0xSabir

🚀 New Repository Alert! 🐞 I've shared my techniques to bypass 403 and 401 restrictions along with random bug bounty tips and tricks! 🛠️ 🔗 Check it out: github.com/sabir789/BugBo… #bugbountytips #cybersecuritytools @jayesh25 @0x0SojalSec @0xTib3rius

@zseano @0xPira Yes selfhosted

@0xSabir @0xPira This doesn’t seem like it’s h1?

Triager da HackerOne pediu minhas credenciais pra validar na minha conta????????????

5 Ways to Obfuscate Prompt Injection + Jailbreaks In my experience, these have the highest % success rates: 1. camelCase Turns natural language into token soup that can bypass filtering. 2. Hex encoding Simple, old-school, hides dangerous keywords from pattern matching. 3. Negative Squared Unicode Unicode variants like 🅰 🅱 🅲 can alter tokenization while still being human-readable. 4. Reverse Text Reversing prompts can confuse detection logic while remaining recoverable by models. 5. Braille uncommon Unicode range with weak moderation coverage. One of the best tools for experimenting with these transformations is: P4RS3LT0NGV by @elder_plinius (link in comments) It supports ciphers, encoding, Elvish, NATO Alphabet, and much more. Prompt injections do not always look like prompts 👾

@zseano @0xPira

@0xPira They aren’t allowed to do this. Report it to hackerone to educate the analyst

@_Xaifi Ye toh ghalat kam ha avoid kro

jisk larki per dil ata hia wo teacher nikal ati hai

So, do you want to do Bug Bounty in Mobile Apps? 💰📱 🤔 Frida maybe a headache with actual modern RASP protections, so I published my personal method to Bypass SSL Pinning on Play Store Android Emulators WITHOUT Frida!👇 #bugbountytips #bugbounty #hacking mfumis.com/posts/bypassin…

I loved this article by @iamgk808. Read it, it’s inspiring, and it’s honest about the time and effort involved. Honestly, it inspired me. Thanks for writing it, Ganesh! 😎 infosecwriteups.com/from-failure-t… #bugbounty #cybersecurity

I had published My ATO Testing via Password Reset Methodology at GitHub: github.com/wadgamaraldeen… #bugboutnytips #AccountTakeover #Cybersecurity #AppSec

New redirect tricks from @castilho101 just dropped 🥷 ethiack.com/news/research/…

Web search with Brute One brutelogic.net/brute-one

"Hall of Agents" — my autonomous AI OSINT system step by step. Today I mapped Starlink ground stations + Starbase (Boca Chica) in 3D with live agent swarm. Still very early stage. It turns months manual OSINT into mins. What should I map next? GitHub:in comment #AIagents #OSINT

PHP Null Byte on Parameter Trick Use to fool WAFs that decode before parsing. It might consider the anchor with dangling (but harmless) markup instead of the real vector. param%00p%3D<A/Href="<Svg/OnLoad=alert(1)// More on brutelogic.net/brute-art-bypa… PoC gym.brutelogic.net/?p05%00p%3D%3C…

How To Make Easy Money $$$$ With Logic Bugs 💸 by Omar Ahmed [0X02mar] medium.com/p/how-to-make-…

@mc_end0 Good explanation

For those that dont understand: When a website wants HTTPS, they buy an SSL certificate. That certificate has to be publicly logged by law (CT logs). And anyone can read those logs

My AI Agent Swarm doing deep 5minutes OSINT on Starlink Ground Stations & SpaceX Starbase (Boca Chica) 🚀 Live geospatial mapping • Node intelligence • Real-time linking Built with Grok + Multiple LLMs @Starlink #Starlink #SpaceX #OSINT #AIagents #Starbase

Found a crazy blind XSS back in 2024 just by emailing my payload. It fired straight inside their internal reader (got that email:// URI).

🎯 Bug Bounty Tip: Hunting on targets running Jira, Confluence, Bitbucket, Jenkins, Solr, or Nexus? Bookmark this PoC goldmine 👇 github.com/shadowsock5/Poc CVEs + payloads ready to test. Save hours of recon. #bugbounty #infosec #cybersecurity #bugbountytips

@userr9199 @rootxreacher RCE might just land someone in a locked-down, unprivileged Docker container. A blind IDOR on an API endpoint can dump millions of users' private data directly.

@rootxreacher @0xSabir The ultimate goal is RCE. So why would IDOR be more valuable than it?

A simple IDOR can be more valuable than complex RCE chains. Never underestimate basic authorization testing.

ssrf very attractiveeeee #bugbounty #ethicalhacking #cybersecurity #ssrf medium.com/%40www.esla552…

@cybarx14 Kia msla ha 😅

@0xSabir Hidden domains not even appear in certs

Hidden subdomains appear more in TLS certificates than subdomain brute force.