MR404NTF

We have been nominated by @openinfradev for the Superuser Awards, vote for us with the link in replies!

Introducingggggg... 🥁 Generate thousands of URL path combos in seconds, perfect for generating brute force wordlists! mkpath! This tool is similar to mksub, but it works for URL path combinations instead of subdomains. github.com/trickest/mkpath

1/ #Linux #Forensics: pssst... I will now reveal my favorite interview question for candidates who want to work in our IR team ;) "In the process list, I see a (running) binary, but the binary is no longer present on disc. How can I restore the original binary? (screenshot 👇)"

🧵Another hacker story thread! 🧵 == The Medical Alert Hack == Not too long ago I put a whole city on high alert during a security assessment. A tale of caution. 💀 Read along to learn my approach & mistakes! 🚨Retweet, follow, & like for more hacker stories! 🚨 1/x 👇🏼

uncover -q 'org:"DoD Network Information Center"' | httpx -silent | nuclei -silent -severity low,medium,high,critical #bugbounty #reputation #hackerone

Awesome Basic Linux Privilege Escalation: 😎 blog.g0tmi1k.com/2011/08/basic-… #infosec #cybersecurity #cyber #bugbounty #tech #linux #dfir #hacking #code #redteam #thesecureedge

Hacking CAN be easy. But, often it's not. Let's develop your technical skills, they obviously matter. A roadmap:

Recent Local File Read WAF bypass. Null byte %00 in between two dots .. ➡️ .%00./file.php #bugbounty #bugbountytips #bugbountytip #infosec #pentest #waf #bypass

nrich: a new tool to quickly find open ports and vulnerabilities via Shodan : gitlab.com/shodan-public/…

Recent P1 bug I found: 1. App allowed admin to create GitHub profile with access token. 2. User is only allowed to call to external url based on admin config. 3. App uses graphql 4. Found endpoint to generate a user jwt 5. Used query to dump graphql data.

I made a tool to cover your tracks post-exploitation on Linux machines for Red Teamers github.com/mufeedvh/moonw…

@ADITYASHENDE17 Use this python script loop in bash for scanning multiple domains github.com/m4ll0k/BBTz/bl…

I am honestly impressed by the new reports @wallarm have been able to give #GoTestWaf in the new version! Visually, I can see everything i need in 1 quick overview and I can zoom in ... And apparently I need to up my security 👹👹 github.com/wallarm/gotest…

Expand your attack surface by grabbing SSL certificates from ip addresses, match these with your Bug Bounty targets. I'd recommend running this technique on cloud providers such as AWS/Azure/GCP ranges using github.com/glebarez/cero cero [CIDR] (cero 0.0.0.0/0) #bugbountytips

WordPress Plugin Update Confusion vavkamil.cz/2021/11/25/wor…

The comprehensive list of today's emerging threats, nOtWASP bottom 10: vulnerabilities that make you cry by @albinowax, @artsploit and @garethheyes portswigger.net/research/notwa…

bypassing this WAF like

Remote Code Execution via Exif Data . infosecwriteups.com/remote-code-ex…

The Assetnote security research team discovered a full-read SSRF vulnerability in Jamf Pro (post-authentication) a few months ago. blog.assetnote.io/2021/11/30/jam… (CVE-2021-39303 & CVE-2021-40809). Tracing sinks to sources is always a valid strategy.