Hello all security enthusiasts! During a recent security assessment for a private client, I came across a potential cross-site scripting (XSS) vulnerability that I wanted to share with you. 1/n #security #cybersecurity #penetrationtesting #informationsecurity #bughunting #xss

Configuring Android Emulator with Burp Suite https://t.co/fpDDlQ7Ek6

This Writeup exaplains how we got ATO from Android Application https://t.co/fGNdTIM8HA #BugBounty #bugbountytip #cybersecuritytips #hackerone

Bypass Reset Password Code Lead to Account Takeover https://t.co/aHGsODSaJF GitHub python script https://t.co/4kIA4YFlsS #bugbountytips #bugbounty

@TanmayLP7 If you are running automated scanners. This is about 95-98% of the things that are missed. Also, if you want to make a name for yourself in BB or web app pentest world. Get really good at these.

Check out my playlist: Road To Ethical Hacking https://t.co/OlKzqowoEz via @YouTube

you found Jfrog URL and you get 403 / 401 ? try to add /ui/repos/tree/General mabye you get lucky and found nuget / other compile customer source code :)

Still haven't found your first SSRF vulnerability? Or only found a useless blind SSRF somewhere but couldn't get to escalate it? You're probably looking at the wrong place... Here, a mega-thread on Server-Side Request Forgeries (SSRF) vulnerabilities👇️

Unexpected! 😂 But worth it! Add this 'database.create.json' in your wordlist. #BugBounty #bugbountytips

Most people believe SQL injections are in the past. They say it's hard to find them. The main issue is the use of automated tools like SQLMap. I'll go through the reasons in this thread so you can give your opinions.

ISRAEL BREAKS INTERNATIONAL LAW

https://t.co/A3OdrTFnq2: the intentionally open redirect #bugbountytip

مات الطبيب و المسعف و الجريح كل ذنبك يا فلسطين انك جميله كسيدنا يوسف و العالم خانك مثل اخوته

I’ve published the slides for my @bsidesahmedabad closing keynote: https://t.co/9rh4x3ymq3 In this talk, I shared: “Lateral movement brute forcing” — a new technique that I covered and used against different targets to go, eg. From a limited GitHub token to achieve multi-lateral

It’s been tough being on social media the past couple of days. My own family, like thousands of Palestinians, was ethnically cleansed by Israel 75 years ago, and was denied the right of return to Palestine. For 75 years, Israel has forcibly displaced entire Palestinian

we earned $20,000 for Our submission on @bugcrowd @haxor31337 @GodfatherOrwa It's nice to work with you guys :) #Tip: Always check `viewstate` In Asp. Net More Info : https://t.co/xmwkZGFkOu https://t.co/04NTyt2B0S #ItTakesACrowd

If you found /actuator/jolokia/ endpoint in your target you can escalate it to LFI POC: https://target[.]com/actuator/jolokia/exec/com.sun.management:type=DiagnosticCommand/compilerDirectivesAdd/!/etc!/passwd

Good morning! I've been using this payload for over a year to discover XSS via open redirect vulnerabilities that bypass WAF. It works great: :DD Payload: javascript%3avar{a%3aonerror}%3d{a%3aalert}%3bthrow%2520document.cookie #BugBounty #bugbountytips #bugbountytip

XSS with no parenthesis 🔥 Thanks to @Rhynorater for sending me this target with a really weird filter. It was a fun challenge 🤟 Btw I'm not the one that discovered the use of instanceof for XSS ;) #bugbountytips

"Web Application Black-Box Testing" by @yeswehack Outline various black-box testing techniques and payload generation for performing offensive tests against web applications. https://t.co/C526w1xPZl #bugbounty #pentest

Sources claim that the military junta wants to murder Imran Khan in jail through poisoning him. He is being kept in inhumane conditions.