prinsharma1999

responsible disclosure reward r=h:UK
site:*.*.nl intext:security report reward
inurl:responsible disclosure reward
inurl:responsible disclosure bounty
inurl:responsible disclosure swag
site:*.*.nl intext:responsible disclosure reward
responsible disclosure reward r=h:eu

prinsharma1999

google dork -> site:.co.uk inurl:"responsible disclosure"
https://registry.internetnz.nz/about/vulnerability-disclosure-policy/
http://www.123contactform.com/security-acknowledgements.htm
https://18f.gsa.gov/vulnerability-disclosure-policy/
https://support.1password.com/security-assessments/
https://www.23andme.com/security-report/
https://www.abnamro.com/en/footer/responsible-disclosure.html
https://www.accenture.com/us-en/company-accenture-responsible-disclosure
https://www.accredible.com/white_hat/
https://www.acquia.com/how-report-security-issue

prinsharma1999

Android Pentesting

Android Pentesting Sources from Hacking articles

• https://www.hackingarticles.in/android-penetration-testing-apk-reverse-engineering/
• https://www.hackingarticles.in/android-penetration-testing-apk-reversing-part-2/
• https://www.hackingarticles.in/android-pentest-deep-link-exploitation/
• https://www.hackingarticles.in/android-penetration-testing-webview-attacks/
• https://www.hackingarticles.in/android-penetration-testing-frida/
• https://www.hackingarticles.in/android-pentest-lab-setup-adb-command-cheatsheet/
• https://www.hackingarticles.in/android-hooking-and-sslpinning-using-objection-framework/
• https://www.hackingarticles.in/android-penetration-testing-drozer/

prinsharma1999

Debugging 3rd party apps on iOS and Android

Part I: iOS

Prerequisites

• checkra1n
  • A7 - A10 devices (iPhone 5s - iPhone X), iOS 12.0+
  • Dropbear SSH, port 44, root:alpine
• USB multiplexing daemon usbmuxd (available via brew)
• Use scp to copy file to/from device

Forward remote (iDevice) port 44 (Dropbear SSH) to local (Mac) 2222

prinsharma1999

Static / Dynamic iOS app inspection

• Make apps from AppStore inspectable
• Logs
• Files inside of IPA
• Files on Device
  • iOS file structure
• Build information

prinsharma1999

#Burp SSL Certificate on IOS 11
On iOS 11 you can't just install your MITM root cert, you also need to explicitly trust it.
You can do this by:
Settings -> General -> About -> Certificate Trust Settings -> Flip the switch on your cert
----------------------------------------------------------------------------------------------------------------
#GDB on IOS 11
Source: https://shmoo419.github.io/
gdb
ps -ax | grep -i appName
attach [processNo]

prinsharma1999

Static / Dynamic iOS app inspection

• Make apps from AppStore inspectable
• Logs
• Files inside of IPA
• Files on Device
  • iOS file structure
• Build information

prinsharma1999

# # WRITE-UPS

https://www.softwaretestinghelp.com/html-injection-tutorial/

HTML injection (with XSS possible) on the https://www.data.gov/issue/ using media_url attribute https://hackerone.com/reports/263226

Html Injection and Possible XSS in sms-be-vip.twitter.com https://hackerone.com/reports/150179

“I too like to live dangerously”, Accidentally Finding RCE in Signal Desktop via HTML Injection in Quoted Replies https://thehackerblog.com/i-too-like-to-live-dangerously-accidentally-finding-rce-in-signal-desktop-via-html-injection-in-quoted-replies/index.html

prinsharma1999

How to setup Burp Suite inside a docker container.

prinsharma1999

#!/bin/bash

echo "Online Subdomain Detect Script"
echo "Twitter => https://twitter.com/cihanmehmets"
echo "Github => https://github.com/cihanmehmet"
echo "CURL Subdomain Execute => curl -s -L https://raw.githubusercontent.com/cihanmehmet/sub.sh/master/sub.sh | bash -s bing.com"
echo "██████████████████████████████████████████████████████████████████████████████████████████████████████████████"

if [[ $# -eq 0 ]] ;
then