1 year ago
15
1
0
0
Posts by Shammah zealsham Agwor
Incoming $1m hacker
1 year ago
4
0
0
0
I talk about this on the pod all the time, but CSRF is dead simple. You just need to know the conditions.
I'm not gonna recite them again here, but today a new condition came up:
No Content-Type header -> no CSRF restrictions
Same-site: None
POST
= CSRF
The research:
1 year ago
41
5
4
0
Got a CSRF attack being blocked by Content-Type validation? You might be able to bypass it with this quality technique.
1 year ago
35
4
0
0
Coding without a package manager in 2024 is like building a house by mining limestones first and making cement and mortal with that
1 year ago
1
0
1
0
As a #Bugbounty hunter , I was so mad when my workplace paid $30k for a pentest and only got horrible reports (ssl cert , httponly , rate limit ) . Mean while our bug bounty program had mediums and high reports
Moving forward I think every pentest company should have at least 2 bug bounty hunters
1 year ago
7
0
0
0
Trying to make a list of programs that have hosted a live event on hackerone
-epic games
-tiktok
-zoom
-salesforce
-uber
-PayPal
-DoD
-shopify
-airbnb
-yahoo
-Starbucks
-Amazon
Which did I miss #Bugbounty
1 year ago
5
1
2
0
Myself
1 year ago
1
0
0
0
1 year ago
1
0
0
0
I remember this picture spooking me out when I first saw the write up 😂
1 year ago
0
0
1
0
Advertisement
Bro , “smoking tookah” literally won’t leave my lips for days
2 years ago
2
0
0
0