Harsh Bothra


Freelance Pentester & Consultant • Cobalt Core Lead & Pentester • Author • Speaker • Blogger • SecurityExplained • Project Bheem • Learn365 • Views are personal

Security Stories - Story: 4 - Luke Stephens

SecurityStories - 52 Weeks, 52 Stories: Story - 4 ~ Don't lose your creativity. As soon as people get a cybersecurity job, they lose their curiosity and creativity. Featuring Luke Stephens widely known as @hakluke who needs no introductions. Let's know his story. 🧵

Question: Could you briefly introduce yourself? Luke: I'm Luke Stephens. I go by hakluke online. I'm a computer hacker and indie founder.

Continue reading

10 XSS Payloads for Different Scenarios - #AppSecwithAI

#AppSecwithAI Look what ChatGPT generated when I asked it to give me 10 XSS payloads for different scenarios - 🧵 ↓

1/10: `<svg/onload=alert(1)>` - This payload uses an SVG element with an onload event handler to trigger the XSS payload. 2/10: `<img/src=x onerror=alert(1)>` - This payload uses the onerror event handler to trigger the XSS payload when the image source is invalid.

Continue reading

SecurityStories - Nilesh Sapariya

SecurityStories - 52 Weeks, 52 Stories ~ Take regular breaks to give your mind and body a rest helps you cope up with cyber security burn outs a lot. Featuring Nilesh Sapariya (@nilesh_loganx), a skilled pentester from India and working in UAE. Learn from his story 🧵 ↓

Continue reading

Security Stories - 2: Featuring Sumit Grover

SecurityStories - 52 Weeks, 52 Stories Story - 2: Featuring Sumit Grover (@sumgr0) Learn more about Sumit in 🧵

Continue reading

100 Application & API Security Test Cases

Don't let your Applications & APIs be a security risk. Protect them with these 100 Security Test Cases 🧵

1. Broken Object Level Authorization 2. Broken User Authentication 3. Excessive Data Exposure 4. Lack of Resources & Rate Limiting 5. Broken Function Level Authorization 6. Security Misconfigurations 7. Cross-Site Scripting (XSS) 8. Insecure Deserialization

Continue reading

Playing with JavaScript and executing a prototype pollution attack is always interesting thing to do. Learn about Prototype Pollution: https://www.cobalt.io/blog/a-pentesters-guide-to-prototype-pollution-attacks First blog of 2023. I hope you like it

6 Productivity Tools One Must Try

What are your go-to tools for productivity and daily use? My Go-To Tools for Productivity and Daily Use 🧵 1/

2/ 📒 Google Keep - I keep my daily planner here, so that I can track everything from tasks to upcoming events in one place. 🎯 Trello - Great for goal setting & tracking progress on projects /goals with ease. It's also a great visual way of seeing what needs attention!

Continue reading

SecurityStories - Story - 1 Featuring Ahmet Gurel @ahmettgurell, A well known Security Researcher & Ethical Hacker from Turkey. Read his SecurityStory: https://harsh-bothra.github.io/SecurityStories/SecurityStories/ahmet-gurel.html A Twitter thread will be published soon :)

🧵 Thread

This year (2022), I have worked on creating educational resources in various forms, such as blogs, Twitter series, mindmaps and others. In case you missed them, here are all of them: # SecurityExplained Twitter Series: - https://github.com/harsh-bothra/SecurityExplained 🧵 - 1/5

2/5 # MindMaps 1. Forget Password Vulns: https://xmind.net/m/nZwbdk/ 2. XML Attacks: https://xmind.net/m/xNEY9b/ 3. 2FA Bypass Techniques: https://xmind.net/m/8Hkymg/ 4. Android PT Checklist: https://xmind.net/m/GkgaYH/ 5. Cookie Based Auth Vulnerabilities: https://xmind.net/m/2FwJ7D/

Continue reading