Cryptcreed

"A majority of the bugs were only possible due to automated asset discovery, but still required some manual inspection and exploitation." This is an important point, automation is only part of the puzzle! Great blog @infosec_au blog.assetnote.io/2020/09/15/hac…

I wrote a post on @assetnote's blog about hacking in bug bounties for the last four years. This should give you a good idea on what I've been reporting and how I find bugs and incorporate them back into our platform. blog.assetnote.io/2020/09/15/hac…

Python 4 FAQ. 1. The version after 3.9 is 3.10; in fact it already exists (in github master). 2. If there ever is a version 4, the transition from 3 to 4 will be more like that from 1 to 2 rather than 2 to 3.

I just uploaded some of the most common file types for my Patrik's Bug Bounty Tools mind map here: SVG: blog.it-securityguard.com/pbbt.svg PDF: blog.it-securityguard.com/pbbt.pdf XMIND: blog.it-securityguard.com/pbbt.xmind PNG: blog.it-securityguard.com/pbbt.png enjoy! 🥰🥳👑 #bugbountytips #BugBounty

RT @sectest9: RT @aufzayed: CAPTCHA BYPASS TECHNIQUES #bugbounty #bugbountytip #bugbountytips #cybersecurity #infosec @honeyakshat999/captcha-bypass-techniques-f768521516b2" target="_blank" rel="nofollow noopener">medium.com/@honeyakshat99…

hey hackers, started a write up series on find your first bug @iamj0ker/find-your-first-bug-1-subdomain-takeover-8c7e6192220f?sk=a768500880e814f7bf67d129fee1d117" target="_blank" rel="nofollow noopener">medium.com/@iamj0ker/find… #bugbounty #bugbountytips #bugbountytip #100DaysOfCode @InsiderPhD @stokfredrik @theXSSrat @Alra3ees

Easily generate a custom wordlist from any domain: echo "bugcrowd.com" | subfinder -silent | hakrawler -plain -usewayback -scope yolo | sed $'s/[:./?=:]/\\\n/g' | anew

Try this when testing webapps: 1. Set up burp in browser1 2. Do a password reset request in browser1 3. Open the password reset email in browser2 and copy the token 4. Search your Burp history for the token, if it is there, you've got yourself a nice easy account takeover!

#bugbounty #bugbountytip #Android The Easiest way to find deeplink patterns search on google - targetscheme:// deeplink OR On github - "targetscheme://" deeplink

alert() with no parenthesis, back ticks, brackets, quotes, braces, etc. by @stealthybugs a=8,b=confirm,c=window,c.onerror=b;throw-a

Video Tuts on Debugging Automation Basics for Vuln. Researchers bit.ly/2QtczEV *Debug Events *Breakpoints *Registers, Memory Thread & Module Manipulation *Hook API *Writing Your First Fuzzer #vulnerability #bugbountytips #bugbounty #fuzzing #ReverseEngineering #malware

Trick for bypass the rate-limit.. (it worked for me in many companies) #bugbountytips #bugbountytip #bugbounty

Hey! I just published this writeup on medium. Please do read it and let me know how was it. link.medium.com/Xgi2One4X8 Big thanks to @pdiscoveryio for such amazing tools. Thanks to @ADITYASHENDE17 for great tips #bugbountytips #bugbounty #cybersecurity

Sharing my OSCP notes. I hope it will help you guys! hackanythingfor.blogspot.com/2020/08/oscp-p…

-1-Pentest-Cheat-Sheets: github.com/Kitsun3Sec/Pen… -2-Web Application Cheatsheet (Vulnhub): github.com/Ignitetechnolo… -3- A cheatsheet with commands that can be used to perform kerberos attacks : gist.github.com/TarlogicSecuri… #OSINT #bugbountytip #pentest #redteam #hacking

I just published Reflected XSS in Facebook’s mirror websites Hope you will like it. Feedbacks are appreciated link.medium.com/CqgFgAajM8

If you hate analyzing JS files with strange variable names and minified versions, you should give a look at jsnice.org

Here's the playlist for all my recent Recon talks at a single place: youtube.com/playlist?list=… Slides: speakerdeck.com/harshbothra Will keep on adding more to the same place. :) #bugbounty #infosec #websecurity #bugbountytips #recon

A common question asked is how do I best prepare for OSCP? This list of OSCP-Like boxes from @TJ_Null + writeups from @rana__khalil are great resources to use heading into the PWK lab! Machine List: docs.google.com/spreadsheets/d… Rana's Writeups: @ranakhalil101" target="_blank" rel="nofollow noopener">medium.com/@ranakhalil101 #OSCP #PWK

link.medium.com/Dulig8BYG8 Always try to fetch hidden web directories In subdomains of the target #bugbountytips #bugbounty #cybersecurity