Bug bounty & VDP platform trusted by the worldβs largest organisations! π
5 subscribers
Sep 13 β’ 9 tweets β’ 3 min read
Want to master AWS S3 hacking? π€
This thread is for you! 𧡠π
AWS S3 (Simple Storage Service) buckets are a popular storage service often used by software companies to store data.
This is often sensitive data (such as receipts, invoices, etc.) but it can also be used to store public images such as profile pictures for example!
Jul 5 β’ 9 tweets β’ 3 min read
This is the thread I wish someone created for me when I started participating in bug bounty! π
Not everyone shares these methods... but
Here are a few tips to help you identify & exploit more IDOR vulnerabilities! π€
𧡠π
IDOR (insecure direct object reference) vulnerabilities are present in web services that directly reference a data object without proper access controls!
The data object can be anything, from sensitive fields that are stored in databases to files stored in a storage bucket.
Apr 12 β’ 5 tweets β’ 2 min read
Ever had to analyze JavaScript files using Burpsuite? π§
Here are 3 web extensions to help you out and find secrets, links and other sensitive data! π€
A thread 𧡠π
1οΈβ£ JS Miner
JS Miner is a Burpsuite Pro extension to help you analyze static files like JavaScript & JSON files found on your target for finding secrets, endpoints and other hard-coded sensitive data! π
A lot happened in the #BugBounty community last week, so let's take a look at the 5 must consumes in todays #BugBytes
1β£ We start out with a blog from @assetnote that you've definitely already seen as they dive into the recent Critrix CVE and talk about the how of finding it! blog.assetnote.io/2023/06/29/binβ¦
Jun 29, 2023 β’ 6 tweets β’ 2 min read
You probably saw this before...
An XSS through your User-Agent header
But is it exploitable? π€οΈ Let's find out! ππ§΅
A common mistake new hunters make is reporting XSS where the payload is supplied inside a request header
However...this leads to a self-cross-site scripting vulnerability which is often out-of-scope! π¬οΈ
Let's understand why and when you can actually report it!
Jun 6, 2023 β’ 8 tweets β’ 2 min read
Let's take a look at why this XSS won't execute π€
A thread π§΅π
You probably came across this scenario before
Your payload gets reflected without getting encoded...
But non of the HTML entered is getting rendered!
May 29, 2023 β’ 5 tweets β’ 2 min read
3 Tools to help you automate file upload vulnerabilities ππ¨
1β£Upload Scanner
Upload Scanner is a Burpsuite extension that can help you automate file upload vulnerabilities
It's capable of uploading various files, injecting ASP, JSP, and PHP code + bypassing restrictions!
An introduction to file upload vulnerabilities π§΅π
Let's first understand file upload vulnerabilities!
File upload vulnerabilities arise when you are able to upload files without any restrictions (or validations performed on the backend) π‘
May 17, 2023 β’ 12 tweets β’ 5 min read
Wondering what happened this week in #BugBounty and pentesting? Procrastinating on twitter and want to pretend to be productive? Let's check out this weeks #BugBytes
PS: did you notice that the write ups and tutorials are now separated? If you're looking for more advanced security research or grow your skills!
Apr 14, 2023 β’ 12 tweets β’ 3 min read
CSRF Vulnerabilities Explained!
A mega-thread ππ§΅
Let's understand CSRF vulnerabilities first before moving on to the exploitation part.
Cross-Site Request Forgery (CSRF) vulnerabilities arise when a malicious actor is able to trick the victim's browser into conducting any unauthorized action on his behalf.
Let's take a look at a very straight-forward example:
Mar 20, 2023 β’ 19 tweets β’ 5 min read
Look at this checkout page π
There are multiple vulnerabilities present. Can you spot them all?
We've made a list of 6 of the most common price manipulation vulnerabilities found in the checkout process ποΈ
Skip ahead to the exploitation part if you already know what price manipulation vulnerabilities are! π
Imagine this:
Your laptop' screen suddenly turns off...
You don't know why but when you try to turn your pc back on
You see that the screen doesn't work anymore! π±
It's that time again, it's #BugBytes! Let's take a look at what's been happening this week in #BugBounty and Pentesting! blog.intigriti.com/2023/02/15/bugβ¦
1β£We all love recon, but once you've hoarded all of those domain names, what comes next?? @NahamSec has the answers!
Feb 7, 2023 β’ 8 tweets β’ 3 min read
Passive recon using "Certificate Transparency": A deep dive π§΅
We all use tools like Amass, ReconFTW & subfinder for finding new subdomains. Let's demystify these tools by looking at how they work πͺ
Today: Recon through Certificate Transparency
What is it? How does it work? π
1οΈβ£ SSL Certificates
These allow users to verify a website's identity. They allow HTTPS to work and thus are at the base of how the modern web works!
These certs are issued by a CA. But what if a CA issues a cert mistakenly or even maliciously? How do users not get duped by that?
Jan 31, 2023 β’ 9 tweets β’ 5 min read
If you want to master hacking JWT tokens, open this thread!
JWT tokens are often used to authenticate logged-in users. They do this by signing the data so that the server can verify forged tokens. But in some cases, we can bypass this protection! π€―
This site is amazing for playing with and debugging JWT tokens. Just paste your token in to see what it's all about. Try to sign your first token and see how it changes when you change values!