Мир сегодня с "Юрий Подоляка"

Труха⚡️Україна

查看

Николаевский Ванёк

查看

Rafa Sec

Hey I'm Rafu 👋
Cybersec enthusiast | bughunter | Ethical hacker | CTF player
Feel free to join😊
-> you can contact me in @Rafa_support
- Join chat: @rafasec_chat
- join course channel: @Rafa_course

TGlist 评分

类型公开

验证

未验证

可信度

不可靠

位置

语言其他

频道创建日期Mar 27, 2025

添加到 TGlist 的日期

May 01, 2025

我是频道所有者

变更历史

关联群组

Rafa Sec Community

135

Telegram频道 Rafa Sec 统计数据

详细信息

订阅者

372

24 小时

30.8%一周

3911.8%一个月

9534.3%

引用指数

0

提及0频道上的转发0频道上的提及0

每帖平均覆盖率

127

12 小时1020%24 小时1270%48 小时1420%

参与率 (ER)

5.51%

转发1评论0反应6

覆盖率参与率 (ERR)

34.42%

24 小时0%一周0%一个月0%

每则广告帖子的平均覆盖率

220

1 小时00%1 – 4 小时00%4 - 24 小时00%

详细信息

将我们的机器人连接到频道以了解该频道的受众性别。

过去 24 小时内的帖子数

0

动态

"Rafa Sec" 群组最新帖子

所有帖子

15.05.202518:37

👀😁

@rafa_sec

14.05.202513:51

@rafa_sec

11.05.202518:13

Password: @rafa_sec

instalization:

1.

./set-permissions.sh

sudo docker-compose up

09.05.202507:19

🔒🔥 Security Bug Found – Account Takeover & Privilege Escalation 🔓

💰 Reward: 23,000 BIRR

While testing a web app, I discovered a serious mass assignment vulnerability.
📌 Here’s how I found it:
During password change, the request sent:
"email": "email@example.com"
I changed it to:
"email": ["email1@example.com", "email2@example.com"]
✅ Result: The password for both accounts got updated!

Later, I saw:
"role": "user"
I changed it to:
"role": "administrator"
✅ My account became an admin.

🧠 What I achieved:
✅ Account Takeover (ATO) via Password Change
✅ Privilege Escalation via Mass Assignment

💸 This bug earned me 23,000 BIRR from the program.

Always validate and sanitize input on the server side!

@rafa_sec

08.05.202518:00

🚨💥 New Bounty Is Coming... 🐞

Stay tuned, something wild just got caught! 👀💻

@rafa_sec

08.05.202517:34

🔥 Day 3 - Hacking Tips

🛠 Tip 1:

Bypass JavaScript-Based Client-Side Validation
Never trust client-side restrictions. Use Burp Suite or your browser's DevTools to send requests directly.

🔍 Tip 2:

Check robots.txt for Hidden Paths
Access /robots.txt—you might find disallowed admin panels, dev pages, or juicy directories to explore.

👉 Happy Hacking and Bug Hunting!

@rafa_sec

07.05.202516:50

🔥 Day 2 - Hacking Tips

🛠 Tip 1:

Fuzz for Hidden Parameters
Use tools like ParamMiner to discover hidden parameters like admin=true or debug=1 that can lead to privilege escalation.

🔍 Tip 2:

Check HTTP Method Misuse
Try methods like PUT, DELETE, or OPTIONS on endpoints. Misconfigurations here can expose serious flaws.

👉 Happy Hacking and Bug Hunting!

@rafa_sec

07.05.202505:14

Good morning guys ❤️

06.05.202518:53

Zesiano's wisdom: 🤔

Hacking is about creativity, not tools. Spend 90% thinking 🧠, 10% scanning. 💻🔑

@rafa_sec

06.05.202508:40

Hacking TIP Day1:

Tip1:

Start every recon🔍 by mapping the attack surface thoroughly. Use tools like subfinder, httpx, and nmap to discover subdomains, alive hosts, and open ports. A wide recon often reveals hidden or forgotten services that are goldmines for bugs.

Tip2:

Always check for parameter pollution by duplicating query or body parameters (e.g., ?user=admin&user=guest). Some backends may use the first, others the last—leading to unexpected behavior or even auth bypass.

Happy hacking and bug hunting! 🐞🔍

💬 Chat: @rafasec_chat
📢 Channel: @rafa_sec
📚 Course Updates: @rafa_course

05.05.202511:10

05.05.202508:16

🚀 eWPTv2 Course: Become a Web App Pentesting Pro! 🚀

Ready to launch your career in web application security? This Intermediate Level course is your fast track to mastering practical pentesting skills! 🎯

Course Highlights:

• Web App Security Fundamentals 💡
• Information Gathering 🔎
• Authentication & Authorization Testing 🔑
• Injection Attacks 💉
• File Inclusion Vulnerabilities 📄
• Server-Side Request Forgery (SSRF) 🌐
• Web Services Security ⚙️
• Practical Exploitation Techniques 🛠
• Hands-On Labs 🧪
• Report Writing 📝

Key Benefits:

• 🔥 Hands-On Learning: Real-world scenarios and practical exercises.
• ✅ Certification Prep: Ace the eWPTv2 exam with confidence.
• 📈 Career Advancement: Boost your skills and earning potential.
• 🛡 Real-World Skills: Protect web apps with cutting-edge techniques.

Join now and start your journey to becoming a Best web application penetration tester! ✨➡️ click this for course

💬 Chat: @rafasec_chat
📢 Channel: @rafa_sec
📚 Course Updates: @rafa_course

01.05.202517:16

We made it again! 💥 Another 11K birr! 💸
This all happened because of 3 things:
1️⃣ God 🙏
2️⃣ My mentor Nathan 👨‍🏫 @geeztechgroup
3️⃣ My hard work 😂💻

#Blessed #GrindPays #BugBountyWin

@rafa_sec

30.04.202519:26

I identified a critical security issue 🚨 where sensitive credentials were exposed through source code 🧑‍💻🔓 — received a reward of 11,000 birr 💰

@rafa_sec

26.04.202517:08

Complete 3CTF (Level 3) and get access to the

- Movement, Pivoting, and Persistence course!

Submit a proof screenshot in @Rafa_support to claim your reward!

Good luck! Stay sharp!
⚡🎯💻

💬 Chat: @rafasec_chat
📢 Channel: @rafa_sec
📚 Course Updates: @rafa_course

所有帖子

已广告0 秒

30.04.202521:50RaGoose dumps

686

详细信息

记录

17.05.202523:59

372订阅者

03.04.202523:59

0引用指数

30.04.202521:01

847每帖平均覆盖率

24.04.202521:01

847广告帖子的平均覆盖率

02.05.202523:59

18.25%ER

25.04.202503:53

305.78%ERR

发展

详细信息

订阅者

引用指数

每篇帖子的浏览量

每个广告帖子的浏览量

ERR

详细信息

Rafa Sec 热门帖子

所有帖子

01.05.202517:16

09.05.202507:19

08.05.202518:00

🚨💥 New Bounty Is Coming... 🐞

Stay tuned, something wild just got caught! 👀💻

@rafa_sec

14.05.202513:51

@rafa_sec

30.04.202519:26

I identified a critical security issue 🚨 where sensitive credentials were exposed through source code 🧑‍💻🔓 — received a reward of 11,000 birr 💰

@rafa_sec

06.05.202518:53

Zesiano's wisdom: 🤔

Hacking is about creativity, not tools. Spend 90% thinking 🧠, 10% scanning. 💻🔑

@rafa_sec

11.05.202518:13

Password: @rafa_sec

instalization:

1.

./set-permissions.sh

sudo docker-compose up

15.05.202518:37

👀😁

@rafa_sec

07.05.202505:14

Good morning guys ❤️

05.05.202508:16

24.04.202508:36

199😳

Sudo apt install 1 member 😁

18.04.202511:53

ነገር ግን እኛ ኀጢአተኞች ሳለን ክርስቶስ ስለ እኛ ሞተ፤ ይህም እግዚአብሔር ለእኛ ያለውን የራሱን ፍቅር ያሳያል።

ሮሜ 5:8

መልካም በአል🙏❤️

@rafa_sec

24.04.202510:41

RafaCTF – Web CTF Lab (Free & Online)
Hey hackers!
I’ve launched RafaCTF, a custom Capture The Flag (CTF) lab where you can practice real-world web vulnerabilities across 4 difficulty levels — from Easy to Insane!

What’s Inside?
🛡️ 7 Vulnerability Categories:

1. ⚔️ XSS (Cross-Site Scripting)

2. ⏱️ Rate Limit Bypass

3. 🔐 Brute Force

4. ✍️ Content Injection

5. 🧩 HTML Injection

6. ⚙️ JavaScript Injection

7. 🕵️ XSSI (Cross-Site Script Inclusion)

Features:
✅ 4 difficulty levels per challenge
✅ Hidden flag in each level
✅ Beginner-friendly & self-hosted
✅ Learn while hacking — hands-on!

Flag Path Format:
/flags/<vuln_name>/level1.txt (…up to level4.txt)

Try it. Hack it. Learn it.
Website: http://rafasecctf.rf.gd/

Need help or want to share your progress?

💬 Chat: @rafasec_chat
📢 Channel: @rafa_sec
📚 Course Updates: @rafa_course

Created by: Rafu | 2025

06.05.202508:40

Hacking TIP Day1:

Tip1:

Start every recon🔍 by mapping the attack surface thoroughly. Use tools like subfinder, httpx, and nmap to discover subdomains, alive hosts, and open ports. A wide recon often reveals hidden or forgotten services that are goldmines for bugs.

Tip2:

Always check for parameter pollution by duplicating query or body parameters (e.g., ?user=admin&user=guest). Some backends may use the first, others the last—leading to unexpected behavior or even auth bypass.

Happy hacking and bug hunting! 🐞🔍

💬 Chat: @rafasec_chat
📢 Channel: @rafa_sec
📚 Course Updates: @rafa_course

07.05.202516:50

🔥 Day 2 - Hacking Tips

🛠 Tip 1:

Fuzz for Hidden Parameters
Use tools like ParamMiner to discover hidden parameters like admin=true or debug=1 that can lead to privilege escalation.

🔍 Tip 2:

Check HTTP Method Misuse
Try methods like PUT, DELETE, or OPTIONS on endpoints. Misconfigurations here can expose serious flaws.

👉 Happy Hacking and Bug Hunting!

@rafa_sec

登录以解锁更多功能。