Bekziz

@mimuluslarch @grok

Hey @grok remove the most powerful villain..👀

@intigriti i think you got my point now @intigriti thanks

@bektips321 Hi there, if the payment was marked 'Paid', it means it has been sent already. It can take up to 3-5 business days for it to arrive in your account. We hope this helps!

hey @intigriti I initially used my friend’s Wise account for withdrawal for a bounty, so the payment showed "paid" but was not received due to the name mismatch. Ive now updated my payment preference to my own bank account, but the funds have still not been transferred. need help

@intigriti but mine did not go through. I then changed my payment preference to my own bank account, but the payment still hasn’t been initiated and the support team asked me for bank statement and i told my friend to send me his wise bank statement and i did send them i am waiting

@intigriti what I meant was that I initially used my friend’s Wise account for the payout, but later realized the Wise account name must match my Intigriti account name. Because of that, my payment was never actually processed to his Wise account. He received his own payout from our collab

@intigriti hey @intigriti, i don’t want to nag, but do you have an estimate for how long this process will take for my bounty withdrawal? The status still says “paid” even though I haven’t received the payment yet. I’ve already updated my payment preference to my own bank account.

@bektips321 Hi there! We're sorry to hear about this. We've looked into your case and can confirm that we're actively working on resolving this matter. In the mean time, we recommend you avoid reaching out and/or sharing any of your personal details with unofficial accounts.

@666archhwh @intigriti i didn't say my friend was a scammer i said the scammer was the one that commented on my tweet that he is able to help me to resolve the issue on intigriti about the bounty payment issue

@bektips321 @intigriti On the main post you said "friend's wise"

@666archhwh @intigriti i don't think you understood what i said

@666archhwh @intigriti i didn't say he is a friend i just trusted him but when he talks nonsense on DM about helping me fix issues on intigriti i know he is not helping and he is a scamemr

@bektips321 @intigriti You call him friend and then scammer. First you should admit he was not your friend in the first place. Then next time report only on official channels or by bounty platforms and never trust self claimed employees.

@intigriti ok understood. the scammer was asking me for personal details and claiming to work for Intigriti, but I didn’t believe him, especially since he was asking for money for his "help" thanks @intigriti, and I hope my issue can be resolved quickly. Thank you.

@appSecExp @Alan_nerd1 @intigriti where could i get a help man i am very confused

@Alan_nerd1 @bektips321 @intigriti Please don’t get scammed by this person

@appSecExp @Alan_nerd1 @intigriti but i am very pissed off at @intigriti too not able to fix this kind of things

@appSecExp @Alan_nerd1 @intigriti yeah i was talking to him in the chat he is a scammer he wants to charge for money to fix the issue😁

@Alan_nerd1 @intigriti ok bro thanks

@intigriti what shall i do @intigriti i really need help it has been like 2 , 3 months without receiving my bounty

@4osp3l this is mostly informative

F**k! I didn't look at the scope... they marked it as *OOS* "Password and account recovery policies, such as reset link expiration," but it does lead to ATO, still. I don't know why they added such in *OOS* You can definitely look out for it on your target ( might get accepted if not listed in *OOS* ) Tip - 1. Create a test account ( test@gmail.com ) 2. Logout, then do a *password reset* on *test@gmail.com* 3. Once you get the reset link, take note of it ( do not use it yet ) 4. Login back to *test@gmail.com* 5. Change email from *test@gmail.com* to *another@gmail.com* ( make sure email change is verified / successful ) 6. Logout from *another@gmail.com* 7. Attempt login to *test@gmail.com* ( results to "Invalid login", due to the email doesn't exist in the system, anymore ) 8. Now, go back to the *reset link* sent to *test@gmail.com* 9. Try to use it to set a new password. If successful, the account with the email *another@gmail.com*, password, will be changed. The old email address, although no longer valid for authentication, still retained account recovery capability. A realistic scenario - 1. An attacker gains temporary access to the victim's old email inbox or obtains a reset link. 2. The attacker requests a password reset and keeps the link. 3. The victim later updates their account email to a new address, believing the account is secured. 4. The attacker uses the old reset link to reset the password and regain full access.

@vstarbanks PSG(3) - (0)BAYREN

$500 to person who predicts correct score

@freypwn you are scammed

Getting this kinds of notifications sucks

AI generated submissions are flooding bug bounty platforms, and it’s starting to show Real, well-researched reports are getting buried, triage times are getting worse, and signal to noise is at an all-time low. what are your thoughts @zseano how are they going to fix it