CSRF:
- Check if the token is present on any form it should be
- Server checks if the token length is correct
- Server checks if parameter is there
- Server accepts empty parameter
- Server accepts responds without CSRF token
- Token is not session bound
JWT:
- None-signing algorithm is allowed
- Secret is leaked somewhere
- Server never checks secret
- Secret is easily guessable or brute-forceable
Jan 8, 2022 • 4 tweets • 3 min read
My amazing hacker rats, please be kind to each other <3 Don't start "exposing" people on profiles they never hack on .. don't start wars.
I did the same and I was wrong to do so, I said sorry in a public tweet for that.
If you want to judge, I will let my students speak though
90 pages of 5 star reviews
43 Pages with 5 star reviews
9 pages with 3 star reviews
4 pages of 2 star reviews
4 pages of 1 star reviews
Over 95 000 students on udemy... I don't think I have anything to be ashamed of :3
Lastly I want to thank everyone for believing in me <3
Jan 7, 2022 • 4 tweets • 2 min read
#bugbountytip Broad scope target: 1) Subdomain enum 2) httprobe 3) subdomain flyover 4) Nuclei (develop your own templates as well) 5) Portscan
Now pay attention
1/46) Write subdomains to database for later use 7) If new domain goes into db, do full nuclei scan 8) If new nuclei template, scan old domains
BAM testing <3 9) Optional, do a cronjob every 3 weeks with nuclei
(Companies release new software that might break other things)
2/4