@killmongar1996 profile picture
SANTOSH KUMAR SHA @killmongar1996

Its good to break any thing so that u can learn. Because breaking also need some kind of skilled

Joined January 2019
  • Tweets 185
  • Following 223
  • Followers 666
5 Photos and videos
🔍 New blog: Found multiple SSRF vulnerabilities on a bank’s system, exposing AWS metadata! Learn how I uncovered these flaws and the security risks involved. Check it out!👇 🔗 [medium.com/@notifybugme/find…] #CyberSecurity #AWS #SSRF #EthicalHacking #CloudSecurity

Finding multiple SSRF with AWS metadata access on A BANK system

Hi, everyone

notifybugme.medium.com
4
246
🔒 Strengthening S3 Bucket Security with SCP Policies 🔒 Just published a new blog where I dive deep into hardening the security of Amazon S3 buckets using Service Control Policies (SCPs). 🛡️ Check it out here: lnkd.in/dvrNMqkh #AWSSecurity #CloudSecurity #S3 #AWS

LinkedIn

This link will take you to a page that’s not on LinkedIn

lnkd.in
1
119
🚨 Exciting News: New Blog Post Alert! 🚨 I’m thrilled to announce the release of my latest article, “Finding SSRF by Full Automation”! 🌐🔍 🔗 Dive in here: notifybugme.medium.com/findi… #SSRF #Automation #InfoSec #Security #BugBounty #PenTesting #EthicalHacking #Vulnerability

Finding SSRF BY Full Automation

Hi, everyone

infosecwriteups.com
1
3
194
🚀 New Blog: Automating AWS Console Login Monitoring – A Comprehensive Guide 🚀 Monitoring AWS Console logins is crucial for maintaining security and detecting unauthorized access. 🔗 Read the full guide here: lnkd.in/gc96wKNw #AWS #CloudSecurity #Automation #InfoSec

LinkedIn

This link will take you to a page that’s not on LinkedIn

lnkd.in
1
1
122
🚨 Unveiling a Critical Vulnerability: Exposing AWS Credentials in a Penetration Test 🚨 In my latest post, I reveal how I uncovered AWS credentials during a pentest. medium.com/@notifybugme/unve… #AWS #Pentesting #BugBounty #InfoSec #Vulnerability #EthicalHacking

Unveiling a Critical Vulnerability: Exposing AWS Credentials in a Penetration Test

Introduction

notifybugme.medium.com
1
1
170
SANTOSH KUMAR SHA retweeted
Bounty Security@BountySecurity
21 Sep 2022
🎉New Website published🎉 🎁To celebrate the launch of the new website, we are giving away three annual Burp Bounty Pro licenses! 👉To participate you have to retweet and like. The winners will be announced on September 30. 👉burpbounty.net
77
760
990
SANTOSH KUMAR SHA retweeted
Aditya
@ADITYASHENDE17
19 Dec 2021
Chaining an Blind SSRF bug to Get an RCE by @killmongar1996 link.medium.com/QS6eacg36lb

Chaining an Blind SSRF bug to Get an RCE

Hi, everyone

link.medium.com
1
85
237
SANTOSH KUMAR SHA retweeted
InfoSec Community
@InfoSecComm
5 Sep 2022
Featuring articles by @Lotus_619, @ajpc500, @s0md3v, @killmongar1996. Trending threads by @drunkrhin0, @cyberboyIndia, @AseemShrey and @sec_r0. Videos by @HalbornSecurity, @_JohnHammond and @c3rb3ru5d3d53c GitHub repositories & Tools by @hakluke and @NCCGroupInfosec
1
5
13
I just published Out-Of-Bond Remote code Execution(RCE) on De Nederlandsche Bank N.V. with burp-suite collaborator infosecwriteups.com/out-of-b…

Out-Of-Bond Remote code Execution(RCE) on De Nederlandsche Bank N.V. with burp-suite collaborator

Hi, everyone

notifybugme.medium.com
8
122
327
Finally I am releasing my Time base SQL injection tool. Please try once and leave feedback for it so that I can add new features. github.com/killmongar1996/sq… #bugbountytips #bugcrowd #hackerone #automationtesting #bughunting #bugbounty #pentesting #sqlinjection #ethicalhacking

GitHub - killmongar1996/sqlTinj: Automation: Bash script wrapper to find and verify time base sql...

Automation: Bash script wrapper to find and verify time base sql injection - killmongar1996/sqlTinj

github.com
3
12
Hey @Bugcrowd cc: @codingo_ I have reported 2 issues on Bugcrowd where I have clearly shown the impact and everything thing but traiger marked it marked as Not applicable. Now when I am trying to reproduce it is fixed. Can anyone help me out here?
1
2
linkedin.com/feed/update/urn…

#bugbountytips #bugcrowd #hackerone #pentesting #pentester #automationtesting #synack #bughunting...

Glimpse of my Time base SQL injection tool Well be Publishing it soon.................................. #bugbountytips #bugcrowd #hackerone #pentesting #pentester #automationtesting #synack #bughun...

linkedin.com
SANTOSH KUMAR SHA retweeted
SANTOSH KUMAR SHA@killmongar1996
24 Dec 2021
Ending 2021 with my Last Writeup of 2021: I just published Exposing Millions of Investor and Startup Register details and PII INFO in STARTUPINDIA (Govt of… link.medium.com/WXqIyo84emb #bugbountytips #bugcrowd #hackerone #pentester #synack #bughunting #govtofindia #startupindia

Exposing Millions of Investor and Startup Register details and PII INFO in STARTUPINDIA (Govt of…

Hi, everyone

link.medium.com
16
31
I just published How I got access Maxlifeinsurance insurance company AWS metadata access by SSRF link.medium.com/xZoC6Tmrhmb

How I got access Maxlifeinsurance insurance company AWS metadata access by SSRF

Hi, everyone

link.medium.com
2
23
68
I just published Exploiting S3 bucket with path folder to Access PII info of A BANK link.medium.com/0LNKK9J6Plb

Exploiting S3 bucket with path folder to Access PII info of A BANK

Hi, everyone

link.medium.com
3
22
57
But good part is that They Fixed all the issue which i have reported. its already been 2 years old finding of mine.
1
SANTOSH KUMAR SHA retweeted
zapstiko@zapstiko2
3 Sep 2021
How I was able Find mass leaked AWS s3 bucket from js File @killmongar1996 zapstiko.com/how-i-was-able-…
5
10
I just published Finding multiple SSRF with aws metadata access on A BANK system link.medium.com/3D8j06PPJib

Finding multiple SSRF with aws metadata access on A BANK system

Hi, everyone

link.medium.com
2
35
97
SANTOSH KUMAR SHA retweeted
Hussein Daher
@HusseiN98D
26 Jul 2021
#GIVEAWAY ALERT🎉 In honor of my first workshop at #ThreatCon I wanted to do a giveaway for 3 spots to my talk THREE winners will have a free place🙌 To enter: 1️⃣ Follow & RT 2️⃣ Tell me a subject I should talk about 3️⃣ Winners announce 30/07 threatcon.io/about_speaker?i… #BugBounty
122
137
253
Load more