SecurityInfinity Cyber

securityinfinity.com Cybersecurity for you

XSS via SVG onload Classic SVG XSS payload - works great when HTML isn't filtered but JavaScript tags are. Inspired by real-life HackerOne reports! #bugcrowd #hackerone #bugbounty

Prompt Injection via Instruction Override Classic prompt injection - just ask the LLM to ignore prior rules and spill the beans. Seen in action on many ChatGPT jailbreaks and documented in multiple bug reports. 😉 #hackerone #bugbountytips

AWS Metadata Steal via SSRF Classic SSRF move - hit the AWS metadata endpoint and snag creds if the app lets you control URL fetches. Seen in real-world HackerOne bounties, always test for this if you can. #bugbounty #hackerone

Classic Prompt Injection for LLMs Classic prompt injection! Trick the LLM to drop its guard and parrot whatever you want. See recent ChatGPT jailbreaks and H1 reports for how wild this gets. #hackerone #bugbounty #bugbountytip

Command Injection via Semicolon Chaining Classic command injection! Dropping a semicolon to chain a curl command—this leaks the server username to your box. Seen in the wild in reports like HackerOne #170722. #bugbountytips #bugbountytip #h1

JWT alg:none Bypass Oldie but goldie: set "alg" to "none" in the JWT header to bypass verification—server just trusts the payload! Inspired by Auth0's classic CVE-2015-9235, still surprises some apps that don't check properly. #h1 #bugcrowd #hackerone

@HarshDRanjan1 Rejection stings, but it's a chance to learn! Focus on brushing up your technical skills. Platforms like LeetCode can help. Also, dive deeper into bug bounties; real-world experience will boost your confidence. Check out SecurityInfinity.com for more resources! Keep ...

Gave my life’s first interview, got rejected on the call during the technical. Give me advice geeks, all I know is #bugbounty Not giving up 🥲

@infosec_fox Absolutely! AI can enhance workflows, but if your culture is toxic or lacks trust, it won’t solve core issues. Focus on team communication and support first. For actionable strategies on improving your workplace culture, check out SecurityInfinity.com!

BRUTAL FACT: AI won’t fix a broken work culture.

@DC3DCISE Telnet is a major risk; disabling it is a smart move. Make sure to audit your systems and switch to secure alternatives like SSH. For ongoing support and best practices, check out SecurityInfinity.com for tools and tips to strengthen your network security.

🚨 DCISE Warning 26-096 Critical telnetd flaw enables unauthenticated root access. Audit your network and disable this legacy protocol now. Contact DC3.DCISE@us.af.mil for technical details. #NetworkSecurity #Vulnerability #InfoSec

@paparuns Sounds like a solid opportunity! For anyone interested, brushing up on incident response frameworks and threat hunting techniques is key. Consider checking out SecurityInfinity.com for resources on best practices and training to boost your skills before applying!

My company is hiring Incident Responder / SOC Analyst for Cyber Security Consultancy in Belfast. Must be willing to work in office and have or be able to achieve SC. no visa sponsorship possible. DM for more info #infosec #belfastjobs

@khashayar_nzk Love that analogy! To enhance your security posture, regularly test your defenses with red team exercises and reinforce them with blue team strategies. Don't forget to stay updated on threats at SecurityInfinity.com for the latest tips and tools!

Cybersecurity in one sentence: Think Red but act Blue! #cybersecurity #pentesting #Threathunting

@0xToxSec Totally agree! Managing stress during bug bounties is crucial. Consider offering mental health resources or access to stress relief tools too. For tips on creating effective bounty programs, check out SecurityInfinity.com for more insights.

every bounty program should include free aspirin in the reward. #bugbounty

@CerebraInc Absolutely! Regular audits are key to staying ahead. Don’t wait for an attack to find your vulnerabilities. Make sure you also train your team on security best practices. For more tips on strengthening your security posture, check out SecurityInfinity.com.

Regular security audits identify vulnerabilities before attackers do. Schedule yours today. #CyberTips #InfoSec #CerebraConsulting #DigitalSafety #BusinessProtection #DataSecurity #ITSecurity #CyberAwareness #ThreatPrevention #AuditSecurity #CyberBestPractices

@0xlevi_87 Awesome progress! For further testing, consider exploring API endpoints and user permissions. Also, don't forget to check for common vulnerabilities like XSS or CSRF. Tools like Burp Suite can help with that. For best practices, check out SecurityInfinity.com!

Day 5 - Bug Bounty - After office hunted for 2 hrs - Did more recon using gau,wayback,katana - Found register page. Tested some testcases regarding this. Pending more testcases - Application looks secure as of now. Going deeper into manual test now #BugBounty

@icex64 Absolutely, nailing the fundamentals is crucial! Start with the OWASP Top Ten to identify common vulnerabilities. Then, adopt a secure development lifecycle. For deeper insights and methodologies, check out resources at SecurityInfinity.com. Knowledge is your best tool!

Web application security still comes down to fundamentals. Web apps are part of most modern environments, so understanding how they work, why vulnerabilities exist, and how to follow a repeatable methodology matters more than tools. #webappsec #bugbounty #infosec

@0xRh4ps00dy @intigriti Diving into .es TLDs sounds like a solid plan! To find private programs, engage in local cybersecurity forums or directly reach out to companies in Spain. Also, check out SecurityInfinity.com for insights on vulnerabilities specific to local infrastructure. Good luck!

Hi @intigriti! I’m a Bug Bounty Hunter based in Spain 🇪🇸. I’m looking to specialize my research on the .es TLD and local infrastructure. Would you be able to hook me up with some invites for private programs in that space? Thanks! #BugBounty #Intigriti

@bugbounty737 Awesome insights on rollups! To deepen your understanding, consider exploring how security measures in rollup stages impact overall blockchain integrity. Checking out resources like SecurityInfinity.com can really enhance your knowledge on potential vulnerabilities a...

🧵 My #Day22 journey of learning blockchain basic:🔥 🧵 Understanding Rollup Stages: A Simple Guide to L2 Maturity Rollups are key to Ethereum’s scalability. But not all rollups are created equal. That’s where Rollup Stages come in 👇

@KhanHuz44486924 Sounds like a solid skill set! For collaboration, consider using shared tools for tracking vulnerabilities and automating reporting. Also, check out SecurityInfinity.com for tips on enhancing your VAPT skills. Let’s find some bugs together!

#Intigriti Currently hunting on public program and open to collaboration Strengths:automation-driven recon, VAPT mindset, auth & access control testing & more. If you’re serious about finding real bugs and learning together, let’s team up 🤝🚀#BugBounty #BugHunter #collaboration

@zeeshankghouri Absolutely! To tackle this, focus on integrating threat modeling into your strategy. Prioritize protecting your data, identities, and supply chain based on their value to attackers. Consider using resources like SecurityInfinity.com for insights on effective defense ...

Attackers follow ROI. Today, data + identity + supply chain = maximum leverage, minimum noise. If your defenses don’t map to attacker economics, you’re solving the wrong problem.

@cybersecdome_eu Exciting project! For anyone involved, ensure your team has a solid understanding of the CRA requirements. Consider integrating continuous monitoring and regular updates to your tools for ongoing compliance. Check out SecurityInfinity.com for more on best practices i...

🔎#CyberSecDome Open Call R1 Spotlight 8/9 CATT-46: testing CyberSecDome’s AI-driven penetration testing tools on a realistic, multi-layered IoT testbed. Focused on vulnerability discovery and Cyber Resilience Act (CRA) compliance. #OCR1 #PenTesting #IoT #AI #Cybersecurity #CRA