I have just completed the LLM Output Attacks module on HTB Academy! https://t.co/NqTIaduwFI
This skills assessment is little arduous
#hackthebox#htbacademy#cybersecurity
I am not less if I ask for help.
I am not a failure if I ask for help.
I am not weak if I ask for help.
I am not an imposter if I ask for help.
I am not a burden if I ask for help.
I am not alone. Everyone needs help.
Repeat after me…
Bug Bounty SQL Injection Waf Bypass Tips:
In bug bounty programs, when you want to bypass a context, you need to know that context and technology very well, or you can quickly learn it by looking at the documentation. For example, understanding the regex logic in a blacklist or finding alternative characters for functions that enter a blacklist.This case study I'm about to describe focuses on that, so let's get started. I want to describe an interesting SQL Injection WAF bypass we found on a new target while bug bounty with Anduricaser in the @SynackRedTeam.
One of the most common developer mistakes we encounter is that instead of fixing vulnerabilities, developers apply blacklists. This leads to hackers eventually bypassing vulnerabilities if they exist, instead of solving the problem at its root. For example, in previous cases, payloads obtained were banned, meaning functions like `datecreated` couldn't be used. However, by calling the `contentsize` function, data could be easily extracted using the `1'or+ContentSize=2955534+and+not+documenttitle+like+'sy` payload.
#BugBounty #bugbountytips #sqlinjection #SecureCoding
GIVEAWAY TIMEEEE - 3000x @Burp_Suite course FREEEEE
https://t.co/THJNeNBGW1
https://t.co/Pk3Gb7uVBf
https://t.co/4V3W8tHJnw
It is the season of giving so please share this so others can take advantage <3 if none of the codes say FREE anymore they are all taken
Everyone can earn min. $50.000 per year in a Web3 Security.
Sadly, most people are lost before they even begin.
Here’s the guide how to earn your first 50k$ as an auditor.
Black Friday Giveaway!
Please Follow @AlteredSecurity, Repost, Like and Comment on this post to win a CRTP voucher for 30 days. We will announce two random winners tomorrow (27th November 2024).
https://t.co/Ts522h2gj7
#redteam#pentesting#azure
🚨 The Only Web3 Security Advice You Need 🚨
Imagine you’ve studied a subject in school for two years, barely paying attention while others excelled. Now, you want to be the top student. What’s your move? 🤔
The only way forward is to review all the past material and retake your failed exams. Once caught up, you’ll be on par with the top students.
💡 But here’s the key:
While others focus on staying current, you can go further by studying 2-3 lessons ahead. This is where you outsmart everyone, always staying ahead. From there, it’s all about consistency and revisiting the same materials over and over. 📚
In Web3 security, this principle applies by studying all the issues that earned others money. 🤑
You want exactly that, right? - MONEY💰
You will NEVER earn anything if you think you can just solve the equation (in this case, find bugs). How can you solve it when you don’t even know what you’re looking for? 👀
Just found this badass Github repository that @0xKaden (who I've had the luck to work with before) compiled.
List of 30-40 smart contract security vulnerabilities, some of which have paid out tens of thousands of $$$ to researchers before.
Check it out👇
https://t.co/UkxdZ7iL83
🎖️ FREE Certified Network Security Practitioner (CNSP) Exam!🎖️
**No discount code needed**
Here's how to claim your offer:
1️⃣ Like and share this post.
2️⃣ Fill out this Google form: 📝https://t.co/oM5DRMpGKO
3️⃣ After submitting the form, we will email you the exam details. 💯
🔗For more information, click here:
https://t.co/F1ovV9MQkB
'All-In-One Regex' by @h4x0r_dz for searching leaked keys and secrets is a must-have. Here is how I was able to find a P1 recently using BurpSuite, The leaked secrets allowed me to see some employee related juicy info. Link: https://t.co/U7At9SmlzT #BugBounty