Mohammadjavad

خب بانتی این باگم رو دادن ولی یه تجربه کوچیک: چیزی که به باگ شما ربط نداره رو تو گزارش ذکر نکنید. Ssrf زدم ولی گفتم این xssات اف اسکوپ هم که رو همین آدرس هست لینکشو بشون بدم برا حسن نیت فیکس بشه؛ زد و گزارش رو xss دوپ شد. 3 ماه طول کشید تا قانعشون کنم اقا من ssrf زدم نه xss

@Arian1949 @0x04ft @voorivex گنگ 😎🔥💣

باگ ما هم بلاخره بعد از کلی کامنت بازی تریاژ شد... شاید بپرسید چرا انقدر طول کشید... چون باگه سمت attacker بیست و هفت مرحله step to reproduce داشت(سمت victim فقط یه کلیک) 😂 و ۳ تا تریاژر عوض شد تا تونستن کارو دربیارن ولی شد بلاخره @0x04ft مرسی هم از یاشار @voorivex

@zack0x01 How came notife?any special provider or website?can you hint? Thanks

@mooo_sec How did you figure out where to use this token in order to demonstrate its risk?

💡 Tip: always check .js files for Authorization: "Basic" You can often find unauthorized access and it can lead to critical bugs. #BugBounty #InfoSec #SecurityTips #InformationDisclosure

نمیشه به داده های هوش مصنوعی کاملا اعتماد کرد، بارها شده تو موضوع های خیلی ساده جواب های کاملا اشتباه ازش دریافت کردم.

@S_Hawk8 اگه با ترکیب باگ به ایمپکت بالاتر برسی اوکیه.ولی اگه باگ ها هر کدومش رو بدون تاثیر اون یکی میشه اکسپلویت کرد باید جدا گزارش کنیم.

@Mjhatamiii منم یجا ssrf زدم گفتم بیام بگم با بروت فورس هم اینجا میشه به دیتابیس دسترسی داشت هیچی خلاصه گفتن قوانین زیر پا گذاشتی بستن

خب بانتی این باگم رو دادن ولی یه تجربه کوچیک: چیزی که به باگ شما ربط نداره رو تو گزارش ذکر نکنید. Ssrf زدم ولی گفتم این xssات اف اسکوپ هم که رو همین آدرس هست لینکشو بشون بدم برا حسن نیت فیکس بشه؛ زد و گزارش رو xss دوپ شد. 3 ماه طول کشید تا قانعشون کنم اقا من ssrf زدم نه xss

@horamah_71 دقیقا✨️

@Mjhatamiii ترجیحا جدا جدا بفرست هر گزارش رو مگه اینگه با دوتا آسیب ایمپکت بالاتر بره و رو هم اثر بزارن وگرنه جدا جدا گزارش کنی بهتره

@MartinPoor29209 ❤️✨️✨️

@Mjhatamiii Nice congratulations bro 🏋️💝

با این که لینک xss تو اسکوپه ولی وقتی الرت origin میزدم یه origin دیگه لود می شد فک کنم به خاطر همین یاشار میگفت الرت 1 نزنیم @voorivex

@jusxing "Can you explain number 7 in more detail? I’m having trouble choosing programs. How should I manage my time so I can work on several targets?"

1- Build a community or team : Hacking with friends keeps you motivated. Sometimes you feel burnt out, but then a teammate says, “I just found a critical!” — and suddenly you’re hyped to jump back in. Sharing knowledge with a team helps everyone grow faster. 2- Trust is everything : If someone shares knowledge that leads to a bug, always credit them or collaborate. That trust builds long-term relationships — and makes people excited to share more with you in the future. 3- Respect your friends' work : If a friend tells you they’re working on a program, don’t rush into it just because you know their bug type or target. Respect their effort. If you don’t, they’ll stop sharing with you. 4- Collaborate — even if you find nothing : Sometimes you won’t find any bugs while teaming up — and that’s okay. You’ll still gain valuable insights, and that’s always a win. 5- Learn from hackers better than you : Try to collaborate with more experienced hackers or seek mentorship. I often team up with @YShahinzadeh . Once, I asked him what I should improve, and he told me: “Go deeper into JavaScript.” I listened, spent months learning — and now my hacking is way better than before. 6- Follow your rhythm : For me, it’s not about how many hours I work per day. I follow the feeling. Sometimes, late at night, I just know — “Tonight, I have to hack.” When I first started, I stressed a lot when I wasn’t working. I’d think, “I didn’t hunt today... that’s bad.” Now? I might take two weeks off to rest. But when I come back, I’m full of energy — and sometimes I hack 17 hours non-stop. The key is to be kind to yourself. Don’t force it. Even 2 hours of deep, focused work is more valuable than 3 days of low-energy, distracted grinding. 6- I think at some point, you need to find your own way of hacking — something that matches your interests and style. You can learn from others, but in the end, you should mix what you’ve learned and create your own approach. 7- Try to have one main program that you consistently work on every week. At the same time, don’t ignore new scopes or private invites — give them attention too. Over time, you’ll figure out how to manage your time and how much to spend on each target.

After my first year of full-time bug hunting, I successfully completed Justin’s Challenge on @Hacker0x01 . I want to share a few things that might help beginners. The bugs I’ve earned the most from are IDOR and XSS — they’re great to focus on when you're getting started. One thing that really helped me was something Frans Rosen said on the @ctbbpodcast : “I just try to learn, learn, learn about the app and how each part works.” That mindset changed everything. I started enjoying the process more, and I began finding fewer duplicate bugs. Most of my learning came from following the top 100 hackers on HackerOne — reading their writeups, listening to podcasts, and collaborating with others. There are tons of technical tips online from hackers far better than me, but here are a few practical tips that helped me personally and aren’t often talked about — I hope they help you too.

@voorivex باشگاه رو عشق است 👋😉😍

ادامش

تیر و یه بخشی از خرداد

@jusxing @Hacker0x01 Niiiice✨️😍

Q2 summary on @Hacker0x01 1- ranked 80 in global leaderboard 2- ranked 52 in highest critical reputation 3- $41k ( Most of IDOR & XSS & Auth) 4- 31 submission ( 4 critical , 7 high, 10 medium, 4 low , 3 duplicates) some of still PPR

@NahamSec @YShahinzadeh @AmirMSafari Yooo🫡🫡

What do you get when you mix punycode and 0-click account takeover? A talk you absolutely don’t want to miss. @yshahinzadeh & @amirmsafari are teaming up at #NahamCon2025 to walk you through a wild exploit chain 🔥 🗓️ May 23 📍 nahamcon.com

اولین سابمیت این د باگکراد 🫡 #تلاش #باگ_بانتی

@so_ha_ka بهترین عکس که امروز دیدم میرسه به شما دوست عزیر

نام اثر : دخترا وقتی می خوان یه کار مهم انجام بدن

@omidxrz خیلی تلاش کردم تا اولین بانتیم(1k)رو زدم.دلاریشو حسابشو اد کرد تو اکانتم و موظف شدمسئولیت اکانتم روتا یک سال قبول کنه با امضا و قرار داد.حدود سه ماه گذشت و بعد از دوبار ریجکت تکس فرم گفت که قرار داد کنسله!ینی چی خسارت زدی به هزینه و وقتم. من هم شکایت دارم از #دلاریشو پاسخگو باش.

Hi I'm M.j.