If you're a beginner in #infosec, amidst the AI FOMO, some tips :-
- Learn JavaScript!! (I can't stress this enough)
- Expose yourself to a variety of technologies.
- Read a lot of writeups(helps build pattern-matching skill)
- Try to do hard things and Don't get comfortable.
Hello everyone ♥
a little bit write-up of #bugbountytip#bugbountytips I am going to write here .....
Title:
getting unauthorized access on 3rd party's/workspaces & and building your checklist for quickly locating bugs there via massive recon
we know that its helpful to look…
.@gr3pme's threat modelling methodology when approaching new targets.
The goal is to list every possible attack vector, regardless of likelihood, as a reference for future exploration.
This is a powerful yet extremely underrated skill for bug hunters! Take note!
What’s the current best cli based tech/stack identification / fingerprinting tooling out there today? Used to love github.com/urbanadventure… are there any newer and better tools?
Yesterday, I tried to find out where the Deepseek servers are located, but I couldn't because they are Cloudflare-protected. Just now, someone randomly sent me a link to: "CF-Hero is a reconnaissance tool that uses multiple data sources to discover the origin IP addresses of…
Just released my blog post "Bidding Like a Billionaire - Stealing NFTs With 4-Char CSTIs"! It's about a very impactful and technically interesting client-side bug I found in a major NFT site.
matanber.com/blog/4-char-cs…
Understanding EVERY Token in Entra ID 🔎
Not all tokens are equal. There are many different types with different uses and benefits.
In this blog, I break down each token and what they are used for and which tokens are the most "valuable" for an attacker to obtain.
Full blog…
🚨Ilya Sutskever finally confirmed
> scaling LLMs at the pre-training stage plateaued
> the compute is scaling but data isn’t and new or synthetic data isn’t moving the needle
What’s next
> same as human brain, stopped growing in size but humanity kept advancing, the agents and…
Almost 700 hours into bug bounties. Out of 40 programs I spent time on, I only got paid on 5.
There's a pattern I noticed and I think it's worth sharing.
Here's my analysis: (a thread - 1/x)
#bugbounty#bugbountytips
Ever wonder why some people succeed while others don't? 🙋
It all comes down to taking action.
🙄 Most people have ambitions and goals, but very few actually take the necessary steps to achieve them.
Let's dive into this concept 🧵👇
Becoming a pro in finding client-side bugs is simple. Not easy, but simple.
1. Go through a JS tutorial and understand the basics.
2. Ready everything on this blog 8x until you understand it: ysamm.com
3. Read JS for Hackers by @garethheyes 4x
Then go hack stuff
Just released the write-up for CVE-2024-4367, a bug I found recently in PDF.js (and hence in Firefox), resulting in arbitrary JavaScript execution when opening a malicious PDF.
codeanlabs.com/blog/research/…
@ctbbpodcast Here is a small tool I wrote to do just this mentioned in the video... it will take a large list of URLs and it will extract every possible path for use in fuzzing or content-discovery... or something like nuclei.
Content discovery is easier doing this.
github.com/maliciousgroup…
25K Followers 26K FollowingA Hacker who is A Lover of People, and Life @RetroTwinz @Secbsd, @GrumpyHackers, @NovaHackers, @deadpixelsec @hacknotcrime Advocate @PositivelyBlue_ OSCP, OSWP
0 Followers 166 FollowingRecruiting webshell engineers to penetrate websites, with a monthly salary of up to $100,000. If interested, please contact https://t.co/JySDJ8VMjw
3K Followers 1K FollowingExterminator H1-6102 Salesforce | Most Impactful Team H1-0131 AWS x Amazon | Best collab H1-407 - Epic Games | Bootstrapped a 7 figs biz | Victor Poucheret
5K Followers 265 Following2019 DoD Researcher of the Year https://t.co/WJsuwNRVyU
Former HackerOne top50 alltime (retired)
Security Consultant at @TezosCommons
3K Followers 5 Following💡 A bug bounty tip once in a while, keeps every hunter hacking with a smile! 😃
Account created by @intigriti to host tips for the community, by the community
22K Followers 9 FollowingYour new async coding agent by @GoogleLabs. Built for devs, open to feedback, evolving with you. Dive in → https://t.co/iIzFEMmWgv
4K Followers 1 FollowingUpdates & announcements related to Meta Bug Bounty program.
If you have found a security vulnerability, we encourage you to let us know ⬇️
25K Followers 26K FollowingA Hacker who is A Lover of People, and Life @RetroTwinz @Secbsd, @GrumpyHackers, @NovaHackers, @deadpixelsec @hacknotcrime Advocate @PositivelyBlue_ OSCP, OSWP
223K Followers 6K FollowingFounder @Binary_Defense @TrustedSec Co-Owner https://t.co/HQC75WhdJh. @WeHackHealth Pod. God + Family/Hacker/CSO/USMC/Intel/Fitness. Make the world a better place.