@sickuritywizard profile picture
Pradeep Kumar @sickuritywizard

SecEng

Joined October 2018
  • Tweets 86
  • Following 144
  • Followers 152
2 Photos and videos
Pinned Tweet
Pradeep Kumar@sickuritywizard
26 Feb 2021
Collab with @silentbronco @GoogleVRP #googlebugbounty #bugbounty #bugbountytips #googlevrp #vdp #pentesting #xss
1
7
38
Checkout my new writeup on OAuth Security: medium.com/bugbountywriteup/… #bugbounty #webpentesting #tech

Unlocking OAuth Security

In this blog, we will uncover the different oauth security implications on both the client applications and the oauth server.

infosecwriteups.com
1
38
Pradeep Kumar retweeted
InfoSec Community
@InfoSecComm
25 Sep 2020
New Write-up on InfoSec Write-ups publication : "PII Leakage via IDOR Weak PasswordReset = Full Account Takeover" #bugbounty #bugbountywriteup #bugbountytips ift.tt/3i5mMlY

PII Leakage via IDOR Weak PasswordReset = Full Account Takeover

Hello Hunters, this is a quick write up on one of my recent findings on a bug bounty program. Before jumping into the vulnerability, let…

infosecwriteups.com
64
150
Pradeep Kumar retweeted
OSO
@osodevops
13 Jul 2024
Unlocking Kubernetes Security: The Complete Checklist buff.ly/3XTiPcI #kubernetes
4
16
444
Pradeep Kumar retweeted
Nicolas Krassas
@Dinosn
15 May 2024
JNDI Injection — The Complete Story infosecwriteups.com/jndi-inj…

JNDI Injection — The Complete Story

This blog investigates the security implications of JNDI Injection, a vulnerability that arises when malicious actors manipulate JNDI…

infosecwriteups.com
20
66
6,861
I recently published a new blog on pentesting and securing Kubernetes environments. The article provides a detailed checklist with strategies and actionable steps to improve your K8 security framework. Read the full article here: medium.com/@sickuritywizard/… #Kubernetes #Pentesting
56
Pradeep Kumar retweeted
Cybernetic Research@cybernetic_res
29 Feb 2024
Checkout @sickuritywizard latest blog on how Java's ProcessBuilder and Runtime classes can unwittingly open the door to Command Injection Vulnerabilities. infosecwriteups.com/unveilin… #bugbountytips #bugbounty

Unveiling Command Injection Vulnerabilities in Java: Deep dive into ProcessBuilder and Runtime

Java’s ProcessBuilder and Runtime classes offer powerful functionality, but they also come with risks.

infosecwriteups.com
9
23
2,189
Pradeep Kumar retweeted
LiveOverflow 🔴
@LiveOverflow
29 Nov 2023
For every 10 likes this gets, I will ask ChatGPT to make this code more insecure
70
475
7,207
1,473,498
Pradeep Kumar retweeted
D∆₹K⚜LÖ†Û$@darklotuskdb
25 Jul 2023
The iOS Reloader is a weaponizing tool designed for jailbroken iOS devices. It facilitates the installation of a collection of essential tools on iOS devices for penetration testing purposes. github.com/darklotuskdb/ios-… #HR51KDB #bugbountytip #bugbountytips #ios #vapt

GitHub - darklotuskdb/ios-reloader: The iOS Reloader is a weaponizing tool for jailbroken iOS...

The iOS Reloader is a weaponizing tool for jailbroken iOS devices. It facilitates the installation of a collection of tools on iOS devices (iPhone/iPad) that are essential for penetration testing p...

github.com
2
26
62
5,506
"Recently delved into Jackson deserialization vulnerability and built a lab for testing purposes. Sharing the code on GitHub: github.com/sickuritywizard/j… #CyberSecurity #SecureCoding #Pentesting #BugBounty #ctf #bugbountytip
108
Pradeep Kumar retweeted
huntr Hacktivity@huntrHacktivity
17 May 2022
Stack-based Buffer Overflow in github.com/vim/vim (CVE-2022-1771) reported by @GreaterGoodest - Patch: github.com/vim/vim/commit/51… huntr.dev/bounties/faa74175-… #bugbounty #infosec #opensource

GitHub - vim/vim: The official Vim repository

The official Vim repository. Contribute to vim/vim development by creating an account on GitHub.

github.com
30
70
Pradeep Kumar retweeted
shubs
@infosec_au
6 May 2022
My colleagues @seanyeoh and @devec0 found some phenomenal vulnerabilities in Cloudflare Pages. I highly recommend you read about their adventures in pwning CI systems. There's a lot to learn from their research. blog.assetnote.io/2022/05/06…

Cloudflare Pages, part 1: The fellowship of the secret

assetnote.io
4
86
263
Pradeep Kumar retweeted
Pratik Khalane@KhalanePratik
15 Jun 2021
Here is my second blog of how i was able to bypass the admin using the default credentials in @BBC website. Link : pratikkhalane91.medium.com/h…

How I was able to bypass the admin portal by using the default credentials in BBC Corporation.

Hello everyone, today I will be talking about one of the critical bug which I found on the BBC website which is bypassing the admin portal…

infosecwriteups.com
5
37
101
Pradeep Kumar retweeted
Dominic@dee__see
5 Jun 2021
Replying to @streaak
@streaak's KeyHacks is great, but most keys aren't sensitive and aren't in there so I present NotKeyHacks, the list of tokens that look sensitive but aren't. The idea is to have a place we can CTRL-F instead of wasting time searching for the right docs gitlab.com/dee-see/notkeyhac…

dee-see / notkeyhacks · GitLab

GitLab.com

gitlab.com
11
72
204
Pradeep Kumar retweeted
Jomar@J0_mart
22 May 2021
Hey guys, following the last @BugBountyHunt3r event, I have the opportunity to provide an invitation to a person of my choice, if you're interested, just leave a retweet and I will randomly pick someone on Tuesday :) #BugBounty
63
211
231
Pradeep Kumar retweeted
D∆₹K⚜LÖ†Û$@darklotuskdb
14 May 2021
To Find Compromised User Credentials 👨‍💻 1. Navigate to breachdirectory.tk 2. Put the uname/email in the search box. 3. Copy the hash of the password. 4. Past in crackstation.net OR hashes.com #HR51KDB #bugbountytip #infosec #databreach #bugbountytips
2
28
46
Pradeep Kumar retweeted
Sourav@Sourav18644081
9 May 2021
Replying to @JAINUNIVERSITY
@JAINUNIVERSITY is asking students to pay 1500 exam fess for online exams too, it won't even cost a single penny if they have purchased the domain. We are ready to pay but I just want to request that can't they donate 50% of the exam fees to fight corona virus?@ChenrajRoychand
1
11
19
Pradeep Kumar retweeted
Rahul Sasi@fb1h2s
28 Apr 2021
we analyzed over 10,000 mobile apps and found over .5% of them has hardcoded AWS keys. Report- bevigil.com/blog/mobile-apps…

Mobile Apps Exposing AWS Keys Affect 100M Users’ Data - BeVigil Blog

CloudSEK’s BeVigil, a security search engine for mobile apps, has found that 0.5% of mobile apps expose AWS API keys, thus putting their internal networks and data at high risk. 

bevigil.com
4
14
44
Pradeep Kumar retweeted
D∆₹K⚜LÖ†Û$@darklotuskdb
25 Apr 2021
Useful #Shodan Dorks For #bugbounty. Shodan CLI: 1. git clone github.com/pypa/easy_install…; cd easy_install; python2.7 setup.py install 2. easy_install shodan 3. easy_install -U shodan 4. shodan init YOUR_API_KEY #HR51KDB #bugbountytips #bugbountytip #infosec
2
123
253
Pradeep Kumar retweeted
D∆₹K⚜LÖ†Û$@darklotuskdb
22 Apr 2021
Account TakeOver(#ATO) By Locking The Cookies. #HR51KDB #bugbountytip
13
148
309
Pradeep Kumar retweeted
Cyber Threat Hub@CyberThreatHub
20 Apr 2021
(CloudFail - Information Gathering to Discover Identity of the Server Behind Cloudflare) - skynettools.com/cloudfail-in… #infosec #netsec #pentest #cybersecurity #bugbounty
5
188
453
Load more