Hey, don't miss Tim's YuraScanner presentation today at 11:40 in session 2B, "Web Security" at NDSS '25!
Our new task-driven web security scanner features LLM, XSS, and a pinch of 0-days.
I've made over 100k on SSRF vulnerabilities.
They aren't always as simple as pointing it at localhost or AWS Metadata service.
Here are some tricks I've picked up over the past 5 years of web app testing:
$15k+ Worth of IDORs in the past couple of months; it takes a lot of manual verification, but use this regex in BurpSuite in order to filter out potential parameters:
(?i)\b\w*id\b(?!\w)\s*=\s*("[^"]*"|'[^']*'|[^&\s}]*)
#bugbountytips#CyberSecurity
📣 Stealth and supercharging your offensive security testing using:
🔥 Axiom 🔥
by @pry0cc & @0xtavian
Resources and musings on this epic framework.
👇a thread👇
💰 New article by our researcher Andrey Bachurin: "Binance Smart Chain Token Bridge Hack"
The article explains the technical details of one of the largest cryptocurrency hacks ever.
Read the blog post: https://t.co/JGfoGOPe7K
🔍 My ultimate workflow for simple and easy JavaScript Analysis
⚡️ Comprehensive JavaScript analysis in offensive security, appsec testing, and red teaming wins.
Often you can find juicy hidden endpoints, parameters, & domains buried JS!
A thread 🧵 1/x
👇
Are you constantly struggling to keep up with the information security cyber security, bug bounties…the list goes on 🙄
So much info but such little time ⏱️
Check out the newsletters I use the most to keep up with the industry below 📬
A thread 🧵
1/7
I don't think this blog post has been shared enough times, but this is what got me into smart contract security, I have read it countless times. Written by code4rena's #1 @cmichelio
https://t.co/wXtoXeXje4
If you want to master SSRF, open this thread!
Server-Side Request Forgery vulnerabilities are attacks that allow attackers to send arbitrary requests from the server often resulting in gaining authorized access to data!🤯
A Thread 🧵👇
Read my blog on how I was rewarded $$$ for HTTP Request Smuggling leading to webpage defacement:
https://t.co/28BdmRXZEm
Collaborated with @masquerad3_r 🤝
None => Critical (10/10)
Second Order Account Takeover :
(attacker's VERIFIED email attached to attacker's UNVERIFIED email merged can takeover vicitm's VERIFIED account)
H1 : Closing as Self Account Takeover (none).
Me : Should I Takeover your Account?
H1 : Sure!
Me : BOOOM
If you want to master API security, open this thread!
APIs are used EVERYWHERE for applications to communicate, but let's see how you can HACK them! 👩💻
A Thread 🧵👇
Audited an OSS product running on a Synack target, found over 20 vulns (0 days) including RCE, XXE, path traversal, auth bypass, and many XSS. Hoping to summarize in a blog post once they (and the product) can be safely disclosed. I love this stuff!
In past 2 months I wrote a lot about Smart Contract and Blockchain security. Here is the recap of @SolidityScan blogs. RT if you find it valuable :)
A thread 1/12
1) Access Control vulnerabilities in Smart contracts
https://t.co/eNNIMRQHT0
#security#smartcontracts
Add to your list #SQL#injection payload #BugBounty
1%27/**/%256fR/**/50%2521%253D22%253B%2523
==
"0\"XOR(if(now()=sysdate(),sleep(9),0))XOR\"Z",
===
query=login&username=rrr';SELECT PG_SLEEP(5)--&password=rr&submit=Login
==
' AND (SELECT 8871 FROM (SELECT(SLEEP(5)))uZxz)
-> On Web App UI 403 Forbidden to low-level user to access this endpoint: /admin/users
-> I got API Endpoint : /API/users/v1/users -> 403 Forbidden
-> API Endpoint on BurpJSLinkFinder : /API/users/v1/users/basic -> Full organization users email,firstname,lastname,role disclose
Perhaps you already know what IDORs are.
They are very COMMON.
But did you know about Second Order IDORs?
If not, @ozgur_bbh wrote an AWESOME blog about this lesser known class of bugs
Read it👇
https://t.co/uoFt6ItOvC
#bugbounty#bugbountytips#infosec#CyberSecurity
This is simply one of the best resources on AD #Pentesting that I came across!
It contains nearly all you need to know about attacking Active Directory
Very useful if you are prepping for OSCP
https://t.co/DECHyCe7DN
#infosec#cybersecurity#redteam#Azure#blueteam#Linux