200+books on info sec and cybersecurity. Feel free to download any and read. LINK: https://drive.google.com/drive/u/0/folders/12Mvq6kE2HJDwN2CZhEGWizyWt87YunkU

Recon is the key and below is a good tip created for you :

1 - Collect your target IPs range

2- Go to Censys search engine

3 - Run : ip=Target_range/XX

4 - Looking for a specific status code run this: ip=Target_range/XX and services.http.response.status_code=200

Flowchart of Directory Traversal 🐞
Read More here:

Reference -> https://www.akto.io/blog/mastering-directory-traversal-a-comprehensive-guide-from-basics-to-prevention

2FA Bypass techniques: 🍀🔥

1. Response Manipulation
In response if "success":false
Change it to "success":true

2. Status Code Manipulation
If Status Code is 4xx
Try to change it to 200 OK and see if it bypass restrictions

3. 2FA Code Leakage in Response
Check the response of the 2FA Code Triggering Request to see if the code is leaked.

4.JS File Analysis
Rare but some JS Files may contain info about the 2FA Code, worth giving a shot

5.2FA Code Reusability
Same code can be reused

6.Lack of Brute-Force Protection
Possible to brute-force any length 2FA Code

7.Missing 2FA Code Integrity Validation
Code for any user account can be used to bypass the 2FA

8.CSRF on 2FA Disabling
No CSRF Protection on disabling 2FA, also there is no auth confirmation

9. Password Reset Disable 2FA
2FA gets disabled on password change/email change

10.Backup Code Abuse
Bypassing 2FA by abusing the Backup code feature
Use the above mentioned techniques to bypass Backup Code to remove/reset 2FA reset restrictions

11.Clickjacking on 2FA Disabling Page
Iframing the 2FA Disabling page and social engineering victim to disable the 2FA

12.Iframing the 2FA Disabling page and social engineering victim to disable the 2FA
If the session is already hijacked and there is a session timeout vulnerbility

13.Bypass 2FA with null or 000000
Enter the code 000000 or null to bypass 2FA protection.

Steps:-
1. Enter “null” in 2FA code
2. Enter 000000 in 2FA code
3. Send empty code - Someone found this in grammarly
4. Open new tab in same browser and check if other API endpoints are accessible without entering 2FA

14. Google Authenticator Bypass
Steps:-
1) Set-up Google Authenticator for 2FA
2) Now, 2FA is enabled
3) Go on password reset page and change your password
4) If you are website redirect you to your dashboard then 2FA (Google Authenticator) is bypassed

15. Bypassing OTP in registration forms by repeating the form submission multiple times using repeater
Steps :-
1) Create an account with a non-existing phone number
2) Intercept the Request in BurpSuite
3) Send the request to the repeater and forward
4) Go to Repeater tab and change the non-existent phone number to your phone number
5) If you got an OTP to your phone, try using that OTP to register that non-existent number

Shodan keys : 🌴🍁

1. WB6B7tRAskjlmpVUrYfnU1CVGCIpUs1t
2. EMeKr6ZlBg5Kaim4FQqTnHddhh3Zwjis
3. 61TvA2dNwxNxmWziZxKzR5aO9tFD00Nj
4. CevVNIYrV6gUzMoxiMhcaO3JIJOmpCY1
5. Hgqwf9dHMIE157PNCeqVJc6TVvlyGKiP
6. xTbXXOSBr0R65OcClImSwzadExoXU4tc
7. TnzrcytxidVqp6Z38iH3xnmu77tjt6qm
8. PSKINdQe1GyxGgecYz2191H2JoS9qvgD

Free shodan key they renew every month enjoy 🌴🔥

18 Linux commands every cybersecurity professional and enthusiasts should know🤍.

If you don’t know, start learning🤝

Privilege Escalation Resources 🍁🌺🔥

Check This Out :-
https://bugbountyguide.org/2022/12/21/privilege-escalation/

Shodan Keys :

OefcMxcunkm72Po71vVtX8zUN57vQtAC
PSKINdQe1GyxGgecYz2191H2JoS9qvgD
pHHlgpFt8Ka3Stb5UlTxcaEwciOeF2QM
61TvA2dNwxNxmWziZxKzR5aO9tFD00Nj
xTbXXOSBr0R65OcClImSwzadExoXU4tc
EJV3A4Mka2wPs7P8VBCO6xcpRe27iNJu
mEuInz8UH1ixLGJq4oQhEiJORERVG5xc
lkY0ng0XMo29zEhzyw3ibQfeEBxghwPF
syeCnFndQ8TE4qAGvhm9nZLBZOBgoLKd
7TeyFZ8oyLulHwYUOcSPzZ5w3cLYib61
v4YpsPUJ3wjDxEqywwu6aF5OZKWj8kik
dTNGRiwYNozXIDRf5DWyGNbkdiS5m3JK
kdnzf4fsYWQmGajRDn3hB0RElbUlIaqu
boYedPn8iDWi6GDSO6h2kz72VLt6bZ3S
FQNAMUdkeqXqVOdXsTLYeatFSpZSktdb
OygcaGSSq46Lg5fZiADAuFxl4OBbn7zm
XAbsu1Ruj5uhTNcxGdbGNgrh9WuMS1B6
nkGd8uVE4oryfUVvioprswdKGmA5InzZ
XYdjHDeJM36AjDfU1feBsyMJIj8XxGzD
EBeU0lGqtIO6yCxVFCWC4nUVbvovtjo5

Site Takeover via SCCM’s AdminService API

https://posts.specterops.io/site-takeover-via-sccms-adminservice-api-d932e22b2bf

#ad #redteam #pentest #sccm #relay

Linux reference Website with basics, tips and formatted man pages

https://linuxcommandlibrary.com/

🔍🧘‍♀️ Join Akshara singhi for an incredible yoga experience that will rejuvenate your mind, body, and soul! ! 🕵️‍♂️🛡

🔥 Feeling the stress from non-stop bug hunting? Let's shake things up with a session designed to recharge you. 🧘‍♂️🌈

⚡️ Introducing the ultimate burnout solution! Join us for a session that blends bug hunting energy with the calm of Hatha Yoga, Ashtanga, and Vinyasa. Whether you're a seasoned pro or just starting, this is your chance to refresh your mind, body, and spirit.

🌿 It's not just about finding glitches; it's about finding balance in both worlds.

📅 Reserve your spot for classes at 6:00-7:00am/pm & 7:30-8:30am/pm. Leading us is Akshara Singhi, your go-to yoga guide for achieving that yoga mat bliss. Reach out to her on Telegram @AKSHARA888 for more info.

🌞🌸 Elevate your bug bounty game by nurturing your well-being. Get a boost of fresh energy.

🚀🔥 Ready to recharge? Your burnout-blasting journey begins here. See you on the mat, fellow hunters! 🚀🔥

Hackerone Disclosed Reports

Sorry For Inactive a lot 😐

Here is the Amazing Writeups Regards SQLi with deep understanding

https://medium.com/@bug4y0u/how-i-got-4-sqli-vulnerabilities-at-one-target-manually-using-the-repeater-tab-ed4eb1f84147