Eib

I just achieved one of my 2025 goals by gaining my first private invite on Bugcrowd ✌️✌️✌️

POV: You found a Firebase misconfiguration, but the conversation gets misconfigured instead💀

You're up against a SSRF filter that only allows approved domains, and you've tried the IP encoding trick from yesterdays tweet. The next step? Look for an open redirect! allowed-domain[.]com/redirect?url=http://internal-server/admin The SSRF filter sees a request to an allowed domain, but the server might just follow the redirect to the internal address, bypassing the filter. Try this, and more, in our SSRF labs 👇 portswigger.net/web-security/s…

Your SSRF filter blocks 127.0.0.1 and localhost. That's okay! Try these: 2130706433 (decimal) 017700000001 (octal) 127.1 (shorthand) 127.0.0.0 (with subnet tricks) 0x7f000001 (hex) They all resolve to localhost. Many blacklists don't catch all of them. Try this technique, and plenty of other SSRF techniques, in our free SSRF labs! portswigger.net/web-security/s…

@intigriti shubs

Who's your inspiration in the infosec community? Could be a researcher, author, speaker, or even someone from your team, mention them below! 😎

Conversor from @hackthebox_eu features XSLT injection and os.path.join abuse for file write, and CVE-2024-48990 in needrestart (plus a config GTFObin) for root. 0xdf.gitlab.io/2026/03/21/htb…

@rez0__ Thank you

@eib_____ Yes but not much.

claude code is all you need

Still trusting Python built-ins to keep you safe? 👀 This research shows how pitfalls in os.path.join, urljoin, pickle.loads and PyYAML turn simple logic into real vulns like Path Traversal, SSRF and RCE 👇 yeswehack.com/learn-bug-boun…

It’s my day off.. And why is it so hard to just do nothing!?

Throughout your life you will encounter tedious situations, and you must cultivate the ability to handle them with discipline.

The Spring Boot Actuators can expose some sensitive informations like env vars, heap dumps, configs, and internal metrics And sometimes, with simple bypass tricks we can find them: actuator/env;.. ;/actuator/env actuator;/env actuator/env%00 actuator/env; ..;/actuator/env static../actuator/env actuator/health/..;/env #bugbounty #bugbountytips #cybersecurity

I just published a new #article on Medium. How I Earned $76,000 Bounty From a Single Program on @Bugcrowd . #BugBounty #Bugcrowd #CyberSecurity #EthicalHacking @Hacker0x01 @yeswehack @intigriti anonhunter.medium.com/how-i-earned-7…

Instead of internalizing a bad situation, externalize it and face your enemy. It is the only way out.

@intigriti Burpsuite

what's your most used bug bounty tool? 😎

Pick your battles carefully. Danger comes from trying to surpass your limits.

I had this on my backlog for a while, but here it is: an article explaining a vulnerability I discovered with @fattselimi years ago. medium.com/p/i-found-a-ba… I hope you learn a thing or two ✌️ happy hacking fam 🫶

In order to separate yourself from the pack, to harness a speed that has devastating force, you must be organized and strategic.

I went after the wrong rabbit hole today 🙃 Just wasted 5 hours 😪