FIKARA BILALblog.fikara.io·Dec 17, 2024Subdomain EnumerationSubdomain research allows the identification of subdomains linked to a main domain that could be vulnerable, thus serving as entry points for misconfigured services. Discovering subdomains helps gather information about the technologies and configura...subdomain discovery
FIKARA BILALblog.fikara.io·Dec 13, 2024Information Gathering in Bug BountyIn the context of Bug Bounty or security testing, information gathering is a step that involves collecting as much data as possible about a target. The goal is to better understand its environment and, above all, identify potential vulnerabilities. T...bugbountytips
FIKARA BILALblog.fikara.io·Dec 10, 2024BugBountyCollecte d’informations Dans un contexte de BugBounty ou de test de sécurité, la collecte d’informations est une étape qui consiste à recueillir un maximun de données sur une cible. Le but est de mieux comprendre son environnement et surtout identifi...bugbounty
FIKARA BILALblog.fikara.io·Nov 29, 2024Links DiscoveryLe Links Discovery ou la découverte de liens est un processus qui consiste à explorer et à extraire des liens et des ressources d’un site web pour obtenir des informations sur une cible. Il permet d’identifier la structure des pages et les relations ...linksdiscovery
FIKARA BILALblog.fikara.io·Nov 26, 2024Recherche de sous-domainesLa recherche de sous-domaines permet d’identifier les sous-domaines rattachés à un domaine principal qui pourraient être vulnérables, et donc des points d’entrée pour des services mal configurés. Le fait de découvrir les sous-domaines permet donc rec...43 readssubdomain discovery
FIKARA BILALblog.fikara.io·Nov 19, 2024Collecte d'informations Bug BountyDans un contexte de BugBounty ou de test de sécurité, la collecte d’informations est une étape qui consiste à recueillir un maximun de données sur une cible. Le but est de mieux comprendre son environnement et surtout identifier des vulnérabilités po...1 like·56 readsbugbountysearchengine
Sergio Medeirosgrumpz.net·Nov 10, 2024My Journey to Passing the CAPenX Certification: A Guide for Aspiring Expert-Level AppSec PentestersIntroduction: As a seasoned cybersecurity researcher and penetration tester, I am constantly on the lookout for certifications that sharpen my skills and keep me at the forefront of web application security. The Certified AppSec Pentesting Expert (CA...11 likes·173 readssoftware development
YSsymbolexe.xyz·Nov 9, 2024Apple Intelligence InjectionThis Python script demonstrates a prompt injection technique to drive interactions with a chatbot through macOS Notes. It uses AppleScript to dynamically create Notes entries with injected prompts, allowing for customized and contextual responses to ...Apple
Bhuwan Bhetwalblog.bhuwanbhetwal.com.np·Nov 8, 2024CSRF + POST Body Param Reflection = POST-Based XSS (A BrainFuck)Hello again, This blog explains how i chained a CSRF and XSS on a POST request. So, lets get straight into it. One day i was hunting on a private program and i could see most of hacker’s were reporting CSRF. Almost 5 reports out of 10 were them. Lo...667 readsXSS
Harshal Shahdelvingwithharshal.hashnode.dev·Oct 2, 2024Directory Traversal Attacks Explained: How to Detect and Stop ThemDirectory Traversal, also known as Path Traversal, is a serious web vulnerability that allows attackers to gain unauthorized access to the server’s filesystem by manipulating input paths. By exploiting this vulnerability, an attacker can access files...Fortify and Defend: Navigating the Cybersecurity Landscapebugbounty