💉 You cannot ignore to lookout for SQL Injection vulnerabilities if you want to make $$$$ bounty.
To master SQL injections, open this thread of massive resources 👇
1️⃣ SQL injection by @PortSwigger
🌟 PortSwigger Academy offers excellent resources to learn about web vulnerabilities like SQL injection, providing interactive labs for practical skill enhancement.
🕵️♂️ New to bug bounty hunting? Here's a beginner-friendly thread with 10 must-do steps to kickstart your journey!
From starting small to staying ethical, this list has got you covered.😉
1️⃣ Begin with hacking VDPs
This will help you to develop skills gradually rather than aiming for big rewards right away.
2️⃣ Understand Program Rules:
Familiarize yourself with bug bounty program rules for each company before starting testing to avoid misunderstandings.
Mar 31 • 7 tweets • 2 min read
Top 5 DevSecOps platforms to learn Cybersecurity in 2024 👇
1️⃣ AppSecEngineer: This platform offers hands-on, full-stack security training tailored to various skill levels and roles, including developers, cloud beginners, and security architects.
Github dorks are super useful and can easily get you $$$$ bounty with correct dorks 🚀
So what should I dork for?
Learn in this thread below 👇
1️⃣ First, what are GitHub dorks?
These are advanced search queries specifically crafted to find sensitive information like API keys, passwords, credentials, and more, often left exposed in code repositories.
Feb 24 • 10 tweets • 4 min read
If you want to master SQL injections, open this thread!
💉 SQL Injection is a P1 vulnerability and can easily help you earn $$$$💸
2️⃣ Cheatsheet by @pentest_swissky
🌟 PayloadsAllTheThings serves as a goldmine 🏆 for database hacking, with cheat sheets 📝 for sneaky tricks to break in and mess around. 🕵️♂️💻
Check out this thread to find 10 beginner friendly Youtube channels to learn Cybersecurity at ease 🧵👇
1️⃣ Network Chuck: Provides engaging tutorials and career advice on networking and cybersecurity.
This Extension assists in finding authorization vulnerabilities by automatically testing each request for different levels of access control. It helps in discovering endpoints with insufficient authorization checks.
Every beginner bug bounty hunter MUST check this thread.
One of the most easiest bugs you can find as a beginner and make $$$🧵👇
⚡ Email Injection.
Email Injection is a vulnerability that lets a hacker abuse email-related functionality, such as email contact forms on web pages, to send malicious email content to arbitrary recipients. It is based on injecting end-of-the-line characters.
Dec 6, 2023 • 8 tweets • 3 min read
🧙♂️ As a beginner bug bounty hunter, it can be often confusing to hunt on applications if you do not have a checklist.
Here are 5 high-quality checklists/cheatsheets/methodologies which can help you organize and hunt better 🧵👇
#bugbounty #cybersecurity #infosec
1. This repo contains tips and tutorials for bug bounty and also penetration tests.
This contains checklist for a lot of attack vectors such as API Security, OSINT, SSRF, 2FA Bypass and a lot more.
Want to learn Active Directory Pentesting for FREE?
No worries, open this thread 👇🧵
#cybersecurity #activedirectory
1️⃣ To learn active directory, I highly recommend you checkout @TCMSecurity 's free course on hacking active directory here:
#bugbounty #infosec
1. API Exposure :
- APIs can have different levels of visibility. Some may be accessible to the internet while others are only available internally. There are multiple ways to access these APIs, including:
Jun 19, 2023 • 14 tweets • 5 min read
😱 I watched @GodfatherOrwa 's insightful talk "The Power of Shodan - Leveraging Shodan for Critical Vulnerabilities" at @NahamSec 's #NahamCon2023 and have condensed the ~25 minute talk for you to read in 2 minutes.
Here's some interesting bug bounty tips and tricks ⬇️ 1. To find all information related to *.target.*, you first need to identify the organization's name. You can do this by clicking the lock icon -> connection is secure -> certificate is valid.
This is wrt Brave/Chrome, there will something similar for those using Firefox.
😱 I asked ChatGPT "What are some of the unpopular SQL injection areas" and this is what it replied.
🧵👇
#bugbounty#cybersecurity#infosec#sqli1. Error messages: Sometimes error messages can reveal important information about the application's database, such as table names or column names. An attacker can use this information to craft a SQL injection attack.
Mar 27, 2023 • 4 tweets • 3 min read
☃️Bug Bounty Beginner's Roadmap☃️
Many of you have asked me how to get started at bugbounty and what are the pre-requisites to get started.
This repository contains nearly everything you need to know and can help you get started easily with a variety of resources.
Worry no more. Open the thread below and master to core!
🧵👇
1. Pre-requisites
I still believe you can get into Cybersecurity without having little to no technical knowledge. That being said, if you want to master the art I would highly suggest you to learn these topics:
1. Networks 2. Operating Systems 3. Programming - Python/Bash/JS
Jan 31, 2023 • 11 tweets • 4 min read
7 GitHub profiles to star if you are into Bug Bounty.