Dark

@Itx_Shad0w Codex is always hit duplicate

My 5th duplicate in the last 3 days 🤧 Since I decided to avoid relying too much on automation this year and focus more on improving my manual hunting skills, I think I’ll have to deal with a lot of duplicates until I learn my lessons. Part of the process, I guess.

@Babauca @yeswehack Congrats 🔥 Can I dm you if you do not mind

Just got a reward for a vulnerability submitted on @yeswehack -- Cross-site Scripting (XSS) - DOM (CWE-79). yeswehack.com/hunters/babauca #YesWeRHackers

@R1s666 @yeswehack Congrats 🔥

Just got a reward for a vulnerability submitted on @yeswehack -- Cross-site Scripting (XSS) - Reflected (CWE-79). Waf bypass: <mctx%2FOnCoNtEnTvIsIbIlItYaUtOsTaTeChAnGe%3Dalert%601%61%09STYLE%3Ddisplay%3Ablock%3Bcontent-visibility%3Aauto>

@whithat444 @YShahinzadeh @kobi_hk How you are bypassing waf 😂 I found 2 xss but prevent by waf

Update: Now I’m able to trigger an `alert` after bypassing the WAF 😄 This is my first DOM XSS after spending many days learning and practicing. Special thanks to @YShahinzadeh @kobi_hk and all the bug bounty community members who share helpful resources 🙏 #BugBounty #XSS

@Jos_eph19 I hate this word “Duplicate” if it reported why they did not fixed it and let us send repeted bugs !

Hmm tough week

Bug bounty hunters are putting AI to work. Researchers told @WSJ they’re using AI to support everything from recon to analysis and exploitation, with a growing focus on fewer, higher-value findings. But as Bugcrowd CEO @davegerryjr shared, human insight still plays a critical role in finding deeper, novel vulnerabilities, including “things that people have never seen before.” Read the full piece: wsj.com/pro/cybersecur…

@fattselimi POC is the controler for everything , if the report conatin a good thing send report otherwise find another thing

Only Critical/Exceptional bugs seem to be prioritized lately by Bug Bounty Platforms, but what happens when AI-generated low-value reports are also marked as Critical/Exceptional? We end up prioritizing noise while real, impactful security issues are being neglected.

@yousefrol كيف اجربة ؟ انا حاليا استخدم claude الافضل هو ام claude ?

جربتوا Codex Security ؟ 🛡️

@oxflask You mean reached to shell ?

/etc/passwd , /etc/shadow

@M7moudx22 Ture , I do not know what wrong with them in these days !

H1 nowadays : spray and pray ❌ submit and forget ✅

@TraceX0_0 @tsxninja200 @defronixacademy @thehacktivator Congrats 🔥

FIRST BOUNTY UNLOCKED 😭🔥 Started my bug bounty journey with a HIGH severity report… still feels unreal 🫡 Months of NA, duplicates, failures & grinding finally paid off 🙏 God’s plan really different sometimes. @tsxninja200 @defronixacademy @thehacktivator #bugbounty

@xau8k How many days normaly they back first response ?

Stay tuned for upcoming write ups. 😍 #bugbountytips #bugbounty #BugHunters #hackers #hacking #bugcrowd #webtesting

@FroztNova127 Amazing , I do the same

@DarkLorSy Yes of course, i always verif every bug claude found manually

@DarkLorSy what is worked?

Friendly reminder: validate the bugs that AI is finding for you *before* submitting them. 😅

@FroztNova127 When you test it manually it is worked ?

Day 8 - Bug Bounty - Ask claude code to hunt bac and idor on specific feature - Claude found idor bug - Try connecting claude with caido mcp and analyze http request and look for bac and idor while im browsing manually Submitted: 6 Triaged: 0 Accepted: 0 Total bounty: 0$

@yusufthebdev If you do not mind could I dm you ?

i’m getting numb to these daily hacks😪

@itsmeNxSTY @0xHun73r @ide9x @hamidonsolo Congrats 🔥 Could I DM you if you do not mind

My first bug bounty after just 1 month from starting learning Special thank to @0xHun73r @ide9x @hamidonsolo

If you found a real bug, and closed as NA/Duplicate/informative and you tried to reach out an got no response, publishing your finding with the users data is not right, remember the goal of working as hunter. We are protecting companies NOT helping blackhats to hack'em. Move on to another target.

@Ibrhimmhm @AhmedRaza175106 @Bugcrowd I can not cuz your dm is closed

@AhmedRaza175106 @DarkLorSy @Bugcrowd dm me anything you want

A way to start. got my first submission accepted on @bugcrowd bugcrowd.com/h/{id: "ibrahimwaeel22"} #ItTakesACrowd #bugbounty #cybersecurity #bugcrowd