log4j, ms17-010, and other type of vulns you can deal with them using snort rules isn't that amazing. Snort Challenge - The Basics - I have just completed this room!https://t.co/FuAHNBUfxD #tryhackme#Snort2#IDS#IPS#log4j#snortchallenges1
I've decided to put a screenshot showing the hex editor view of a Turla Kazuar sample behind acrylic glass on my desk to always remind me, why I am doing all this ...
because I 💛 to be a pain in the neck of the bad guys
https://t.co/LnoC5rwkWV
Open Source Intelligence: Finding Vulnerable Systems Online with Netlas
The Newest and Best Site to Find System Vulnerabilities that Every Pentester Should Know
https://t.co/traQYFG71O
هكلم في الثيرد ده عن js تقدر تستفيد منها ازاي bug bounty
java script
موجودة في الويب ابلكيشنز كلها تقريبا هي المسؤوله عن اي تفاعل بيحصل في الموقع: JavaScript ممكن استخدامها لإنشاء عناصر في صفحة الويب قابلة للتفاعل زي buttons المتحركة ووبتستخدم في عملية validation
Here is how I chained two bugs to exploit a UUID based IDOR and gained access to admin panel.
🧵THREAD🧵
1. How I knew that the target uses the same panel for both (normal users and admins)?! This is because of two things, the first one is through subdomain enumeration
@Caleepha_ms Uuid is near impossible to bruteforce, so you need to find if you could leak it from somewhere, a JS file or another endpoint that gives you the UUID of another user ...
But if you tried first with you 2 accounts and it didn't works, then it may be not vulnerable to IDOR