Ashraf Basyoni

@Melotover @msftsecresponse ❤️❤️👏🚀🚀🚀

Excited to share that I’ve been attending Zero Day Quest over the past days in Redmond, and it’s been an incredible experience! 🏅 Thanks @msftsecresponse for the opportunity to be part of such a strong and inspiring community. More highlights to share soon 👀 #ZeroDayQuest

@0x_MoSalah حبيبي يا حماده الله يبارك فيك يارب العالمين ❤️❤️

@AshrafBasyoni4 ماشاء الله مبارك عليك يا حبيبي❤️

الحمد لله Happy to secure a new program #BugBounty #bugbountytips #hackerone #bugcrowd #infosec

الحمد لله Tip: If the application allows users to generate personal API keys, create a key, remove the user from the org, then try using that key again, you might find it still works and gives you full control over the organization. #InfoSec #bugbountytips #BugBounty

@Cyberkid012 واياكم يارب العالمين ❤️

@AshrafBasyoni4 Baraka'Allah feekum bro

الحمد لله The application only checks whether an email exists during account creation, not on account modification. Inside my org, there’s an option to add users, when I try to add an existing email, it correctly says “user already exists” and blocks it. But when I add a new user with a non-existing email, it gets created normally and I have full access, I can change the name, email, and password. Then I tried to change that email to one that already exists, and the system didn’t perform any check, allowing me to link it to the victim’s account and take full control #InfoSec #BugBounty #infosecurity

@Sisi0_x حبيبي يا عمر ❤️

@AshrafBasyoni4 جامد ماشاء الله

@algamil7x حبيبي يا احمد واياك يارب العالمين❤️❤️

@AshrafBasyoni4 ماشاءالله يا اشرف ربي يزيدك ♥️

@DomaXploit الله يبارك فيك ، برايفت ❤️

الحمد لله Tip: If the redirect_uri parameter that follows the usual login or registration process (email and password) is filtered or sanitized, try checking its behavior when logging in through third-party portals. #BugBounty #bugbountytips #InfoSec

@0x_MoSalah حبيبي يا حماده عقبالك بأفضل بإذن الله❤️

@AshrafBasyoni4 ماشاء الله الف مبروووك يا أشرف موفق دايما يارب❤️❤️

@XHackerx007 @Bugcrowd @Masonhck3571 @RelentlessT7 ما شاء الله مليون مبروك يا حبيبي❤️❤️❤️

I did it—$1 million on @Bugcrowd For a lot of people this might be a small achievement, but for me, I’ve been waiting for this! Do you know the most important tip in bug bounty? Choose one favorite program and spend years working on it. That’s my way. I’ve been working on the same program for about 3–4 years—every day on the same program. When I get bored or can’t find anything, I switch to another program until I find a bug, then I go back to my favorite program again. After 3–4 years of hunting the same program, this helped me understand the team’s weak points. For example, they often ship ASMX/SVC endpoints without securing them, and they sometimes leave backup files in the web app, etc. With this approach, I made more than $750K from that one program alone! Another tip—my personal rule—is: when I hunt a new program, I never leave or give up until I find a P1 or P2. If you make that deal with yourself, you’ll be unstoppable! Believe me, these two tips are the keys to success in bug bounty that few people talk about. Finally, huge thanks to the @Bugcrowd team for their support—I really love that team. Thanks to @RelentlessT7, Timmy_Bugcrowd, @Masonhck3571, and all the triagers! Also thanks to FIS Global and their lovely security team! Your turn now to make $1M—you can do it! #ItTakesACrowd #CyberSecurity #infosec #redteam #BlueTeam #BugBounty #bugbountytips #bugbountytip #HackerCommunity #Bugcrowd

Happy for securing a new program at @Bugcrowd !! ALHAMDULLAH ❤ Writeup: @MoSalah11/a-critical-zero-day-in-atlassian-jira-service-management-cloud-password-reset-account-takeover-1903cbb8bd31" target="_blank" rel="nofollow noopener">medium.com/@MoSalah11/a-c… #BugBounty #bugbountytips #bugbountytip

@0x_MoSalah @Bugcrowd مليون مبروك يا حبيبي❤️🚀

الحمد لله Happy for secure a new program! #infosec #bughunting #bugbountytip

@XHackerx007 @Bugcrowd مليون مبروك يا حبيبي بالتوفيق يارب دايما❤️

I earned $20,000 for my submission on @bugcrowd bugcrowd.com/hackerx007 #ItTakesACrowd Auth bypass into any user account using a backdoor parameter (meant to be for support) , which allows an attacker to log in and bypass auth & 2FA using just the username. It works for both users and admins. More info will be shared in a new write-up soon, and also at @bsidesahmedabad. It's a complex bug, but with an easy exploit! Stay tuned for the write-up! #CyberSecurity #InfoSec #RedTeam #BlueTeam #BugBounty #HackerCommunity #Bugcrowd

@0x_rood حبيب قلبي الله يبارك فيك يا حبيبي❤️❤️

@AshrafBasyoni4 الف مبروك 🤍

الحمد لله Happy for securing a new program! #BugBounty #infosec

@nowisar1878 قريب بإذن الله❤️

@AshrafBasyoni4 ماشاء الله 🫶🏽🫶🏽♥️ ، ادينا write-ups

@0x_MoSalah الله يبارك فيك يا حبيبي❤️❤️❤️

@AshrafBasyoni4 ماشاء الله مبارك عليك يا حبيبي♥️

@muminbiallah واياك يارب العالمين❤️

@AshrafBasyoni4 ما شاء الله ربنا يبارك فيك ويزيدك من فضله وكرمه