Today i spent most of my time in crafting a payload that can bypass cloudflare and finally got one! I immediately tested the payload on few websites that were protected by cloudflare and successfully got the xss triggered!!!!

Reported this issue to the bug bounty program! Hoping for the best❤

I will release a video on it very soon!

Here's the xss payload: <button%20popovertarget=x>Click%20me</button><img%20onbeforetoggle=alert(1)%20popover%20id=x>XSS

For those who were asking me how i created this, I actually used the same method discussed in this video: https://www.youtube.com/watch?v=4_VbPem6gxI

Hi everyone, We are excited to announce the second batch for web reconnaissance workshop!


If you are a beginner or someone who wants to upskill your recon game then this workshop is for you! Throughout these 7 days, we will explore various methods & techniques that will not only help you to get the basics but also it will help you in creating your own methodology!

You can use the link below to register into this workshop
-------------------------
For People Living In India:
Link: https://pages.razorpay.com/bepracticalWorkshop
--------------------------
For People Outside India:
Link:

https://pages.razorpay.com/bepracticalInternational

[Please make sure to Pay Using PayPal Only]
--------------------------

Last Date Of Registration: 15th July 2024

Looking forward to see you all in this workshop!!!

5 days left for registration!

This was the feedback of previous workshop on reconnaissance. We are really grateful that those who enrolled into the session got to learn something new/interesting and were able to improve their recon game!🎉

Hey everyone,

I'm thrilled and deeply grateful for the incredible response to our first web reconnaissance workshop! Your enthusiasm and feedback were amazing, and it's clear that many of you are eager to enhance your bug bounty hunting and penetration testing skills.

Due to high demand and many not being able to join the first batch, I'm excited to announce another round of the workshop! This is your chance to dive deep into web reconnaissance, learn practical techniques, and connect with a passionate community.

Why Join This Workshop?

-> Full Practical Session
-> Live Q&A session
-> Demo On Real Target

I genuinely appreciate your support and interest. Let’s continue this journey together and take our skills to the next level!

Reserve Your Spot Now:

India: https://rzp.io/l/bepracticalWorkshop
Other Countries: https://rzp.io/l/bepracticalInternational
Thank you once again for your love and support. Let’s make this second batch even more amazing!

Stay curious and keep hacking,

Here's some more information about the workshop

1. Timing: 7:00pm to 8:30pm
2. Duration: 7 days(20th July - 27th July)
3. Language: English
4. Last Date Of Registration: 15th July
5: Recordings for each session will be shared.

3 more days to register!

Hi, If anyone is having any trouble in payment using PayPal then please let us know

New video will be releasing tomorrow! Stay tuned❤

Also, there's only 2 more days remaining for registration!

Hi everyone! I have just released a new video in which i tested some of the popular tools on target protected by WAF.


To know which tool is better, Check out the video:

https://youtu.be/_oLyUxRMnJk

Hi everyone, Today is the last day to register in the workshop!

For those who have registered into the workshop which is going to be held on 20th July 2024, Your mobile number will be added in our group on 18th July 2024.Thank you. Keep learning, Keep Hacking!!!

19K subs completed!!🥳 Thank you everyone for your support❤️

Bug Bounty Tip: While testing on endpoints like /uploadedFiles or /uploads where you think that the app is storing files..make sure to look for common files (like .txt,.pdf,.zip,.tar.gz)

In a recent penetration testing engagement, I was able to uncover sensitive log files and some invoices of a company using this same method!

Keep Hacking!

Hi everyone, I have recently found an interesting vulnerability which allowed me to get all the exposed log files that contains juicy information like hidden directories, credentials etc



Here's the methodology:

1. Did initial content discovery and found /system endpoint (It was giving 403 error)

2. Then i went to discover content inside the "/system" directory and found "/system/logs"

3. Finally, Got the log files!!!

Hi guys! I hope you all are doing well. First of all, I am really sorry that i am not uploading any videos for a long time. To be honest, I was not feeling well and lot of other things were happening at the same time so couldn't get the time to upload new videos. However, I will try my best to be active from now on & help the cyber security community with whatever i can!!

With that being said, Let me share an exciting news with you all. I am happy to share that i am currently ranking as number 1 hacker in one of the private VDP programs on hackerone! The only suggestion/advise i can give you all is:- Focus on 1 target & hunt on it for months!

Keep learning & Keep hacking🔥

I am honored!

Hi everyone, New video will be releasing tomorrow! Stay tuned

Hi everyone! After a long time, Here's my new video that will help you to effectively recon on large scopes to discover content or sensitive files on your large scope based targets!

https://youtu.be/ie84NeBxPCM