Most recents (6)

🧵NEW THREAD🧵
Here is how I was able to takeover the whole company's AWS infrastructure under 10 min after a new asset launch at @Hacker0x01 private program

1. I was invited in the morning to a private program at H1 and the program updated the scope in the evening, So I decided to take a look to see if there is something to hack

2. I visited the main website in scope, to my surprise and thanks to @trufflesec Chrome extension Trufflehog which could be found here chrome.google.com/webstore/detai…

Read 11 tweets

mehdisadir

@silentgh00st

🧵NEW Thread🧵

Here is how I found the easiest SQLi and possible RCE in less than 30 min of recon and dorking

1. I was invited to a private program at @Hacker0x01 and the first thing I usually do is to look at the scope and see if it is a wildcard domain or just a small scope.

2. Found that the program accepts all vulnerabilities related to their assets and of course third party assets are OOS

3. I used @leak_ix search engine at leakix.net and used this dork [+target_name ++plugin:"GitConfigHttpPlugin"]
Note : this is used to search for already scanned websites that have /.git exposed

Read 13 tweets

Dawid Moczadło

@kannthu1

A lesser-known yet effective way of #bugbounty hunting is called "hacktivity" hunting. It involves bypassing fixes on disclosed reports found on @Hacker0x01's hacktivity page. This approach helped me score a $5k bounty! Here's how it works.👇

#InfoSec #CyberSecurity

With hacktivity hunting, the hard part - finding interesting behavior or insecure features - is already done for you. Your main role is to find a bypass.

For example, I found a bypass for a report on hackerone.com/reports/949643

#BugBountyTips

The original report tried to restrict access to /admin by restricting the path in Nginx. However, I bypassed it using simple encoding - /%2561dmin. Endpoints required authentication, but I bypassed this by adding ".json" at the end.

#BugBounty #Hacking

Read 8 tweets

SentinelOne

@SentinelOne

🧵Let's talk about #Telegram - here are ten useful cybersecurity groups and channels we watch:

A thread:

1. Cyber Security News (30k+ members)

Cyber Security News is a feed channel for links to breaking news stories across the internet, everything from #TechCrunch to #Portswigger. It’s a one-stop shop for cyber-related news with your morning coffee.

telegram.me/cyber_security…

2. Cyber Security Experts (23k+ members)
A great channel for exchanging #information about #cyber, #IT, and #security. Mainly used to get answers to questions and help other security experts to enhance their security maturity.

t.me/cybersecuritye…

Read 13 tweets

🐞Sara Badran

@SaraBadran18

2FA Bypass Techniques thread 🔥🐞🔓
-------------------------

📌2FA Code Leakage in Response:

You can intercept otp using burpsuite and inspect http response and check if the 2FA code leaked

#hackerone #BugBounty #bugbountytips #BugBountyTip

2. JS File Analysis:
----------------

📌Analyze all the JS Files that are referred in the response to see if any JS file contains information that can help bypass 2FA code.

#hackerone #BugBounty #bugbountytips
#hackeronereport #Bugbountywriteupspublished #BugBountyTip

3. Lack of brute-Force Protection:
-----------------
📌type 2FA code and capture request using burpsuite
📌send request to intruder and send request for 100–200 times .
📌At 2FA Code Verification page, try to brute-force for valid 2FA and see if there is any success.

Read 11 tweets