Smus

@Burp_Suite <script>alert(1)></script>"}

Finish the sentence: {"isAdmin":"

"Fork of Dojo #49 - Secret manager"? Pwned! It was a blast on @YesWeHack! Think you can take it on? 🌟 dojo-yeswehack.com/challenge/play… #YesWeHack #ChallengeAccepted

@drak3hft7 @yeswehack Private program?

Just got a reward for a vulnerability submitted on @yeswehack -- Cross-site Scripting (XSS) - Stored (CWE-79). yeswehack.com/hunters/drak3h… #YesWeRHackers

@yeswehack Be invited to a private program

As we close out the year, we want to know… Hunters, what’s your Bug Bounty goal for 2026? 👇

@NahamSec @hackinghub_io 👨‍💻

I'm hosting one final giveaway for my "Bug Bounty Essentials" with over 20 hours of content and 100+ labs. All you have to do is drop a 🧑🏽‍💻 under this tweet to enter! Winner will be announced on December 31. Or purchase it directly on @hackinghub_io for 30% off 👉🏼 hhub.io/eoybbex

@k_wijewardhane @gurudattch So the backend api allowed you to do stuff because you did it from the subdomain?

@gurudattch Backend API

Today's finding with me!!

@xnl_h4ck3r What flags do you oftens use with waymore?

If you're still using gau or waybackurls, give waymore a try because it will honestly find you waymore endpoints! It can also download archived responses &you can run xnLinkFinder over the response directory to find even more endpoints, potential params, wordlist + oos domains 🤘

@intigriti No, we don’t get more invites for that reason alone

Do you think certificates matter in bug bounties? 🤔

@drak3hft7 @yeswehack @Al7eX91 Private?

Just got a reward for a critical vulnerability submitted on @yeswehack -- Insecure Direct Object Reference (IDOR) (CWE-639). yeswehack.com/hunters/drak3h… #YesWeRHackers in collaboration with @Al7eX91

"Halloween special - Ghost whisper"? Pwned! It was a blast on @YesWeHack! Think you can take it on? 🌟 dojo-yeswehack.com/challenge/play… #YesWeHack #ChallengeAccepted

@intigriti Still looking

What was your first critical bug? 😎

$1,000 GIVEAWAY 🎁‼️ Here’s how to enter: 1️⃣ Fill out the ITMOAH survey 2️⃣ Like this post 3️⃣ Comment your fave tool 4️⃣ Repost bc your friends deserve a chance too Giveaway closes Sept 30 at 11:59pm ET. One hacker takes home $1K. 20 others will score $200 each. Already filled out the survey? You’re entered to win! If not, now's your chance: surveymonkey.com/r/bugcrowd-itm…

@Bugcrowd Nom nom nom

@yeswehack It was a fun challenge

🏆 Dojo #43 – CCTV Manager is officially closed, and we have our winners! This challenge revolved around a predictable token combined with insecure YAML deserialization - leading to RCE and... flag capture 🏁 Here's the write-up 👉 yeswehack.com/dojo/dojo-ctf-… #CTF #BugBounty

@yeswehack Because of private invites

Why is Rabhi so dominant atop our #BugBounty leaderboard – month after month, year after year? 🏆 In case you missed it, read a Q&A with our all-time #1 hunter in our first-ever #BugBounty report 👇 choose.yeswehack.io/the-yeswehack-…

@_smile_hacker_ 5-10min 😆

How long can you stick to a program?

@intigriti Xss, blind xss, IDORs

You just received a new private program invite... 🤠 What's the first vulnerability type you look for? 😎

@err0rs666 @yeswehack Public or private program?

@drak3hft7 @yeswehack Gratz! how much do you research/learning vs. hacking? Do you stick to one big program or do you have multiple smaller targets?

I’ve finally reached 10k points on @yeswehack If I can give one piece of advice to those new to bug bounty, it’s this: persistence. 🔑💪Try to be persistent in your efforts. #BugBounty #bugbountytips

@ellesbellez Thanks! It worked :)

#BF6 FG4R-SCMF-CEHG-Q3GD early access code if anyone wants it :)