Jess Gutierrez 🇦🇹🇵🇭

I've built a brand new version of my fuzzing tool Shazzer🚀 shazzer.co.uk - Easy fuzz browser behaviour - Find bugs - Share the results with the world

I’m gonna give 10 random people that repost this and follow me $25,000 for fun (the $250,000 my X video made) I’ll pick the winners in 72 hours

Turns out that 5-digit bounties aren't reserved for crazy top hunters! I recently got a $20,000 bounty for an misconfiguration of S3 pre-signed URLs. Here's the explanation: youtu.be/MBQJJ3jfJ8k

Really love this WAF bypass technique documented and found by @irsdl in 2017: soroush.me/downloadable/r… - still super effective today!

Ever wanted to learn more about GraphQL hacking? it's time for a free giveaway of two Black Hat GraphQL books by No Starch Press @nostarch. All you gotta do is RT :) @Nick_Aleks @NahamSec @hAPI_hacker #hacking #bugbounty #infosec #free

Working in InfoSec watching the rest of IT

Here's a #bugbountytip I've used a couple times to find some really interesting functionality - if you're doing recon, check out this endpoint: <targetdomain>/.well-known/apple-app-site-association This endpoint is used for Apple's associated domains feature - you would really

200+ Hacking / Infosec pdfs Source: drive.google.com/drive/u/0/mobi… Credit: @C0d3Cr4zy #infosec #Hacking #infosecurity #Malware #bugbountytips #CTF #BugBounty #vulnerability #pwn #CyberSecurityAwareness #CyberSecurity #cybersecuritytips

Y’all, PLEASE take advantage of this FREE CERTIFICATION from @ISC2! They are offering FREE entry-level Cybersecurity training AND a FREE exam voucher for a certification attempt! Sign-up below! Learn more about One Million Certified in Cybersecurity at: bit.ly/LearnMore_MegW… *If you pass the exam and choose to become a member, there is a $50 annual membership fee. #ad

"Shodan is your best friend with the big scope target" tips org:"target trad name" and use"http.title" you will get result like adminpanel,directory listing ,etc check logs file,maybe get some sensitive data,usernames,passwords,PLL thx @GodfatherOrwa #bugbountytips #bugbountytip

Study Hacking for FREE • Hacking Video Series: youtu.be/fNzpcB7ODxQ • Hacking Study Guide: gbhackers.com/hacking-books/… • Hacking Practice Test: vskills.in/practice/ethic… • Hacking Practice Labs: vulnhub.com • Hacking Cheat Sheet: blog.compass-security.com/2019/10/hackin…

The Google Cybersecurity Certificate is here! 🎉 I am excited to be an instructor in this program, and helping ppl looking to get into the field #GrowWithGoogle goo.gle/3AxpCfu

Scored Exceptional on @intigriti with this tip 👇. SQLi via parameter name injection. Payload: someparam[id) VALUES (NULL); WAITFOR DELAY '0:0:5';--]=test Thx to @JorenVerheyen for this tip 🧠. #bugbountytips

Here is how I chained two bugs to exploit a UUID based IDOR and gained access to admin panel. 🧵THREAD🧵 1. How I knew that the target uses the same panel for both (normal users and admins)?! This is because of two things, the first one is through subdomain enumeration

I just found an unbelievable number of unauthorized API endpoints using this 1 liner. katana -u $url -hl -nos -jc -silent -aff -kf all,robotstxt,sitemapxml -c 150 -fs fqdn |subjs | python3 /opt/JSA/jsa.py |goverview probe -N -c 500 |sort -u -t';' -k2,14 |cut -d ';' -f1

bypass alert ==> [alert][0].call(this,1) #bugbounty #bugbountytips #bugbountytip

Just came across this Bash ebook that can be downloaded legally for🆓 Enjoy it😎 and follow us for regular dose of Linux learning 🤘🐧 #ebook" target="_blank" rel="nofollow noopener">ebook.bobby.sh/#ebook

New: we proved it could be done. I used an AI replica of my voice to break into my bank account. The AI tricked the bank into thinking it was talking to me. Could access my balances, transactions, etc. Shatters the idea that voice biometrics are foolproof vice.com/en/article/dy7…

ATO of FB/OC accounts after stealing access_tokens ($44,250) ysamm.com/?p=777 DOM-XSS in Instant Games due to improper verifications ($62,500?) ysamm.com/?p=779 ATO in Canvas Games due to weak cross window message Origin validations ($62,500) ysamm.com/?p=783

📢GIVEAWAY ALERT📢 If you're a student & unable to pay for a ticket to #IWCON2022💔 For the next 2 hours, any student who mails us at contact[at]infosecwriteup[dot]com with a college email ID We'll provide all-access passes to #IWCON2022!🥳 #Retweet & tag fellow students!