payloadartist @payloadartist Twitter profile

Pinned Tweet

payloadartist

4 years

If you are tired of googling for #BugBounty writeups, I made a little tool that lets you search writeups easily. You can also pull the search data in JSON format if you need it. #cybersecurity #bugbountytips #infosec #100DaysOfCode

66

1K

2K

Last Seen Profiles

@Regmusicman

@YashMor5

@bobhewko

@MatrixOffline

@WVaChamber

@bokeplokalmalam

@stw_pdg

@iReadAward

@femilonge

@cowcowcow999

@bokeplokalmalam

@hotbatwing

@rebecca_osm

@dnaanes

@sugkeos

@JimForonda

@LarrySonar21

@dexterstepsis

@udrawstarss

@FerialPlaza

@sarabeth816

@ZerlinaMornings

@Scribys11

@JakKinder_2025

@NajamAKhan1

@Nat_VeliguroVa

@ke_skabotha

@pencitaemanedut

@GiuseppeSessi

@MattKin70168766

@stw46

@vauzhao

@Tavpipipipipi

@Hemwik

@BandarStw

@bokeplokalmalam

payloadartist

@payloadartist

2 years

⚠️ Uber apparently got grandly hacked. Attacker basically got access to almost everything (allegedly) - Slack - Google Workspace Admin - AWS Accounts - HackerOne Admin - SentinelOne EDR - vSphere - Financial Dashboards Thread on what we know so far 🧵👇 #Hacking

35

677

2K

payloadartist

@payloadartist

5 years

AWS pentesting Challenges: Windows exploitation challenges: Learning how to use tools: Reverse engineering challenges: Mobile hacking: 1/2

TryHackMe | Cyber Security Training

TryHackMe is a free online platform for learning cyber security, using hands-on exercises and labs, all through your browser!

tryhackme.com

9

605

2K

payloadartist

@payloadartist

2 years

🔓 Google Pixel Lock Screen Bypass (CVE-2022-20465), wow just wow - Make failed attempts to unlock device - Remove SIM, & insert your own SIM - Enter wrong SIM PIN thrice - Enter your SIM's PUK & change SIM PIN - Voila, unlocked! #infosec #cybersecurity

27

362

1K

payloadartist

@payloadartist

3 years

Why you should never ever ever use pixelation as a redaction technique 🙈 #infosec #cybersecurity #dataprivacy

9

466

1K

payloadartist

@payloadartist

3 years

☁️ Awesome Cloud Security ⚔️ Collection of awesome #Cloud security tools, standards, and other resources 🔗 #cloudsecurity #DevOps #Pentesting #infosec #cybersecurity

4

428

915

payloadartist

@payloadartist

4 years

Useful Google Dorks for #BugBounty - site: intext:company site: inurl:company site: inurl:company site: inurl:company site: inurl:company #cybersecurity

6

279

889

payloadartist

@payloadartist

5 years

10

303

816

payloadartist

@payloadartist

3 years

Good collection of #Pentesting resources and #pentest checklist by @Six2dez1 🙌 #bugbounty #cybersecurity #infosec

7

292

745

payloadartist

@payloadartist

4 years

Unauthenticated Arbitrary File Read vulnerability in VMware vCenter before version 6.5u1 PoC for extracting passwords from file - /eam/vib?id=C:\ProgramData\VMware\vCenterServer\cfg\vmware-vpx\ #bugbounty #cybersecurity #security

5

308

701

payloadartist

@payloadartist

4 years

Some awesome wordlists for fuzzing and dir bruteforce: (By @nullenc0de ) (By @Jhaddix ) (By @i_bo0om #bugbounty #bugbountytip

4

266

613

payloadartist

@payloadartist

4 years

Useful GitHub dorks for #BugBounty "company name" db_password "company name" "Authorization: Bearer" "company name" filename:vim_settings.xml "company name" language:shell "company name" language:python "company name" fb_secret #cybersecurity #infosec #bugbountytips

5

187

614

payloadartist

@payloadartist

2 years

⚔️ List of Top 25 parameters for finding: - XSS - SSRF - LFI - SQLi - RCE - Open Redirects Useful for fuzzing. #bugbounty #infosec #cybsersecurity #redteam #pentesting

9

174

598

payloadartist

@payloadartist

2 years

This is simply one of the best resources on AD #Pentesting that I came across! It contains nearly all you need to know about attacking Active Directory Very useful if you are prepping for OSCP #infosec #cybersecurity #redteam #Azure #blueteam #Linux

19

222

588

payloadartist

@payloadartist

6 years

#1 . Online #OSINT CheckList [Reconnaissance] - * Dnstrails * * Google ASE aka Google Dorking * Pentest-tools * Dnsdumpster * VirusTotal * * Dnsgoodies #security #infosec #bugbounty #enumeration #pentest #redteam #cybersecurity

10

234

561

payloadartist

@payloadartist

3 years

✨ Malware-Gems by @0x4143 Collection of #Malware analysis, reverse engineering and CTF cheatsheets, tools, and other cool resources. 🔗 #infosec #cybersecurity #dfir #redteam #Pentesting

6

250

530

payloadartist

@payloadartist

2 years

I gave ChatGPT a code snippet And asked how I could exploit a vulnerability in it Tbh I'm blown away by the potential of this tool for #cybersecurity use cases🤯 #bugbounty #hacking #infosec #gptchat

17

109

486

payloadartist

@payloadartist

3 years

If you're planning to hunt on Apple #bugbounty program and confused where to start. I scraped some assets from their #security acknowledgements page (roughly 414 domains and sub-domains) #bugbounty #infosec #cybersecurity #bugbountytips #100daysofcode

12

267

477

payloadartist

@payloadartist

5 years

6

138

471

payloadartist

@payloadartist

2 years

Browser #Hacking is a very interesting field of security research. How to get started in browser security? 🧵👇 #cybersecurity #bugbounty

26

162

471

payloadartist

@payloadartist

2 years

🕵️ Collection of 4000+ OSINT resources 🔗 #OSINT #redteam #Pentesting #bugbounty #infosec #cybersecurity

13

178

470

payloadartist

@payloadartist

4 years

A simple one liner I use to enumerate sub-domains and open them in Firefox, coz it's oddly satisfying. Particularly useful to take a quick glance at sub-domains and take notes. #bugbounty #bugbountytip

3

178

458

payloadartist

@payloadartist

2 years

Great collection of security tools ⚙️👇 by @gwendallecoguic #infosec #cybersecurity #bugbounty #cybersecuritytips #bugbountytips

13

146

447

payloadartist

@payloadartist

3 years

📖 Cybersecurity Handbook: handy reference for beginners on attack explanations, tooling, etc. #cybersecurity #infosec #Pentesting

3

146

441

payloadartist

@payloadartist

3 years

⚔️ Awesome Hacking - Huge collection of resources on #Pentesting , #DFIR , #IoT , #bugbounty , etc. #cybersecurity #infosec

7

189

416

payloadartist

@payloadartist

8 months

🔥 Fuzzing and Bypassing the AWS WAF Interesting writeup by the @sysdig team on building an automated fuzzing tool to trigger XSS by bypassing the AWS WAF Fuzzer: #bugbountytips #bugbounty #infosec #cybersecurity

3

128

419

payloadartist

@payloadartist

6 years

#BugBountyTip : Curated List of Amazing @Burp_Suite extensions! Testing apps? Java Deserialisation? #security #infosec #bugbounty #exploit #pentest #redteam

GitHub - snoopysecurity/awesome-burp-extensions: A curated list of amazingly awesome Burp Extensions

A curated list of amazingly awesome Burp Extensions - snoopysecurity/awesome-burp-extensions

github.com

2

197

405

payloadartist

@payloadartist

4 years

Some cool #cybersecurity labs by @digininja for learning web #security topics - Web Cache Poisoning Vulnerable LDAP CORS GraphQL PostMessage #bugbounty

HTML5 postMessage Lab - DigiNinja

A set of challenges and vulnerabilities based around the HTML5 postMessage funcationality. Full walk throughs for the labs are included on the site.

html5.digi.ninja

0

173

408

payloadartist

@payloadartist

6 years

#BugBountyTip : Found an SSRF #vulnerability in a Jira instance, now what? Right! #RCE like a boss 8) - [Only for Docker deployments] http://[::1]:2375/containers/json - might get you the docker credentials in the form of env variables! #bugbounty #infosec #security #hacking

8

165

403

payloadartist

@payloadartist

3 years

🔥 Good collection of vulnerable apps, tools, checklists and other resources for #Android #Pentesting 🔗 #cybersecurity #infosec #pentest

5

171

391

payloadartist

@payloadartist

2 years

📂 Attacking File Uploads in Modern Web Applications, nice primer and cheatsheet for testing common file upload vulnerabilities by @snap_sec #pentesting #bugbounty #cybersecurity #redteam

10

160

380

payloadartist

@payloadartist

5 years

Brilliant challenges by @digininja Based on Authentication Bypass: - IP Address Based - Timing/side-channel Attacks - JWT - Based on CVE-2019-7644

Authentication Lab - DigiNinja

A set of authentication challenges covering a range of different technologies.

authlab.digi.ninja

2

155

381

payloadartist

@payloadartist

4 years

Always look for internal sub-domains of companies on GitHub "" password "" password "" password Helps to track down employee exposed Jira credentials in GitHub repos. 1/n #BugBounty #BugBountyTips #infosec

4

125

365

payloadartist

@payloadartist

7 months

⚙ Dorky Came across a recon tool I made a few years back for generating Google dorks, and automatically open the dorks in new tabs. 1/n #infosec #cybersecurity #bugbountytips #bugbounty

2

128

364

payloadartist

@payloadartist

2 years

Damn Vulnerable C Program Contains vulnerabilities like integer overflow, UAF, OOB read, etc. by @hardik05 #infosec #cybersecurity #bugbounty #cybersecuritytips

4

109

362

payloadartist

@payloadartist

1 year

⚒️ All For One Tool for collecting Nuclei templates from various repositories into one place. Pretty cool! h/t @Jhaddix #bugbountytips #bugbounty #cybersecurity

7

107

337

payloadartist

@payloadartist

2 years

🦀 Offensive Rust Code examples of implant development and, general offensive operations written in #rustlang for #redteam engagements #infosec #cybersecurity #100DaysOfCode

4

100

332

payloadartist

@payloadartist

2 years

Want to learn about JWT #hacking but confused where to start? This visual representation by @sec_r0 simplifies the following JWT concepts ⭐️ JSON Format ⭐️ JWT Structure ⭐️ JWT authentication sequence diagram ⭐️ JWT Signing Algorithms ⭐️ JWT Attack Scenarios 1/2

3

88

321

payloadartist

@payloadartist

2 years

🦊 CloudFox 🦊 A cloud #Pentesting tool that helps you find exploitable attack paths in #cloud infra * Secrets in EC2 userdata * Ext/Internal Targets: endpoints/hostnames/IPs * Overly permissive roles * and more #cybersecurity #AWS #Azure

3

89

311

payloadartist

@payloadartist

3 years

✨ Offensive Security Cheatsheet Good collection of useful methodologies, #bugbountytips and resources for #Pentesting , #bugbounty , and #redteam 🔗 #infosec #cybersecurity #100DaysOfCode #DFIR

2

204

298

payloadartist

@payloadartist

3 years

Don't forget to use the handy Burp Proxy Match and Replace rules for finding #Log4Shell , while browsing targets. Pretty simple but effective. #bugbountytips #bugbounty #infosec #cybersecurity #log4j

5

103

290

payloadartist

@payloadartist

4 years

“How I hacked Facebook: Part 1” — Interesting SSO Bypass through admin password reset. #Facebook #infosec #bugbounty

How I hacked Facebook: Part One

We’ve been in this pandemic since March and once the pandemic started I was having plenty of free time, And I need to use that time wisely…

infosecwriteups.com

5

57

295

payloadartist

@payloadartist

2 years

📔 Frida Handbook, a great resource covering @fridadotre binary instrumentation basics to advanced concepts. #infosec #cybersecurity #bugbounty #Pentesting

1

113

295

payloadartist

@payloadartist

3 years

Pretty interesting writeup on bypassing ModSecurity WAF for SQLi. 🌟"When MySQL sees 1.e(abc), it will ignore the 1.e( portion because the following characters do not form a valid numeric value."🌟 #bugbountytips #bugbounty #infosec #cybersecurity

3

137

296

payloadartist

@payloadartist

3 years

Found this awesome collection of #bugbounty one-liners by @dwisiswant0 . It covers everything, starting from reconnaissance to finding specific bugs. A thread about the ones I found useful in this repo 👇 #infosec #cybersecurity #bugbountytips 1/n

3

131

287

payloadartist

@payloadartist

6 months

Open redirect to XSS and Account takeover (ATO) in TikTok Bounty: $5k By @them7x #bugbountytips #bugbounty #cybersecurity

2

63

289

payloadartist

@payloadartist

5 years

Running a bucket brute-force? This helps to find sensitive files: (inurl:target_domain OR intext:company_keyword) & site: & (ext:pdf | ext:xls | ext:txt | ext:doc)

3

118

284

payloadartist

@payloadartist

5 years

Looking for unlisted #bugbounty programs? I have been using variations of these search queries so far, Want $$$? (inurl:security | inurl:bug-bounty) +"Bug Bounty" Looking for VDP/HoF? inurl:security +"Responsible Disclosure" +"Hall of Fame" 1/n

6

99

279

payloadartist

@payloadartist

5 years

Incapsula WAF bypass by @daveysec <svg onload\r\n=$.globalEval("al"+"ert()");>

3

110

272

payloadartist

@payloadartist

2 years

💉 SSH Key Injection Vulnerability In Google Cloud Compute Engine By @sivaneshashok @kl_sree #infosec #bugbounty #bugbountytips #Hacking #CloudComputing

4

90

273

payloadartist

@payloadartist

2 years

Working Directory Brute-Force Tool Built By ChatGPT 🤯👇 🧵 1/4 #infosec #cybersecurity #bugbounty #hacking

11

78

270

payloadartist

@payloadartist

4 years

Looks like a very handy browser extension for #bugbounty hunting and #security testing, with cool features like payload reference (w/ easy copy paste), hash generator, and URL encoder. #cybersecurity #BugBountyTips #infosec h/t @harshbothra_

3

115

260

payloadartist

@payloadartist

2 years

Uber seems to have a number of new job openings in Threat Detection, Incident Response, and SOC roles since yesterday 🤔 #cybersecurity #infosecjobs #uberhack

8

37

256

payloadartist

@payloadartist

6 years

Getting familiar with Windows #Exploit Dev: Basic Intro - SEH - ROP - Some nice content by @FuzzySec ... #infosec #tech #redteam #pentesting

1

98

255

payloadartist

@payloadartist

4 years

Hopscotch is a handy tool for API #security testing #bugbounty #bugbountytips #infosec

7

77

253

payloadartist

@payloadartist

2 years

The most annoying part of #pentesting targets using JWT authentication is the short expiration time of access tokens. You have to login multiple times to get new tokens JWT-Reauth burp extension solves this problem Learn how to use it effectively🧵👇 #cybersecurity #bugbounty

7

91

247

payloadartist

@payloadartist

3 years

If you have a Struts2 target, you can try to find if its vulnerable to #Log4Shell curl -vv -H "If-Modified-Since: \${jndi:ldap://localhost:80/abc}" http://localhost:8080/struts2-showcase/struts/utils.js #bugbountytips #log4jRCE #bugbounty #infosec #cybersecurity #redteam 1/n

2

87

239

payloadartist

@payloadartist

3 years

Getting into pentesting? Confused about what to write or, how to structure reports? 1. There are a lot of awesome public reports to take inspiration from like - @Bishopfox - @Cure53berlin - #infosec #cybersecurity 1/n

1

100

240

payloadartist

@payloadartist

2 years

📂 Arbitrary File Upload Tricks In Java based applications, especially useful in evading WAF detections #infosec #cybersecurity #bugbounty #Pentesting #redteam

3

98

246

payloadartist

@payloadartist

3 years

⚔️ Awesome security hardening: collection of awesome security hardening guides, best practices, checklists, benchmarks, tools and other resources #infosec #cybersecurity #Pentesting #DFIR

1

95

241

payloadartist

@payloadartist

3 years

The amazing @zseano is now offering his #bugbounty methodology book for free, which was part of @BugBountyHunt3r 's paid package! I like his simple, no bullsh*t way of explaining things. A must read👇 #infosec #CyberSecurity #bugbountytips 1/n

6

99

236

payloadartist

@payloadartist

2 years

⚙️Free Radare2 Reverse Engineering course #infosec #cybersecurity #Pentesting #redteam #dfir #Malware

7

86

231

payloadartist

@payloadartist

5 years

An awesome XSS payload by @kinugawamasato : <noscript><p title="</noscript><img src=x onerror=alert(1)>"> #security #bugbounty #infosec #technology

2

89

225

payloadartist

@payloadartist

5 years

Sensitive stuff shared on G Drive: site: <your_keyword> Sensitive data within open directories: #OSINT #infosec

2

98

231

payloadartist

@payloadartist

2 years

⚛️ Nuclei Template Generator Burp Plugin ⭐ Very useful Burp Extension for generating @pdnuclei templates on the fly from requests in Burp Suite #BugBounty #BugBountyTips #InfoSec #CyberSecurity #Hacking #Pentesting

4

95

228

payloadartist

@payloadartist

2 years

🚩CI/CD Goat, a deliberately vulnerable CI/CD environment for learning Top 10 CI/CD security risks #infosec #cybersecurity #appsec #pentesting #redteam #DevSecOps

0

81

231

payloadartist

@payloadartist

6 years

Webmap - A web dashboard to view #Nmap (XML) reports! Nice shit... #security #infosec #bugbounty #bugbountytip #pentest #cybersecurity #hacking

0

130

229

payloadartist

@payloadartist

3 years

⚔️ Bypassing XSS detection mechanisms An old but gold paper by @s0md3v , helpful for understanding different contexts and bypassing WAF and XSS filtering mechanisms. 🔗 #infosec #cybersecurity #bugbounty #bugbountytips #Pentesting

1

96

225

payloadartist

@payloadartist

2 years

Missed an awesome BlackHat USA 2022 talk? Collection of all #BlackHat talks and research papers 📚👇 #Hacking #Cybersecurity #infosec

8

79

226

payloadartist

@payloadartist

2 years

🔑 Awesome Cheat Sheet of Default Credentials 📈 Contains default creds for 3445 products ✅ Actively maintained & updated Useful for #bugbounty , #security assessments, #pentest & #redteam engagements #bugbountytips #cybersecurity #infosec #pentesting

10

99

226

payloadartist

@payloadartist

6 years

A Handy #security #BugBounty reference on: - Recon - SQLi - XXE (OOB) - #XSS , generic payloads - CSP Bypass - CSRF -> Stored #XSS - CORS - Heartbleed - IDOR - File Upload Based vulns - Deserialisation - CSVi - LFI - RCE - misc stuff...

Web Application Penetration Testing Notes

XXE Valid use case This is a non-malicious example of how external entities are used: ]> &c; Resource: https://xmlwriter.net/xml_guide/entity_declaration.shtml Testing methodology Once you’ve...

techvomit.net

1

95

220

payloadartist

@payloadartist

2 years

🪲 Account Takeover Through Password Reset Poisoning In Hubspot By @OmarHashem666 #infosec #cybersecurity #bugbounty #bugbountytips #hacking

6

77

223

payloadartist

@payloadartist

4 years

Here’s how I exploited an SSRF in a web app and with a little tinkering, was able to extract the private data of almost all users. Thread 👇👇👇 #BugBounty #BugBountyTip #infosec #Security

4

61

221

payloadartist

@payloadartist

1 year

🪥 "Hacking my “smart” toothbrush" Interesting writeup about reverse engineering a "Philips Sonicare" toothbrush by Cyrill Künzi #infosec #cybersecurity #hacking

2

55

220

payloadartist

@payloadartist

7 months

🛠 In the market for a Burp alternative? Just came across Groxy by @glitchedgitz , and it looks rad 👇 It uses open source tools such as proxify, JSLuice, and ffuf under the hood. #bugbountytips #bugbounty #cybersecurity

3

75

222

payloadartist

@payloadartist

1 year

🪲 Account Takeover On Booking .com By @AviadCarmel #infosec #bugbounty #cybersecurity

1

62

222

payloadartist

@payloadartist

2 years

One of the pre-requisites of learning web hacking is to have a solid understanding of HTTP concepts. What are the components of an HTTP request? Here is a cool visualization about few important HTTP request headers by @sec_r0 👇 #infosec #cybersecurity #bugbounty #hacking

0

80

214

payloadartist

@payloadartist

2 years

⚙️ Caido Looks like a promising alternative to Burp Suite with a neat UI and handy features. #bugbounty #bugbountytips #cybersecurity #infosec #hacking

6

55

211

payloadartist

@payloadartist

1 year

Reversing C++ Binaries Training By @0xgalz #infosec #cybersecurity #hacking

4

73

210

payloadartist

@payloadartist

3 years

Interesting technique for exploiting PHP LFI by abusing Nginx's client body buffering feature #infosec #cybersecurity #bugbounty #bugbountytips

1

67

206

payloadartist

@payloadartist

1 year

🧪 30 API Security Test Cases 📽️ With video guides By @Aktodotio #infosec #cybersecurity #pentesting #bugbounty

3

82

208

payloadartist

@payloadartist

3 years

⭐️ Damn Vulnerable DeFi challenges: Great challenges to build your #DeFi smart contract audit skills #infosec #cybersecurity #Ethereum #web3

2

64

204

payloadartist

@payloadartist

2 years

If you're into RE, here's an interesting writeup by @momo5502 on reverse engineering integrity checks in CoD Black Ops 3 👇 #infosec #cybersecurity #hacking #gamedev

2

53

203

payloadartist

@payloadartist

2 years

👨‍🎓 Good collection of free courses, tools, books and useful resources on #Malware analysis, and exploit dev #infosec #cybersecurity #DFIR #redteam

4

87

201

payloadartist

@payloadartist

4 years

ReconMap looks like a really cool way to manage and document things for pentesting and #bugbounty collaboration. Provides a very neat and structured way to take notes while working on a target. Loved it! #cybersecurity #bugbountytips #infosec

7

78

203

payloadartist

@payloadartist

2 years

Awesome 4 Day Rust Course From Android team's internal training, covering basic syntax to advance topics 👇 #rustlang #100DaysOfCode

5

58

207

payloadartist

@payloadartist

4 years

Found these amazing walkthroughs of Android vulns by @B3nac : Deeplink issues: Exploitation of exported activities (OOS on some programs, nevertheless an interesting watch) #bugbountytip #bugbounty

Android Deeplinks and how to exploit them

In this video we go over what deeplinks are and ways they can be exploited. PoC examples and example reports are also reviewed.

www.youtube.com

2

68

201

payloadartist

@payloadartist

2 years

⚛️ 0-click RCE in Electron Applications #bugbounty #infosec #cybersecurity #Pentesting

3

55

199

payloadartist

@payloadartist

2 years

CORS is a very important web security concept. It is used for allowing/rejecting cross-domain requests. Here is a simplified visualization of CORS 👇 #bugbounty #infosec #cybersecurity #Hacking Image credits: @sec_r0

8

75

197

payloadartist

@payloadartist

3 years

$15,000 #bugbounty for three bugs in Facebook Nearby Friend feature, by Yavor Rusev #infosec #cybersecurity

1

81

194

payloadartist

@payloadartist

2 years

Good How-To Guide on DNS Takeovers by @hakluke & @pyr0cc * DNS Takeover Concepts * Detection * Automation, with an example @pdnuclei template * Mitigation #bugbounty #infosec #cybersecurity #Hacking #Pentesting #bugbountytips

A Guide to DNS Takeovers: The Misunderstood Cousin of Subdomain Takeovers

Introduction Let's start with this: A DNS takeover is not the same as a subdomain takeover. Subdomain takeovers are old news. Hackers who caught onto them early made busloads of bounties by automat...

blog.projectdiscovery.io

2

74

196

payloadartist

@payloadartist

2 years

🛡️ API Security Empire, good collection of API #pentesting mind-maps by @thecyberguy0 ⭐️ Recon 🔨 API security testing tools ⭐️ Attacking RESTful & SOAP ⭐️ Attacking GraphQL #infosec #cybersecurity #bugbounty #redteam

3

82

193

payloadartist

@payloadartist

2 years

⚙️ XSSHunter service is deprecated. Now what? 👇(1/2) @trufflesec launched a better version of it with more checks - CORS - Secrets on the page the payload fires - Exposed .git directory #bugbounty #infosec #cybersecurity #redteam #bugbountytips

4

56

192

payloadartist

@payloadartist

3 months

☁ gcpwn New cloud pentesting framework for GCP similar to Pacu (for AWS) By @WebbinRoot #cybersecurity #redteam #pentesting

0

61

197

payloadartist

@payloadartist

4 years

Advanced XXE Exploitation - Nice resource for trying out XXE #security vulnerabilities #bugbounty #cybersecurity #infosec

Advanced XXE Exploitation

Workshop on XML External Entity attacks. 5 exercises with different techniques and tricks to reach RCE.

gosecure.github.io

4

81

187

payloadartist

@payloadartist

6 years

AWS #XSS WAF #bypass by @neeraj_sonaniya Just prepend <! to your #XSS payload. eg: <!<script>alert(1)</script> #BugBounty #bugbountytip #InfoSec #tech #CyberSecurity

2

82

186

payloadartist

@payloadartist

2 years

🪙 Owasp Cheat Sheet Series: Goldmine of resources on application security for implementing controls. Covers 78 topics such as: - XSS - AuthZ - Input Validation - MFA, and so on #infosec #cybersecurity #appsec #bugbounty #pentesting

6

76

184

payloadartist

@payloadartist

3 years

🐳 Collection of Hundreds of Offensive and Useful Docker Images of tools for #Pentesting and recon 🔗 #bugbounty #infosec #cybersecurity #redteam

1

78

182

payloadartist

@payloadartist

3 years

📒 Good collection of solidity smart contract attack vectors and anti-patterns, along with mitigations and examples of real world vulnerabilities 🔗 #infosec #cybersecurity #web3 #ETH

1

76

176

payloadartist

@payloadartist

1 year

🍪 Cookieless DuoDrop: IIS Auth Bypass & App Pool Privesc in Framework (CVE-2023-36899) Interesting vulnerabilities found by @irsdl #infosec #bugbounty #bugbountytips #cybersecurity

1

53

177