🔰 #Intigriti November #XSS challenge.
https://www.valbrux.it/blog/2020/11/10/intigriti-november-xss-challenge/
https://www.valbrux.it/blog/2020/11/10/intigriti-november-xss-challenge/
❤1
Hey folks!
In our next live one-hour Black Hills Information Security (BHIS) webcast, BB King will walk through how he sets up Burp Suite for his own webapp and Web API pentests. Then he'll show the settings, tools, and BApp Store Extensions that help him perform better tests.
If you have any responsibility related to webapps - even if it's not pentesting them - you may find that Burp Suite can help you. If you already use Burp Suite, come see how one of our testers does it and we bet you'll find a thing or two you can take back and use on your next security assessment.
Please register for — Getting Started with Burp Suite & Webapp Pentesting w/ BB King (1-Hour) — on Nov 12, 2020 1:00-2:00 PM EST (UTC -5) at:
https://attendee.gotowebinar.com/register/4345479270957374479
In our next live one-hour Black Hills Information Security (BHIS) webcast, BB King will walk through how he sets up Burp Suite for his own webapp and Web API pentests. Then he'll show the settings, tools, and BApp Store Extensions that help him perform better tests.
If you have any responsibility related to webapps - even if it's not pentesting them - you may find that Burp Suite can help you. If you already use Burp Suite, come see how one of our testers does it and we bet you'll find a thing or two you can take back and use on your next security assessment.
Please register for — Getting Started with Burp Suite & Webapp Pentesting w/ BB King (1-Hour) — on Nov 12, 2020 1:00-2:00 PM EST (UTC -5) at:
https://attendee.gotowebinar.com/register/4345479270957374479
⚡ Mobile security startup Oversecured launches after self-funding $1 million, thanks to bug bounty payouts!
https://techcrunch-com.cdn.ampproject.org/v/s/techcrunch.com/2020/11/12/oversecured-mobile-app-security-bug-bounty/amp/?amp_js_v=a6&_gsa=1&usqp=mq331AQFKAGwASA%3D#aoh=16052362626250&csi=1&referrer=https%3A%2F%2Fwww.google.com&_tf=From%20%251%24s&share=https%3A%2F%2Ftechcrunch.com%2F2020%2F11%2F12%2Foversecured-mobile-app-security-bug-bounty%2F
https://techcrunch-com.cdn.ampproject.org/v/s/techcrunch.com/2020/11/12/oversecured-mobile-app-security-bug-bounty/amp/?amp_js_v=a6&_gsa=1&usqp=mq331AQFKAGwASA%3D#aoh=16052362626250&csi=1&referrer=https%3A%2F%2Fwww.google.com&_tf=From%20%251%24s&share=https%3A%2F%2Ftechcrunch.com%2F2020%2F11%2F12%2Foversecured-mobile-app-security-bug-bounty%2F
🔰How I Found The Facebook Messenger Leaking Access Token Of Million Users
November 12, 2020 by Guhan Raja (குகன் ராஜா)
https://medium.com/@guhanraja/how-i-found-the-facebook-messenger-leaking-access-token-of-million-users-8ee4b3f1e5e3?_branch_match_id=797484669011292539
November 12, 2020 by Guhan Raja (குகன் ராஜா)
https://medium.com/@guhanraja/how-i-found-the-facebook-messenger-leaking-access-token-of-million-users-8ee4b3f1e5e3?_branch_match_id=797484669011292539
Medium
How I Found The Facebook Messenger Leaking Access Token Of Million Users
Hi everyone,
🔰Scripthunter is a tool that finds javascript files for a given website.
GitHub repo: github.com/robre/scripthunter
⚡Share: @hacklido
GitHub repo: github.com/robre/scripthunter
⚡Share: @hacklido
GitHub
GitHub - robre/scripthunter: Tool to find JavaScript files on Websites
Tool to find JavaScript files on Websites. Contribute to robre/scripthunter development by creating an account on GitHub.
HACKLIDO | Cyber Security pinned «⚡️The cyber security community to share knowledge, experiences, ideas, guidance and collaborate with other cyber security enthusiasts⚡️ 🔰Discord: https://discord.gg/k8njp9ryE3 🔰Twitter: https://twitter.com/hacklido 🔰Instagram: https://instagram.com/hacklido…»
🔰Account Takeover(ATO) and Email verification bypass in 2mins @hacklido
https://medium.com/@karthiksoft007/account-takeover-ato-and-email-verification-bypass-in-2mins-5a6c8cb692a7
https://medium.com/@karthiksoft007/account-takeover-ato-and-email-verification-bypass-in-2mins-5a6c8cb692a7
Medium
Account Takeover(ATO) and Email verification bypass in 2mins
Description: it small attack and easy to execute always check reset password link manually
https://twitter.com/hacklido/status/1328532332760875009?s=20
🖇 Retweet as much as possible to spread the word
🖇 Retweet as much as possible to spread the word
Twitter
hacklido
⚡️The #cybersecurity community to share knowledge, experiences, ideas, guidance and collaborate with other cyber security enthusiasts⚡️ Discord link: discord.gg/k8njp9ryE3 Instagram: instagram.com/hacklido Telegram: t.me/hacklido #hacking #pentest #bugbounty…
⭐️ Advanced MSSQL Injection Tricks @hacklido
https://swarm.ptsecurity.com/advanced-mssql-injection-tricks/
https://swarm.ptsecurity.com/advanced-mssql-injection-tricks/
PT SWARM
Advanced MSSQL Injection Tricks
We compiled a list of several techniques for improved exploition of MSSQL injections. All the vectors have been tested on at least three of the latest versions of Microsoft SQL Server: 2019, 2017, 2016SP2. DNS Out-of-Band If confronted with a fully blind…
🔰Solving #Intigriti ’s November #XSS Challenge with the #JavaScript console. @hacklido
https://grumpinout.medium.com/solving-intigritis-november-xss-challenge-with-the-javascript-console-dde7253117dd
https://grumpinout.medium.com/solving-intigritis-november-xss-challenge-with-the-javascript-console-dde7253117dd
Medium
Solving Intigriti’s November XSS Challenge 2020 With the JavaScript Console.
Like you should do with every challenge, I started with reading the rules. Those were clear. The goal was to execute…
🔰To all the Cyber Security Penetration Testers - @hacklido
Kindly please check out Tryhackme - Advent of Cyber 2020 Competition.
There are a-lot of great content and amazing prizes you really want to check it out. @hacklido
Below are Sponsorships: @hacklido
⚡5x PWK Course + 30 day lab access + OSCP exam certification ($4,995)
⚡3x INE Cyber Security Passes ($6,000)
⚡20x Proving Grounds Vouchers ($380)
⚡15x TryHackMe Subscriptions ($150)
⚡Attacking Windows AD Throwback Course ($120)
⚡Raspberry Pi 400 ($122)
⚡HAK5 O.MG Cable ($120)
⚡3x Security+ CertMaster Practice Vouchers ($600)
⚡2x Security+ Certification Vouchers ($560)
⚡2x $30 TryHackMe Swag Vouchers ($60)
⚡HAK5 Wifi Pineapple ($100)
⚡HAK5 Rubber Ducky ($50)
⚡HAK5 Packet Squirrel ($60)
⚡HAK5 LAN Turtle ($60)
If you are someone with Never Give UP Attitude and passionate about Cyber Security you definitely want to check this. @hacklido
Check: https://tryhackme.com/christmas
Kindly please check out Tryhackme - Advent of Cyber 2020 Competition.
There are a-lot of great content and amazing prizes you really want to check it out. @hacklido
Below are Sponsorships: @hacklido
⚡5x PWK Course + 30 day lab access + OSCP exam certification ($4,995)
⚡3x INE Cyber Security Passes ($6,000)
⚡20x Proving Grounds Vouchers ($380)
⚡15x TryHackMe Subscriptions ($150)
⚡Attacking Windows AD Throwback Course ($120)
⚡Raspberry Pi 400 ($122)
⚡HAK5 O.MG Cable ($120)
⚡3x Security+ CertMaster Practice Vouchers ($600)
⚡2x Security+ Certification Vouchers ($560)
⚡2x $30 TryHackMe Swag Vouchers ($60)
⚡HAK5 Wifi Pineapple ($100)
⚡HAK5 Rubber Ducky ($50)
⚡HAK5 Packet Squirrel ($60)
⚡HAK5 LAN Turtle ($60)
If you are someone with Never Give UP Attitude and passionate about Cyber Security you definitely want to check this. @hacklido
Check: https://tryhackme.com/christmas
TryHackMe
TryHackMe | Cyber Security Training
TryHackMe is a free online platform for learning cyber security, using hands-on exercises and labs, all through your browser!
🔰Assetnote Wordlists https://wordlists.assetnote.io/
📌Kali Linux 2020.4 Release
❓What’s different with this release since 2020.3 in August 2020 is: @hacklido
🔰ZSH is the new default shell – We said it was happening last time, Now it has. ZSH. Is. Now. Default.
🔰Bash shell makeover – It may not function like ZSH, but now Bash looks like ZSH.
🔰Partnership with tools authors – We are teaming up with byt3bl33d3r.
🔰Message at login – Proactively pointing users to resources.
🔰AWS image refresh – Now on GovCloud. Includes Kali’s default (command line) tools again. And there is a new URL.
🔰Packaging Guides – Want to start getting your tool inside of Kali? This should help.
🔰New Tools & Updates – New Kernel and various new tools and updates for existing ones, as well as setting Proxychains 4 as default.
🔰NetHunter Updates – New NetHunter settings menu, select from different boot animations, and persistent Magisk.
🔰Win-KeX 2.5 – New “Enhanced Session Mode” brings Win-KeX to ARM devices
🔰Vagrant & VMware – We now support VMware users who use Vagrant.
https://www.kali.org/news/kali-linux-2020-4-release/
Share and support us ❤️
❓What’s different with this release since 2020.3 in August 2020 is: @hacklido
🔰ZSH is the new default shell – We said it was happening last time, Now it has. ZSH. Is. Now. Default.
🔰Bash shell makeover – It may not function like ZSH, but now Bash looks like ZSH.
🔰Partnership with tools authors – We are teaming up with byt3bl33d3r.
🔰Message at login – Proactively pointing users to resources.
🔰AWS image refresh – Now on GovCloud. Includes Kali’s default (command line) tools again. And there is a new URL.
🔰Packaging Guides – Want to start getting your tool inside of Kali? This should help.
🔰New Tools & Updates – New Kernel and various new tools and updates for existing ones, as well as setting Proxychains 4 as default.
🔰NetHunter Updates – New NetHunter settings menu, select from different boot animations, and persistent Magisk.
🔰Win-KeX 2.5 – New “Enhanced Session Mode” brings Win-KeX to ARM devices
🔰Vagrant & VMware – We now support VMware users who use Vagrant.
https://www.kali.org/news/kali-linux-2020-4-release/
Share and support us ❤️
Become a Bounty Hunter @hacklido.pdf
41.2 MB
🔰#Hackin9 open issue
This magazine contains 12 interviews with people that went through the process of becoming a Bug Bounty Hunter and were willing to share their experience. While reading their stories you will learn about the best and most efficient tools for finding exploits, what resources are available for beginners, whether it's worth it to become part of the community to seek support.
Share and support us ❤️ @hacklido
This magazine contains 12 interviews with people that went through the process of becoming a Bug Bounty Hunter and were willing to share their experience. While reading their stories you will learn about the best and most efficient tools for finding exploits, what resources are available for beginners, whether it's worth it to become part of the community to seek support.
Share and support us ❤️ @hacklido
What is VULHUNT
VULHUNT is "India’s First Next-Gen Penetration Testing Platform". This platform opens up the possibility of engaging the biggest pool of highly qualified, talented, verified, and trusted security experts for securing your system under one umbrella. Breaking the shackles of traditional penetration testing, which is limited to a certain number of testers, this platform opens the opportunity to unlimited number of expert testers where your software can get highest possible verified vulnerabilities. This portal gives value to the money you invest by providing services from unlimited number of penetration testers, used cases, and test services, thereby reducing all possible risks that the software or a technology product may encounter.
🚀Visit: https://vulhunt.com/
Share and support us ♥️ @hacklido
VULHUNT is "India’s First Next-Gen Penetration Testing Platform". This platform opens up the possibility of engaging the biggest pool of highly qualified, talented, verified, and trusted security experts for securing your system under one umbrella. Breaking the shackles of traditional penetration testing, which is limited to a certain number of testers, this platform opens the opportunity to unlimited number of expert testers where your software can get highest possible verified vulnerabilities. This portal gives value to the money you invest by providing services from unlimited number of penetration testers, used cases, and test services, thereby reducing all possible risks that the software or a technology product may encounter.
🚀Visit: https://vulhunt.com/
Share and support us ♥️ @hacklido