My methodology for finding subdomains. I hope it helps!
https://medium.com/@marduk.i.am/recon-methodology-subdomain-enumeration-0e0493001a03
#bugbountytips #bugbounty #CyberSecurity #resonnaissance #EthicalHacking
Marduk_James :verified_paw:
Aspiring cybersecurity "something".
Just starting my journey, lets see where I end up!
Discord: marduk_james
Twitter: @Marduk_James
Medium: @marduk.i.am
Latest lab write-up. Came out a bit long but very informative.
https://medium.com/@marduk.i.am/blind-sql-injection-with-conditional-responses-46ee90b5f2c0
#BugBounty #bugbountytips #SQL #SQLI #injection #informationsecurity #Portswigger
It's been a while but here is another SQLi lab. Enjoy!
#BugBounty #bugbountytips #SQL #SQLI #injection #informationsecurity #PortswiggerLabs
Latest SQLi lab write-up. Hope you find it useful!
#BugBounty #bugbountytips #SQL #SQLI #injection #informationsecurity #PortswiggerLabs
I just published SQL Injection Attack, Querying the Database Type and Version on MySQL and Microsoft https://link.medium.com/hHxIw42EMLb
#BugBounty #bugbountytips #SQL #SQLI #injection #informationsecurity #PortswiggerLabs
It's been a while but here is the latest write-up!
#BugBounty #bugbountytips #SQL #SQLI #injection #informationsecurity #PortswiggerLabs
Marduk_James :verified_paw: boosted:
So, Microsoft is silently installing Copilot onto Windows Server 2022 systems and this is a disaster.
How can you push a tool that siphons data to a third party onto a security-critical system?
What privileges does it have upon install? Who thought this is a good idea? And most importantly, who needs this?
#infosec #security #openai #microsoft #windowsserver #copilot
Marduk_James :verified_paw: boosted:
There is something potentially huge popping up now. Has to do with a compromise at business intelligence vendor Sisense. I'm hearing this is a supply chain attack affecting many millions of credentials and hundreds of tenants. This is a message the Sisense CISO just sent to customers.
Last of the 'apprentice' level labs. Next up. Expert!
https://medium.com/@marduk.i.am/exploiting-xss-to-perform-csrf-275288910459
#BugBounty #bugbountytips #CrossSiteScripting #informationsecurity #XSS #PortswiggerLabs #storedxss
XSS, CSRF, and credential stealing! Really fun!
https://medium.com/@marduk.i.am/exploiting-cross-site-scripting-to-capture-passwords-b2cda84698b0
#BugBounty #bugbountytips #CrossSiteScripting #informationsecurity #XSS #PortswiggerLabs
Marduk_James :verified_paw: boosted:
“I made a decision. I want to learn Go”
Replies I hoped for: “Cool! I won’t question your reasons out of respect and here are some links/books/code that helped me. Enjoy your journey!”
Replies I got: “you should learn Rust. Go sucks.”
Le sigh, people. When I share something I am looking for help and support. Not attacks.
(I’ll stick with Go. Just as I had an Atari 400 and not a Commodore 64 like almost all ;)
Client Info
Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst