A lot of you guys were requesting Gitbook for HowToHunt. It took hell lot of work to arrange them 😓, hope so you like it, and make some pull request, what's left.🙂 Here you go: 🔥 https://t.co/MWI5jlYnYI #bugbountytips #bugbounty #BugBountyTips

EXCLUSIVE: 200+ Government of India websites have been hacked! From Google, they now redirect to vc66 [dot] net, a domain registered on Dec 21, 2024. Its an online money-making scam but links to malware—an attack called SERP hijacking. Search [site:*.gov.in fast cash] to see.

Hey, community! 👋 Excited to attend @bsidesahmedabad If you see me around, don't hesitate to say hi. Looking forward to some great technical chats! 😄

Updated WayBackFetch with a new feature that removes snapshot urls with duplicate content, leaving only urls with unique content. Thank you, Sensei @dwisiswant0 👍 If you haven't already checked the project here's the GitHub link :

GitHub Link:

Created a small tool to retrieve archived snapshots urls of web pages from the Internet Archive. Use it in your recon and let me know your feedback!! 😄 #bugbounty #bugbountytips #infosec

I found the solution using httpx itself, so the solution is that you need to find the sweet spot for threads. "-t 5" worked for me. It varies from target to target, so add this step to your recon checklist before running any tool for best results. #bugbountytip 😅

Httpx seems to be not reliable when checking urls suggest some tool which can do better job and also has filter based on web content or title. #BugBounty

Trying to find Origin IP check out this tool created by @mmrecon to find IP behind WAF: https://t.co/0fdqasIC7p #bugbountytips

HowToHunt is updated with some new resources and techniques check out: https://t.co/8xkz6rmD9B - Reverse Engineer an API by @offensivedroid - 2FA bypass method by @ome_mishra - GraphQL Resource .. and more Sorry guys for late update lots of new things going in life. 😅

Setting up an analysis VM for reverse engineering? Here are a few good tools (with short demos) that I recommend after running the Mandiant/FLARE script, (which installs 99% of tooling for you) 🔥 TLDR: Garbageman, SpeakEasy, BlobRunner, Dumpulator #Malware #RE #Analysis

Lessons: - Context is King. THINK! - To break you must first understand: Know your target's technologies & the services they use. - Learn to code. Top: https://t.co/M1R6j67Tkh

I've made over 100k on SSRF vulnerabilities. They aren't always as simple as pointing it at localhost or AWS Metadata service. Here are some tricks I've picked up over the past 5 years of web app testing:

The iOS Reloader is a weaponizing tool designed for jailbroken iOS devices. It facilitates the installation of a collection of essential tools on iOS devices for penetration testing purposes. https://t.co/qXR8A3EJPG #HR51KDB #bugbountytip #bugbountytips #ios #vapt

Excited to kickstart my career as a Cyber Security Engineer at @Qualcomm! Joining the amazing #TeamQualcomm and ready to learn, grow, and make a difference in the world of technology. Grateful for the opportunity! 💪🔒✨ #New2Q #Qniversitygrad

AD FOR OSCP (Active Directory Guide) https://t.co/VuDkJAGkED

10 (very) short tips for bug bounty:

Check out this awesome api my friend made to get subdomains of given domain, one more passive source to integrate in your tool 👍. #bugbountytips

It has been 11 days since Google made its 8 new TLDs available on May 3, 2023. I decided to fetch several domains that have spawned up with the .zip and .mov TLD ever since and do a quick analysis. A thread 🧵

I don't think so getting CVE and finding a bunch of bugs in websites , u can call yourself a Researcher. The term itself is clear, did u do research on existing vulnerability and found some new vector ?

See you all at @nullhyd today 👋