Anurag

Need suggestion on any good script which can extract passwords/emails from a given long raw text file. Problem I am facing is credentials can be in any random variable like pass, pwd, p, password, auth etc. #bugbounty #bugbountytips #bugbountytip

35+ partners are now included in GitHub automated secret scanning. Full list at https://docs.github.com/en/code-security/secret-security/about-secret-scanning#about-secret-scanning-for-public-repositories … #bugbounty #bugbountytips

Apart from GitHub, Gist, what other platforms are used for keeping large pool of codes from various developers. I wanted to created a tool for extracting secrets and wondering about the data sources other than Git having code search API #bugbountytips #bugbountytip

Is it possible to perform regex searches on Github UI search? My aim is to discover secrets using regex patterns but I cannot find a way to perform regex search on UI #bugbounty

This serialized payload can crash server trying to read it. The major thing is this payload works with latest JRE version as well. You need to be careful if you are trying to deserialize any user provided serialized file. https://cooltrickshome.blogspot.com/2019/02/dos-payload-works-on-latest-jre-for.html … #bugbounty #bugbountytip

#bugbounty #bugbountytip Completed my tool which allows you to modify a compiled Java class file (allows you to change its equivalent smali code). This can help in testing java desktop application and can change behavior of pre-compiled classes https://cooltrickshome.blogspot.com/2019/01/classmodifier-utility-to-easily-modify.html …

Preparing a software for editing java class files. This will help in changing behavior of jar files...

Anyone can still access the cname alias created in your cloudfront distribution. Accessing d**.cloudfront.net with Host header value as http://example.com  will give your public s3 bucket content.

#BugBountyTip Assume you created cname entry "http://example.com " in your cloudfront distribution, pointing to your s3 bucket. You forget to perform DNS mapping from your domain to this cloudfront distribution.

Spoofing file extensions - HackerOne #BugBounty I observed an issue with the file upload processor at Hackerone. 1. Text file downloaded as HTML file 2. Batch file shown as image https://cooltrickshome.blogspot.com/2018/11/spoofing-file-extensions-on-hackerone.html …

https://cooltrickshome.blogspot.com/2018/11/ssl-pinning-bypass-on-android-emulator.html?m=1 …

Learned something new: SSL pinning bypass on android emulator: https://cooltrickshome.blogspot.com/2018/11/ssl-pinning-bypass-on-android-emulator.html … #BugBounty #bugbountytip #Android

Made it to Facebook HOF :) https://www.facebook.com/whitehat/thanks/ …