Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
ShreKy Profile picture
ShreKy
@shrekysec
๐ŸŒ Former Web Application Security Researcher ๐Ÿ›ก๏ธ I help(ed) secure websites through bug bounties and freelance quit hacking btw
Oct 27, 2022 โ€ข 9 tweets โ€ข 5 min read
Bug Testing Methodology Series:

๐’๐’๐‘๐… (๐’๐ž๐ซ๐ฏ๐ž๐ซ ๐’๐ข๐๐ž ๐‘๐ž๐ช๐ฎ๐ž๐ฌ๐ญ ๐…๐จ๐ซ๐ ๐ž๐ซ๐ฒ)

Learn how to test for #SSRF step by step on real #bugbounty programs

Thread๐Ÿงต๐Ÿ‘‡

#cybersecurity #cybersecuritytips #infosec #hacking #bugbountytips #infosecurity Before we start, this thread won't teach how SSRF works, but rather a methodology to follow while actively testing for it.

To learn about how SSRF attacks work, have a read here โžก๏ธ portswigger.net/web-security/sโ€ฆ
Oct 24, 2022 โ€ข 12 tweets โ€ข 7 min read
Introduction to #XSS

Learn the basics of ๐‚๐ซ๐จ๐ฌ๐ฌ-๐’๐ข๐ญ๐ž ๐’๐œ๐ซ๐ข๐ฉ๐ญ๐ข๐ง๐  (๐—๐’๐’)

Thread๐Ÿงต๐Ÿ‘‡

#bugbounty #bugbountytips #bugbountytip #cybersecurity #cybersecuritytips #infosec #infosecurity #hacking Let's inspect the name first:

The ๐’๐œ๐ซ๐ข๐ฉ๐ญ๐ข๐ง๐  part indicates, obviously, scripting, so we can think about what kind of scripting we know exist in Web Apps: HTML & JavaScript being the 2 most common.

Secondly, XSS is part of the INJECTION bug class (see @owasp's Top 10)
Oct 18, 2022 โ€ข 9 tweets โ€ข 4 min read
Bug Testing Methodology Series:

๐๐€๐‚ (๐๐ซ๐จ๐ค๐ž๐ง ๐€๐œ๐œ๐ž๐ฌ๐ฌ ๐‚๐จ๐ง๐ญ๐ซ๐จ๐ฅ)

Learn how to test for Broken Access Control step by step on real #bugbounty programs.

Thread๐Ÿงต๐Ÿ‘‡

#cybersecurity #cybersecuritytips #infosec #hacking #bugbountytips #infosecurity Before we start, this thread will not teach exactly how Broken Access Control vulnerabilities arise, but rather a testing methodology.

If you want to learn how BAC bugs work, check this out โžก๏ธ portswigger.net/web-security/aโ€ฆ
Oct 13, 2022 โ€ข 6 tweets โ€ข 3 min read
#BugBounty Writeup Timeโฐ

Application DOS through unfinished image contents:
๐Ÿงต๐Ÿ‘‡

#bugbountytips #infosec #cybersecurity #cybersecuritytips #hacking #bugbountytip Context about target:

Small blockchain platform allowing users to launch and contribute to projects.

Projects can contain a banner image, and this is where the bug resides.

This is gonna be a short one.
Oct 5, 2022 โ€ข 10 tweets โ€ข 6 min read
Bug Testing Methodology Series:

๐—๐’๐’ (๐‚๐ซ๐จ๐ฌ๐ฌ ๐’๐ข๐ญ๐ž ๐’๐œ๐ซ๐ข๐ฉ๐ญ๐ข๐ง๐ )

Learn how to test for #XSS step by step on real #bugbounty programs.

Thread๐Ÿงต๐Ÿ‘‡

#cybersecurity #cybersecuritytips #infosec #hacking #bugbountytips #infosecurity Before we start, it should be mentioned that this thread will only focus on the testing methodology of XSS, not teaching how it works.

If you don't already know what XSS is, check this out โžก๏ธ portswigger.net/web-security/cโ€ฆ
Oct 4, 2022 โ€ข 18 tweets โ€ข 20 min read
Complete roadmap to get into #cybersecurity in 2022:

Thread๐Ÿงต๐Ÿ‘‡

#cybersecurity #cybersecuritytips #infosec #hacking #hacker #bugbounty #bugbountytips #infosecurity 1๏ธโƒฃ IT Fundamentals

Before jumping into more advanced fields, you gotta know the basics.

You can learn everything you need for FREE from
@ProfessorMesser's course โžก๏ธ professormesser.com/free-a-plus-trโ€ฆ

For reference, you should be apt for @CompTIA's A+ certification before the next step.
Sep 30, 2022 โ€ข 13 tweets โ€ข 4 min read
I gained FULL ADMIN access to other organizations.

The craziest #bugbounty I've found.

Writeup๐Ÿงต๐Ÿ‘‡

#bugbountytips #infosec #cybersecurity #cybersecuritytips First of all, I should give a little context about the target:

The target consisted of a collaboration tool for organizations/teams.

There are multiple user roles --> Member, Admin, Moderator, Leader.

It allows organizations to communicate with each other, create teams, etc.
Sep 27, 2022 โ€ข 14 tweets โ€ข 7 min read
Want to learn #coding in 2022?

Here are the BEST FREE/PAID resources for you to learn as FAST as possible.

Thread๐Ÿงต

#programming #IT #cybersecurity #code #infosec #python #java #javascript #web โœ‹Before we start, make sure to RT the first tweet to spread these tips with others.