TIL: If you find API keys that look sus but can't quite figure out what service(s) to try with,
@pdnuclei
has 240+ token spray templates which you can pass a single token or a text file of tokens to:
#BugBounty
Big shout out to
@NahamSec
for his SSRF workshop at Defcon. Come back home, started hunting and dropped 2x SSRFs -> RCE with some collabs with
@ajxchapman
I'd always look for it on pen tests but never bug bounty (I have no idea why), and it's massively paid off.
If you wanted a bit more insight into my approach when threat modelling for bug bounty, the LHE scene and how I pick and approach targets, last week's
@ctbbpodcast
HackerNotes is for you:
First LHE down at
#h10131
with
@Hacker0x01
in Scotland. Met some incredibly talented hackers and had a really enjoyable experience.
Massive thank you to the team and
@amazon
for such a great event. Till next time!
In case you missed it, Frans Rosen dropped some GOLD last week on
@ctbbpodcast
covering some fresh research & crazy tips on X-Correlation header injection. Check out the HackerNotes below:
Using Cursor for POC creation, fresh research with some SQLi, encryption oracles, content types for XSS and a $5k clickjacking bounty on Google with a bunch of neat gadgets. Check out last week's
@ctbbpodcast
HackerNotes below:
This week's
@ctbbpodcast
HackerNotes has dropped, covering a bunch of takeaways with Lupin and Justin from Google's BugSwat event in Vegas!
Check it out below:
This week's
@ctbbpodcast
HackerNotes is a banger if CSS injection is on your radar, we've got:
โข Universal RCE - Browser Extensions Research
โข CSPT To XSS
โข Full-time Bug Bounty Blueprint
โข CSS Injection tips, tricks, techniques and writeups
Check it out:
@ctbbpodcast
HackerNotes Ep 76 has dropped! Check out:
๐ HackerOne AWC qualifiers
๐ Zoom ATO deep dive
๐ SharePoint XXE writeup
๐ Shazzer browser fuzzing
๐ก Match & Replace tips, tricks, and techniques
And a bunch more below ๐๐
.
@gr3pme
's threat modelling methodology when approaching new targets.
The goal is to list every possible attack vector, regardless of likelihood, as a reference for future exploration.
This is a powerful yet extremely underrated skill for bug hunters! Take note!
@ctbbpodcast
HackerNotes has landed, covering a bunch of takeaways from some of the research dropped by the PortSwigger team & Orange Tsai. Check it out!
Check out the latest episode of
@ctbbpodcast
HackerNotes! ๐ป Youssef Sammouda shares some invaluable insights on client-side gadgets and tips for ATO. Don't miss out on this one!
Check out the latest
@ctbbpodcast
HackerNotes:
๐ Louis Vuitton LHE & Browser Market Shares
๐ Justin's Bug of the Week
๐ Zero to Hero: 9 Month bug bounty journey with Justinโs Methodology-ish
๐ Intent to ship: Upcoming browser features
Read it here:
๐ปThe
@ctbbpodcast
HackerNotes has just dropped with Sam Curry. Expect tips for finding secondary context bugs, re-framing your perspective when hacking and cool research against ISPs, Tesla, airlines, JS frameworks and a bunch more below! ๐๐
๐ป HackerNotes is back with this week's
@ctbbpodcast
pod episode starring
@JR0ch17
. Check out some cool exploit chains, OAuth bugs and more below!๐๐
We've got another gem from the guys on this week's
@ctbbpodcast
HackerNotes. If you're wondering what gadgets lead to some of the more exotic bugs you read about in writeups, this one is for you! ๐ป
๐ปThe latest
@ctbbpodcast
HackerNotes has just dropped, covering .NET Remoting exploitation, DOM Purify type confusion, dealing with JS obfuscation, and more! ๐
The latest episode of
@ctbbpodcast
HackerNotes is now live! ๐๏ธ Join the guys as they share some seriously good takeaways from the
@Hacker0x01
LHE. Don't miss out - check it out below:
@ctbbpodcast
HackerNotes EP 74 has dropped, covering all things dependency & supply chain from this week's pod with
@0xLupin
including:
๐น Supply chain lifecycle
๐น Supply chain threats
๐น Dependency confusion
๐น Enumeration & attack vectors
And a whole bunch more below! ๐
Last week's
@ctbbpodcast
HackerNotes with MatanBer was packed with client-side hacking tips, including:
โข Using DevTools effectively to analyze a target
โข General client-side hacking tips
โข Common sources and sinks to look out for
โข Dealing with restricted XSS contexts
The latest HackerNotes has dropped! TLDR:
Joel scrapes H1 Bounty Data, Critical Gitlab CVE Leads to ATO, LLM Attacks and Code Review Tips.
@ctbbpodcast
there is a challenge in idekCTF 2024 called srcdoc-memos made by icesfont, it's about iframe, sandbox, CSP, navigation, session history and policy container.
I spent like a week to understand how it works lol, really complex but also interesting.
Missed last week's
@ctbbpodcast
episode? Don't worry, the latest HackerNotes post is packed with WordPress hacking insights from the pod โ from tips and tricks for exploitation and code review to quirky WordPress behaviours. Full write-up and TLDR below ๐
๐จ
@ctbbpodcast
HackerNotes has dropped jampacked with a tonne of research this week, including:
๐ PDF.JS Universal XSS via PDF
๐ NextJS SSRF by AssetNote
๐ฆ Smuggling payloads + Slonser IPV6 Research
๐ DomPurify Bypass
And a whole bunch more. Check it out below! ๐๐
The results are in!๐ฅ
Congratulations to these 32 teams who will move on to the Group Round of the 2024
#AmbassadorWorldCup
! ๐
The next round kicks off at the end of August! Stay tuned for the latest info, and read more about the AWC here.
Excited to explore new web app pentesting opportunities! I'm seeking a mid-level role where I can continue to learn and grow. Looking for fully remote positions (MST timezone). Happy to provide an updated resume and would love to chat about any opportunities!
#JobSearch
BB program: hereโs a user matrix and lots of docs to help you hack!
*reports numerous bugs, referencing the docs*
BB program: Ah the user matrix and docs are wrong. All of this is intended. Closing as informative.
๐
@BadAt_Computers
Something that took me a while to grasp when I first started getting into testing is to learn 1/2 vuln classes at a time, instead of trying to do them all