740i

I was tired of outdated XSS cheat sheets that don't touch on frameworks, html5, filter bypasses and other important stuff, so I made my own. I hope you find it as useful as I do. :) https://netsec.expert/2020/02/01/xss-in-2020.html … #bugbountytipspic.twitter.com/Mdygq1PI9Z

oneliner to retrieve ASN numbers of a company. #bugbountytips (ls /tmp/GeoLite2-ASN-CSV.zip||wget --quiet -P /tmp "https://geolite.maxmind.com/download/geoip/database/GeoLite2-ASN-CSV.zip …") 2>&1|grep X; unzip -c /tmp/GeoLite2-ASN-CSV.zip|grep -i airbnb|cut -d ',' -f 2|sort -fu https://pastebin.com/G44mnY2x pic.twitter.com/VjesAUOVLN

Quick and dirty way to find parameters vulnerable to LFI & Path Traversal & SSRF & Open Redirect: Burp Search > Regex \?.*=(\/\/?\w+|\w+\/|\w+(%3A|:)(\/|%2F)|%2F|[\.\w]+\.\w{2,4}[^\w]) Suggestions are welcome.pic.twitter.com/E0nEDFeUaM

#bugbountytip decompile android app. and go to : Resources > resources.arsc > res > values > strings.xml search for *.firebaseio.com in xml file. ,and open browser try https://*.firebaseio.com/.json , you might find read access to database there. #bugbountytips .pic.twitter.com/eZPSqnAbWV

No telnet or netcat/nc? Use curl with telnet://host:port :)pic.twitter.com/b3lMJy2aee

As promised, posting the next lazy write-up, this is how I went from Git to RCE. Bounty: $3500 #bug #bughunter #bugbounty #bounty If you enjoy these and want to see more, I will be posting others soon again.pic.twitter.com/4rVnvSfjKw

Return a list of endpoints from a swagger.json. Pass them to your fuzzer(s), +profit? curl -s hxxps://petstore.swagger.io/v2/swagger.json | jq '.paths | keys[]' #bugbounty #bugbountytips #redteam #security #oneliner #bashpic.twitter.com/8gCAMl9uY8

I wrote up a POC, WindfarmDynamite, to educate myself on process injection using WNF. This work is based on the great research by @aionescu / @pwissenlit and the awesome work by modexp . For further details check out the GitHub page => https://github.com/FuzzySecurity/Sharp-Suite …pic.twitter.com/WJaQFfl6Mu