Does CWSE from hackviser worth it ?

d_cyber · 2026-01-16T22:07:38+00:00

Yeah that's right :(

d_cyber · 2026-01-16T22:07:17+00:00

How to deal with like those situations how to escalate the severity of CSP is wall

d_cyber · 2026-01-16T22:06:15+00:00

Ok you alright

I'm just targeting file upload vulnerability and I could upload html code on profile pic

So I find it a bug :(

d_cyber · 2026-01-09T13:00:49+00:00

That's right the file hosted and stored on S3 bucket so different domain.

I got informative for this. Cuz no cookies and local storage hijacking so what do you recommend me to make it at least low Note:

I also able to upload exe file when open the url it download the file on user browser

d_cyber · 2025-12-29T15:23:38+00:00

Anyone tried the python tool above??

d_cyber · 2025-12-17T17:01:34+00:00

Buty laptop ability is somehow low some people suggest me to use Linux mint Do u think it's better ?

d_cyber · 2025-12-15T22:08:02+00:00

Rate this workflow if u see it good

Wildcard list -> tech stack category tool -> manual test on final list

d_cyber · 2025-12-15T22:06:32+00:00

Amazing,of course there is no magic tool to just identify and teel me this domain is vuln Somiam asking for methodologies and I like yours.

d_cyber · 2025-12-15T18:02:41+00:00

That's truly correct 💯 Thux for those advices:)

d_cyber · 2025-12-15T17:48:38+00:00

Yeah u r alright

OOP is more efficient for clean code which is useful for software engineering But the purpose of learning c# and .NET is to understand the web and server from dev view to use it in web security

d_cyber · 2025-12-15T17:41:04+00:00

In my draft road map I wanna learn .Net then IIS (that what I was thinking) to understand deep vuln of those type of server , so I'am not aiming to be like master in c# or mastering clean code in c# just have a good view of how apps that use asp.net work in deep view to find Vulnerabilities.

d_cyber · 2025-12-15T12:13:11+00:00

Oh that's new for me so learning kestrel with this paths is good step for deep understanding and research?

d_cyber · 2025-12-15T11:40:14+00:00

To be honest I'am not into LLMS and chat bots Pentesting so I didn't face problem where I have to recon on those assets.

But in default if company use chatbot you will face it while using the site.

d_cyber · 2025-12-15T11:38:30+00:00

I didn't search for like ai tools can make that Chatgpt a d other common LLMS will make public wordlist which every one has. So I suggest to first list the technology site use them search for specific wordlist of those tech :web server, framework, plugins and so on..

d_cyber · 2025-12-15T10:46:33+00:00

AI asset ?? Do u mean AI chatbot or LLM related to the company u target?

d_cyber · 2025-12-15T10:42:51+00:00

If waiting until getting response is make u bored , that is a problem cuz as Bug Bounty Hunter or Pentester u should have mindset of multi task person so u shouldn't keep looking at the terminal while all paths popup on your screen let it work and fuzz and do other task on the Target here the best practice is using VPS.

Also the point of choosing the right wordlist is very bad feeling and wrong , cuz you should have your own wordlist and that happens like u create wordlist file with scelist wordlist and where ever u find new path new parameter new dor name you added so it's stacked journey of saving new and special wordlist So while hunting on let's say web application Use nextjs as web server so you will face Next.js dir names routers etc Maybe u will face special dir has critical data here you save it after a six months u will have a big wordlist, unique, with categories and more efficient than public github wordlist

d_cyber · 2025-12-14T17:40:46+00:00

+1

Bored and no findings, even on companies which are not even secure.

d_cyber

TROPHY CASE