building and breaking @SpecterOps | opinions are my own

/
Pinned Tweet
RELEASED: Noradrenaline - a Linux/macOS companion to Adrenaline (small purpose-built BOFs) The idea is to have small .dylib and .so modules you can load into Poseidon or other agents to execute libraries instead of having a built out agent command for it. On Poseidon, macOS builds run through execute_library today; .so execution is not yet available in Poseidon, though other agents may already support it. Linux support for public agents is actively in development. Find the repo below!
3
14
76
8,787
Here is how I made $1,000 on a bug bounty program in less than 2 hours: Started off with burp suite and crawling the website. I found a page that had the directory of https://target[.]com/opt-out so I went to that page and saw there was input for an email. 1/x
22
95
626
all i can say is make your own templates ;)
13
39
393
#BugBounty #bugbountytips Easy way to get good vulns: shodan search ssl[.]cert[.]subject[.]CN:"http://target[.]com*" 200 --fields ip_str | httpx | tee ips.txt nuclei -l ips.txt -o vulns.txt
12
106
338
This is a surreal moment, I have been watching @davidbombal for about 5 years and now am interviewed on his channel! Go give it a watch and subscribe ❤️ piped.video/6jqJ7Ga5CoE?feature… #bugbounty #informationsecurity #cybersecurity #security #bugbountytip #bugbountytips
47
26
312
18,747
Day: 13 out of 15 💻 Bugs: 1 Info Disclosure - high another payment 🙏, broke out of that duplicate spell #15daysofbugbounty
17
7
245
17,298
I am thrilled to share that after a 4-day long exam, I have successfully obtained my Certified Red Team Operator Badge from @zeropointsecltd!
17
9
238
14,845
Day 28: Time Spent: 2-3 hours Bugs Found: 3 🔥 Bugs: 2 XSS, 1 admin panel bypass 💵 #30daysofbugbounty
8
14
191
17,767
After a week of non-stop studying, 4 exam days, a day to write a report and a 15-minute debrief. I am proud to announce I have successfully passed the @TCMSecurity Practical Network Penetration Tester (#PNPT)!
21
5
177
16,008
Hello #bugbounty peoples! I have been getting a lot of messages recently asking where to start in bug bounties, here is my Github for places to start: github.com/atomiczsec/BugBou… #bugbountytip #bugbountytips #github
7
31
170
18,162
Day 30: Time Spent: 5 hours Bugs Found: 6 🐛 Bugs: 1x CSRF, 1x Admin Panel Access, 4x Business Logic Errors 🔥 3 Triaged, 1 Paid, 2 waiting program review still 💵 Next #30daysofbugbounty is going to have a little twist 😉 art: @rez0__
7
8
163
28,663
in the next couple days, I will be posting about my #XSS methodology and where I find most of them and how I found some. Stay tuned #bugbounty #bugbountytip #bugbountytips @trufflesec @XssHunter 🫡
4
13
161
29,171
Day 22: Time Spent: 30 mins Bugs Found: 1 🔥 Bug: 1 HTML Injection 🫡 #30daysofbugbounty
11
10
150
18,270
Day 5 Time spent: 3 Hours Bugs found and reported : 3 🎉 Bug: 🔥3 BLH - 1 triaged already🔥 ALMOST got BXSS and RXSS but was only self : ( #30daysofbugbounty
6
5
145
42,882
Day: 15 out of 15 🙌 Bugs: Race Condition via Single Packet Attack - High 🚨 Tip: Go through each part of the burp suite academy, understand the vulnerabilities and when to test for them. Thank you to @albinowax for the amazing research : )
6
5
146
10,685
Day: 9 out of 15 ☕️ Bugs Found: 1 ~3 hours, mostly no luck Bugs: RXSS in profile field Tip: Test singular items like " . , ' to see how the program react, then i inserted: <img src=x onerror=alert(document.domain)// #15daysofbugbounty #bugbounty #bugbountytip #bugbountytips
4
5
143
8,653
Day 29: Time Spent: 1.5 hour Bugs Found: 2 🔥 Bugs: 2 default creds used on admin panels 💵💵 #30daysofbugbounty art from -> @rez0__
11
12
136
17,983
Day 17: Time Spent: 1.30 Hour 🚨 Bugs Found: 2 🔥x2 Rate Limit Bypass on sensitive endpoints🔥 #30daysofbugbounty
11
3
138
18,736
#BugBounty #bugbountytips #BugBountyTip If you are looking for easily finding subdomains that have port 22 or RDP open, use dnsdumpster.com and search your target...you will see in green text when a service like that is running:
3
33
135
1st #xss #tip, when starting to hunt for XSS, dont always put your payload first. Use these to see how the application is handling different characters: >"<u>test</u> <u>test</u> These will show html being injected if payload works properly. From there you can begin to craft XSS.
in the next couple days, I will be posting about my #XSS methodology and where I find most of them and how I found some. Stay tuned #bugbounty #bugbountytip #bugbountytips @trufflesec @XssHunter 🫡
7
32
131
26,542
great resource to keep up with the latest CVE's @Jhaddix ;) cvetrends.com/
1
42
128
Day 18: Time Spent: 45 Minutes 🚨 Bugs Found: 1 🔥Broken Access Control 🔥 #blog coming at the end of my 30 days #30daysofbugbounty #bugbounty #bugbountytips
9
7
123
14,294
Day: 2 out of 15 🧱 Bugs Found: 1 🪲 Bug: IDOR leading to deletion of any users billing information 💳 #15daysofbugbounty
5
110
10,861
So from there I kept changing the number until I validated that I can enumerate the entire mail list by just changing the id .... $1,000 IDOR #BugBounty #bugbountytips #hackerone #bugbountytip #bugcrowd 3/3
5
4
119
Day 6 Time spent: 30 minutes Bugs found and reported : 1 🎉 Bug: 🔥1 high privilege escalation 🔥 #30daysofbugbounty
Day 5 Time spent: 3 Hours Bugs found and reported : 3 🎉 Bug: 🔥3 BLH - 1 triaged already🔥 ALMOST got BXSS and RXSS but was only self : ( #30daysofbugbounty
7
5
113
37,756
Just released the first of two blogs on the first 15 days of my #30daysofbugbounty challenge. This blog goes over the stats of the 15 days and some of the bugs I found within it! medium.com/@atomiczsec/one-b…
1
22
115
12,527
We are back with another challenge: Day: 1 out of 15 🧱 Bugs Found: 1🐛 Bugs: IDOR leading to deletion of any users chat 💬 #15daysofbugbounty
7
5
114
9,718
Day 21: Time Spent: 1 Hour Bugs Found: 2 👈👈 Bugs: 🔥2 RXSS 🔥 sorry for ugly blockout im away from main pc #30daysofbugbounty
7
3
108
15,468
Day: 8 out of 15 🤞 Bugs Found: 1 Bugs: Unauthorized Exposure of Access Token Tip: Use burp plugins like JS Miner to automate this during your hunt portswigger.net/bappstore/0a… (posted late) #15daysofbugbounty #bugbounty #bugbountytip #bugbountytips
4
15
107
8,910
Thanks @Hacker0x01 for the 1,500 reputation gift! More to come in the future :) #hackerone #bugbounty
5
1
105
4,798
Can't believe my dreams are coming true, the 2 biggest inspirations talking about me for a couple seconds on their interview 🤩❤️❤️
He made $100,000 in 2 months! Here are his Top 3 Bug Bounty Tips for 2023 ... YouTube video: piped.video/KXQ_MUe6wKo #infosec #xss #cyber #cybersecurity #hack #hacking #hacker #pentest #bugbounty #bugbountytips @NahamSec
3
9
102
35,900
Day 11 Time spent: 3 Hours Bugs found and reported : 2 🎉 Bug: 🔥1 Low BAC, 1 Medium Race Condition 🔥 #30daysofbugbounty
Day 10 Time spent: 1.20 hour Bugs found and reported : 1 🎉 Bug: 🔥Another Medium BAC 🔥 #30daysofbugbounty
4
7
102
22,268
Day: 3 out of 15 🧱 Bugs Found: 1 🫤 Bug: Information Disclosure - Sensitive Business Documents
6
1
95
7,347
Today, we're going to dive deep into the art of discovering XSS vulnerabilities. Bug Number 1: Stored and Reflected XSS on settings page The process of searching for an XSS vulnerability on this site was quite interesting. #bugbounty #bugbountytip #bugbountytips
4
12
93
12,219
An IDOR vulnerability that exposes private messages of any user. Let's dive into how I stumbled upon a POST request, unraveling a major security flaw. #bugbounty #bugbountytip #bugbountytips
1
16
90
14,834
Day 25: Time Spent: 2.30 Hours 🔥🔥 Bugs Found: 2 ❤️ Bugs: 1x Access Control 1x Business Logic #30daysofbugbounty
2
3
85
7,649
Let's dive into more bugs. Today I will be going over a crazy IDOR I found. This IDOR vulnerability exposes the location of any team. Brace yourself for the details. #bugbounty #bugbountytip #bugbountytips
8
17
90
15,583
Day 7 Time spent: 30 minutes Bugs found and reported : 1 🎉 Bug: 🔥1 Medium Broken Access Control 🔥
Day 6 Time spent: 30 minutes Bugs found and reported : 1 🎉 Bug: 🔥1 high privilege escalation 🔥 #30daysofbugbounty
5
1
82
25,304
just purchased @PrettyRecon tonight and submitted 1 bug with it so far
11
6
82
Day: 10 out of 15 😌 Bugs: 1 Information Disclosure Tip: learn the naming conventions of the company you are testing on, this allows you to identify certain information that maybe shouldn't be open to the public #15daysofbugbounty #bugbounty #bugbountytip #bugbountytips
2
78
6,359
Day 10 Time spent: 1.20 hour Bugs found and reported : 1 🎉 Bug: 🔥Another Medium BAC 🔥 #30daysofbugbounty
Day 9 Time spent: 1 hour Bugs found and reported : 1 🎉 Bug: 🔥Upgraded my Medium BAC to high priv escalation 🔥
4
4
75
30,624
Here are some bug bounty tools that are not directly related to bug bounty but help me organize and hunt more efficiently: dedupelist.com/ (Remove duplicate domains) chrome.google.com/webstore/d… (Easily open a lot of URLs) toolsvoid.com/extract-ip-add… (Get new domains, etc.)
1
14
81
5,402
#bugbountytips #BugBounty #bugbountytip with this javascript bookmark, you will be able to pull endpoints for directory bruteforcing or even just recon! github.com/atomiczsec/BugBou…
2
19
73
10,771
#bugbountytip in @PortSwigger's Burp Suite use, Engagement tools > Analyze Target > Dynamic URL's .... this will bring back some interesting functions inside your web app: #BugBounty #infosec #webapp #burpsuite #bugbountytips #pentesting #pentest #webhacking
14
73
4,998
Day 12 (Very busy today with family) Time spent: 30 Minutes Bugs retested & clarified: 2 Bug: 🔥Captcha Bypass retested, working on BAC to get it upgraded🔥 #30daysofbugbounty
Day 11 Time spent: 3 Hours Bugs found and reported : 2 🎉 Bug: 🔥1 Low BAC, 1 Medium Race Condition 🔥 #30daysofbugbounty
5
2
71
15,418
Day 16: Collab with @Z3_Roo Time spent: 1 hour 🚨 Bugs found: 1 Bug: 🔥IDOR leads to Info Disclosure🔥 #30daysofbugbounty
4
3
74
8,266
Day 9 Time spent: 1 hour Bugs found and reported : 1 🎉 Bug: 🔥Upgraded my Medium BAC to high priv escalation 🔥
Day 8 Time spent: 1 hour Bugs found and reported : 1 🎉 Bug: 🔥1 Low Information Disclosure 🔥 will probably hunt more tonight but we will see. #30daysofbugbounty
5
6
67
29,446
Day: 14 out of 15 🥇 Bugs: 1 Info Disclosure (again) - Medium Tip: Utilize search engines to find indexed sensitive info, whether it be config files, passwords, documents - find stuff public user shouldn't be seeing #bugbounty #bugbountytip #bugbountytips #atomiczsec
3
2
75
4,649
Happy #saturday, 1 Medium and 1 High for a nice morning on 2 different programs: thanks to @GodfatherOrwa for some tips, and for the community for supporting ❤️
2
2
69
19,745
#bugbounty I am doing a giveaway of one @PentesterLab month voucher! 🔥All you have to do to enter is retweet this tweet and join my discord! This is a great place to learn and share about bug bounties! #bugbountytip #bugbountytips #bugbounty #giveaway discord.gg/VNYsP6zVjg
17
60
69
11,572
Day 27: Time Spent: 30 mins (super busy, trying to fit in time) Bugs Found : 1 ❤️ Bug: BLH #30daysofbugbounty
63
7,456
So I put in a random email and I got back a page to unsubscribe this email BUT I checked the url and I saw https://target[.]com/manage/optout?profileid=19371042 so I changed that last number and BOOM! I have a new email address and I can unsubscribe them as well.... 2/x
3
1
67
Day: 5 out of 15 🧱 Bugs Found: BAC Bug: Unauthorized Access to Invited Users Information in Application ⚠️ P.S. I was sick for a couple of days and could not stay on my computer, I am back now. #15daysofbugbounty
3
1
69
4,464
Day 8 Time spent: 1 hour Bugs found and reported : 1 🎉 Bug: 🔥1 Low Information Disclosure 🔥 will probably hunt more tonight but we will see. #30daysofbugbounty
Day 7 Time spent: 30 minutes Bugs found and reported : 1 🎉 Bug: 🔥1 Medium Broken Access Control 🔥
9
2
68
22,431
Day: 6 out of 15 🥳 Bugs Found: 2 Bugs: Business Logic Error, Info Disclosure I am starting to have time to be able to hunt again! #15daysofbugbounty
4
2
66
5,720
Every bug I have submitted during this challenge has been a duplicate, most 2-3 years of open triage.... what the 😬😔
2
2
62
5,249
2nd #xss #tip, if your payloads are able to be inputted but doesnt pop XSS right away, browse to other parts of the site to see if it gets executed somewhere else. Here is an Example: The first pic is of my payloads on my profile but no execution. 2nd is the pop on a diff URL
1st #xss #tip, when starting to hunt for XSS, dont always put your payload first. Use these to see how the application is handling different characters: >"<u>test</u> <u>test</u> These will show html being injected if payload works properly. From there you can begin to craft XSS.
4
12
62
11,157
Hey #bugbounty community👀, What was the best bug/vulnerability that you found in 2023? Any tips on how you found them? Let me know in the comments! ❤️ #bugbountytip #bugbountytips
5
5
64
8,632
Day: 7 out of 15 Bugs Found: 1 Bugs: Race condition 🐎 Tip: Make sure to check full responses of large http responses, I was able to find and bypass the protection in place due to finding this endpoint in the response #15daysofbugbounty #bugbounty #bugbountytip #bugbountytips
4
4
63
6,448
Day 23: Time Spent: 1.5 hours Bugs Found: 1 👈 Bug: 1 XSS🔥 Fortune 100 company, hugee company.. hoping to get some type of merch or something 😜 #30daysofbugbounty
5
4
66
9,505
Don't rely on others' automation. I usually avoid it, but I've discovered overlooked areas in hunting and developed a custom script for that. Now have ~20 bugs to submit. @Jhaddix talked about this a while ago and it has stuck with me. #BugBountyTips #BugBountyTip #BugBounty
1
2
62
13,140
It's time for Bug Number Three: Information Disclosure via IDOR In this thread, we'll dive deep into this IDOR vulnerability and how it exposed sensitive data. Also some tips! Stay tuned!
3
12
68
6,335
Happy to submit my first bug with @fattselimi 🔥🔥 more to come !
1
1
63
7,091
Day 26: Time Spent: 1 Hour finishing up stuff Bugs Found w team: 1 ❤️ Bug: Site-wide CSRF leads to account takeover and account deletion #30daysofbugbounty
3
2
57
6,625
Here is my twitter circle (All love to you people): 1st Circle: @I_Am_Jakoby @0xConda @Gi7w0rm @MatzeCCS @fattselimi @NahamSec @CosmodiumCS @maikroservice
11
3
56
5,764
Day 24: Time Spent: 45 mins to 1 hour Bugs Found: 1 ❤️ Bug: Info Disclosure for users 🔥 #bugbountytip #bugbountytips create python scripts that can automate and attack to show triagers impact! #30daysofbugbounty #BugBounty
6
1
60
8,172
2 more this weekend 🔥🔥🔥🔥
Happy #saturday, 1 Medium and 1 High for a nice morning on 2 different programs: thanks to @GodfatherOrwa for some tips, and for the community for supporting ❤️
3
3
55
12,252
First I hack computers, then I hack the kitchen! 🍴
6
56
6,431
🚨I am creating a nuclei parsing tool 🚨, by the way this is real data I have been pulling back from my scans ;) It will be on github soon and will look 10x better soon but get ready #bugbounty #bugbountytips #bugbountytip
3
3
53
10,155
Day 15 (STILL ON VACATION 🏝️) accidentally found a bug from my phone lol 😂 Time spent: 10 minutes Bugs found: 1 🚨 Bug: 🔥 Violation of Secure design principles 🔥
Day 14 Time spent: 1 Hour Bugs found: 1 🚨 Bug: 🔥Broken Access Control leads to Info Disclosure🔥 -- Will be working on this program more as it seems to be promising but will see how triaging goes : ) #30daysofbugbounty
5
3
55
12,282
Day 14 Time spent: 1 Hour Bugs found: 1 🚨 Bug: 🔥Broken Access Control leads to Info Disclosure🔥 -- Will be working on this program more as it seems to be promising but will see how triaging goes : ) #30daysofbugbounty
Day 13 Time spent: 2.5 Hours Bugs found: 1 Bug: 🔥Broken Access Control, still have to finish report🔥 #30daysofbugbounty
3
2
54
21,593
The introduction to the newest series - Bug Bounty Breakdown, and myself is here! I am not the best YouTube video creator but I will get better :) 📹 piped.video/kx5PQRT1pWU #bugbountybreakdown #bugbountytip #bugbounty #bugbountytips #atomiczsec
3
7
52
5,245
Day 4 Time spent: 1.42 Hours Bugs found and reported : 2 🎉 Bug: 🔥Information Disclosure 🔥 #30daysofbugbounty
Day 3 (12am, will be taking a day break wont be home so doing 1 now) Time spent: 30 minutes Bugs found and reported : 1 🎉 Bug: Captcha Bypass -> Breaking websites form #30daysofbugbounty
4
2
53
10,056
With day 15 of #30daysofbugbounty coming up I will be taking a break mid way through, I am traveling out of state and getting some nice weather for a week! Once I am back from there I will continue my hunt... Thank you everyone for the support I have been getting throughout this!
2
1
52
10,111
Day 20: Time Spent: 1.2 Hours Bugs Found: 1 👈 Bug type: Information Disclosure through endpoint. 👻 #30daysofbugbounty
1
2
53
6,370
🧵 Race conditions are one bug I look for a lot in bug bounties. Here's a short thread on a recent bypass I found with a race condition: 🧵 Race Condition Leads to infinite enterprise seats bypassing pricing model
2
13
52
5,478
Day: 12 out of 15 🔥 Bugs: 1 Info Disclosure last info disclosure just paid out : ) 💰 #15daysofbugbounty
3
2
48
4,843
new assets added: 4:57PM 2 bugs reported: 5:21PM & 5:24PM 🙏 now lets hope for triage and payment :)
5
1
48
7,005
Day: 11 out of 15 Bugs: 1 Business Logic Error Tip: When hunting for bugs on a site, look for ways to abuse services that could cost the company money or impact their business. #bugbounty #bugbountytip #bugbountytips #15daysofbugbounty
1
2
45
4,168