Top Tweets for #hackertips
β οΈ For Educational Use Only
π‘οΈ Use these responsibly in legal environments.
#EthicalHacking #CyberSecurity #LinuxForHackers #BugBounty #TerminalCommands #InfoSec #HackerTips #HackThePlanet
Time to pivot our threat modeling and user education strategies
π 6/ Protect yourself:
Donβt download "fixes" from unverified sources
Check URLs closely
Use sandboxing for suspicious links
Educate non-tech users β theyβre the prime targets
#CyberAware #HackerTips
Everything About SQL Injection π
πTags
#SQLInjection #CyberSecurity #EthicalHacking #WebSecurity #BugBounty #InfoSec #Pentesting #OWASP #DatabaseSecurity #HackerTips

π¨#opensourcesecurity release alertπ¨
asnmap v1.0.6 is out! Try it out today to grab #CIDR ranges from Organization names, #ASN numbers, IP addresses, and Domain names today!
#bugbountyhunting #ossrelease #hackertips
#HackerTalk: todo lo que necesitas saber sobre el proceso para unirte a la comunidad de #CyScope y cΓ³mo crecer dentro de nuestra plataforma de #bugbounty!
#bugbountytips #hackertips #ethicalhacking #hacking
LDAP injection auth bypasses
1. *
2. *)(&
3. *)(|(&
4. pwd)
5. *)(|(*
6. *))%00
7. admin)(&)
#LDAP #auth #bypass #HackerTips
[HACKER TIP] Top Burp Suite Extensions:
1- Turbo Intruder
2- J2EEScan
3- Autorize
4- Active Scan++
5- Collaborator Everywhere
6- Param Miner
7- JSON Beautifier
8- Upload Scanner
9- Freddy
10- Logger++
#bugbounty #hackertips #BurpSuite
![freeprogrammers's tweet photo. [HACKER TIP] Top Burp Suite Extensions:
1- Turbo Intruder
2- J2EEScan
3- Autorize
4- Active Scan++
5- Collaborator Everywhere
6- Param Miner
7- JSON Beautifier
8- Upload Scanner
9- Freddy
10- Logger++
#bugbounty #hackertips #BurpSuite https://t.co/OKbjn8fdQ2](https://pbs.twimg.com/media/FRlB0bbWQAE3ofX.jpg)
[HACKER TIP] Top Burp Suite Extensions:
1- Turbo Intruder
2- J2EEScan
3- Autorize
4- Active Scan++
5- Collaborator Everywhere
6- Param Miner
7- JSON Beautifier
8- Upload Scanner
9- Freddy
10- Logger++
#bugbounty #hackertips #BurpSuite
![YogoshaOfficial's tweet photo. [HACKER TIP] Top Burp Suite Extensions:
1- Turbo Intruder
2- J2EEScan
3- Autorize
4- Active Scan++
5- Collaborator Everywhere
6- Param Miner
7- JSON Beautifier
8- Upload Scanner
9- Freddy
10- Logger++
#bugbounty #hackertips #BurpSuite https://t.co/baeBwXY1Tf](https://pbs.twimg.com/media/FRg3BWJXwAIUHRI.jpg)
[HACKER TIP] If you ever find LibreOffice is being used for file conversion there is a potential SSRF that you can exploit by injecting your payload in the XML.
#bugbounty #hackertips
![YogoshaOfficial's tweet photo. [HACKER TIP] If you ever find LibreOffice is being used for file conversion there is a potential SSRF that you can exploit by injecting your payload in the XML.
#bugbounty #hackertips https://t.co/g4id8WRptv](https://pbs.twimg.com/media/FQJX0B_XEAImycx.jpg)
[HACKER TIP] If you are testing Open Redirect but there is a blacklisted character, you can test it with a chinese dot to bypass it or any other Unicode Character.
example:
redirect_to=////evil%E3%80%82comΒ
#bugbounty #hackertips #openredirect
![YogoshaOfficial's tweet photo. [HACKER TIP] If you are testing Open Redirect but there is a blacklisted character, you can test it with a chinese dot to bypass it or any other Unicode Character.
example:
redirect_to=////evil%E3%80%82comΒ
#bugbounty #hackertips #openredirect https://t.co/eXeEwOp13P](https://pbs.twimg.com/media/FOI8-gOX0AYySFd.jpg)
[HACKER TIP] If you are trying to do an SSRF with XXE but some XML entities are blocked, you can try using XML parameter entities.
#bugbounty #hackertips #XSS
![YogoshaOfficial's tweet photo. [HACKER TIP] If you are trying to do an SSRF with XXE but some XML entities are blocked, you can try using XML parameter entities.
#bugbounty #hackertips #XSS https://t.co/WPyRY3phc1](https://pbs.twimg.com/media/FNWWYZ6XoAEXxiJ.jpg)
[HACKER TIP] If you came across SSTI in a go application, it is worth trying the following payload
{{define "T1"}}<script>alert(1)</script>{{end}} {{template "T1"}}
to achieve XSS and bypass HTML sanitization.
#bugbounty #hackertips #XSS
![YogoshaOfficial's tweet photo. [HACKER TIP] If you came across SSTI in a go application, it is worth trying the following payload
{{define "T1"}}<script>alert(1)</script>{{end}} {{template "T1"}}
to achieve XSS and bypass HTML sanitization.
#bugbounty #hackertips #XSS https://t.co/akSc42aeTj](https://pbs.twimg.com/media/FM8fi9PXMAcnv_k.jpg)
[HACKER TIP] If you find a blind error based XXE but out-of-band interactions are blocked you can use a system DTD and redefine an entity that is declared within that DTD.
#bugbounty #hackertips
![YogoshaOfficial's tweet photo. [HACKER TIP] If you find a blind error based XXE but out-of-band interactions are blocked you can use a system DTD and redefine an entity that is declared within that DTD.
#bugbounty #hackertips https://t.co/3JLuqKfuDW](https://pbs.twimg.com/media/FMJPo9hXIAsjYe2.jpg)
[HACKER TIP] Don't forget to check the subdomain records, and if it is pointing to a service (such as Github Pages .. ) that has been removed or deleted. You can takeover this subdomain if you follow these stepsπ₯
Thanks @BenaliSemah for the tip π
#bugbounty #hackertips
![YogoshaOfficial's tweet photo. [HACKER TIP] Don't forget to check the subdomain records, and if it is pointing to a service (such as Github Pages .. ) that has been removed or deleted. You can takeover this subdomain if you follow these stepsπ₯
Thanks @BenaliSemah for the tip π
#bugbounty #hackertips https://t.co/ZZ9mewxH4N](https://pbs.twimg.com/media/FLocwLEX0AAs855.jpg)
[HACKER TIP] If you got an SQL injection in MSSQL you can elevate the severity of the bug by getting an RCE By enabling xp_cmdshell and then you can execute commands by typing
EXEC xp_cmdshell 'Command Option';
Credit: @H4MA_TN
#bugbounty #hackertips @YogoshaOfficial #OSINT
![cyethack's tweet photo. [HACKER TIP] If you got an SQL injection in MSSQL you can elevate the severity of the bug by getting an RCE By enabling xp_cmdshell and then you can execute commands by typing
EXEC xp_cmdshell 'Command Option';
Credit: @H4MA_TN
#bugbounty #hackertips @YogoshaOfficial #OSINT https://t.co/ioTUQnIhlt](https://pbs.twimg.com/media/FLFYNhpUUAQG627.jpg)
[HACKER TIP] If you got an SQL injection in MSSQL you can elevate the severity of the bug by getting an RCE By enabling xp_cmdshell and then you can execute commands by typing
EXEC xp_cmdshell 'Command Option';
Thanks @H4MA_TN for the tip π
#bugbounty #hackertips
![YogoshaOfficial's tweet photo. [HACKER TIP] If you got an SQL injection in MSSQL you can elevate the severity of the bug by getting an RCE By enabling xp_cmdshell and then you can execute commands by typing
EXEC xp_cmdshell 'Command Option';
Thanks @H4MA_TN for the tip π
#bugbounty #hackertips https://t.co/EJhNUAir0l](https://pbs.twimg.com/media/FLBO8KzXMAYa-7c.jpg)
[HACKER TIP] Donβt forget to test if βnullβ origin is reflected in Access-Control-Allow-Origin header since some developers always use it for local development and tests. You can obtain the null origin and exploit it using a sandboxed iframe. π
#bugbounty #hackertips
![YogoshaOfficial's tweet photo. [HACKER TIP] Donβt forget to test if βnullβ origin is reflected in Access-Control-Allow-Origin header since some developers always use it for local development and tests. You can obtain the null origin and exploit it using a sandboxed iframe. π
#bugbounty #hackertips https://t.co/9FmDHyTQxs](https://pbs.twimg.com/media/FGFeRTeXIAMb08f.jpg)
[HACKER TIP] Make sure to always add these headers X-Originating-IP,X-Forwarded-FoR,X-Remote-IP,X-Remote-Addr,X-Client-IP,X-Host,X-Forwarded-Host to your requests with some internal IPs . You may end up bypassing some restrictions.
@BelkahlaAhmed1
#bugbounty #hackertips
![YogoshaOfficial's tweet photo. [HACKER TIP] Make sure to always add these headers X-Originating-IP,X-Forwarded-FoR,X-Remote-IP,X-Remote-Addr,X-Client-IP,X-Host,X-Forwarded-Host to your requests with some internal IPs . You may end up bypassing some restrictions.
@BelkahlaAhmed1
#bugbounty #hackertips https://t.co/JCW3EH6STh](https://pbs.twimg.com/media/FDLS00uX0AIjEpg.jpg)
Finding a hard time to achieve CSRF ? Try using HEAD requests with POST data passed as GET parameters to bypass some protections.
Exp: HEAD Request to /login username=foo&password=foo
#bugbounty #hackertips

Blocked by WAF? use DNS History, find origin ip address of the target by looking for inactive subdomains in the records, CDN or try accessing other services such as https://t.co/3qoQvnhX3Z
πUse https://t.co/yDLSfpico5 or https://t.co/WZcBF11MAt
#hackertips @Ging_Freex

Last Seen Hashtags on Sotwe
hemet
CumInMouth
Seen from Netherlands
γγΆγγΆMYERA
Seen from United States
EndofTheYearDramaChallenge2021
Seen from United States
cuteboys
Seen from Germany
destroyingcars
Seen from Venezuela
sister #incest
κ΅Ώλμ΄νΈ
Seen from Korea
xlii or #exny or #momson or #nolimit() +filter:native_video
Seen from Netherlands
familiaRue
Seen from United States
Most Popular Users

Elon Musk 
@elonmusk
240.8M followers

Barack Obama 
@barackobama
119.2M followers

Donald J. Trump 
@realdonaldtrump
111.7M followers

Cristiano Ronaldo 
@cristiano
111.1M followers

Narendra Modi 
@narendramodi
107M followers

Rihanna 
@rihanna
97.8M followers

NASA 
@nasa
92.2M followers

Justin Bieber 
@justinbieber
91M followers

KATY PERRY 
@katyperry
87.9M followers

Taylor Swift 
@taylorswift13
81.7M followers

Lady Gaga 
@ladygaga
73.3M followers

Virat Kohli 
@imvkohli
70.3M followers

Kim Kardashian 
@kimkardashian
69.9M followers

YouTube 
@youtube
68.7M followers

Bill Gates 
@billgates
64M followers

Neymar Jr 
@neymarjr
63.1M followers

The Ellen Show
@theellenshow
62.4M followers

CNN 
@cnn
61.9M followers

Selena Gomez 
@selenagomez
61M followers

X 
@x
60.8M followers











