OWASP Villain #7... Loki! Loki’s ability to deceive, manipulate, and gain access to restricted areas is a metaphor for how SSRF attacks abuse a server's trust and access levels, making him an apt representation of this vulnerability.
APIsec的动态
最相关的动态
-
I want suggestions from all experts in bug bounty field how they bypass wafs like cloudflare and Akami waiting for all opinions from you all #bugbounty #penetrationtesting #bugbountytips
-
Vulnerability analysis on 10mil domains, what can go wrong! (All are in scope domains for bug bounty programs, parsed from https://lnkd.in/gxr7fW-6)
-
-
CSE | PENETRATION TESTER ?? | COMPETITIVE PROGRAMMER ?? | DIGITAL DESIGNER ? | SPECIALISED in WINNING AI/ML & IoT PROJECTS ???? | CYBER SECURITY ENTHUSIAST ?? | Progression on Process to be the DIGITAL GUARDIAN ?????
RedTeam Hacker Academy TryHackMe I have successfully completed all the tasks of the "Sakura Room" room, created by the OSINT Dojo on the "TryHackMe" platform, gaining strong practical knowledge and hands-on experience on a variety of OSINT techniques. I successfully conducted Social Media Research utilizing publicly available information to gather insights on individual online presence of the VICTIM, demonstrating expertise in the following: ? ? 1. Open-Source Intelligence (OSINT) Information Gathering ? ? 2. Social Media Analysis ? ? 3. Information Verification and Validation ? ? 4. Online Profiling. Room -? Sakura Room #CyberSecurity #EthicalHackingTraining #OSINT?#InformationGathering?#CTF #RedTeamHackerAcademy #TryHackMe
-
Intoducing ExtPenPy, A project that Yanal Abuseini, Malik Tawfiq and I wrote that automates the reconnaissance phase for a pentester / bug bounty hunter. Such tool will save you time from running the casual checks on the target domain. You can check it out at https://lnkd.in/gKVF_QpC Enjoy the project and happy to hear your feedback! #ExtPenPy
-
-
API Pentester | CEH V12| C3SA | CSA | BUG Hunter | pentester | VAPT | security researcher | DCSP | Cybersecurity instructor
Security Post Day 13 Bug bounty tips ?? LFI(local file inclusion) Tips: 1-Do Subdomain Enumeration 2-found domain x.y.z.domain.com 3-go to domain it's 404 4-do simple fuzz with post method 5-find file on domain call "GetFileContent" 6-visit it return error can't access with get method 7-open burp and change request to post method you will see 200ok 8- add parameter "path" in the request and inject simple LFI payload. #bug #tips #bugtracking #bugfix #BountyStrike #manualtest #bugbountytips
-
Founder & CEO Byte Bloggerbase Powered by BloggersCon Vision Private Limited | Cyber Security Researcher |
You should read these new articles. 1- How to JS for Bug Bounty/Pentest : Edition 2023 - Kongsec https://lnkd.in/dRP2dPaH 2- Story of Http password reset link for $500 https://lnkd.in/dbGwbMWt 3-?A Story of Zero-click Complete Account Takeover Via Response Manipulation https://lnkd.in/d26DQ5cN 4- OTP Bypass Bug : How I Earned 575 Dollars Bounty. https://lnkd.in/dT5jRB6P 5- Essential Linux Commands and Shortcuts for Hacking and System Administration https://lnkd.in/dbj-SJ3s 6- How to Make Your Remote Kali Machine with Persistence https://lnkd.in/dy3SdnCr Show your support and start publishing your articles with bytebloggerbase.com #articles #blogs #cybersecurity #infosec
How to JS for Bug Bounty/Pentest : Edition 2023 - Kongsec
bytebloggerbase.com
-
In this blog post I will show you how to make a LLM honeypot with Beelzebub framework. ?? https://lnkd.in/d4D5jP8t
LLM Honeypot with Beelzebub framework - Beelzebub Blog
beelzebub-honeypot.com
