Coffin
@coffinxp7
Followers
26K
Following
11K
Media
506
Statuses
5K
ʜᴇʟᴘɪɴɢ ᴏʀɢᴀɴɪᴢᴀᴛɪᴏɴꜱ ꜱᴛᴀʏ ꜱᴇᴄᴜʀᴇ ᴛʜʀᴏᴜɢʜ ʙᴜɢ ʜᴜɴᴛɪɴɢ, ᴏꜱɪɴᴛ ᴀɴᴅ ꜱᴇᴄᴜʀɪᴛʏ ʀᴇꜱᴇᴀʀᴄʜ | ᴡʀɪᴛᴇᴜᴘꜱ: https://t.co/i4lh1OfrQY | ᴄᴏᴍᴍᴜɴɪᴛʏ: https://t.co/UmuN0pmh37
area 51
Joined October 2023
here we go! hope this helps every beginner trying to master the full recon to exploitation process. i’ve covered every step in detail and will be adding more soon..just a bit caught up with things right now. https://t.co/bykbiDNYGG
infosecwriteups.com
Proven Step-by-Step Recon Techniques to Uncover Your First Vulnerabilities in Bug Bounty Programs
29
104
541
I also added a search option to make lookups easier. I'll include this script in my Medium article like I usually do..
2
1
41
Hey bro! Just wanted to let you know I received another bounty €1,000 for reporting an account takeover! First 2fa bypass & now this one.Thank you so much, man. Because of you, I’ve come this far. Really appreciate everything love you, bro🥹❤️ @coffinxp7
#ethicalrohitt
5
2
44
This is the reason I stopped using Burp’s IP rotation extension because it can quickly consume paid proxy/traffic limits. If you use it without monitoring, you’ll likely face a big bill. Extension link:
portswigger.net
Uses AWS API Gateway to change your IP on every request.
6
4
54
Thanks @orderby99 for testing the username with the same password and letting me know..thats why i love hacking community 🔥
1
0
13
cc:
More sex shop themed Cyber Stealer panels: 69.30.247[.]233:3004 iloveboats9[.]vip @solostalking @500mk500
#InfoSec #malware #iocs
0
0
14
Hell nahh..Check this out all🔥you will enjoy it <33 Full Admin pannel access via this simple methodology..
38
49
551
Due to restrictions in the Brave browser, only certain cookies are visible.
0
0
10
PoC: I was able to access all users’ cookies, localStorage data and IP addresses..
1
3
120
When I first started on Medium within a week i found Stored XSS/Htmli/Iframe Injection that could run on readers’ browsers. At the time Medium had no bug bounty or disclosure program, so they quietly fixed it without acknowledgment.
9
12
323
now, i love gospider more then any other crawlers <3 i will prove it why this is so powerful in upcomming videos..
3
2
43
I just updated my recon guide and added a new section on Gospider methodology. it’ll definitely help you in your bug hunting. Check out the full article:
Finally Here’s a new recon guide that will help you find bugs. I’ve included some private scripts and techniques I use. if even one person lands a bounty from this, I’ll consider the effort worth it. https://t.co/CQcSMGVLQy
12
44
327
Hi everyone! I just built a WaybackURLs extension that saves you a ton of time when gathering archive URLs. it supports main domains, wildcards, specific paths and sensitive file extensions. Give it a try and let me know your feedback! https://t.co/vezBMPFpgp
46
155
1K
more techniques here:
infosecwriteups.com
Learn How Hackers Bypass Rate Limits and How You Can Too
0
15
138
you can also use katana and hakrawler etc tool for active crawling instead of getting urls from passive sources..
2
1
24
full writup here with more detail options and tools.
i just Updated my XSS article: added some cleaner, more effective one-liners and integrated DalFox one-liners that support extra options. Check it out. https://t.co/6rXHUfzSZY
0
5
39
tell me any better XSS methodology than this 😎 Explanation: This oneliner command starts by collecting all URLs from passive sources using gau tool, then filters them for potential XSS parameters using gf patterns. Next, httpx and grep are used to keep only URLs that return
0
1
14
tell me any better XSS methodology than this 😎 Explanation: This oneliner command starts by collecting all URLs from passive sources using gau tool, then filters them for potential XSS parameters using gf patterns. Next, httpx and grep are used to keep only URLs that return
16
114
732