Welcoem to posts!!
in the future - u will be able to do some more stuff here,,,!! like pat catgirl- i mean um yeah... for now u can only see others's posts :c
10th May 2020. That's when it all started πΉ
Thanks to all of you π
A lot has changed since then.
Small improvements along the way.
14 - 13
A 3 step process to finding and reporting critical secrets :
π
1οΈβ£ Find secrets :
β‘ Look into source control like Github, gitlab etc
Use github dorks for more directed searches. Like github.com/techgaun/github-dorks/blob/master/githuβ¦
β‘ Search for secrets in commit history and full organisation by trufflehog : github.com/trufflesecurity/trufflehog
β‘ Try finding sonarqube or Jenkins instances. Use #shodan for that. Check my previous thread for some ideas around it π : twitter.com/AseemShrey/status/1508059759491964928
Here's how I found one : aseem-shrey.medium.com/mind-your-logs-how-a-build-β¦
β‘ Look into website's javascript files. Here's a writeup around the same : infosecwriteups.com/one-token-to-leak-them-all-theβ¦
2οΈβ£ Verify those secrets :
β‘ After you've found some secrets it's time to verify those. For each individual key look here : github.com/streaak/keyhacks
You can use the latest trufflehog v3 to automatically verify for over 600 types of secrets as well π
3οΈβ£ Report π°
β‘ Find the company's program on #hackerone or #bugcrowd or their own bug bounty page.
β‘ If nothing like that exists, use connectbit to find contacts
β‘ If even that doesn't help, check people on Linkedin or Twitter for that org
Here's a video of how to automatically find and verify secrets on github, s3 buckets etc using trufflehog v3 + an interview with the creator Dylan Ayrey
Go on and check the video here : https://www.youtube.com/watch?v=iqC-h... πΉ π
#cybersecurity #trufflehog #hackingsimplified
1 - 0
New video, after a long time π
Another video in the 'Explained' series.
Will talk about :
β€ The spyware Pegasus
β€ Technical Capabilities
β€ How you can protect yourself from spywares
Let me know your thoughts on this
#pegasus #HackingSimplified
4 - 0
Livestream on the channel :D
5 - 0
π¨ Live Session Alert - 28th Aug Sat, 11 AM IST π¨
If you want me to answer any questions, I will answer these in the QnA in the live session. Also any topic suggestions for the live session are highly welcome.
The recording will be on the channel, so you can ask the question now and view them later as well :D
forms.gle/V3Z12U66QJN5491ZA
5 - 1
An interesting story, which looks straight from a spy movie, except that it's not.
Let's delve into #operationtrojanshield #OperationIronSide to know how criminals were hacked in one of the World's Largest Covert Operation conducted globally by FBI, AFP, EUROPOL
#cybersecurity #infosec #bugbounty #hacking
2 - 0
1st in a series of videos, where I will talk about getting a job in cybersecurity. Specially in #India
This is mostly in Hindi, for people to get the most out of it
#bugbounty #cybersecurity #hackingsimplified
3 - 0
Something's brewing β
Will be up in about an hour.
*attention to detail*
20 - 2
Just Published the 2nd part of Hacking Oauth : Flawed CSRF Protection - State Param
How easy it is to exploit 'state' param and do an account takeover.
Demo on medium[.]com
Learn More & Stay Safe.
#oauth #websecurity #hackingsimplified #BugBounty
2 - 0
New Video Up : Hacking Oauth Applications - Pt. 1
In this video I walk you through What, Why & How of Oauth ?
And then look at some of the flows like authorization code grant and implicit grant. We close today's session by doing a hands-on with Portswigger lab on Implicit grant flow.
https://youtu.be/gVqrf2uUdQ0
#hackingsimplified #oauth #bugbounty
4 - 0
Wanted to learn about hacking and cybersecurity ?
You're at the right place.