Uncategorized

[Tools] Visual Recon – A beginners guide

📖Intro 📖 During the process of RECON you often get thousands of domains you have to look at. A suitable way to decrease the time you spend on each website is to take a screenshot of each website. There are several tools available such as EyeWitness (https://github.com/ChrisTruncer/EyeWitness) or ScreenShotter (https://github.com/BladeMight/ScreenShotter). Unfortunately, I had issues setting them

[Tools] Visual Recon – A beginners guide Read More »

The Stony Path of Android 🤖 Bug Bounty – Bypassing Certificate Pinning

Dear readers, Long story short, doing bug bounties for mobile devices is hard. With this article I want to show you a rather simple way to be able to bypass certificate pinning for all some of your Android mobile targets. The method described here is based on research and an awesome blogpost+script written by Piergiovanni Cipolloni. Whenever there

The Stony Path of Android 🤖 Bug Bounty – Bypassing Certificate Pinning Read More »

[BugBounty] Decoding a $😱,000.00 htpasswd bounty

tldr; A Private Bug Bounty Program had a globally readable .htpasswd file. I cracked the DES hash, got access to development and staging environments and was rewarded a shitload of$. [Tools used] dirbuster https://www.owasp.org/index.php/Category:OWASP_DirBuster_Project John http://www.openwall.com/john/ [\Tools used] Today I want to share something with you that I recently discovered in a private Bug Bounty Program. Due

[BugBounty] Decoding a $😱,000.00 htpasswd bounty Read More »

de_DEGerman