Building Own Nuclei Templates
InfoSec Write-ups » Bug Bounty
by Ott3rly
1w ago
It’s time to break the atoms! We will take a look at how it’s possible to create unique nuclei templates! Don’t miss out, since I will show you 3 easy ways how you can build your own! Let’s increase your chance of raking that bounty cash! I have another article about the smart ways to use this tool itself, if you haven’t read that, feel free to check it out! Nuclei templates are made for testing certain vulnerabilities. Either it’s known misconfigurations, CVEs, default credentials, general fuzzing techniques, and even more! It’s a pretty powerful way to describe how you can detect the i ..read more
Visit website
Static Testing of iOS Applications
InfoSec Write-ups » Bug Bounty
by Sandeep Vishwakarma
1w ago
Greetings fellow hackers, my name is Sandy, Security Analyst and Bug bounty hunter. As I’m presently engaged in iOS penetration testing, I’d like to relay my experiences with you, as they may prove beneficial in addressing some of the inquiries. I had difficulty getting started on resolving answers without any more introductions. This guide is an extensive guide that will take you through the entire process, as well as providing an outline of what Mobile Security Framework or MobSF is and how it may be used to automatically analyses an IPA file and the process of how we might hand evalua ..read more
Visit website
Next Generation Nuclei: Detecting SQLi with Logic
InfoSec Write-ups » Bug Bounty
by Serhat ÇİÇEK
1w ago
SQL Injection (SQLi) is a common and critical security vulnerability in web applications. In this article, I will introduce our new Nuclei plugin designed to detect Boolean-based SQLi. We will explain in detail how the plugin works and how to use it. What is Nuclei? Nuclei is an open-source security scanning tool. It uses customizable templates to detect various security vulnerabilities. These templates identify vulnerabilities by sending HTTP requests and analyzing the responses. What is Boolean Based SQL Injection? Boolean-based SQLi is a technique used to gather information about ..read more
Visit website
Web Application Penetration Checklist
InfoSec Write-ups » Bug Bounty
by Dhanesh Dodia - HeyDanny
1w ago
Testing Methodology or ApproachTL;DR This checklist is a high level checklist that contains a high level guide what approach we shall follow while testing a web application. This checklist is a generic checklist and does not totally cover all test cases that might apply on web apps. Fingerprinting Application: · Identify known vulnerabilities in web/app servers. · Generate Site Structure. · Identify underlying web technology. · Uncover HTTP services running on ports other than ports 80 and 443. · Brute fore subdomains with online tools and GitHub scripts. · Identify&nb ..read more
Visit website
Subdomain takeover via AWS s3 bucket
InfoSec Write-ups » Bug Bounty
by Bikram kharal
1w ago
Hello guys, Today we are going to talk about the Subdomain takeover vulnerability which can be easily identified and exploited by attackers causing maximum impact to the organization. Subdomain takeover is a common vulnerability that allows an attacker to gain control over a subdomain of a target domain and redirect users intended for an organization’s domain to a website that performs malicious activities, such as phishing campaigns, stealing user cookies, etc. First of all enumerate all the subdomains using subfinder and run httpx to it. subfinder -dL domain.txt -all | httpx | tee ..read more
Visit website
All About API Security Pentesting
InfoSec Write-ups » Bug Bounty
by Xcheater
1w ago
Hello Hackers, I Hope you guys are doing well and hunting lots of bugs and dollars ! Today’s article is all about the pentesting approach for APIs. Let’s dive into it. what is an API? An application programming interface (API) is a connection that allows computers or software programs to communicate with one another. It is a form of software interface that offers services to other applications. It is a software bridge that allows two apps to interact with each other. As far as we know, APIs communicate with third parties and provide services without exposing a significant ..read more
Visit website
Using Nuclei At Mass Scale
InfoSec Write-ups » Bug Bounty
by Ott3rly
1w ago
Nuclei is an extremely powerful tool in Bug Bounty. Too bad most people use it the wrong way! Let me show you the top things that you should know to do better than the majority using this tool. I’m pretty sure that most people who are getting duplicates are just using nuclei out of the box without any customizations. It’s the wrong way to approach the problem! You should not be thinking about being the first to find the bug, but think outside the box to find the bug. You won’t believe that there are so many people already doing automation without proper planning. Let me help you to improv ..read more
Visit website
How To Stay Ahead of 99% Of Bug Bounty Hunters
InfoSec Write-ups » Bug Bounty
by Om Arora
1w ago
Hello Everyone, We know that bug bounty is growing popular day by day and many people are getting into this field which is great for the community but it also increases competition within the bug bounty hunters, and thus makes it harder to find bugs as they are already found by other hunters. In this blog we will talk about some tips that can help you in findings bugs before others do !! Let’s Begin !!! 1. Clear The Basics ! Before starting to hunt, it is very important to clear your BASICS, for example Learn About Common Vulnerabilities Learn about the most common vul ..read more
Visit website
CVE-2023–52424: The WiFi SSID Confusion Attack Explained
InfoSec Write-ups » Bug Bounty
by ElNiak
2w ago
CVE-2023–52424, also known as the SSID Confusion Attack, has brought new challenges to wireless network security. This article explores the mechanics of this vulnerability, its potential impact, and how you can protect your network. Free article In the ever-evolving landscape of cybersecurity threats, CVE-2023–52424, dubbed the SSID Confusion Attack, has emerged as a significant concern for wireless network security. This article delves into the intricacies of this vulnerability, explaining how it works, its potential impacts, and the steps you can take to protect your network from exploi ..read more
Visit website
How I Got My First Bounty: The Exciting Story of My Bug Bounty Breakthrough
InfoSec Write-ups » Bug Bounty
by whit3ros3
2w ago
Long time no see! I’ve been a bit preoccupied with other tasks besides bug bounty hunting, so I haven’t had the chance to post any blogs. But setting all that aside, today I want to share how I achieved every beginner bug hunter’s dream: scoring that first bounty. Still gives me chills just thinking about it! So, without further ado, let’s dive into the details of this exhilarating experience. Let’s get Started The most important takeaway from this blog is simple: Keep learning about different vulnerabilities and, more importantly, put that newly gained knowledge into practice ..read more
Visit website

Follow InfoSec Write-ups » Bug Bounty on FeedSpot

Continue with Google
Continue with Apple
OR