Day 2⃣0⃣/2⃣0⃣ -- [Closing/Summary Of The 20-Day BootCamp]
➡️ The 20-Day BootCamp - Understanding, Detecting, Exploiting & Preventing Different Vulnerabilities.
➡️ Below are the Days from 0⃣1⃣ to 2⃣0⃣(Feel Free To Share)
🧵🧵👇👇 #BugBounty #bugbountytips #CyberSecurity
Day 0⃣1⃣
Day 1⃣9⃣/2⃣0⃣ -- [Subdomain Takeover]
➡️ Subdomain Takeover occurs when an attacker gains control over a subdomain of a target domain.
➡️ Below are some of the best Tips & References for Subdomain Takeover (Feel Free To Share)
🧵🧵👇👇 #BugBounty #bugbountytip1/n Top 25 Subdomain Takeover Bug Bounty Reports corneacristian.medium.com/top-25-subdoma…
Dec 20, 2022 • 21 tweets • 6 min read
Day 1⃣8⃣/2⃣0⃣ -- [XXE - XML External Entity]
➡️ XXE - is an application-layer cybersecurity attack that exploits an XXE vulnerability to parse XML input
➡️ Below some of the best Tips & References for XXE (Feel Free To Share)
🧵🧵👇👇 #BugBounty #bugbountytip1/n XML external entity (XXE) injection portswigger.net/web-security/x…
Dec 18, 2022 • 22 tweets • 6 min read
Day 1⃣7⃣/2⃣0⃣ -- [ATO - Account Takeover]
➡️ ATO - is an attack whereby hackers take ownership of online accounts using stolen passwords and usernames.
➡️ Below some of the best Tips & References for ATO (Feel Free To Share)
🧵🧵👇👇 #BugBounty #bugbountytips1/n Account Takeover Vulnerability
Dec 10, 2022 • 20 tweets • 5 min read
Day 1⃣2⃣/2⃣0⃣ -- [RCE - Remote Code Execution]
➡️ Every Bug Bounty Hunter/Hacker wants to hit an RCE.
➡️ Below some of the best Tips & References for RCE (Feel Free To Share)🧵🧵👇👇
🧵🧵👇👇 #BugBounty #bugbountytips1/n Simple Remote Code Execution Vulnerability Examples for Beginners ozguralp.medium.com/simple-remote-…
Nov 20, 2022 • 25 tweets • 7 min read
Day 0⃣8⃣/2⃣0⃣ -- [Hacking File Upload Functionality]
➡️ Hitting P1's - RCE, SQL Injection, SSRF, Stored XSS, LFI, XXE, IDOR e.t.c
➡️ ➰ Below some of the best Tips & References (Feel Free To Share)🧵🧵👇👇
🧵🧵👇👇 #BugBounty #bugbountytips #cybersecuritytips1/n File Upload Vulnerabilities Checklist 0xn3va.gitbook.io/cheat-sheets/w…
Nov 17, 2022 • 18 tweets • 5 min read
Day 0⃣7⃣/2⃣0⃣ -- [Hacking Different Web Application Functionalities]
➡️ Groups & Teams
➡️ Email Contact
➡️ Submit Feedback
➡️ ➰ Below are Functionalities, Tips & References (Feel Free To Share)🧵🧵👇👇
🧵🧵👇👇 #BugBounty #bugbountytips #cybersecuritytips
o/n
➡️ Chat Box/Support/Customer Care
➡️ Comment Functionality
➡️ Subscribe/Unsubscribe
➡️ Ecommerce Platform
➡️ Search Functionality
➡️ WebSockets
➡️ User-Agents
➡️ Cookies & Sessions
➡️ JSON Web Tokens
Nov 16, 2022 • 23 tweets • 8 min read
Day ➰➰/2⃣0⃣ -- [Hacking Bug Bounty Checklists/Methodologies]
➡️ Day ➰➰, Taking A Break! But Let's Talk About Different Hacking Methodologies.
➡️ Below are Some Of The Best Hacking Methodologies(Feel Free To Share)🧵🧵👇👇 #BugBounty #bugbountytips #cybersecuritytips1/n Resources-for-Beginner-Bug-Bounty-Hunters github.com/nahamsec/Resou…
Nov 15, 2022 • 14 tweets • 4 min read
Day 0⃣6⃣/2⃣0⃣ -- [Delete/Deactivating An Account & Logout Vulnerabilities]
➡️ Day 6, Have You Ever Known That Deactivating & Logout Feature Can Be Hacked & Earn You Bounties?
➡️ Below are Tips & References (Feel Free To Share)🧵🧵👇👇 #BugBounty #bugbountytips #cybersecuritytips1/n IDOR — Let’s delete any account medium.com/@Bohr/idor-let…
Nov 14, 2022 • 18 tweets • 5 min read
Day 0⃣5⃣/2⃣0⃣ -- [Web Application Profile/Dashboard Hacking]
➡️ Day 5, Profile Update/Dashboard Vulnerabilities & References.
➡️ Below are Tips & References (Feel Free To Share)🧵🧵👇👇 #BugBounty #bugbountytips #cybersecuritytips1/n IDOR on the dashboard
Nov 13, 2022 • 22 tweets • 6 min read
Day 0⃣4⃣/2⃣0⃣ -- [Hacking A Web Application Via Password Change Functionality]
➡️ Day 4, Hack A Web Application Via "Password Change Functionality"
➡️ Below are Tips & References (Feel Free To Share)🧵🧵👇👇 #BugBounty #bugbountytips #cybersecuritytips "No Resting Only Hacking!"
1/n All about password reset vulnerabilities by @InfoSecComm infosecwriteups.com/all-about-pass…
Nov 12, 2022 • 20 tweets • 5 min read
Day 0⃣3⃣/2⃣0⃣ -- [How To Hack A Login Page!]
➡️ Day 3, How To Hack A Login Page "Exploiting Vulnerabilities On A Login Page"
➡️ Below are Tips & References (Feel Free To Share)🧵🧵👇👇 #BugBounty #bugbountytips #cybersecuritytips1/n 10 Common vulnerabilities found in the login functionality redhuntlabs.com/blog/10-most-c…
Nov 11, 2022 • 20 tweets • 5 min read
Day 0⃣2⃣/2⃣0⃣ -- [Registration/SignUp Page Vulnerabilities]
➡️ Day 2, we will cover potential vulnerabilities that can affect a Registration/Sign-Up Page of a web application
➡️ Below are Tips & References (Feel Free To Share)🧵🧵👇👇 #BugBounty #bugbountytips #cybersecuritytips1/n
Registration Page Vulnerabilities github.com/carlospolop/ha…
Nov 10, 2022 • 23 tweets • 8 min read
Day 0⃣1⃣/2⃣0⃣ -- [Bug Bounty Reconnaissance/Information Gathering]
➡️ Being Day 1, Recon is usually the first approach when handling your target.
➡️ Below are some of the Best Checklists/Bug Bounty RECON references & Tips🧵🧵👇👇 #BugBounty #bugbountytips #cybersecuritytips1/n The Bug Hunter's Methodology v4.0 - Recon Edition by @Jhaddix
May 2, 2022 • 50 tweets • 8 min read
Bug Bounty Pro Tips
If You Have Any, Please Feel Free To Add To The Thread #bugbountytips #bugbountytip #cybersecuritytips
Pro Tip — Android applications can suffer from LFI and stored XSS just by injecting <iframe/src=/etc/hosts> into input fields.
Tip for finding SSRF
