Good shit, y'all. Give it a download.
github.com/bebiksior/Ca...
Good shit, y'all. Give it a download.
github.com/bebiksior/Ca...
Incoming $1m hacker
27.11.2024 20:11 β π 4 π 0 π¬ 0 π 0
I talk about this on the pod all the time, but CSRF is dead simple. You just need to know the conditions.
I'm not gonna recite them again here, but today a new condition came up:
No Content-Type header -> no CSRF restrictions
Same-site: None
POST
= CSRF
The research:
Got a CSRF attack being blocked by Content-Type validation? You might be able to bypass it with this quality technique.
27.11.2024 13:28 β π 35 π 4 π¬ 0 π 0Coding without a package manager in 2024 is like building a house by mining limestones first and making cement and mortal with that
27.11.2024 00:14 β π 1 π 0 π¬ 1 π 0
As a #Bugbounty hunter , I was so mad when my workplace paid $30k for a pentest and only got horrible reports (ssl cert , httponly , rate limit ) . Mean while our bug bounty program had mediums and high reports
Moving forward I think every pentest company should have at least 2 bug bounty hunters
Trying to make a list of programs that have hosted a live event on hackerone
-epic games
-tiktok
-zoom
-salesforce
-uber
-PayPal
-DoD
-shopify
-airbnb
-yahoo
-Starbucks
-Amazon
Which did I miss #Bugbounty
Myself
22.11.2024 21:14 β π 1 π 0 π¬ 0 π 0#Bugbounty
22.11.2024 00:27 β π 1 π 0 π¬ 0 π 0I remember this picture spooking me out when I first saw the write up π
20.11.2024 10:18 β π 0 π 0 π¬ 1 π 0Bro , βsmoking tookahβ literally wonβt leave my lips for days
22.06.2023 12:50 β π 2 π 0 π¬ 0 π 0