- Run all your subdomain tools
- uniq them
- Pass that list to: "amass enum -nf domains.txt" to insert them into the amass database.
Then track new findings each day via:
amass track -d https://t.co/PJOG8MCAFq | grep "Found"
#bugbountytips#bugbountytip
thanks @jeff_foley
Another long (hacker) story thread 🧵
= Stealing checks worth millions & pwning a bank =
Here’s how I did it, so you can learn.
I was once contracted to do a penetration test on a bank…
Like, retweet, and follow for more hacker stories!
(1/x)
A #WAF can be easily fooled if a " is replaced by a \" and your injection happens in the HTML context. #XSS
Example (alert not obfuscated):
Injection:
<Img Src=" OnError=alert(1)//">
Reflection:
<Img Src=\" OnError=alert(1)//\">
A similar one is here:
https://t.co/1TfS9CHeJX
Want to find XSS in a list of 100000 URLs?
This will give you all the URLs that have parameters commonly vulnerable to XSS.
cat urls.txt | uro | parth --pipe xss
Found an XSS filter that allows SVG-based tags? Try the 'use' element, you can import a SVG via a data url and execute JavaScript automatically!
https://t.co/orvNmYLwGE
CHEAT SHEETS PDF 🚀
Trading Tips, Tricks and Cheat Sheet to help you become a better trader.
Compiled in a PDF.
Share. Learn. And use it in the Day Trading Course.
Link- https://t.co/AUYHBFAUCh
*** 1st #KNOXSS GIVEAWAY! ***
Like and RT this to have a chance to win one of the following:
* 1 KNOXSS Pro Subscription 3-month
* 1 KNOXSS Pro Subscription 6-month
* 1 KNOXSS Pro Subscription 1-year
Winners of this draw will be announced in 72hs, good luck! 😀
CERT-In encourages responsible vulnerability research in the country and invites security researchers to report software vulnerabilities to CERT-In. For more details refer to CERT-In Vulnerability Disclosure Policy.
https://t.co/9SH0MU6uBH
#SecureDigitalIndia#SecureMakeInIndia
And it's live!
Missed the recon village at #NahamCon2021 since you were busy watching the main track? Come watch my talk on youtube on building faster-than-light reconnaissance!
Let me know what you think!
https://t.co/StgQG6R2rS
If you think I have contributed good stuff to open source, consider nominating me here: https://t.co/pzTuJVKPPw
I really want this cute octocat plushie!
#VirSecCon2020 CTF registration is now OPEN! Joining forces with @thecybermentor and @NahamSec for one awesome online virtual security conference, and flattered to help host the CTF! Go register! Go go go!
https://t.co/NhdFtOoASV
I always had a hard time finding @GoogleVRP writeups beacuse they were all over the place in different blog posts, so I made this. If you know of something that is not in there, you are more than welcome to contribute! 🎉
#BugBonty#infosec#GoogleVRP
https://t.co/UAIHqm50bO
This episode of the stream started a bit rocky due to my setup but the conversation definitely made up for it! Check out what @stokfredrik had to say about team DISTURBANCE, getting started with bug bounties, and @hacker0x01's live hacking events!
https://t.co/CDx2PAs1sn