Bug bounty Tips
Open in Telegram
🛡️ Cybersecurity enthusiast | 💻 Helping secure the digital world | 🌐 Web App Tester | 🕵️♂️ OSINT Specialist Admin: @laazy_hack3r
Show more5 962
Subscribers
+924 hours
+777 days
+33530 days
Posts Archive
5 962
Hands-On AWS Penetration Testing with Kali Linux
This book aims to help pentesters as well as seasoned system administrators with a hands-on approach to pentesting the various cloud services provided by Amazon through AWS using Kali Linux.
The book covers a large variety of AWS services that are often overlooked during a pentest — from serverless infrastructure to automated deployment pipelines.
Облачные лабы тут: https://t.me/cybred/504
5 962
Для тех, кто в танке.
Что такое Shodan и с чем его едят.
Руководство пользователя на русском.
5 962
CVE-2024-22120: Time Based SQL Injection in Zabbix Server Audit Log
Affected and fixed version/s: * 6.0.0 - 6.0.27 / 6.0.28rc1 * 6.4.0 - 6.4.12 / 6.4.13rc1 * 7.0.0alpha1 - 7.0.0beta1 / 7.0.0beta2
Allows to dump any values from database. As an example of exploit above allows privilege escalation from user to admin. In some cases, SQL injection leads to RCE.PoC: https://support.zabbix.com/secure/attachment/236280/236280_zabbix_server_time_based_blind_sqli.py #exploit #pentest
5 962
Trufflehog
https://github.com/trufflesecurity/trufflehog
Trufflehog is specifically designed for finding sensitive information, such as API keys, passwords, and other secrets, within code repositories. It scans code for high-entropy strings and known secret patterns.
Bug bounty hunters can use Trufflehog to scan code repositories for unintentional secrets or sensitive information leaks. For example, running Trufflehog on a Git repository URL can reveal accidentally committed secrets.
To scan a Git repository for secrets, use: trufflehog with the above upload link5 962
Wordpress Cve Exploit Poc
1.Jenkins <= 2.441 & <= LTS 2.426.2 PoC and scanner RCE https://github.com/xaitax/CVE-2024-23897
2.Atlassian Confluence, a critical RCE
https://github.com/Chocapikk/CVE-2023-22527
3.Backup Migration <= 1.3.7 - Unauthenticated Remote Code Execution
https://github.com/Chocapikk/CVE-2023-6553
4.Unauthenticated Remote Code Execution – Bricks <= 1.9.6
https://github.com/Chocapikk/CVE-2024-25600
5.WordPress Royal Elementor Addons and Templates Exploit
https://github.com/Chocapikk/CVE-2023-5360
6.Wordpress Plugin Canto < 3.0.5 - Remote File Inclusion (RFI) and Remote Code Execution (RCE
https://github.com/leoanggal1/CVE-2023-3452-PoC
7.Broken Access Control vulnerability in WordPress Elementor Pro Plugin
https://github.com/B1GJ/elementor-pro-exploit
8.Unauthenticated SQL Injection - Paid Memberships Pro < 2.9.8 (WordPress Plugin)
https://github.com/r3nt0n/CVE-2023-23488-PoC
9.WordPress Plugin DZS Zoomsounds 6.45 - Arbitrary File Read (Unauthenticated)
https://github.com/UrielYochpaz/Exploit-WordPress-Plugin-DZS-Zoomsounds
More Comming Soon 🥹
Available now! Telegram Research 2025 — the year's key insights 
