CryingHacker

Hello world! 🌐 Aspiring hacker documenting the journey from zero to first bug bounty. i spend most of the time learning web security, breaking things (legally), and sharing what I pick up along the way. Follow if you're into security research & the grind. learning from zer0!

recox.hackerz.space is outperforming most recon tools 🔥🚀: 🔴waybackurls → 10,184 ✅recox → 53,030 🔥 🔴subfinder → 896 🔴subd...c99nl → 896 ✅recox → 901 ⚡ check it out : recox.hackerz.space #bugbounty #bugbountytips

Bug Bounty hunters check this out: bugbounty.info

Google anti gravity is so scary Literally vibe coded a complete app

ALWAYS add this to your burp settings before testing these are just "front end protection against user stupidity" - @theXSSrat

@alicanact60 @Hacker0x01 Congrats broo

Excited to hit the 40.000 reputation points mark on @Hacker0x01.

Post your Original best write ups ✍️ 👇

@yamatuibora im not small im medium size...

SMALL ACCOUNTS MATTER 🩶 SMALL ACCOUNTS MATTER 🩶 SMALL ACCOUNTS MATTER 🩶 Engage with small accounts, if you’re a smaller account, drop a reply so I can follow you back 🩶

@HackenProof and then i wake up

@Xa123497923 github.com/BehiSecc/First…

Just watched @_JohnHammond x @InsiderPhD whole live stream there is always so much information with these too! really good live stream learned so much maybe ill do some key points i noted from that live in the future youtube.com/watch?v=rE3gN9…

Take notes guys!!

API Basics: A Hacker's Starter Guide by @medusa_0xf really cool explanation! + she has extra sources inside medusa0xf.com/posts/api-basi…

@NahamSec @Hacker0x01 Crazy how such a simple xss can get you so much congrats 😲 (and your shirt is diabolical)

I found really interesting XSS at a @hacker0x01 LHE that required a few bypasses. Do you think it was worth $15,000? youtu.be/oJM8GxyWs20

Today I learned: about cookie sandwich portswigger.net/research/steal… TL;DR The cookie sandwich is a trick that lets attackers leak HttpOnly cookies by abusing how some servers parse cookies.

Some Recon tools hackers ACTUALLY USE: subdomains ON THE WEB🌐: subdomainfinder.c99.nl securitytrails.com dnsdumpster.com - visualizes mind map viewdns.info chaos.projectdiscovery.io censys.io hackertarget.com shodan.io

@Burp_Suite 3. Send OAuth token to controlled server 4. Send to bug bounty program 5. Gets marked as duplicate 6. Cycle repeats.

I spent three days breaking this PDF renderer on the same target just to be sent the following user agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/145.0.0.0 Safari/537.36 - /

Daily Tip 1#: QWx3YXlzIHVzZSBhIFZQTiB3aGlsZSBleHBsb3JpbmcgdGhlIGludGVybmV0IQ==

The club is open!!