Bug bounty Tips

前往频道在 Telegram

🛡️ Cybersecurity enthusiast | 💻 Helping secure the digital world | 🌐 Web App Tester | 🕵️‍♂️ OSINT Specialist Admin: @laazy_hack3r

显示更多

印度57 284 技术与应用17 315

5 849

订阅者

+1124 小时

+687 天

+37430 天

489

帖子浏览量

~ 25224 小时

~ 35748 小时

8.36%

参与率

~ 3

每日帖子数

Ads index

beta

帖子存档

5 850

Preparing For SOC Interview.pdf5.77 MB

5 850

Pentest Best Practices Checklist.pdf.pdf1.16 KB

5 850

Recon Like A Boss.pdf1.48 MB

5 850

Network Penetration Testing.pdf4.78 MB

5 850

100_free_LinkedIn_post_templates_responsible_for_$2_8M.pdf1.75 MB

5 850

Port Forwarding & Tunnelling Cheatsheet.pdf3.81 MB

5 850

Anyone know how to crack the passwords and 2fa of Facebook

5 850

God Penetration Testing Reference Bank Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet. This is a collection of resources, scripts and easy to follow how-to's. I have been gathering (and continuing to gather) in preparation for the OSCP as well as for general pentesting. Feel free to use however you want! GitHub #pentest

5 850

"PowerShell Automation and Scripting for Cybersecurity: Hacking and defense for red and blue teamers", 2023. #powershell ——— @islemolecule_source

5 850

5 850

subfinder -d targetdomain.com -silent | httpx | nuclei -t technologies/tech-detect.yaml

5 850

Linux Privilege Escalation.pdf1.25 MB

5 850

The Command again ffuf -w /subdomain_megalist.txt -u 'https://adminFUZZ.Target.com' -c -t 350 -mc all -fs 0 -t means threads , dont make it so high u could miss alot of working subs , aslo its dpends in your network speed ,sinc im using vps 350 find for me -mc all means macth all respone codes like 200,302,403 and this importent

5 850

Subdomain Fuzzing worth 35k bounty! https://medium.com/@HX007/subdomain-fuzzing-worth-35k-bounty-daebcb56d9bc

5 850

[ Testing LFI in Windows: How I (never) got a $30000 bounty ] Another great post by adeadfed! https://adeadfed.com/posts/testing-lfi-in-windows-how-i-never-got-a-30000-bounty/

5 850

CVE-2024-27198 & CVE-2024-27199 Authentication Bypass --> RCE in JetBrains TeamCity exploit https://github.com/W01fh4cker/CVE-2024-27198-RCE https://github.com/Chocapikk/CVE-2024-27198 https://github.com/rapid7/metasploit-framework/pull/18922 Cyberspace Mapping Dork:

Fofa app="JET_BRAINS-TeamCity" ZoomEye app:"JetBrains TeamCity" Hunter.how product.name="TeamCity" Shodan http.component:"teamcity"

Read research: https://www.rapid7.com/blog/post/2024/03/04/etr-cve-2024-27198-and-cve-2024-27199-jetbrains-teamcity-multiple-authentication-bypass-vulnerabilities-fixed/

5 850

🔐 Cybersecurity Alert: CVE-2024-21893 Vulnerability 🚨 Attention Security Professionals and IT Enthusiasts! A critical vulnerability has been discovered in Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti Neurons for ZTA. Let’s dive into the details: 🔍 Vulnerability Description: A server-side request forgery (SSRF) flaw in the SAML component of the mentioned Ivanti products allows an attacker to access restricted resources without authentication. This means unauthorized access to sensitive data and potential security breaches. 🌐 Affected Versions: 👉 Ivanti Connect Secure (9.x, 22.x) 👉 Ivanti Policy Secure (9.x, 22.x) 👉 Ivanti Neurons for ZTA 🔥 Impact: 👉 Unauthenticated attackers can exploit this vulnerability. 👉 High severity (CVSS Base Score: 8.2) 📹 Video Demo: I’ve created a video demonstrating the vulnerability. Check it out here: https://youtu.be/JMYVWL67PIY

5 850

FIND S3 BUCKETS:- # Find buckets from keyword or company name # https://github.com/nahamsec/lazys3 ruby lazys3.rb companyname # https://github.com/initstring/cloud_enum python3 cloud_enum.py -k companynameorkeyword # https://github.com/gwen001/s3-buckets-finder php s3-buckets-bruteforcer.php --bucket gwen001-test002 # Public s3 buckets https://buckets.grayhatwarfare.com https://github.com/eth0izzle/bucket-stream # https://github.com/cr0hn/festin festin mydomain.com festin -f domains.txt # Google dork site:.s3.amazonaws.com "Company"

5 850