Intigriti Profile picture
Cyber security provider, trusted by the world’s largest organisations! 🌍
5 subscribers
Sep 13 β€’ 9 tweets β€’ 3 min read
Want to master AWS S3 hacking? πŸ€‘

This thread is for you! 🧡 πŸ‘‡ Image AWS S3 (Simple Storage Service) buckets are a popular storage service often used by software companies to store data.

This is often sensitive data (such as receipts, invoices, etc.) but it can also be used to store public images such as profile pictures for example!
Jul 5 β€’ 9 tweets β€’ 3 min read
This is the thread I wish someone created for me when I started participating in bug bounty! πŸ˜…

Not everyone shares these methods... but

Here are a few tips to help you identify & exploit more IDOR vulnerabilities! πŸ€‘

🧡 πŸ‘‡ IDOR (insecure direct object reference) vulnerabilities are present in web services that directly reference a data object without proper access controls!

The data object can be anything, from sensitive fields that are stored in databases to files stored in a storage bucket.
Apr 12 β€’ 5 tweets β€’ 2 min read
Ever had to analyze JavaScript files using Burpsuite? 🧐

Here are 3 web extensions to help you out and find secrets, links and other sensitive data! πŸ€‘

A thread 🧡 πŸ‘‡ 1️⃣ JS Miner

JS Miner is a Burpsuite Pro extension to help you analyze static files like JavaScript & JSON files found on your target for finding secrets, endpoints and other hard-coded sensitive data! 😎

Check it out on the Github! πŸ‘‡
buff.ly/3J9l6bl
Mar 1 β€’ 6 tweets β€’ 2 min read
Ever came across a subdomain on one of your targets that returned the following error? 🧐

If you ever skipped these, you may have missed out on a lot of bounties...

Here are the top 3 tools to bypass pages behind a 401 & 403 error status code! πŸ€‘

A thread! 🧡 πŸ‘‡ Image 1️⃣ bypass-url-parser

Bypass-url-parser is a fuzzer that performs all types of checks to attempt and bypass protected pages behind a 40X status code! 😎

It features several bypass modes including an option to spoof your IP!

Bypass-url-parser is Github:
buff.ly/42XeUfq
Nov 10, 2023 β€’ 13 tweets β€’ 3 min read
Look at this login form πŸ‘€

There are multiple vulnerabilities present. πŸ€‘οΈ But can you spot them all? 😎️

Let's cover each one of them! πŸ§΅πŸ‘‡ Image Imagine this...

You just performed subdomain enumeration

Filtered all live hosts and got a list of URLs. You know, the usual.

In them, you spot "staging-id\.example\.com" subdomain 😏️

A quick look at the scope section, you see that this subdomain is in scope! πŸ€‘οΈ
Sep 9, 2023 β€’ 6 tweets β€’ 2 min read
Top 4 tools to automate SQL Injection vulnerabilities!

A thread! πŸ‘‡ Image 1⃣ SQLMap

You probably already know about the first scanner...

SQLMap is the most popular SQL Injection vulnerability scanner out there and is fully open-source!

SQLMap is available on GitHub πŸ‘‡

github.com/sqlmapproject/…
Aug 25, 2023 β€’ 7 tweets β€’ 2 min read
Understanding SQL Injections!

A thread! πŸ‘‡οΈ Image Let's first understand what SQL is! 😎

SQLβ€”Structured Query Languageβ€”is a query language used to perform CRUD operations in SQL-like databases!

So suppose you need to retrieve an entry from a database, you can use an SQL query to read that specific field.
Aug 11, 2023 β€’ 9 tweets β€’ 3 min read
XXE exploitation πŸ‘‡οΈ Image Today, we will cover how you can successfully exploit XXE vulnerabilities

If you aren't familiar with the concepts of XXE yet...

This thread is made just for you! πŸ‘‡οΈ
Jul 5, 2023 β€’ 7 tweets β€’ 2 min read
A lot happened in the #BugBounty community last week, so let's take a look at the 5 must consumes in todays #BugBytes 1⃣ We start out with a blog from @assetnote that you've definitely already seen as they dive into the recent Critrix CVE and talk about the how of finding it! blog.assetnote.io/2023/06/29/bin…
Jun 29, 2023 β€’ 6 tweets β€’ 2 min read
You probably saw this before...

An XSS through your User-Agent header

But is it exploitable? πŸ€”οΈ Let's find out! πŸ‘‡πŸ§΅ A common mistake new hunters make is reporting XSS where the payload is supplied inside a request header

However...this leads to a self-cross-site scripting vulnerability which is often out-of-scope! 😬️

Let's understand why and when you can actually report it!
Jun 6, 2023 β€’ 8 tweets β€’ 2 min read
Let's take a look at why this XSS won't execute πŸ€”

A thread πŸ§΅πŸ‘‡ XSS - no execution You probably came across this scenario before

Your payload gets reflected without getting encoded...

But non of the HTML entered is getting rendered!
May 29, 2023 β€’ 5 tweets β€’ 2 min read
3 Tools to help you automate file upload vulnerabilities πŸ“πŸ”¨ 1⃣Upload Scanner

Upload Scanner is a Burpsuite extension that can help you automate file upload vulnerabilities

It's capable of uploading various files, injecting ASP, JSP, and PHP code + bypassing restrictions!

portswigger.net/bappstore/b224…
May 19, 2023 β€’ 9 tweets β€’ 2 min read
An introduction to file upload vulnerabilities πŸ§΅πŸ‘‡ Insecure File Upload Vulner... Let's first understand file upload vulnerabilities!

File upload vulnerabilities arise when you are able to upload files without any restrictions (or validations performed on the backend) πŸ’‘
May 17, 2023 β€’ 12 tweets β€’ 5 min read
Wondering what happened this week in #BugBounty and pentesting? Procrastinating on twitter and want to pretend to be productive? Let's check out this weeks #BugBytes PS: did you notice that the write ups and tutorials are now separated? If you're looking for more advanced security research or grow your skills! A screenshot of the latest ...
Apr 14, 2023 β€’ 12 tweets β€’ 3 min read
CSRF Vulnerabilities Explained!

A mega-thread πŸ‘‡πŸ§΅ Let's understand CSRF vulnerabilities first before moving on to the exploitation part.

Cross-Site Request Forgery (CSRF) vulnerabilities arise when a malicious actor is able to trick the victim's browser into conducting any unauthorized action on his behalf.
Apr 12, 2023 β€’ 13 tweets β€’ 4 min read
5 CSRF exploitation techniques πŸ§΅πŸ‘‡ CSRF techniques 1) Basic CSRF

Let's take a look at a very straight-forward example: CSRF example (1)
Mar 20, 2023 β€’ 19 tweets β€’ 5 min read
Look at this checkout page πŸ‘€

There are multiple vulnerabilities present. Can you spot them all?

We've made a list of 6 of the most common price manipulation vulnerabilities found in the checkout process πŸ‘‡οΈ Skip ahead to the exploitation part if you already know what price manipulation vulnerabilities are! πŸ‘‡

Imagine this:
Your laptop' screen suddenly turns off...
You don't know why but when you try to turn your pc back on
You see that the screen doesn't work anymore! 😱
Feb 17, 2023 β€’ 5 tweets β€’ 2 min read
Were you able to spot the vulnerability in yesterday's code snippet? πŸ•΅οΈβ€β™‚οΈ
βœ… Yes? Nicely done!
❌ No? Don't worry. This is your chance to learn, so let's take a look at the writeup πŸ‘‡
🧡 Be sure to keep reading this thread for more resources and the winner of our swag! Want to take a closer look at the vulnerable code snippet? πŸ‘©β€πŸ’»

Here's the tweet we've been talking about πŸ‘‡
Feb 15, 2023 β€’ 11 tweets β€’ 5 min read
It's that time again, it's #BugBytes! Let's take a look at what's been happening this week in #BugBounty and Pentesting!
blog.intigriti.com/2023/02/15/bug… 1⃣We all love recon, but once you've hoarded all of those domain names, what comes next?? @NahamSec has the answers!
Feb 7, 2023 β€’ 8 tweets β€’ 3 min read
Passive recon using "Certificate Transparency": A deep dive 🧡

We all use tools like Amass, ReconFTW & subfinder for finding new subdomains. Let's demystify these tools by looking at how they work πŸͺ„

Today: Recon through Certificate Transparency
What is it? How does it work? πŸ‘‡ 1️⃣ SSL Certificates
These allow users to verify a website's identity. They allow HTTPS to work and thus are at the base of how the modern web works!

These certs are issued by a CA. But what if a CA issues a cert mistakenly or even maliciously? How do users not get duped by that?
Jan 31, 2023 β€’ 9 tweets β€’ 5 min read
If you want to master hacking JWT tokens, open this thread!

JWT tokens are often used to authenticate logged-in users. They do this by signing the data so that the server can verify forged tokens. But in some cases, we can bypass this protection! 🀯

A Thread πŸ§΅πŸ‘‡ [1️⃣] JWT.io by @auth0

This site is amazing for playing with and debugging JWT tokens. Just paste your token in to see what it's all about. Try to sign your first token and see how it changes when you change values!

πŸ‘‡ jwt.io