Shivam Goyal

@g33kyshivam

Programmer | Security Enthusiast | Web Developer

Vrijeme pridruživanja: kolovoz 2016.

Tweetovi

Blokirali ste korisnika/cu @g33kyshivam

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @g33kyshivam

  1. proslijedio/la je Tweet
    prije 4 sata
    Prikaži ovu nit
    Poništi
  2. proslijedio/la je Tweet
    prije 2 sata

    When testing for SSRF using a black list, take internal IP addresses and when encoding them, dont encode entire IP. Encode 1 octet of the IP address, or 2 or 3. For Instance: AWS Metadata - 0251.254.169.254 (this got the $160,000 payout in Oct 2018)

    Prikaži ovu nit
    Poništi
  3. proslijedio/la je Tweet
    prije 9 sati

    When testing for SSRF, change the HTTP version from 1.1 to HTTP/0.9 and remove the host header completely. This has worked to bypass several SSRF fixes in the past.

    Poništi
  4. proslijedio/la je Tweet
    prije 11 sati

    Hey bug hunters! Want a look at some of the top vulnerabilities ever found on ? They just released the last blog post I wrote before leaving. Enjoy!

    Prikaži ovu nit
    Poništi
  5. proslijedio/la je Tweet
    prije 18 sati

    Going to do something off brand: this is my relationship advice thread. 😳 What I wish knew when I was 20.

    Prikaži ovu nit
    Poništi
  6. proslijedio/la je Tweet

    Hurry up, guys!!! The last four days to Submit Call for Nominations and chance to win Xbox, Hak5 gear, PentesterLab Pro Subscription, unique Swags. Submit your bugs for Nomination here

    Poništi
  7. proslijedio/la je Tweet
    prije 17 sati

    Today, we are launching , a series of interviews with hunters. In our first edition, we are discussing logic flaws and with ! 🐸 Who would you like to see interviewed next? Leave a comment! 👇

    Poništi
  8. proslijedio/la je Tweet
    2. velj

    WooT! There is always a way. New short write up! Chain the bugs till you get what you want. Some steps were not mentionned. RT, Like and Comments are appreciated. For any pentest work DM me:) 🎉🎉

    Prikaži ovu nit
    Poništi
  9. proslijedio/la je Tweet
    2. velj

    Instead of flaunting your knowledge and being a know it all use that energy to teach others and encourage others to join the field. Because putting others down just because they don't know something is pretty stupid.

    Prikaži ovu nit
    Poništi
  10. proslijedio/la je Tweet
    2. velj

    This month I learnt how to analyse the JavaScript of a React Native application while bounty hunting. I wanted to share what I found out with everyone else.

    Poništi
  11. proslijedio/la je Tweet
    13. sij

    If a subdomain returns a default/under construction or dead page, it may still be worth to run it through 's getallurl + 's concurl tools to request all URLs & identify any URLs with different response. See image for commands.

    Poništi
  12. proslijedio/la je Tweet
    1. velj

    Important update : CTF will start 1 p.m onwards today. We will start sending the invites from 12:30 p.m . Let us know in case you don't receive it. Get your team ready for some fun!

    Poništi
  13. proslijedio/la je Tweet
    30. sij

    A simple tool to detect wildcards domain based on Amass's wildcards detector. P/s: Thanks for created an awesome tool!

    Poništi
  14. proslijedio/la je Tweet
    31. sij

    Just released a quick tool, wordlistgen, I put together for taking a list of URLs/paths from stdin and parsing components (subdomains, paths, query strings & values) to easily/quickly make contextual content discovery wordlists for

    Prikaži ovu nit
    Poništi
  15. proslijedio/la je Tweet
    31. sij

    Are you ready for the CTF@Seasides tomorrow P.M . We have got amazing Registeration for the CTF, so brace yourself and hack it . Amazing prizes to be won like Xbox.

    Poništi
  16. proslijedio/la je Tweet
    30. sij

    I published another blog today. This is a story about an interesting SQL Injection I found. “A Not-So-Blind RCE with SQL Injection” by Prashant Kumar

    Poništi
  17. proslijedio/la je Tweet
    31. sij
    Odgovor korisnicima i sljedećem broju korisnika:

    This report is also an example i.e sending an array of the email addresses

    Poništi
  18. proslijedio/la je Tweet
    30. sij

    PlaystoreDownloader : A command line tool to download Android applications directly from the Google Play Store : (not affiliated with Google in any way)

    Poništi
  19. proslijedio/la je Tweet

    Need help from people here, about a new tool I am writing to detect any malware attempting to access C2 servers or others breaking into a reverse shell/webshell for desktops Want to know how all one can bypass this? Please RT for more reach

    Prikaži ovu nit
    Poništi
  20. proslijedio/la je Tweet
    30. sij

    Some hunters made over €50.000 in bug bounties with this simple trick. 🤑 Thanks for the , !

    Prikaži ovu nit
    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·