RT @LordSnow: Voting for a President in America be like. "choose one"

RT @pwnEIP: I guess poor aircraft maintenance is the theme of 2024…

Additionally, I've run into WAFs blocking or blacklisting any more than 1 directory up (e.g . /. /). These paths weren't blocked. Another Java-ish payload is the popular Tomcat/nginx normalization bypass /. ;/. I see it mostly present in Java apps.

If you think you've found a path traversal, instead of throwing /etc/passwd and similar paths, check if the app is java-based using Wappalyzer. I've scored a few bounties by trying the following:. ?file=. /WEB-INF/web.xml.?file=. /META-INF/MANIFEST.MF.#bugbountytips #BugBounty.

RT @adragos_: Finished in 1st place at the Red Team CTF @ #DEFCON 31. @RedTeamVillage_ . Started off playing the event solo, but I was join….

RT @RedTeamVillage_: 🚨 Attention 🚨 . We’re asking everyone that was at the RTV CTF today in Cesar’s Forum to CHECK their swag bags. Unfortu….

RT @RedTeamVillage_: 🙌🏼 Thank you to @flipper_zero for adding to our epic RTV CTF prizes!. #defcon

🔥🔥🔥🔥🔥🔥.

RT @pwnEIP: Swag packing day! We're all busily packing for the big show. @systemDumb @j0nk1m @santosomar @lazzslayer @ds1nk @NopResearcher….

RT @trick3st: We've recently added jsluice by @bishopfox to our library, a great tool for uncovering URLs, paths, secrets and more from Jav….

RT @piedpiper1616: GitHub - vchan-in/CVE-2023-35078-Exploit-POC: CVE-2023-35078 Remote Unauthenticated API Access Vulnerability Exploit POC….

RT @liadeliyahu: Exploit is so easy it fits in a tweet🔥.unshare -rm sh -c "mkdir l u w m && cp /u*/b*/p*3 l/;.setcap cap_setuid+eip l/pytho….

RT @RedTeamVillage_: 🔴 Red Team Village presents another exclusive interview with our amazing sponsor, @buddobot with @Jhaddix, now availab….

RT @infosec_au: shout out to all the brave engineers who decided to write VPN appliances in C.

RT @pwnEIP: Overdone meme but so real right now. You can feel the energy of 1000's of speakers, instructors, organizers, and volunteers hus….

RT @pwnEIP: Fortinet is an ancient word meaning "Remote Code Execution", maybe Latin?.

You can also use -fc 404 on top of this to eliminate actual 404s as well.

Web servers handing you a fake 200 during recon? Pipe the results to a file and use grep -v to pull out garbage responses. You can use | as an OR operator with egrep to filter out WAF/custom 404s. #bugbountytips #bugbounty

RT @RedTeamVillage_: Guess who’s back. Back again. Red Team Village is back, tell a friend…👀 😈. @defcon #DC31

Recently found an SSRF domain white list bypass. The app was looking for vulnerable[.]com in the request. I made a CNAME on my domain pointing to localhost, allowing for internal service access. vulnerable[.]com.mydomain[.]com --> 127.0.0.1.#bugbountytip #bugbounty.