Published my first Write-up of the full Account Takeover. It was an interesting Finding. Learned many new techniques while hunting for it. @remonsec @KathanP19 @Virdoex_hunter @ADITYASHENDE17 @kunalp94 @sachin_pandey98 .#bugbounty #BugbountyTip .

Github Link : A Huge shout-out to @virgil_dean94 and @poindeo for the Product Demo Video, a Wonderful Platform. @GithubProjects.

What do you want to know?.

🚀 Introducing SLAM: Simple Local Area Monitor 🚀. SLAM is a lightweight tool that continuously scans your network, detects devices, and tracks their lifecycle. It stores historical data for every network you join—perfect for security professionals and sysadmins!. #opensource

White Text on a White Background. Its pretty hard to type stuff here.@PadamChopra_

Some interesting observations with the Python Requests library. URLs in 'user:pass@domain' format avoid SSL errors, but triggering SSL checks becomes possible when using a collaborator URL as the main domain and a target domain as the subdomain. It can help bypass SSRF filters.

Give this a try. Wonderful tool.

A quick way to Discover dynamically allocated DNS Servers when connected to a VPN is to use "resolvectl". This can be pivotal in post-exploitation scenarios and help you to expand your attack surface. #security #hacking #linux #NetworkSecurity #networking

Crossed 500 reputation points on @Hacker0x01 . Received first swag of this year 🤩. #bugbounty #hackerone

What is this new sorcery? 🥲

Excited to introduce "OwnBucket-GO," 🚀 the upgraded version of my previous tool! .Discover storage buckets faster with this lightning-fast GO-based Recon Tool. This tool leverages DomainParser by @CalumBoal for blazing-fast domain parsing. 🌐. #golang .

Python apps often use ReportLab to create PDFs from a backend. There's a chance that you may get Remote Code Execution (RCE) through HTML Injection by exploiting CVE-2023-33733. #python #cybersecurity #exploitation #applicationsecurity #opsec #BugBounty.

Whenever you face a 403 Forbidden error while accessing some files.Always consider attempting to switch from HTTPS to HTTP.This approach could be helpful because some Security Filters and WAFs might specifically block HTTPS requests while allowing HTTP traffic. #CyberSecurity

Add /info and /v1/info to your wordlist. These misconfigured endpoints sometimes expose the Configuration or settings related to the Swift object storage system. I have added the template to Nuclei #bugbounty #wordlist #CyberSecurity #opensource

I recently came across a fascinating research paper by @SteveBellovin named "Security Problems in the TCP/IP Protocol Suite". If you're interested in networking protocols and their security, this is a must-read. Paper Link: #research #networking.

Updated OwnBucket ⚡️⚡️.It Can now Scan for Azure Storage Blobs alongside AWS S3 Storage Bucket and GCP Buckets. @theXSSrat @intigriti .#AWS #GCP #Azure #Python #opensource #CyberSecurity.

Thanks, @intigriti for Including it in #BugBytes.

Found a nice Information Disclosure Bug due to Misconfiguration in API. #bugbounty #hackerone

I just published Beginners Guide to Container Security. This article discusses the working of containers in detail and how they can be hacked, it's helpful for anyone who is learning about containers. #CyberSec #hacking #docker #Linux #cybersecurity.

Releasing a New Tool "OwnBucket". It's a Python Based Recon Tool that scans for AWS S3 Bucket and GCP Storage Bucket. It was Inspired by LazyS3, made by @NahamSec and @jobertabma . Go Check It out and leave a ⭐ if you like it. #python #opensource #aws.

RT @coder_rc: Are you interested in learning reverse engineering in 2023?.I've spent the this year studying RE, and I want to share all the….

Amazing work by @momo5502 👏. Reverse engineering integrity checks in Black Ops 3