Offsec Cybermage casting technoincendiary incantations across the internet so you can reassemble the pieces into something more impressive.
I wrote a book on recon for pentesters, bug bounty hunters and OSINT lifers recently - "Enumerating Esoteric Attack Surfaces" is the most comprehensive and esoteric tome on performing uncomfortably pervasive data sweeps against your target. The hidden attack surfaces will go from subterranean whispers of ghosts to radioactive bioluminescent glowies after you read this book.
https://www.amazon.com/Enumerating-Esoteric-Attack-Surfaces-Penetration-ebook/dp/B0CWDPHHMR
- OSCP
- eWPT
- eCPPTv2 (eLearnSecurity Certified Professional Penetration Tester)
- CompTIA Pentest+
- Python Institute PCEP
HackerOne :: 99th percentile TryHackMe :: USA Top 10 and Global Top 50 (2021-2022)
- CVE-2023-3757 (critical SQLI in Rail Pass Management System Project in PHP" v 1.0)
- CVE-2023-5303 (Multiple Stored-XSS Discovered in Online Banquet Booking System v1.0)
- CVE-2023-5304 (Stored XSS via book-services.php)
- CVE-2023-5305 (Stored XSS via mail.php)
- CVE-2023-6074 (CVSS 9.8 SQLI in PHPGuruKui Restaurant Table Booking System 1.0)
- CVE-2023-6075 (Stored XSS via Reservation Request Handler)
- CVE-2023-6076 (CVSS 7.5 Information disclosure via booking-details.php)
- CVE-2024-11484 (Code4Berry Decoration Management System 1.0 User Image update_image.php productimage1 access control)
- CVE-2024-11485 (Code4Berry Decoration Management System 1.0 User userregister.php permission)
- CVE-2024-11486 (Code4Berry Decoration Management System 1.0 User Permission user_permission.php)
- CVE-2024-11487 (Code4Berry Decoration Management System 1.0 Between Dates Reports btndates_report.php fromdate/todate sql injection)
Blog about Penetration Testing, Hacking and Bug Bounty: https://scumdestroy.com
-
🔭 I’m currently working on a deep, obsessive, Marianis-Trench level recon campaign against a single target web app while ignoring 135 private bug bounty program invitations (Unauth Read/write on Internal Documents x 3, rXSS and Critical Information Disclosure x 2)
-
👯 I’m looking to collaborate on bounty programs or CTF teams!! Let's hack them to chunks!!
-
🌱 I’m currently researching GraphQL, Android Pentesting, Windows API/Malware Dev and the pursuit of those juicy CVEs and zero days every day.