Prial

And this is why I love @synack ❤️

Cyber by night, tactical by day 👌😚

Hunter x Nepal => @imranHudaA @araselmir @L3onid1s @MdInjamulHaqu @tamjid0x01 @0x0asif @RirRipon @akbar_ohi @ShoponAlom2014

Hey @Hacker0x01 @visma @intigriti 👀

Missing @Bugcrowd @SynackRedTeam 😮‍💨

Subdomain takeovers aren't always straightforward! Found an old target with a subdomain pointing to CloudFront, and its Origin Domain was configured with the S3 bucket's website endpoint. Always check beyond CNAME records to avoid missing these. #BugBounty #BugBountyTips

@lordjerry0x01 Ha sure next time ❤️

New year gift by me to me 🫠❤️ #BugBounty

@ADITYASHENDE17 Thanks bhai ❤️

@0xPrial Awesome 🙌 grats

@VECO_Cebu Yes. You can takeover. You just need a account.

@0xPrial But, is it possible now to perform a zendesk takeover as it asks for verification.?

Zendesk Takeover for fun and profit 😇 0xprial.com/the-art-of-zen… #BugBounty #BugBountyTips #TogetherWeHitHarder

@dmxjon Yes. You can

@0xPrial Congrats, is it now possible to take over a subdomain via zendesk?

Zendesk Subdomain Takeover + Email routing wildcard setup = Any support@target.com email creates a ticket in my Zendesk setup. #BugBounty #BugBountyTips

@Prathameshwarak @Bugcrowd @BugcrowdSupport Sure, you can DM me about your questions 😇

@0xPrial @Bugcrowd @BugcrowdSupport Can you guide me for subdomain takeover?? I am stuck and ii am not getting solution or answer of my question. Can I ask you

@Bugcrowd Is considering In Scope subdomain takeover as a Basic Subdomain takeover which is a similar priority as RXSS. While attacker can do stored XSS using a subdomain takeover which is considered as P2 priority. Why this discrimination @BugcrowdSupport ? #BugBounty

In previous days they considered subdomain takeover with proper PoC as P2 High Impact Subdomain takeover but nowadays all subdomain takeovers are accepted as Basic Subdomain takeover. This is not fair!

@gdattacker @Hacker0x01 I agree. In such case @Bugcrowd platform have done great work. They show original report title and when it was reported. This maintain good relationship with researchers and I think @Hacker0x01 can do the same with their platform too 😇

@0xPrial @Hacker0x01 Leadpages but atleast the should add report title or share report in case of subdomain takeover to appreciate transparency. Because in many cases the reports are not same in subdomain takeovers but still get duplicate.

I earned $2,000 for Subdomain takeover report on @Hacker0x01 ❤️ Tips: Always look at CNAME domain’s historical data 😉 #BugBounty #bugbountytips #TogetherWeHitHarder

@shohel_96 @Hacker0x01 I use dig to print the DNS records then look st those records for possible takeovers 😇

@0xPrial @Hacker0x01 @0xPrial any tips how to check for mass takeover? Or you do them manually?

I earned $2,000 for Subdomain takeover report on @Hacker0x01 ❤️ Tips: Always look for CNAME records with NXDOMAIN status 😉 #BugBounty #bugbountytips #TogetherWeHitHarder

@elh3x @Hacker0x01 Will do detailed writeup on different kind of takeovers 😇

@0xPrial @Hacker0x01 What’s next ? Any write-up?