A thread🧵
💸Secrets of automation-kings in bug bounty💸
Finding 1day (or 1month) web exploits that haven't made their into scanners yet can make you big money.
Read more to understand where and how to get an edge in this area!
🚨Retweet, follow, & like for more! 🚨
1/x
Time for another giveaway!
We are going to send a t-shirt and a few goodies to one person who follows @PentesterLab and retweets this tweet!!
And we are going to give a 12-month voucher to someone who follows @PentesterLab and likes this tweet!!
👮 Hacking into several Prisons 👮
Here's how I did it (legally), and what I learned along the way!
A thread for security testers and cyber security pros
🧵👇
🔍 My ultimate workflow for simple and easy JavaScript Analysis
⚡️ Comprehensive JavaScript analysis in offensive security, appsec testing, and red teaming wins.
Often you can find juicy hidden endpoints, parameters, & domains buried JS!
A thread 🧵 1/x
👇
Some of the major vulnerabilities and related POC’s:
➡SQLi
➡XSS
➡SSRF
➡XXE
➡Path Traversal
➡Open Redirection
➡Account Takeover
➡Remote code execution
➡IDOR
➡CSRF
#hacking#bugbounty#bugbountytips
Are Found Below🧵(1/n)👇
Something that sounds like a super-spicy hot take but actually I don't think it is: recycling plastic is at the moment not a very good idea, and putting it in landfill guarantees it won't end up in the South China Sea https://t.co/Yo0ltfeKBn
🎉New Website published🎉
🎁To celebrate the launch of the new website, we are giving away three annual Burp Bounty Pro licenses!
👉To participate you have to retweet and like. The winners will be announced on September 30.
👉https://t.co/DXxo2SKrY7
I love this story because it reminds me that one person can make a difference.
In 1979, Jadav Payeng began planting a tree every day for 37 years — results are stunning
I’ll always put some effort into context-specific wordlists. I spent a good few hours putting some together during the last @Bugcrowd bug bash and ended up scoring a P1 because of them.
Some examples 👉🏻🧵