t0mvic

This is what a $55,000 bug can look like, just add "/actuator/heapdump%23" and maybe it sticks. Sometimes devs leave Spring Boot actuator wide open. All the secrets were redacted in /env, but heapdump sends ~100MB of live server-side memory with live auth tokens. The %23 was to bypass the WAF trying to block it, sigh. Start with "/actuator" or "/actuator/health" and if it hits, try all the other possible paths. #hacking #cybersecurity

Tired of your recon data getting bloated with static files?  Here is a quick katana one-liner to actively crawl deep, parse JS, and strip out the noise (css, svg, fonts, etc.) automatically.👇 katana -u subdomains_alive.txt -d 5 -kf -jc -fx -ef woff,css,png,svg,jpg,woff2,jpeg,gif,svg -o allurls.txt

Since there was an outage yesterday I'm doing this again. 🚨 Giveaway and new course! I just released a nuclei course and we have made it a part of our Black Friday bundle. You can get all of our courses for the price of one. 🎁I’ll give some away. All you gotta do is RT & reply with which bundle you want! (I'll pick winners from both posts) More info here 👉🏼 https://t.co/0pEoZljSV1

⚡🚨 IT’S HAPPENING 🚨⚡ HACK2WIN IS OFFICIALLY LIVEEEEEE! 🔥🔥🔥 🎟️ Collect your tickets 🏆 Fill your stamp cards 💰 Win your share of over $40,000 in epic prizes The countdown is over. The games have begun. Are you ready to HACK. TO. WIN? 👀 👉 Jump in now: https://t.co/x9PKaPFJR7