nynan

@[email protected]
18 Followers
5 Following
15 Posts

Security enthusiast
I like clicking buttons and seeing what happens
Bash one-liner fanatic
regex masochist
Contact me if you need any help (on twitter) :) 🏳️‍🌈

(she/her)

Mediumhttps://medium.com/@nynan
funny bird app (twitter dot com)https://twitter.com/_nynan
nynanJan 2, 2023

Automated and Continuous Recon/Attack Surface Management - Amass Track and DB

https://medium.com/@nynan/automated-and-continuous-recon-attack-surface-management-amass-track-and-db-fabcaffce3c3

#bugbounty #bugbountytips #infosec #cybersecurity

Automated and Continuous Recon/Attack Surface Management — Amass Track and DB

My prior blog talked about some of the most underrated features of Amass and was largely appreciated. I received feedback from @Jeff_Foley about it and decided to investigate further, and discovered…

Medium
nynanNov 14, 2022

@nyxilar and I spent 6~ months applying classic #bugbounty techniques to correlate 42k *root* domains, deanonymise and track a new threat actor: Fangxiao.

We're excited to give a talk about this at @BSidesLondon
.
Read the white paper at @Cyjax_Ltd
.

#BsidesLDN2022 #infosec #bugbountytips #cybersecurity #cti

nynanNov 14, 2022
emily Nov 14, 2022
@nynan and I spent 6 months tracking a new TA, Fangxiao, and are presenting our work at BSides London! Fangxiao carry out campaigns spread via WhatsApp, using 42,000+ sites & impersonating 100s of brands since at least 2019. Read about it here: https://www.cyjax.com/2022/11/14/fangxiao-a-chinese-threat-actor/
#infosec #cti #phishing #bsides #osint #threathunting #threatintel
Fangxiao: a Chinese threat actor

Phishing campaigns continue to increase globally. These operations offer an easy route for cybercriminals to generate revenue, steal credentials and spread malware. Cyjax has recently investigated a sophisticated, large-scale phishing campaign that exploits the reputation of international, trusted brands, and targets businesses in multiple verticals including retail, banking, travel, pharmaceuticals, travel and energy. We are … Continued

Cyjax
nynanNov 8, 2022

What I learnt from reading 217* Subdomain Takeover bug reports.

https://medium.com/p/what-i-learnt-from-reading-217-subdomain-takeover-bug-reports-c0b94eda4366

#bugbounty #bugbountytips #infosec #security

What I learnt from reading 217* Subdomain Takeover bug reports.

A comprehensive analysis of Subdomain Takeovers (SDTO), DNS Hijacking, Dangling DNS, CNAME misconfigurations… My two prior blogs, What I Learnt From Reading 220 IDOR bug reports, and What I Learnt…

Medium
nynanNov 8, 2022

How to **actually** use Amass more effectively — Bug Bounty

https://medium.com/p/how-to-actually-use-amass-more-effectively-bug-bounty-59e83900de02

#bugbounty #bugbountytips #infosec #security

How to **Actually** Use Amass More Effectively — Bug Bounty

Considering becoming a member on medium? Use this link at no extra cost to yourself, and support me :) (https://medium.com/@nynan/membership) Amass is one of the most recognisable, well-made and…

Medium
nynanNov 8, 2022

Bug Bounty Recon: Horizontal Correlation (Dec 21, 2021)

https://medium.com/p/bug-bounty-recon-horizontal-correlation-b7c81a32951a

#bugbounty #bugbountytips #infosec #security

Bug Bounty Recon: Horizontal Correlation. - nynan - Medium

Example: We start with domain.com but how do we find other domains owned by the same user? perhaps secretDomain.com or vulnerableDomain.com The first step of effective bug bounty hunting is in depth…

Medium