JustinRuth

I never post on here but here's an update on how today was going and went.

Reminder: Block your calendars for this session with @Checkmarx experts @jossefharush and @ErezYalon at @RSAConference. Explore “The Simple, Yet Lethal, Anatomy of a Software Supply Chain Attack” with us. Details are here: bit.ly/38ntTHK #CheckmarxAtRSA #RSA2022

More than 280 million people suffer from depression worldwide. Over 700 000 people die due to suicide every year. Suicide is the fourth leading cause of death in 15-29-year-olds. (WHO/2021) If you feel depressed, alone, or lost, there is help to get. You are not alone.

@MantisSTS If it's e-commerce, check redemption flows especially when a default cc is stored. I had success with POST based Gift cards add to carts and redemptions.

I found an XSS last night and didn't report it because I want to escalate it. What would you look for to escalate it? #BugBounty #bugbountytips

This is @codingo_ 's first video and comprehensive written guide. His guide to ffuf is actually more comprehensive than the ffuf readme! I can see his content becoming the ultimate reference guide for hacking/bb stuff. Follow/sub to him everywhere!

@zseano Love this! I think 75 or 80% of the bugs I've found are on the main site. Recon is great for learning how the entire Enterprise deploys as well as architectures at play.

I love that everyone's hot on the recon game, ya'll leaving the main web app fresh for me to poke at ;) keep scanning for them subdomains please:P

Question for #bugbounty #BugBountyTips would you submit exposed source code (.jsx files) via the browser? Only appears on a certain page and seems like the full app. Not seeing any keys but tons of endpoints as well as custom code and full node_modules folder.

dang today became such a better day when I realized I could use _ in SED instead of / echo '"google.com"' | sed 's_"__g' is the same thing as echo '"google.com"' | sed 's/"//g' substitute all double quotes with nothing. #linuxnoob

@streaak @R44MB00 @Bugcrowd congrats! Ugh I feel like everyone has those "first couple of bugs lol".

@R44MB00 @Bugcrowd Would've been 100 if not for the first few bugs which I submitted back when I started 😂

Crossed 100 submissions on @Bugcrowd #ItTakesACrowd

@fin1te Incredible post! I love the part about P0s. It's crazy when you spend some time on the "other side" prioritizing tons of security issues. Bug bounties are important and great, but don't represent all the risk to an org. Really great context to learn.

Four year gap but here's a rambly, non-technical post about my past 4 years whitton.io/articles/from-…

@mubix Really silly one... I suck at regex and I shouldn't. A coworker corrected a really dumb regex mistake I was making on a call and I realized how hard I was making that particular workflow. He was so matter of fact, it was super pleasant, and I learned something awesome.

I wish more people in this world would feel joy instead of fear when someone confronted with conflicting information to their current knowledge base. I absolutely love learning new things, especially when I'm wrong about how I think it works. My favorite example is:

@stokfredrik @Borderlands Bl3? Never played 1 or 2 but friends got me into 3 and it's definitely entertaining!

Time for some @Borderlands !

In a pinch and need a quick SMTP server? You can use a gmail account. kinsta.com/knowledgebase/…

@greenwaybarista Haven't watched Anime in a bit but literally just finished Altered Carbon: Resleeved on NF, was entertaining but not a series!

Hunter x Hunter was amazing. any other 150 episodes or less Anime anyone recommend?

@caseyjohnellis @Bugcrowd thanks!

@JustinRuth @Bugcrowd excellent advice. congrats!

Hit 2 personal goals today on @Bugcrowd 1. Top 1000! 2. Pass 2019 earnings in 2020. set personal goals you can celebrate, the more obtainable the better! #BugBounty

Thanks for summarizing and sharing!

If javascript: is being filtered try some other payloads that might still work in <a href='payload'> java%0Ascript: java%0Dscript: java%20script: anything others? #bugbounty #bugbountytips

@kim_crawley Putting myself through #OSCP, never be afraid to invest in yourself. #infosec #cybersecurity #tech

Over the last couple of weeks I had some down time and got the itch to hit some Bug Bounty programs. Reported a couple of vulnerabilities which ultimately lead to my first payout! Thanks @Bugcrowd ! #bugbounty