I'm very happy to finally share the second part of my DOMPurify security research 🔥
This article mostly focuses on DOMPurify misconfigurations, especially hooks, that downgrade the sanitizer's protection (even in the latest version)!
Link 👇
https://t.co/Hg1MkqVuGw
1/2
If you want to find domains associated to an organization, you can explore DuckDuckGo's tracker-radar.
It's a publicly accesible dataset that stores web tracking information, including domains operated by an organization.
https://t.co/uQUT5My8ud
I interviewed over 70 backend engineers in the last 2 years.
I created a Notion based "Learn Backend Development Pack V3" that contains a learning path to become a backend dev based on ONLY FREE resources.
Retweet and reply with "free" and I'll DM it to you.
(need to follow)
$15k+ Worth of IDORs in the past couple of months; it takes a lot of manual verification, but use this regex in BurpSuite in order to filter out potential parameters:
(?i)\b\w*id\b(?!\w)\s*=\s*("[^"]*"|'[^']*'|[^&\s}]*)
#bugbountytips#CyberSecurity
OSINT TIP #204🕸️
Web-Check: All-in-one website OSINT tool for analysing any website
The dashboard will show - IP info, SSL chain, DNS records, cookies, headers, domain info, page map, server location, open ports, traceroute
https://t.co/1OHwvMBkun
@Lissy_Sykes👏
#OSINT#WEBINT