ph17ur @ph17ur - Tumblr Blog

source: https://medium.com/@kenanistaken/how-to-find-and-exploit-xss-25581bfc0a3d

Source: https://portswigger.net/web-security/cors

Using OpenSSL to en/decrypt *things*

eg:

ENCODE - using key $ openssl enc -aes256 -k [YOUR KEY] -in in-file.tgz -out out-file.tgz.enc DECODE - using key $ openssl aes256-cbc -k [YOUR KEY] -in in-file.tgz -out out-file.tgz.enc ENCODE - using salt $ openssl aes-256-cbc -a -salt -in secrets.txt -out secrets.txt.enc DECODE - using salt$ openssl aes-256-cbc -d -a -in secrets.txt.enc -out secrets.txt.new

#bugbountytips #openssl #encryption

Source: https://twitter.com/MasterSEC_AR/status/1256689299833176069

#bugbountytips

Juice Shop SQLi.

Took me a little while to remember to close the statement off, after ‘%admin%’ so it doesn’t process password.

If you don’t close the statement off, it tries to process password.

#SQLi #bugbountytips

Bug Hunting - Broken Access Control.

Takeaway - “A quick ‘search' in your proxy history for your ID should be [the] requests you inspect first...”

Bug Crowd Uni - Broken Access Control. https://youtu.be/94-tlOCApOc

#bugbountytips

Bug Crowd Uni: https://youtu.be/gkMl1suyj3M

#xss #bugbountytips

Web Application Hacker's Handbook 2

#bugbountytips #wahh

#bugbountytips #csrf

SSRF on Lyft, by @nahamsec

https://www.nahamsec.com/posts/my-expense-report-resulted-in-a-server-side-request-forgery-ssrf-on-lyft

We hacked Lyft and reported a SSRF to them via their Bug Bounty Program on HackerOne!

HBO abuses DMCA to take down a 13 year old girl's artwork because she used the phrase "winter is coming". Assholes. WINTER IS COMING! Assholes. http://www.theregister.co.uk/2016/12/08/winter_is_coming_hbo_dmca_trademark/

nixcraft

A sign by the airport in Helsinki, Finland. Welcoming You ;)

No wonder Linus left the dark cold place ;) LOL. Via https://www.reddit.com/r/europe/comments/5gnthw/a_sign_by_the_airport_in_helsinki_finland/

ph17ur

Reasons to go to Finland.

accessnow

Secure yourselves, and your communities.

ph17ur

(and add to that a permanently enabled, non-logging, VPN)

#digital privacy #vpn

Trending Blogs

Recently Viewed Blogs

ph17ur