sank

@Dedrknex How you found out , anonymous can byass this ?

Found a very cool bug leaking PII of users /Abc/cart/current/1234 authenticated 200 Ok /Abc/cart/current/1938/ 401 /Abc/cart/anonymous/1938 200 OK Response: anonymous| email : test@xym,phone number, name, address etc!!

@eslam_monex No , like a fuzzing txt file , share GitHub link

By fuzzing /FUZZ.zip on a subdomain, I discovered an old ZIP file that contains the website’s frontend source code, including ASPX files, media files, PDFs, and other internal resources. #bugbountytip #bugbounty

@Suryesh_92 Congrats bro 👏 , hoping for write-up 👀

Bounty increase now it's total 3500 CHF === $4424 🥳🥳🥳🥳🎉 #InfoSec #bugbounty #BugBounty

Day FOUR of FIVE days of celebrating our 2 year ARCANUM-VERSARY! @arcanuminfosec 5th Giveaway = FOUR seats to our ONE OF A KIND course on using AI to scale you as a Red, Blue, or Purple Teamer: !! Red Blue Purple AI !! 👍 1 Like = 1 Entry! ♻️ 1 Share = 2 Entries! Winners announced 1/21! Syllabus link below 👇

Day ONE of FIVE days of celebrating our 2 year ARCANUM-VERSARY! @arcanuminfosec 2nd Giveaway - We have 4 Swag Packs up for grabs! Get a shirt, stickers, pens, a BADGE and more! 👍 1 Like = 1 Entry! ♻️ 1 Share = 2 Entries! Winners announced 1/21! enjoy our tshirt models @G0LDEN_infosec and @PhillipWylie 🫶

Happy Arcanum-versary! @arcanuminfosec 's 1st giveaway for the week is FOUR seats to our EPIC Advanced Client-Side Hacking course by myself and @xssdoctor ! 👍 1 Like = 1 Entry! ♻️ 1 Share = 2 Entries! Winners announced 1/21! Syllabus for the course below 👇

Day THREE of FIVE days of celebrating our 2 year ARCANUM-VERSARY! @arcanuminfosec 4th Giveaway = FOUR seats to our FLAGSHIP course on modern application assessment and recon: The Bug Hunter's Methodology! 👍 1 Like = 1 Entry! ♻️ 1 Share = 2 Entries! Winners announced 1/21! Syllabus link below 👇

Day TWO of FIVE days of celebrating our 2 year ARCANUM-VERSARY! @arcanuminfosec 3rd Giveaway = FOUR seats to our new course by @the_IDORminator "Zero to [BAC] Hero" ! 👍 1 Like = 1 Entry! ♻️ 1 Share = 2 Entries! Winners announced 1/21! Syllabus link below 👇

Stop searching for bug bounty tips scattered across the internet 🛑 This repo consolidates everything you need: • Recon methodologies • Vulnerability patterns • Tool recommendations • Payload collections github.com/KingOfBugbount… #BugBountyHunter #HackerOne

Dorking site - dorksearch.com

scan all ports on all subdomains . naabu -silent -nc -I subdomains.txt -tp 1000 -ep 21,22,80,443,554,1723

Ultimate 401 and 403 bypass methods - Vidoc Security Lab share.google/BfWy9vi3DH5YXR…

@_0b1d1 PDF

📘 136-Page Hands-On VAPT Labs (Free Resource) Amisha Tehra’s practical VAPT lab report focuses on real, intentionally vulnerable environments not just theory. 📨Comment PDF for full GUIDE

@Olamdeen Congrats 👏, Any automation for this ?

Low hanging fruit, people do ignore.

@tabaahi_ Congratulations big brother ✨🎉 you really true inspiration 👏

Yay! It’s the end of the year, and yes, I was awarded 4 acres of farmland bought using bounty.

XSS Akamai WAF Bypass Payload : <!--><svg+onload=%27top[%2fal%2f%2esource%2b%2fert%2f%2esource](document.cookie)%27> #BugBounty #XSS #Akamai

Big #Bugbountytip / #bugbountytips Google Services Hunting Google services are amazing, and for bug hunters, it's amazing as well. In some cases, you can get some P1-P2-P3 from these services, such as Workspaces / Sheets / Groups / Drives / Etc... In groups: you can access emails / internal data/ credentials In Sheets, you can access PIIs / Edit access In Drive: you can access backups/ PII / Etc... still hard to find and It was an issue how to make good and at the same time fresh dorks for bug bounty programs Then I found out that a lot of links have the same path, and it was like this All Google resources I've found sites.google.com/a/domain.com/x… docs.google.com/a/domain.com/x… groups.google.com/a/domain.com/x… drive.google.com/a/domain.com/x… mail.google.com/a/domain.com/x… spreadsheets.google.com/a/domain.com/x… spreadsheets0.google.com/a/domain.com/x… spreadsheets1.google.com/a/domain.com/x… spreadsheets2.google.com/a/domain.com/x… spreadsheets3.google.com/a/domain.com/x… spreadsheets4.google.com/a/domain.com/x… spreadsheets5.google.com/a/domain.com/x… spreadsheets6.google.com/a/domain.com/x… spreadsheets7.google.com/a/domain.com/x… spreadsheets8.google.com/a/domain.com/x… UrlScan Dorking: page.url:"sites.google.com/a/*" page.url:"docs.google.com/a/*" You can replace * => the program domain Google Dorking: site:sites.google.com/a/* "inurl:/a/" Or for specific domain site:sites.google.com/a/* "inurl:/a/domain.com" GitHub Dorking: "sites.google.com/a/" Or for a specific domain "sites.google.com/a/domain.com" Shodan Dorking: "sites.google.com/a" Web Archive web.archive.org/cdx/search/cdx… Don't forget: It's not just sites.google.com still you have to look for docs/groups/mail/drive/spreadsheetsX still working in Google Research and will add more and more soon ...... Happy Hunting♥ #bugbounty

@krishnsec x.com/i/status/19933…

weird times - I’m teaching a triager the basics of self vs. non-self XSS and clarifying why this isn’t a self-XSS. what's going on in #bugbounty industry 😅

The AI-powered ffuf wrapper by @rez0__ just got a cool update, it now generates contextual wordlists! Instead of just suggesting extensions, ffufai can analyze your target and create custom wordlists for fuzzing. Use --wordlists to enable it, --max-wordlist-size to control the size, and --include-response to include page content for even smarter suggestions. Check it out: github.com/jthack/ffufai