OP_Vnom

@Cbervnom

“First, solve the problem. Then, write the code.” – John Johnson if (brain!=empty) { keepCODING(); } else{ orderCoffee(); }

🌎 EARTH

Joined September 2021

240 Following

212 Followers

25.4K Posts

Cbervnom retweeted

TGV Cinemas 🇲🇾

@TGVCinemas

22 days ago

The release of 'Karuppu' has been delayed. We are currently waiting for updates and refunds will be given to affected sessions. Stay tuned for updates.

TGVCinemas's tweet photo. The release of 'Karuppu' has been delayed. We are currently waiting for updates and refunds will be given to affected sessions.

Stay tuned for updates. https://t.co/9vASKcfDg2

460

27K

Cbervnom retweeted

DarkShadow @darkshadow2bd

5 months ago

Bug: passive vertical privilege escalation Severity: 9.8 (critical) Tips to find: 1. Signup as normal user (no payload) 2. Browse all options of the account 3. Search keywords in burp: role, admin, is_admin, balance etc. 4. Change the value Join telegram https://t.co/IQMHfSZASe

340

206

15K

Cbervnom retweeted

Aircorridor

@_aircorridor

6 months ago

Cloudflare hides 19.3% of all websites—but not perfectly. CloudRip scans subdomains to find IPs not behind Cloudflare protection, exposing the real origin server: https://t.co/cRzA62yQ5q @three_cube

_aircorridor's tweet photo. Cloudflare hides 19.3% of all websites—but not perfectly.

CloudRip scans subdomains to find IPs not behind Cloudflare protection, exposing the real origin server:
https://t.co/cRzA62yQ5q
@three_cube https://t.co/nFEJrKCcMq

221

120K

Cbervnom retweeted

Jenish Sojitra

@_jensec

7 months ago

I usually brute-force API paths with "Debug":true parameter and often it leads to reveal internal debug info to reverse proxies exposing API secrets and tokens.

_jensec's tweet photo. I usually brute-force API paths with "Debug":true parameter and often it leads to reveal internal debug info to reverse proxies exposing API secrets and tokens. https://t.co/CZscgKITvM

965

730

37K

Who to follow

Nhi maths thi hamre pass Electrical engineer Power system engineer

Het Mehta

@hetmehtaa

Security Engineer | Content Creator | I talk about Cybersecurity, Tech, Privacy, AI & Startups | Building @100xSecurity

Cbervnom retweeted

Cyber Security News

@The_Cyber_News

7 months ago

⚠️ EY Data Leak - Massive 4TB SQL Server Backup Exposed Publicly on Microsoft Azure Read more: https://t.co/2U5pBNA6oN A massive 4TB SQL Server backup file belonging to global accounting giant Ernst & Young (EY) was discovered publicly accessible on Microsoft Azure. The file's naming convention screamed SQL Server backup (.BAK format), which typically contains full database dumps, including schemas, user data, and, crucially, embedded secrets such as API keys, credentials, and authentication tokens. A simple HEAD request designed by researchers to retrieve metadata without downloading content revealed a massive size: 4 terabytes of data, which is equivalent to millions of documents or the contents of an entire library. To Get Daily Security Updates, add Cyber Security News ® as your preferred source on Google -> https://t.co/N1wthFiEi3 #cybersecuritynews

The_Cyber_News's tweet photo. ⚠️ EY Data Leak - Massive 4TB SQL Server Backup Exposed Publicly on Microsoft Azure

Read more: https://t.co/2U5pBNA6oN

A massive 4TB SQL Server backup file belonging to global accounting giant Ernst & Young (EY) was discovered publicly accessible on Microsoft Azure.

The file's naming convention screamed SQL Server backup (.BAK format), which typically contains full database dumps, including schemas, user data, and, crucially, embedded secrets such as API keys, credentials, and authentication tokens.

A simple HEAD request designed by researchers to retrieve metadata without downloading content revealed a massive size: 4 terabytes of data, which is equivalent to millions of documents or the contents of an entire library.

To Get Daily Security Updates, add Cyber Security News ® as your preferred source on Google -> https://t.co/N1wthFiEi3

#cybersecuritynews

510

621

203K

Cbervnom retweeted

Harshleen

@0xharshleen

7 months ago

Web Application Penetration Testing Checklist👾 Credits: @e11i0t_4lders0n 🔗https://t.co/z0Mu5mZmST

491

438

20K

Cbervnom retweeted

Mike Takahashi

@TakSec

7 months ago

TakSec's tweet photo. Google Dork - Internal Test Environments ⚙️

inurl:test | inurl:env | inurl:dev | inurl:staging | inurl:sandbox | inurl:debug | inurl:temp | inurl:internal | inurl:demo site:example[.]com

Find forgotten endpoints, try techniques 👨‍💻 https://t.co/VuAKXfcaMC

379

350

20K

Cbervnom retweeted

chux

@chux13786509

9 months ago

Hackers 🔥 This code contains at least 2 serious vulnerabilities. Can you spot them? 😋 What would be your exploit? 🤔

145

181K

Cbervnom retweeted

vx-underground

@vxunderground

10 months ago

Some group, who is Scattered Spider, or Scattered Spider-adjacent, is going schizo right now online. They're showing incredibly sensitive details from Burger King, Victoria Secret, Subaru, etc. Can someone tell me what these screenshots mean? They're posting these too

vxunderground's tweet photo. Some group, who is Scattered Spider, or Scattered Spider-adjacent, is going schizo right now online.

They're showing incredibly sensitive details from Burger King, Victoria Secret, Subaru, etc.

Can someone tell me what these screenshots mean? They're posting these too https://t.co/vn67yckeeh

121

523

175K

Cbervnom retweeted

payloadartist @payloadartist

10 months ago

A T-Mobile bug worth $12k, found by @albinowax : Simply sending a valid "Expect: 100-continue" was enough to trigger a https://t.co/wR1PgGrNH4 desync. A broken front-end Expect implementation that forwards headers fine, but chokes when the back-end sends a non-100 reply, forgetting it still needs the body. #bugbounty #bugbountytips

payloadartist's tweet photo. A T-Mobile bug worth $12k, found by @albinowax :

Simply sending a valid "Expect: 100-continue" was enough to trigger a https://t.co/wR1PgGrNH4 desync. A broken front-end Expect implementation that forwards headers fine, but chokes when the back-end sends a non-100 reply, forgetting it still needs the body.

#bugbounty #bugbountytips

321

202

23K

Cbervnom retweeted

Cristiano Ronaldo

@Cristiano

12 months ago

Sem o vosso apoio nada seria possível. Os melhores 🇵🇹

10K

915K

61K

56M

Cbervnom retweeted

payloadartist @payloadartist

12 months ago

🪲 Interesting SOQL injection bug in "contentDocumentId" parameter in Salesforce applications found by @m4st3rspl1nt3r, exposing user docs https://t.co/BMK7mJP80g

payloadartist's tweet photo. 🪲 Interesting SOQL injection bug in "contentDocumentId" parameter in Salesforce applications found by @m4st3rspl1nt3r, exposing user docs

https://t.co/BMK7mJP80g https://t.co/w4GCSmjzuo

Cbervnom retweeted

Cristiano Ronaldo

@Cristiano

12 months ago

É NOSSA!!!!!! 🏆

27K

203K

19K

90M

Cbervnom retweeted

doomerhunter (Victor Poucheret)

@DoomerOutrun

12 months ago

Hit some huge bounties collaborating with some of the top French bug hunters @0xLupin, Snorlhax, @Blaklis_ accross campaigns and the H1-6102 LHE. Never had so many large rewards in a small timeframe 🤯 Most fun I had in a long time !

DoomerOutrun's tweet photo. Hit some huge bounties collaborating with some of the top French bug hunters @0xLupin, Snorlhax, @Blaklis_ accross campaigns and the H1-6102 LHE. Never had so many large rewards in a small timeframe 🤯

Most fun I had in a long time ! https://t.co/VEc4FrB1r0

394

19K

Cbervnom retweeted

Coffin

@lostsec_

about 1 year ago

Finally added the recon module! You can now perform more detailed reconnaissance on any target using data from multiple sources. Special thanks to @Karthik__hr and @madhusudan91263 for their contributions and for continuously helping improve it day by day. site: https://t.co/pjFfqTxbZO

lostsec_'s tweet photo. Finally added the recon module! You can now perform more detailed reconnaissance on any target using data from multiple sources. Special thanks to @Karthik__hr and @madhusudan91263 for their contributions and for continuously helping improve it day by day.
site: https://t.co/pjFfqTxbZO

449

307

29K

Cbervnom retweeted

Coffin

@lostsec_

about 1 year ago

add this in your hunting list: ffuf -w subdomains.txt:SUB -w payloads/senstivejs.txt:FILE -u https://SUB/FILE -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0" -fs 0 -c -mc 200 -fr false -rate 10 -t 10 for checking in burpsuite: ffuf -w subdomains.txt:SUB -w payloads/senstivejs.txt:FILE -u https://SUB/FILE -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0" -fs 0 -c -mc 200 -fr false -rate 10 -t 10 -x http://localip:port and check for response size and words if its big or something unique you can check it manually also make sure cut https:// http:// protocol before ffuf by using this command cat subdomains.txt | sed 's|https\?://||g' >finalsubs.txt

$lostsec_'s tweet photo. add this in your hunting list: ffuf -w subdomains.txt:SUB -w payloads/senstivejs.txt:FILE -u https://SUB/FILE -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0" -fs 0 -c -mc 200 -fr false -rate 10 -t 10 for checking in burpsuite: ffuf -w subdomains.txt:SUB -w payloads/senstivejs.txt:FILE -u https://SUB/FILE -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0" -fs 0 -c -mc 200 -fr false -rate 10 -t 10 -x http://localip:port and check for response size and words if its big or something unique you can check it manually also make sure cut https:// http:// protocol before ffuf by using this command cat subdomains.txt | sed 's|https\?://||g' >finalsubs.txt$