#bugbounty #tools Abusing JWT public keys without the public key https://blog.silentsignal.eu/2021/02/08/abusing-jwt-public-keys-without-the-public-key/
#bugbounty XSS cheatsheet from one good guy from Google security team
https://netsec.expert/posts/xss-in-2021/
https://netsec.expert/posts/xss-in-2021/
Sam's Hacking Wonderland
Cheatsheet: XSS that works in 2021
XSS Cheatsheet for 2021 and onwards.
#bugbounty #cloud
Sometimes, you may find such directories with interesting data and try to dig deeper
https://notsosecure.com/hacking-aws-cognito-misconfigurations/
Sometimes, you may find such directories with interesting data and try to dig deeper
https://notsosecure.com/hacking-aws-cognito-misconfigurations/
NotSoSecure
Hacking AWS Cognito Misconfigurations
In this blog, Sunil Yadav, our lead trainer for “Advanced Web Hacking” training class, will discuss a case study of AWS account takeover via misconfigured AWS Cognito. TL;DR The application under
#bugbounty
https://mokhansec.medium.com/full-account-takeover-worth-1000-think-out-of-the-box-808f0bdd8ac7
https://mokhansec.medium.com/full-account-takeover-worth-1000-think-out-of-the-box-808f0bdd8ac7
Medium
Full account takeover worth $1000 Think out of the box
Hi everyone how are you doing today? I hope you are doing great and scoring lots of bounties. Today's story is about a bug I found on…
APT
Do you have problems with security requirements related to any business feature?
#Tools
For those 18% who checked
"Yes. I want to find a complete set of them"
ASVS (eng) Link
For those 19% who wanted a "classified set of requirements with references to test-cases" we did this tool:
- Github repo
- Cloud version
For those 18% who checked
"Yes. I want to find a complete set of them"
ASVS (eng) Link
For those 19% who wanted a "classified set of requirements with references to test-cases" we did this tool:
- Github repo
- Cloud version
#tools
Worth its own post :)
Security requirements generator service
https://requirements.whitespots.io/en
Worth its own post :)
Security requirements generator service
https://requirements.whitespots.io/en
#education
Check this out. A free module for developers about limits from whitespots.io
https://appsec-learning.whitespots.io/
Check this out. A free module for developers about limits from whitespots.io
https://appsec-learning.whitespots.io/
#Tools
Divide full port scan results and use it for targeted Nmap runs
https://github.com/snovvcrash/DivideAndScan
Divide full port scan results and use it for targeted Nmap runs
https://github.com/snovvcrash/DivideAndScan
GitHub
GitHub - snovvcrash/DivideAndScan: Divide full port scan results and use it for targeted Nmap runs
Divide full port scan results and use it for targeted Nmap runs - snovvcrash/DivideAndScan
#BugBounty
#Tools
if you're looking for great tool in web recon
check these out
https://github.com/Cyber-Guy1/BlackDragon
#Tools
if you're looking for great tool in web recon
check these out
https://github.com/Cyber-Guy1/BlackDragon
#bugbounty One of the largest security testing checklist
Один из самых больших чеклистов в интернете по тестированию веб-приложений.
Один из самых больших чеклистов в интернете по тестированию веб-приложений.
#android #mindmap
Android Application Penetration Testing Mindmap
https://www.xmind.net/m/paUMuU/
UPD:
https://www.xmind.net/m/GkgaYH/
Android Application Penetration Testing Mindmap
UPD:
https://www.xmind.net/m/GkgaYH/
#tools
Check live webapps from domain list
Check live webapps from domain list
cat subdomains.txt | sed -E 's#https?://##I' | sed -E 's#/.*##' | sed -E 's#^\*\.?##' | sed -E 's#,#\n#g' | tr '[:upper:]' '[:lower:]' | uniq | sed -e 's/^/https:\/\//' | httpx -silent -timeout 2 -threads 100 -status-code -mc 200,302 |anew