YemSec

For Data Techies 😎 I Use Data to Solve Problems

Check out the 5 essential books that every API hacker should read and keep on their bookshelf. danaepp.com/5-books-every-…

BEST #fuzzing tools for #bugbounty hunting/web app pentesting: 1. FFUF - github.com/ffuf/ffuf 2. Wfuzz - github.com/xmendez/wfuzz 3. FuzzDB - github.com/fuzzdb-project… 4. Gobuster - github.com/OJ/gobuster #bugbountytips #infosec #cybersecuritytips #cybersecurity #recon #CTF

Bypassing captcha by HTML manipulation🤫🔥🔥❗ -------- @abhishake21/bypassing-captcha-17c59d37f459" target="_blank" rel="nofollow noopener">medium.com/@abhishake21/b… ------- By @abhishake100 ------ #hackerone #BugBounty  #hackeronereport #writeups #Bugbountywriteupspublished #bugbountytips #bugbountytip #Bypass #captcha #Bypassing_Captcha

BEST LFI/RFI Payload lists: 1. LFI Payload List - github.com/emadshanab/LFI… 2. Payloadbox LFI/RFI - github.com/payloadbox/rfi… 3. Hacktricks Guide - book.hacktricks.xyz/pentesting-web… 4. PayloadsAllTheThings - github.com/swisskyrepo/Pa… #LFI #RFI #bugbounty #bugbountytips #cybersecuritytips

Video now available for a hacking presentation I did at @Hacker0x01's H@cktivitycon in Las Vegas, back in August. If you are into bug bounty, or security, please check it out. I present a (I believe novel) approach for attacking XSS sanitizer libraries. youtu.be/gJGbS8UELGw

Yay, I was awarded a $2,150 bounty on @Hacker0x01! for default password at admin login panel. Tips: always try admin@target.com when you found that the admin panel need an email and password hackerone.com/kassem_s94 #TogetherWeHitHarder #bugbountytip #BugBounty #Hacking

Yay🥳, I was awarded $750 bounty on @Hacker0x01! #TogetherWeHitHarder It's my first ever bounty. It took me 2 years to get my first payout. Yeah,it took me that long to get a reward and I am so glad I did it. A little tip for those who are struggling with bug bounty hunting A 🧵

A nice list of @Burp_Suite tips and tricks, by @TrustedSec trustedsec.com/blog/intro-to-…

I've been accumulating some stuff over the past couple weeks. Here's a few shellcode execution methods I've found digging through Windows APIs and the Google results after page 2. github.com/Wra7h/FlavorTo…

The most interesting DEFCON30 and Blackhat2022 presentations DEFCON30:  drive.google.com/file/d/1sGHIfW… AD Trust Attacks: drive.google.com/file/d/12uLqAu… BlackHat 2022: drive.google.com/file/d/1lVDJ1j… #DEFCON30 #blackhat2022 #redteam #cybersecuirty #Pentesting #SecurityTips #bugbountytip #Hacking

New template release includes 15 new and a total of 36 templates for Adobe Experience Manager (AEM) to check for known misconfigurations. GitHub Release - github.com/projectdiscove… #hackwithautomation #aem #misconfig #security #bugbounty #appsec

A small gift from my side to all bug bounty hunters. My 8-hour long burp suite focused course is for free. share to someone who needs it. #bugbountytips #bugbounty #infosec (rt & share + enjoy) udemy.com/course/bug-bou…

Imposter syndrome in infosec: There are LOTs (infinite) of stuff to learn around the edges of infosec, and it’s never enough, make ...

Here is a valuable GitHub Dork for finding sensitive information and credentials [Repo] GitHub Dork - by EdOverflow buff.ly/3dX4185 #CyberSecurity #GitHub #Governance #Reconnessaince #OSINT

Account Takeover by OTP bypass by Vaibhav Kumar Srivastava link.medium.com/3NphFgeNGsb

I generally don't tweet about money/bounties, but I needed to show the importance to learn about CVSS. Here I would have lost 60% of my bounty amount ($3k) and would have to keep only $2k as the bounty without proper knowledge of CVSS. #bugbountytips #bugbounty #Infosec

🚨OSINT TOOLS 🧵 #OSINT

@AkashHamal0x01 $120,000 clickjacking medium.com/metamask/metam…

Bug Bounty Tip The best place to check for SQL injection is Order By clause in query / body params. Example: orderby=asc,(SQL PAYLOAD)

#Secret9 Have you ever fuzzed with Target-specific Wordlist? 🧐 This can be much more efficient 💎 You can easily make it... 🪚 #bugbountytips 🧵👇🏻