geo457

@Behi_Sec Congratulations. Is this from Google AI VRP? If so could you make a writeup ?

Google just rewarded me with a $12,000 bounty😃 Now, I'm closer to my $1m goal. Tip: Always validate your assumptions, as there are always exceptions.

@hetmehtaa Yes but you will have to work in EST hours

Is it possible to land a fully remote cybersecurity job in the US without holding a visa?

@st0pw4r @YShahinzadeh Yes

@YShahinzadeh Google has IDORs?

my first bug using AI DIRECTLY to help me analyze JS fles. I've been always doing it by hand, but this case, I was able to find it with AI. Of-course It woudn't find it with "go anayze all JS files and give me bug" FYI: I could have found it purely by hand within few hours

When I started bug hunting, I went from $0 to $3K/month in just 6 months. No secrets, no shortcuts, just a refined process. Here is the exact framework I followed: 🧵

Guys, I published my bug bounty write-ups here: @vivekms" target="_blank" rel="nofollow noopener">substack.com/@vivekms #BugBounty #Google #writeups

🚀 Supaleak just launched! Vibe coders: you ship fast, but secrets leak into JS files. Supaleak detects + validates exposed secrets: - API keys, tokens, JWTs, Supabase keys, and many more. - Scheduled scans (daily/weekly/custom). - CSV export + email alerts. See what you discover. supaleak.com Thanks @martindonadieu for the guidance and the idea ♥️ shout out to @marclou 🙌

@GodfatherOrwa Thank you man.

🚨🚨🚨🚨🚨🚨

@sc0ttWheeler @shodanhq Thanks. It worked

@shodanhq FYI had to copy the link and open in separate browser (used Firefox) and it worked!

$5 Membership sale is live for the next 24 hours: account.shodan.io/billing/member

What an awesome bug and write-up by @brutecat. They found a way to leak any YouTube user's email address using only their public YouTube channel ID. The trick? Chaining two unrelated Google services: - YouTube (to get an ID) - Google Recorder (which mapped that ID to an email when sharing a recording) One issue that they faced was that when sharing a recording, it sent an email to the victim. To avoid this, they used extremely long recording names, which broke the email’s subject line and prevented the notification from being sent. This bug is a great example of cross-platform hacking, abusing logic across different services. One key takeaway for new hackers is that hacking is more effective when it’s goal-driven. Instead of just testing for common bugs like XSS or SQLi, focus on achieving a specific outcome (leaking email addresses) and find a way to make it happen. Link to the writeup 👇

bruh what were they thinking 😭

@AccidentalCISO @hackerfantastic It is for both OV and EV certs

@hackerfantastic Is that for a standard cert, or an EV cert?

Did code signing certificates suddenly increase? Last year I had a code signing certificate renewal that was only $80, this year they are asking us for $400. Is this across the board or do we drop them for a cheaper code signer? Is there a letsencrypt yet for code signing?

@hackerfantastic As per the new regulation, the code signing cert’s private key should be generated, stored and used in FIBS 2 compatible USB token. So CAs are delivering the cert through a hardware token. That is why the price increased. it is not possible to get software based certs PFX any mor

AI helps greatly translating JavaScript to "Human Readable Language", here's how I found a very straight forward DOM Based XSS in 2 minutes. #BugBounty

@NoContextHumans I am a hacker

$20,000 Misconfigured S3 bucket vulnerability More detailed video is on my channel #bugbounty #bugbountytips

Amazing Google Dorks for Bug Bounty Input your target to generate Google Dork links for easy OSINT recon #bugbountytips taksec.github.io/google-dorks-b… Credit: @TakSec

If you want to find domains associated to an organization, you can explore DuckDuckGo's tracker-radar. It's a publicly accesible dataset that stores web tracking information, including domains operated by an organization. #L44" target="_blank" rel="nofollow noopener">github.com/duckduckgo/tra…

🏫🏫 From September 8th 15:00 UTC to October 8th 15:00 UTC we will award a 75% bonus to any valid vulnerabilities in classroom.google.com. Rules: bughunters.google.com/about/rules/54…

@LetsDefendIO CAA record : It allows you control which certificate authority can issue SSL/TLS certificate for your domain

Types of DNS Records