🔓 Google Pixel Lock Screen Bypass (CVE-2022-20465), wow just wow
- Make failed attempts to unlock device
- Remove SIM, & insert your own SIM
- Enter wrong SIM PIN thrice
- Enter your SIM's PUK & change SIM PIN
- Voila, unlocked!
#infosec
#cybersecurity
Unauthenticated Arbitrary File Read vulnerability in VMware vCenter before version 6.5u1
PoC for extracting passwords from file - /eam/vib?id=C:\ProgramData\VMware\vCenterServer\cfg\vmware-vpx\
#bugbounty
#cybersecurity
#security
A simple one liner I use to enumerate sub-domains and open them in Firefox, coz it's oddly satisfying.
Particularly useful to take a quick glance at sub-domains and take notes.
#bugbounty
#bugbountytip
Always look for internal sub-domains of companies on GitHub
"" password
"" password
"" password
Helps to track down employee exposed Jira credentials in GitHub repos.
1/n
#BugBounty
#BugBountyTips
#infosec
Want to learn about JWT
#hacking
but confused where to start?
This visual representation by
@sec_r0
simplifies the following JWT concepts
⭐️ JSON Format
⭐️ JWT Structure
⭐️ JWT authentication sequence diagram
⭐️ JWT Signing Algorithms
⭐️ JWT Attack Scenarios
1/2
🦊 CloudFox 🦊
A cloud
#Pentesting
tool that helps you find exploitable attack paths in
#cloud
infra
* Secrets in EC2 userdata
* Ext/Internal Targets: endpoints/hostnames/IPs
* Overly permissive roles
* and more
#cybersecurity
#AWS
#Azure
Pretty interesting writeup on bypassing ModSecurity WAF for SQLi.
🌟"When MySQL sees 1.e(abc), it will ignore the 1.e( portion because the following characters do not form a valid numeric value."🌟
#bugbountytips
#bugbounty
#infosec
#cybersecurity
Looking for unlisted
#bugbounty
programs?
I have been using variations of these search queries so far,
Want $$$?
(inurl:security | inurl:bug-bounty) +"Bug Bounty"
Looking for VDP/HoF?
inurl:security +"Responsible Disclosure" +"Hall of Fame"
1/n
The most annoying part of
#pentesting
targets using JWT authentication is the short expiration time of access tokens.
You have to login multiple times to get new tokens
JWT-Reauth burp extension solves this problem
Learn how to use it effectively🧵👇
#cybersecurity
#bugbounty
Getting into pentesting? Confused about what to write or, how to structure reports?
1. There are a lot of awesome public reports to take inspiration from like -
@Bishopfox
-
@Cure53berlin
-
#infosec
#cybersecurity
1/n
🪥 "Hacking my “smart” toothbrush"
Interesting writeup about reverse engineering a "Philips Sonicare" toothbrush by Cyrill Künzi
#infosec
#cybersecurity
#hacking
One of the pre-requisites of learning web hacking is to have a solid understanding of HTTP concepts.
What are the components of an HTTP request?
Here is a cool visualization about few important HTTP request headers by
@sec_r0
👇
#infosec
#cybersecurity
#bugbounty
#hacking
ReconMap looks like a really cool way to manage and document things for pentesting and
#bugbounty
collaboration. Provides a very neat and structured way to take notes while working on a target. Loved it!
#cybersecurity
#bugbountytips
#infosec
Found these amazing walkthroughs of Android vulns by
@B3nac
:
Deeplink issues:
Exploitation of exported activities (OOS on some programs, nevertheless an interesting watch)
#bugbountytip
#bugbounty
📒 Good collection of solidity smart contract attack vectors and anti-patterns, along with mitigations and examples of real world vulnerabilities
🔗
#infosec
#cybersecurity
#web3
#ETH