Day 10 of #100DaysOfCode Participated in the REDTEAM VILLAGE CTF #DEFCON #RedTeamVillage .The 24 hour ctf conducted was such a wholesome experience. Learned more how to solve #OSNIT challenges and learned how to use foremost tool.#cybersecurity github.com/shrishtydayal2304…

Congratulations to @ShrishtyDayal for clearing our Certified Red Team Professional exam! #ADLab #CRTP #AlteredSecurity cc @nikhil_mitt x.com/AlteredSecurity/status… alteredsecurity.com/adlab

Such a great time meeting @k3r3n3 !! You’re such a boss woman and there’s so much to learn from you 🫶🏻 I hope to make it to @BsidesTLV next year 😌🤞🏻

We're giving away FREE one-month access to our AWS Cloud Security Training to four lucky subscribers. You asked, we listened! 😉🔥 All you have to do is like and retweet👇 Winners will be chosen at random on Facebook, Twitter, LinkedIn and Instagram. Good luck!

#BugBounty checklist thexssrat.podia.com/2b1cef5e… CSRF: Verify token presence on necessary forms (Create, Update, Delete) Check server-side token length validation Ensure server checks for token parameter Test server response to empty parameter and missing CSRF token Confirm tokens are not session-bound JWT: Ensure None-signing algorithm is not allowed Check for leaked secrets Verify server secret checks Test secret guessability/brute-force resistance Open redirect bypass: Test various bypass techniques (e.g., evil.com/expected.com, Javascript openRedirects, hidden link open redirects) Experiment with bypass characters (e.g., //, https:evil.com, /\, , @) Examine parameter pollution BAC: Test access controls for all user levels Evaluate access using different methods (e.g., authorize, JS Functions via developer console, copy-pasting URLs) IDOR: Test across all tenants Check access methods similar to BAC Captcha bypasses: Attempt request method changes Remove or modify captcha parameters LFI: Test bypass techniques similar to Open redirect bypass Experiment with different path traversal techniques (e.g., ../, ../, ..\) to bypass input filters Test for log poisoning or user input storage to achieve code execution through LFI Examine the inclusion of configuration files or other sensitive files for information disclosure RFI: Test bypass techniques similar to Open redirect bypass Experiment with different path traversal techniques (e.g., ../, ../, ..\) to bypass input filters Test for log poisoning or user input storage to achieve code execution through LFI Examine the inclusion of configuration files or other sensitive files for information disclosure SQLi: Use special characters (e.g., ' " ) to trigger SQL injection Utilize SQLmap for testing Use time-based techniques (e.g., SLEEP() in MySQL, WAITFOR DELAY in SQL Server) to extract information if the output is not directly visible (blind SQLi) Test for out-of-band techniques (e.g., DNS exfiltration) when other methods are not possible Exploit second-order SQLi by injecting payloads that get stored and later executed in another part of the application XXE: Test file formats vulnerable to XXE (e.g., SVG, DOCX/XLSX, SOAP) Attempt blind SSRF, file exfiltration, and command execution Test different XML parsers (e.g., DOM, SAX) to identify vulnerable endpoints Utilize out-of-band techniques (e.g., HTTP callbacks, DNS exfiltration) for blind XXE exploitation Experiment with different encoding or obfuscation methods (e.g., using CDATA sections, XML entity expansion) to bypass input filters or security measures Template injections (CSTI/SST): Test basic template injection payloads ${{7*9}} Identify templating engine and refer to manuals for potential exploits Employ encoding techniques for special characters Identify the templating engine in use (e.g., Jinja2, Twig, Mako) and craft payloads specific to the engine Use encoding, obfuscation, or other techniques to bypass input filters or security measures Escalate impact by chaining template injection with other vulnerabilities (e.g., XSS, RCE) XSS: Test payload injection into input fields and reflected parameters Identify reflection context and craft attack vector accordingly Test various encoding and obfuscation techniques Check for and attempt to bypass CSP Test for DOM-based XSS by analyzing JavaScript code and manipulating variables used in the DOM Experiment with different encoding techniques (e.g., HTML entities, URL encoding, Unicode) to bypass input filters and WAFs Utilize event handlers (e.g., onload, onerror) or other obscure tags to trigger XSS when common vectors are blocked SSRF: Test SSRF against server itself and other servers on the network Use alternative URL schemes (e.g., file://, dict://, gopher://) to interact with internal services or to bypass filters Test for IPv6 and other address formats (e.g., octal, decimal, hexadecimal) to bypass IP-based filters Chain SSRF with other vulnerabilities (e.g., XXE, open redirects) to escalate impact Command injection: Test every single parameter for command injection vulnerability Compile a list of commands and command separators for the target OS Admin panel bypass: Try referer header manipulation Test easy username/password combinations Perform directory brute-forcing for unprotected pages Race conditions: Identify and test critical functionalities for potential race conditions Simulate concurrent requests to assess system stability API security testing: Test API endpoints for vulnerabilities similar to those in web applications Evaluate proper use of authentication and authorization mechanisms Check for potential data leaks or unauthorized data access Insecure deserialization: Identify potential points of deserialization in the application Test for deserialization vulnerabilities that could lead to arbitrary code execution or data tampering Test for insecure deserialization by tampering with serialized data formats (e.g., JSON, XML, PHP serialization) and observing application behavior Identify and exploit "gadget chains" to escalate impact and achieve arbitrary code execution Employ encryption or encoding bypass techniques to manipulate serialized data Clickjacking: Check if the application is vulnerable to clickjacking attacks Verify proper implementation of X-Frame-Options header and other defensive mechanisms Parameter Pollution: Test for potential parameter pollution vulnerabilities in all input fields and URL parameters Identify and manipulate repeated parameters to observe application behavior Check if any application logic relies on single instances of parameters and can be bypassed or exploited using parameter pollution Verify that the application handles repeated parameters consistently and securely Session Management: Test for secure implementation of session cookies (e.g., HttpOnly, Secure, SameSite attributes) Evaluate the effectiveness of session expiration and session fixation prevention mechanisms Assess the randomness and predictability of session IDs Verify proper handling of concurrent sessions and logout functionality Web Application Firewall (WAF) Evasion: Attempt to bypass WAF rules using different evasion techniques (e.g., encoding, obfuscation, HTTP Verb Tampering) Evaluate the effectiveness of the WAF in detecting and preventing known attack vectors File Upload Security: Test file upload functionality for potential vulnerabilities (e.g., unrestricted file types, size limitations, handling of malicious content) Verify proper access controls for uploaded files to prevent unauthorized access or file manipulation Check for secure storage of uploaded files and proper handling of metadata Account Recovery and Password Reset: Evaluate the security of account recovery and password reset mechanisms (e.g., secret questions, email-based resets, multi-factor authentication) Test for potential bypasses or weaknesses that may allow unauthorized account access Unconventional Attack Vectors: Investigate less commonly tested functionalities, features, or components that might have been overlooked by developers or other testers Explore edge cases, uncommon input types, or rare user interactions that might trigger vulnerabilities Cross-Platform and Cross-Browser Testing: Test the application on different platforms (e.g., mobile, desktop) and browsers, as some vulnerabilities may be platform- or browser-specific Bug Chaining and Impact Amplification: Explore chaining multiple bugs or vulnerabilities together to create a higher impact or escalate privileges, which can potentially lead to higher rewards Misconfigured or Exposed Infrastructure: Check for exposed or misconfigured infrastructure components (e.g., open AWS S3 buckets, unsecured cloud storage, publicly accessible admin interfaces) Remote Code Execution (RCE): Investigate the use of environment variables or process control functions for command injection Leverage file upload vulnerabilities to upload and execute a malicious payload Bypass execution restrictions by utilizing script interpreters (e.g., Python, Ruby, PHP) or built-in OS functionality (e.g., PowerShell, Bash)

I completed the Web Security Academy lab: Unprotected admin functionality with unpredictable URL @WebSecAcademy portswigger.net/web-security…

I completed the Web Security Academy lab: Source code disclosure via backup files @WebSecAcademy portswigger.net/web-security…

I completed the Web Security Academy lab: Information disclosure in error messages @WebSecAcademy portswigger.net/web-security…

I completed the Web Security Academy lab: SQL injection UNION attack, determining the number of columns returned by the query @WebSecAcademy portswigger.net/web-security…

I completed the Web Security Academy lab: SQL injection vulnerability allowing login bypass @WebSecAcademy portswigger.net/web-security… #sqli #burp #proxy #security

I completed the Web Security Academy lab: SQL injection vulnerability in WHERE clause allowing retrieval of hidden data @WebSecAcademy portswigger.net/web-security…

I completed the Web Security Academy lab: Authentication bypass via OAuth implicit flow @WebSecAcademy portswigger.net/web-security…

Starting Out In Cyber Sec - I have just completed this room! Check it out: tryhackme.com/room/startingo… #tryhackme #security #startingout #careers #intro #startingoutincybersec via @tryhackme

Introductory Networking - I have just completed this room! Check it out: tryhackme.com/room/introtone… #tryhackme #Networking #OSI #Networking #Introductory Networking #intro to networking #accessible #ping #traceroute #whois #dig #TCP/IP #Wireshark #Encapsulation via @tryhackme

Encryption - Crypto 101 - I have just completed this room! Check it out: tryhackme.com/room/encryptio… #tryhackme #security #crypto #101 #encryption #Crypto 101 #encryptioncrypto101 via @tryhackme

Bounty Hacker - I have just completed this room! Check it out: tryhackme.com/room/cowboyhac… #tryhackme #Linux #tar #privesc #security #cowboyhacker via @tryhackme #sudo #gobuster #nmap #cybersecurity

Linux Fundamentals Part 3 - I have just completed this room! Check it out: tryhackme.com/room/linux3 #tryhackme #linux #beginner #ZTH #new #sysadmin #linux3 via @tryhackme

Linux Fundamentals Part 2 - I have just completed this room! Check it out: tryhackme.com/room/linux2 #tryhackme #linux #beginner #ZTH #new #sysadmin #linux2 via @tryhackme

Linux Fundamentals Part 1 - I have just completed this room! Check it out: tryhackme.com/room/linux1 #tryhackme #linux #beginner #ZTH #new #sysadmin #linux1 via @tryhackme

The Cod Caper - I have just completed this room! Check it out: tryhackme.com/room/thecodcap… #tryhackme #security #pwn #pwntools #Reversing # debugging # RE #weekly challenge #thecodcaper via @tryhackme