writeup 👇
🧵 Be sure to keep reading this thread for more resources and the winner of our swag!
Want to take a closer look at the vulnerable code snippet? 👩‍💻

Here's the tweet we've been talking about 👇
We promised to give away a 25€ SWAG voucher! 👕

So let's give it away! 🎫
Congratulations @mka_sec, you win!
Read 5 tweets
Feb 15
It's that time again, it's #BugBytes! Let's take a look at what's been happening this week in #BugBounty and Pentesting!
blog.intigriti.com/2023/02/15/bug…
1⃣We all love recon, but once you've hoarded all of those domain names, what comes next?? @NahamSec has the answers!
2⃣ Speaking of recon Twitter discusses Shodan tips and learning resources
Read 11 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(