RV

@ertugrulphp Thanks for letting us know!

Still alive.. #BugBounty

@JatinBanga18 @InfoSecComm @ctbbpodcast @BugBountyHQ @gregxsunday @bountywriteups Security engineers at meta saved their ass from being fired lmao

I Found a Bug That Exposed Private Instagram Posts to Anyone. @jatin.b.rx3/i-found-a-bug-that-exposed-private-instagram-posts-to-anyone-eebb7923f7e3" target="_blank" rel="nofollow noopener">medium.com/@jatin.b.rx3/i… @InfoSecComm @ctbbpodcast @BugBountyHQ @gregxsunday @bountywriteups #instagram #InfoSec #WebSecurity #CybersecurityNews

@galnagli There's some sort of error at quiz section, these answers were auto-selected. Btw, thanks for sharing your valuable knowledge with us.

Introducing my Bug Bounty Masterclass. 100% free. I've made $2,000,000+ finding security bugs. I spent the last year turning my methodology into a complete blueprint. 4 hours of video - foundations, reconnaissance, web proxies, hands-on challenges, and certification. Finish it in a weekend and start hacking real-world applications 🐞

@moury_rajat I really wonder who was that hacker on H1?

I made $25,000 from bug bounty programs in 2021 before I started my business. I owe my career to hacking. And I thank every single ethical hacker out there for doing what you do. We'd all be cursed if you didn't help organisations close the holes in their security. But most organisations still treat security as an afterthought. Something to deal with "later" or "when we have budget." I've made it a point to implement bug bounty programs for all my clients. We put serious time and effort into making sure these programs deliver results. When I worked at Zomato, we paid $2000 to a hacker who absolutely shattered our overconfidence. Best investment we never planned to make. That payment hurt at the time. But you know what would've hurt more? A massive data breach because we thought we were untouchable and assumed our security was perfect. It wasn't and that hacker proved it. To all the ethical hackers reading this: I know the value you bring. You're saving companies from disasters they don't even know are coming. And long may this continue. My take on where we're heading: Organisations that don't invest in ethical hackers and bug bounty programs are playing Russian roulette with their reputation. Eventually, your luck runs out. So if you're a CTO who hasn't set up a proper bug bounty program yet, now would be a good time.

Account Takeover in Facebook mobile app due to usage of cryptographically unsecure random number generator and XSS in Facebook JS SDK ($66,000) ysamm.com/uncategorized/…

@4osp3l Years of dedication obviously.

how's he able to do this ? he's definitely persistent.

@mugh33ra Check for subdomain takeovers or XSS to chain it, in case you can only control the “evil” at the injection.

Exploitation scenario?? host header = evil,target,com #BugBounty #hackerone #idor #sqlinjection #bugbountytip #xss #injection

@bug_vs_me @abhinav_one I bet you won’t have the required CEH cert

@abhinav_one Me with 3 year of BB experience got rejected for a triager role 🥲

Hot take: if you don’t have real bug bounty experience, you shouldn’t be doing triage. Not as a “final gatekeeper”, not even as the first filter. A quick “Duplicate/N/A” from someone who’s never done bug bounty can wipe out weeks of work, money, and motivation. Triage needs context. Without it, you don’t just miss bugs, you burn researchers out.

@Freyxfi Please redact the private program's name from the write-up.

Write-up on how to find criticals. Enjoy

@PhilippeDelteil @Hacker0x01 @Hacker0x01 mediation is joke.

Ticket opened in @Hacker0x01. Almost a year ago and no more communication nor resolution

@A_EL_Kennouch @k_firsov @FearsOff Disable HTTP/2 in Burpsuite.

@k_firsov @FearsOff Cloudflare blocks me whem trying to use Burpsuite any tip on how to bypass that

How to bypass Cloudflare WAF? @FearsOff #bugbountytips #cloudflare #waf #bypass 1. Found an SQL injection but getting blocked by Cloudflare? Here's a pro tip 😏

@OreoB1scuit Only offensive security is clean. Burp, ec-council etc not

@0xInfernal tell me google is lying

Tell me a better truth in cybersecurity than this.

@4osp3l Tbh, X numbers of program matters where you spend a lot of time. Platforms have their pros and cons.

I know i can hit $100K in a year if i focus on the right programs; what do you think is the better combo, YWH + H1, YWH + BC, or YWH + big external programs like google, microsoft, e.t.c ?

@Behi_Sec Report writing

What's one skill every bug hunter should master besides finding bugs?

@fattselimi orgasmic output

hello sqli my old friend ^_^

@Behi_Sec Also, 1111s instead of 000s

IDOR Trick: If you're dealing with a UUID-based IDOR, try this: 00000000-0000-0000-0000-000000000000 This might expose default objects or unintended access.

@_jensec I thought you’re not Indian. Btw great achievement 🙌

I live in India so according to PPP, I make equivalent $1,041,600 in states. x.com/i/grok?convers… Doing Bug bounty makes great sense looking at PPP when you are in low PPP countries but not so much when in states.

@Suryesh_92 Same to you bro. But what’s that; is it fafda?

Happy chhath Puja guy's ❤️😌 #ChhathPuja

@Phantom_07x_ @TeslaTheGod I guess market crash of cs because of the recent update

@TeslaTheGod Context?

damm lol