Tur.js
@Tur24Tur
Followers
4K
Following
4K
Media
107
Statuses
679
Application security fan, dedicated to writing custom security tools. @NoBugEscapes @BugBountyZip JavaScript - ExpressJS ♥️💛 https://t.co/bltifT1jkQ
Michigan
Joined October 2009
Blind Insecure Direct Object Reference (IDOR) On Instagram. Write-up:. #bugbountytips #bugbounty #p2 #bugcrowd #meta
18
87
359
+ using @fridadotre i found that the app shield reads /sys/devices/system/cpu/cpu7/cpufreq/scaling_cur_freq this is used to get CPU speed for checking if the device is real or an emulator. #BugBounty #bugbountytips.
I spent a few days reverse engineering one of the android shield solutions that provides root detection i also analyzed it dynamically using @fridadotre 🔥. Most of the detection logic was encrypted and only decrypted at runtime when the app starts. here are some common detection.
0
0
7
I spent a few days reverse engineering one of the android shield solutions that provides root detection i also analyzed it dynamically using @fridadotre 🔥. Most of the detection logic was encrypted and only decrypted at runtime when the app starts. here are some common detection.
Hello Pentesters and Bug Bounty Hunters,. Please avoid reporting issues like "Jailbreak/root detection bypass" to app owners or during pentesting engagement. These problems are related to the security SDK providers, not the app developers. If you report them, you are giving free.
0
0
10
If the root or jailbreak detection is custom-built by the company (not from a third-party SDK), you can report it if it’s easy to bypass. You can check this by decompiling the app using tools like JADX or similar.
0
0
6
Hello Pentesters and Bug Bounty Hunters,. Please avoid reporting issues like "Jailbreak/root detection bypass" to app owners or during pentesting engagement. These problems are related to the security SDK providers, not the app developers. If you report them, you are giving free.
2
0
30
OmniOAST is a Caido plugin designed to streamline your Out-of-Band Application Security Testing by centralizing all provider management and interaction logs. #Caido #bugbountytips.
🚀New plugin in the Caido Store!. Introducing "OmniOAST" by @hahwul. Add all your OAST providers and manage them in one place. Generate payloads and monitor callbacks as they come in. Check out more details:
0
0
3
Great read! I wasn't familiar with the MQTT protocol or the Android permissions like BRICK and MOUNT_FORMAT_FILESYSTEMS Really interesting to learn about these advanced techniques. #BugBounty #InfoSec #malware.
The Pegasus/Chryasor variant presents unexpected complexities, making it a particularly tough malware strain to dissect. Explore the full analysis in Part 3 of our mobile malware series: .#MobileSecurity #CyberSecurity #Malware #Pegasus
0
0
8
Tib3rius explains how the attack was discovered, how it works, and what sysadmins need to do to protect their servers. Ends with a demo showing the exploit in action.
The latest SharePoint 0-day attack chain (CVE-2025-53770 + CVE-2025-53771) results in unauthenticated RCE on on-prem servers. I break down how it was discovered, how it works, and how to protect your servers in this new video. PLUS a demo of the exploit working in a lab
0
0
11
The new @fridadotre releases makes my device restart by itself. I can't use it anymore. It happens on a physical Android ARM device. The device freezes or restarts a few seconds after I start the Frida server. At first, I thought the problem was only with my device, but I saw.
0
0
3
Session-Based Validation Bypass via Trusted Parameter Override. #bugbountytips.
Session-Based Validation Bypass via Trusted Parameter Override. 🔴GET /v1/user/profile/userDetails → Pulls my data based on my JWT session token. 🔴GET /v1/user/profile/userDetails?userId=victim-id .→ The app ignores the session and trusts the userId param which leads to
1
0
39
SQL injection💉.
Collaborations make bug bounties more fun. Recently, @codecancare found a potential SQL injection on a target and asked me to check it. The SQL injection was in the URI, as the backend used direct input, treating "+" as normal instead of a space. I manually exploited it with a.
0
0
4
🔥. HTTP/1.1 is inherently insecure and consistently exposes millions of websites to hostile takeover. On August 6, James Kettle from PortSwigger Research will reveal new classes of desync attack, that enabled him to compromise multiple CDNs and kick off.
http1mustdie.com
HTTP/1.1 Must Die - Time to move beyond HTTP/1.1
If you’re planning to promote your research with a website, better prepare for some quite hostile takes!. (Yes, I am practicing responsible disclosure as always)
0
0
7
RT @ctbbpodcast: New episode is out! — In episode 130: @Rhynorater is joined by @valent1nee, who shares his journ….
0
14
0
RT @niemand_sec: "AntiCheat-Testing-Framework" is all the code developed during my research for @reconmtl . I hope it will help people unde….
github.com
Framework to test any Anti-Cheat. Contribute to niemand-sec/AntiCheat-Testing-Framework development by creating an account on GitHub.
0
197
0
RT @tom_doerr: send files or messages to nearby devices over local network, no internet needed
0
125
0
We’re excited to announce the launch of our Penetration Testing as a Service (PTaaS) platform. With Catchify PTaaS, you can:. - kick off and manage pentests with guided workflows. - stay on top of every stage with clear status tracking. view and prioritize findings with
1
0
6
RT @CatchifySA: We’re excited to announce the launch of our Penetration Testing as a Service (PTaaS) platform. With Catchify PTaaS, you ca….
0
16
0
RT @topjohnwu: Spent some time digging through my XDA forum posts back in the day trying to transfer some of the history onto GitHub, felt….
0
11
0