Web_Priv8 – Telegram

Web_Priv8

764 subscribers

405 photos

24 videos

45 files

588 links

Sina Doosti @r00t98
Web Security Researcher, Bug Hunter
https://twitter.com/r00t98

Amir Hasanvand @al9n3_wolf
Web Security Researcher, Bug Hunter
https://twitter.com/al9n3_wolf

Download Telegram

About

Blog

Apps

Platform

764 subscribers

Mass Assignment vulnerability and prevention

https://itzone.com.vn/en/article/mass-assignment-vulnerability-and-prevention/

#MassAssignment
#BugBountyTip

@web_priv8

933 viewsr00t98, 09:29

Bug Bounty Playbook v1

#Book
#BugBounty

@web_priv8

733 viewsr00t98, edited 10:41

Bug Bounty Playbook v1.pdf

803 viewsr00t98, edited 10:46

Bug Bounty Playbook v2

#Book
#BugBounty

@web_priv8

806 viewsr00t98, edited 10:46

Bug Bounty Playbook v2.pdf

894 viewsr00t98, edited 11:00

مقاله ای بروز از nccgroup در خصوص حملات CSRF و CORS

#CSRF
#CORS
#Book

@web_priv8

804 viewsr00t98, edited 06:52

932 viewsr00t98, edited 06:53

Dot Dot Semicolon RCE

https://thehackingfactory.com/dot-dot-semicolon-rce

#Java
#RCE
#BugBounty

@web_priv8

735 viewsr00t98, edited 21:16

Mass Assignment and Autobinding

#MassAssignment
#BugBountyTip

@web_priv8

730 viewsr00t98, edited 10:46

Vajra is a highly customizable target and scope based automated web hacking framework to automate boring recon tasks and same scans for multiple target during web applications penetration testing.

Demo https://youtu.be/WLurj5Lg8cI

https://github.com/r3curs1v3-pr0xy/vajra

#Tool
#Recon
#BugBounty

@web_priv8

775 viewsr00t98, edited 11:02

OWASP Top 10 for API.png

OWASP Top 10 for API

https://application.security/free/owasp-top-10-API

#API
#Owasp

@web_priv8

1.06K viewsr00t98, edited 08:39

OWASP Top 10 for Web.png

OWASP Top 10 for Web

https://application.security/free/owasp-top-10

#Owasp

@web_priv8

1.27K viewsr00t98, edited 08:44

10 Password Reset Flaws

https://anugrahsr.github.io/posts/10-Password-reset-flaws/

#PassReset
#BugBountyTip

@web_priv8

10 Password Reset Flaws

Common security flaws in password reset functionality compiled from twitter, writeups, disclosed reports. [1] Password Reset Token Leak Via Referrer

1.05K viewsr00t98, 19:28

Forwarded from ناویا، ماشین کاوش اپلای

ارائه‌های امسال آفسکانف هم‌اکنون از یوتیوب قابل دسترس است.

715 viewsr00t98, 19:49

https://0xpatrik.com/asset-discovery/

#Recon
#Subdomain

@web_priv8

Asset Discovery: Doing Reconnaissance the Hard Way

Organizations often have no clue about what they are exposing to the Internet. The post presents a simple framework for doing black box reconnaissance that will reveal the company's public-facing services.

750 viewsr00t98, edited 19:52

https://captmeelo.com/bugbounty/2019/09/02/asset-enumeration.html

#Recon
#Subdomain

@web_priv8

736 viewsr00t98, 20:07

https://twitter.com/r00t98/status/1375173514265780226

#XSS
#CSTI
#BugBountyTip

@web_priv8

759 viewsr00t98, 19:59

THE ULTIMATE GUIDE TO FINDING AND ESCALATING XSS BUGS

https://www.bugcrowd.com/blog/the-ultimate-guide-to-finding-and-escalating-xss-bugs/

#XSS

@web_priv8

770 viewsr00t98, edited 14:01

Top 10 Tips for Burp Suite

https://medium.com/r3d-buck3t/top-10-tips-for-burp-suite-72212d22328f

#BurpSuite

@web_priv8

Top 10 Tips for Burp Suite

Collection of useful features in Burp Suite Application

814 viewsr00t98, edited 18:26

https://kaliboys.com/security-conferences

@web_priv8

کالی بویز

رویدادها و کنفرانس های امنیت سایبری در سطح جهان

رویدادها و کنفرانس های حوزه امنیت سایبری در سطح جهان کنفرانس Black Hat اولین کنفرانسی که قرار است معرفی کنیم Black Hat Briefing میباشد که از آن به عنوان

764 viewsr00t98, 20:10

Finding Broken Access Controls

https://threat.tevora.com/finding-broken-access-controls/amp/

#IDOR
#BurpSuite
#BugBountyTip

@web_priv8

Finding Broken Access Controls

This blog post is intended to be a guide on effective and efficient methods of identifying broken access control. This is not an end-all-be-all guide and explanation of broken access controls. What Are Access Controls?Access controls are policies put in place…

814 viewsr00t98, edited 09:53