bergee

@xandsz__ @intigriti Cool that I could help

@_bergee_ @intigriti Thanks, I always check the size of the responses in fuzzing even if it's 302/301, I learned that from your article.

In the last few months, I received a total of 81 packages from Red Bull. @intigriti

@chmodx1sh @SynackRedTeam Good job. Like that you talking about the time spent. Not an illusion of the easy win 💪🏻

First SQLi in @SynackRedTeam 🤩🤩 Took a total of 9 hours of manual exploitation 🥲 #bugbounty

@intigriti In fact I need one cert - burp cert installed ;)

|￣￣￣￣￣￣￣￣￣￣￣| You don't need certs to be successful in bug bounty |＿＿＿＿＿＿＿＿＿＿＿| \ (•◡•) / \ / --- | |

I've just order this beer in Pisa/Italy ;) #bugbounty #beer

@saur1n Thanks a lot

@_bergee_ Also I do recommend yours, i've found some guidance in some of your blog posts while exploiting some bugs in the past (ssrf, xxe) so thanks a lot for your "indirect" help

I do recommend reading this blog. Good stuff. blog.voorivex.team #BugBounty

@getnow1986 It is not zipslip

@_bergee_ ZipSlip

Two criticals I found inside one zip uplaod functionality. Have a nice read and Merry Xmas bergee.it/blog/two-crits… #bugbounty #bugbountytips

My first CVE. Insecure deserialization and PHP objects injection in WP "Doubly" plugin. Thanks @wordfence . #cve

Today, thanks to @NahamSec I bought pretty solid VPS at @Hostinger for 2 years. It is Black Week deal so for $4,79 per month you got parameters as in the screenshot. I need it for bug bounty and hosting so if you need one here it is: shorturl.at/w2bYM #BugBounty #deal

Dear bughunters. Have you ever heard about self-RCE? I did. I found RCE via command injection and the company said that it is self-RCE as the filesystem is isolated with some chroot and this RCE affects only the user's files. What do you think? #BugBounty #bugbountytips

bergee.it/blog/waf-bypas… The new write-up on credentials theft with XSS and Google Analytics. #bugbountytips #BugBounty #bugbountytip

Wbijaj na konferencję największej społeczności ITsec w Polsce! ✅ 4 ścieżki / ~40 praktycznych prezentacji, wiedza absolutnie z pierwszej ręki i bez ściemy ✅ Pokazy hackowania na żywo ✅ Jakość i niepowtarzalny klimat gwarantuje Sekurak ✅ 20 października w Krakowie: hackingparty.pl

How to read the files on server with zip files. The short story of zip symlink attack: bergee.it/blog/how-two-d… Have a nice reading #bugbounty #bugbountytip #bugbountytips

I found the crit on self-hosted program. Reading files on filesystem with unzipping the symlinks. Writeup soon. #bugbountytips #bugbounty #bugbountytip

How to get paid for subdomain takeover without taking over the domain... :) bergee.it/blog/subdomain… #BugBounty #bugbountytips

@MarcelFromMimic wordsearchpuzzlegame.com

Reply with your website and I'll rate it. I'll answer everyone...

As Google wanted to close my developer account due to inactivity, I created this simple Dad Jokes app play.google.com/store/apps/det… It is not so fast and easy to publish an app today. Pure Kotlin. No frameworks. #jokes #android #dev #Entertainment

This is brilliant extension for chrome to take frames of YT movie as screenshot. This way I can extract many useful tips and tricks from YT presentations regarding bug bounty. #BugBounty #bugbountytips #Extension #YouTube chromewebstore.google.com/detail/screens…