Ameen

@ameenmaali

appsec infant, bug bounty fetus - Blog: ()

United States
Vrijeme pridruživanja: listopad 2018.

Tweetovi

Blokirali ste korisnika/cu @ameenmaali

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @ameenmaali

  1. Prikvačeni tweet
    31. sij

    Just released a quick tool, wordlistgen, I put together for taking a list of URLs/paths from stdin and parsing components (subdomains, paths, query strings & values) to easily/quickly make contextual content discovery wordlists for

    Prikaži ovu nit
    Poništi
  2. 31. sij

    Shout out to for stopping me in my tracks early before the refining/optimization rabbit hole and letting me know has already done this incredibly well! Still decided to release since it was done, and my first completed Golang tool. Ty Tom for the inspiration!

    Prikaži ovu nit
    Poništi
  3. 30. sij

    Try not to compare yourself with others. Not only does everyone learn at their own pace, but people come from different experiences. Thinking you are bad/not cut out for it because it’s taking you longer is just flawed. As long as you’re learning and enjoying it, you’re fine! 2/2

    Prikaži ovu nit
    Poništi
  4. 30. sij

    I always see the question “how long did it take to find your first bug?” - To be honest, the answers are rarely going to be useful. It may take someone with several years of relevant experience 1 day, or someone brand new to tech/security 6 months. 1/2

    Prikaži ovu nit
    Poništi
  5. proslijedio/la je Tweet
    28. sij

    Hacker tip: when you’re looking for IDORs in a model that references another model, try storing IDs that don’t exists yet. I’ve seen a number of times now that, because the model can’t be found, the system will save the ID. (1/2)

    Prikaži ovu nit
    Poništi
  6. proslijedio/la je Tweet
    2. sij

    Since I recently found my first bug I've decided to write about my journey and how I got started as someone with no background in IT. I hope this can help others starting out!

    Poništi
  7. 1. sij

    Barely made it, but finished in the top 50 for 2019 on 🙌. Thankful for all the helpfulness in this community to help each other learn, particularly the discord server which is an awesome place to learn and meet others

    Poništi
  8. 30. pro 2019.

    Very fun first year in the bug bounty world! Check out my 2019 Year In Review on : !

    Poništi
  9. 28. pro 2019.

    Big congrats to ! Seeing his progress over the last year is mind boggling. Top 100 in your first year 👌

    Poništi
  10. 27. pro 2019.

    Wrote and just released a simple tool wrapping one of my favorites, LinkFinder. “endpointdiff” will help to discover differences between old & new JS files to determine if any endpoints were removed/added.

    Poništi
  11. 26. pro 2019.

    1) Get out of comfort zone and learn more advanced bug classes 2) Focus less on metrics and more on quality/learning to avoid burnout 3) With ^ said, focus on quality: maintain 7 signal for 2020 4) Attend a live hacking event w/ and collab more

    Poništi
  12. 8. stu 2019.

    Interesting open redirect I recently found: x. com/?u=x. com&u=.com The first occurrence of the u param checked for a whitelisted value, but the second wasn’t. Each u value was appended with a comma in between (,.com)

    Poništi
  13. 8. stu 2019.

    Been out of the bounty game a few months now but loving the new stats is adding. Next goal as I get back at it: pump up these rookie crit numbers

    Poništi
  14. 16. ruj 2019.

    When you submit a critical SSRF with metadata access and it’s a dupe of a report starting with a 2...aka nearly 3 years ago 🙃

    Poništi
  15. 13. ruj 2019.

    Finding good bugs on a Friday is brutal

    Poništi
  16. 4. ruj 2019.

    For those asking, it was a pretty simple ssrf. Found an endpoint in a JS file with url param. Worked for POST only, so needed to add an empty {} body and content-type. Direct access to the metadata ip or hostname with an A record didn’t work. Used url shortener to bypass

    Prikaži ovu nit
    Poništi
  17. 4. ruj 2019.

    Is there anything in more beautiful than seeing this? 😅

    Prikaži ovu nit
    Poništi
  18. proslijedio/la je Tweet
    20. kol 2019.

    Have you ever thought to yourself: “You know what, I’m really curious what the methodology for finding bugs that an average bug hunter who focuses on depth rather breath looks like!” Well, now is your chance to see!

    Poništi
  19. 19. kol 2019.

    Easiest and luckiest bug I’ve ever found 🙂 - Login page w/o registration > Parse JS files w/ LinkFinder > Notice Jira/Confluence link > Open registration to public > Many credentials. Yay, I was awarded a $2,500 bounty on !

    Poništi
  20. 15. kol 2019.

    I think is the first time I underrated a bug and the triager bumped up the severity 😅 - Decided to do some hunting during lunch for the first time in a few weeks and this consequently was a part of 2 of the easiest bugs I’ve ever found, and within 10 minutes.

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·