Tweetovi
- Tweetovi, trenutna stranica.
- Tweetovi i odgovori
- Medijski sadržaj
Blokirali ste korisnika/cu @ameenmaali
Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @ameenmaali
-
Prikvačeni tweet
Just released a quick tool, wordlistgen, I put together for taking a list of URLs/paths from stdin and parsing components (subdomains, paths, query strings & values) to easily/quickly make contextual content discovery wordlists for
#bugbountyhttps://github.com/ameenmaali/wordlistgen …Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Shout out to
@rez0__ for stopping me in my tracks early before the refining/optimization rabbit hole and letting me know@TomNomNom has already done this incredibly well! Still decided to release since it was done, and my first completed Golang tool. Ty Tom for the inspiration!Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Try not to compare yourself with others. Not only does everyone learn at their own pace, but people come from different experiences. Thinking you are bad/not cut out for it because it’s taking you longer is just flawed. As long as you’re learning and enjoying it, you’re fine! 2/2
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
I always see the question “how long did it take to find your first bug?” - To be honest, the answers are rarely going to be useful. It may take someone with several years of relevant experience 1 day, or someone brand new to tech/security 6 months. 1/2
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Ameen proslijedio/la je Tweet
Hacker tip: when you’re looking for IDORs in a model that references another model, try storing IDs that don’t exists yet. I’ve seen a number of times now that, because the model can’t be found, the system will save the ID. (1/2)
#TogetherWeHitHarderPrikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Ameen proslijedio/la je Tweet
Since I recently found my first bug I've decided to write about my journey and how I got started as someone with no background in IT. I hope this can help others starting out! https://klarsen.net/uncategorized/from-0-to-bug-hunter-my-journey/ …
#BugBountyHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Barely made it, but finished in the top 50 for 2019 on
@Hacker0x01
. Thankful for all the helpfulness in this community to help each other learn, particularly the #hacker101 discord server which is an awesome place to learn and meet otherspic.twitter.com/0t9r1s8FVI
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Very fun first year in the bug bounty world! Check out my 2019 Year In Review on
@Hacker0x01: https://hackerone.com/neema/year-in-review …!#TogetherWeHitHarderHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Big congrats to
@spaceraccoonsec! Seeing his progress over the last year is mind boggling. Top 100 in your first year
https://twitter.com/spaceraccoonsec/status/1210932261958209539 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Wrote and just released a simple tool wrapping one of my favorites, LinkFinder. “endpointdiff” will help to discover differences between old & new JS files to determine if any endpoints were removed/added. https://github.com/ameenmaali/endpointdiff …
#bugbountyHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
#BugBounty2020Goals 1) Get out of comfort zone and learn more advanced bug classes 2) Focus less on metrics and more on quality/learning to avoid burnout 3) With ^ said, focus on quality: maintain 7 signal for 2020 4) Attend a live hacking event w/@Hacker0x01 and collab moreHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Interesting open redirect I recently found: x. com/?u=x. com&u=
@evil.com The first occurrence of the u param checked for a whitelisted value, but the second wasn’t. Each u value was appended with a comma in between (http://x.com ,@evil.com)#bugbountytip#bugbountyHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Been out of the bounty game a few months now but loving the new stats
@Hacker0x01 is adding. Next goal as I get back at it: pump up these rookie crit numberspic.twitter.com/cU4wLa0Iy6
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
When you submit a critical SSRF with metadata access and it’s a dupe of a report starting with a 2...aka nearly 3 years ago
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Finding good bugs on a Friday is brutal
#triagepls#refreshaholic#impatientHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
For those asking, it was a pretty simple ssrf. Found an endpoint in a JS file with url param. Worked for POST only, so needed to add an empty {} body and content-type. Direct access to the metadata ip or hostname with an A record didn’t work. Used url shortener to bypass
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Is there anything in
#bugbounty more beautiful than seeing this?
pic.twitter.com/XR2WuLfpDv
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Ameen proslijedio/la je Tweet
Have you ever thought to yourself: “You know what, I’m really curious what the methodology for finding bugs that an average bug hunter who focuses on depth rather breath looks like!” Well, now is your chance to see! https://medium.com/a-bugz-life/bug-hunting-methodology-from-an-average-bug-hunter-6eb7b5d41a6f …
#bugbountytip#bugbountyHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Easiest and luckiest bug I’ve ever found
- Login page w/o registration > Parse JS files w/ LinkFinder > Notice Jira/Confluence link > Open registration to public > Many credentials. Yay, I was awarded a $2,500 bounty on @Hacker0x01! https://hackerone.com/neema#TogetherWeHitHarderHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
I think is the first time I underrated a bug and the triager bumped up the severity
- Decided to do some hunting during lunch for the first time in a few weeks and this consequently was a part of 2 of the easiest bugs I’ve ever found, and within 10 minutes.pic.twitter.com/LzZAMqN48E
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.