The BBH 🇳🇵

Access to Members-Only YouTube Video Content by Infosec Writeups infosecwriteups.com/access-to-memb… #bugbounty #bugbountytips #bugbountytip #infosec #YouTube

@dhakal_ananda @hash_kitten @kevin_mizu @dhakal_ananda daju chrome MCP??? Alli explain garnu naa.

@hash_kitten @kevin_mizu Codex (GPT-5.5) solved it with 0 guidance. Just gave it access to the Chrome MCP and let it run on background!

Posting a mini XSS challenge! Goal is to pop an alert. I believe this trick is not well known. Intended solution is chrome only. Thanks to @kevin_mizu for beta testing! Don't post solutions in the thread; DM only! xss.hashkitten.io/xss1.html

@krishnsec @sl4x0 Exactly same thing @krishnsec i have reported 3-4 P1 triaged ----> patched ---> then N/A ( even clearly show's the Video POC). Now I'm Ban

@sl4x0 I have multiple P1/P2s that were triaged on time, but what about the other valid criticals that were marked patched/N.A. even with video pocs provided?

worst time going on in #bugbounty bcoz of this AI - triage has become extremely slow. Many of submitted P1s across different programs are getting patched before triagers even review reports.

@GodfatherOrwa Dam buddy 🔥 congratulations 🎊

Just for records, this SQL took me a weeks try exploited with some friends who have good background in SQL and no luck, so big congratulations for this find ❤️ Nice exploit & write

@GodfatherOrwa @ai 💯 Correct even are report also be suffered. For shits people's...

* Create your own AI scanner * Create website for that AI * Offer it for Sale/Subscription * create a X profile for the AI * Start Posting Old bounty’s photos with posts like (found this by this @AI, I spend 10$ and I got rewarded 10K$) Story Of This Days 😤 Not #bugbouny 🫣

@VAG33K They Mark P5 Informative IDOR, leak PII ( email, social media account, phone number etc....)

LOL, massive exposure of production data, PII for internal accounts and billing records for high-level executives(CFO), 3055 Phone Numbers for users, Cost Centre Names and Live Billing Charges. Get Triaged from BC then the Customer close it as P5 and Resolve it #bugbountytips

“Login Page Testing Checklist: 15 Important Test Cases Every Security Tester Should Know” by Yamini Yadav_369 osintteam.blog/login-page-tes…

@krishnsec Arey bhaiya aise aise jawab dete hai ki kya bole. Researcher soul will be die after nonsense comment.

I dropped 5x RCEs in a single report, it got triaged, then after 16 days the customer patched everything and rewarded it as P3? So a potential $10k–15k critical report suddenly became a $500 payout in one comment - this severity decision genuinely makes no sense . These kinds of decisions genuinely discourage researchers from hunting on platforms/programs. Spending days finding impactful vulnerabilities, writing detailed reports, and helping secure production systems only to see the severity heavily downgraded afterward is extremely demotivating. In this case, the issues were valid, triaged, and even patched by the customer, which clearly proves the impact was real. Yet the final outcome made it feel like all the effort put into the research had little value. Researchers invest huge amounts of time and energy into finding critical vulnerabilities responsibly, and inconsistent severity decisions like this make people lose trust in the process. Honestly, one comment was enough to completely kill the motivation and energy I had for #bugbounty

@0xRIXET 😂 😂 🙋 Me RCE duplicate 2022

ATO duplicate 2020 😂

@Shabosec @sachin_pandey98 @ladebw Fuzz with @GodfatherOrwa iis wordlists or check with backup file that will also help you.

No Where to Hide When Shit is Cracking😲😲😋😋😋🔥🔥 Old portal was exposed via using Yandex dork Big up @sachin_pandey98 and also you can also use @ladebw automation Tips:Rhost.target.* and look up the version using Wappalyzer and Apply your methodology

lof web apps that are built by AI, it have .md and mostly 🔥 so any app you test, JSP / PHP / ASP Add for fuzzing the extensions ffuf -w /wordlist -u .com/FUZZ -e .md,.db,.txt,.xml,.sql,.7z,.zip,.tar.gz,.env it will take some time, but it will be back with very good results♥

@Ahmex000 @directly @Bugcrowd Same thing with me @bugcrowd are scamming i guess now day's.

I submitted a critical XSS to @directly @Bugcrowd more than 2 years ago. They didn't respond from 2 years ago and then closed my report as NA without any comments/Closed their target test domain/Fixed the Vuln from about 1 year . This is extremely shameful.

@roohaa_n @roohaa_n bhai aisa kya YouTube par nhi hai. Kachra hai YouTube par. DM kr do mai share kr deta hun aapko saara.

How u guys are using AI for bugbounty just curious to know about it or is there any blog or youtube channel :)

@AkashHamal0x01 @RapydGlobal Same with Pinterest buddy I reported RCE -> Triage P1 (awarded points) -> After an Hour Duplicate unresolved. same with twilo, api endpoint triaged -> point --> duplicate ( unresolved).

In March i submitted a vulnerability to @RapydGlobal via Bugcrowd initially marked as "Informational" Contacted security team -> awarded 20 points -> P2 -> Unresolved -> Triaged by Program After 2 hrs, severity changed to P4 -> Resolved -> duplicate of October 22,2024 submission So my question is what i reported is P2 and the original report is P4, original reporter was not able to show additional impact. After they triaged my report, within 2 hrs patched it and marked as duplicate. What were they doing for 2 years? they realized the gravity of situation only after receiving my report and patched in 2 hrs? Lol

@krishnsec Saale ko bolo got to ground floor and jump it . This is my ninja technique ding ding.

so a redacted #bugbounty program posted this in his bounty brief :)

@roohaa_n @Hacker0x01 Arey @roohaa_n bhai bugcrowd wale bhi aise hi kr rhe hai. 2 mahina support team ke sath arguments chalne ke baad triagger ne triaged kiya hai bug.

After a longtime i decided to write it How a 404 Page Led Me to an Unauthenticated AI Chatbot Leaking an Entire ERP Knowledge Base @roohaan/how-a-404-page-led-me-to-an-unauthenticated-ai-chatbot-leaking-an-entire-erp-knowledge-base-dd8d380351cb" target="_blank" rel="nofollow noopener">medium.com/@roohaan/how-a…

@4osp3l @DorkixAI Opencode with minimax is lit🔥🔥🔥 yesterday i use congratulations 🎊 for this buddy. What if we change build to plan for agent.

@DorkixAI 🔥

Experiment 2/3 Android Root Detection Bypass (using DeepSeek V4 Pro): I requested the agent to analyze a decompiled Android APK, find all root detection mechanisms, write a Frida bypass script, and verify it works on a real device connected via ADB. For privacy I am not allowed to share images or the app name the program is private. But they use common root detection techniques and it was possible to bypass it in 16 minutes. Opus 4.7 feedback: The agent used a dynamic-first → static → dynamic-verify approach: Dynamic Phase: — Started frida-server on the device — Launched the app without Frida to observe natural behavior — Captured UI with uiautomator dump — found the root detection popup showing "Your device is rooted" — Took screenshot as evidence — Captured logcat to identify which classes triggered the detection Static Phase: — Grepped the decompiled source (jadx output) for root detection patterns — Found 13+ relevant obfuscated classes across the codebase — Read each file and traced the complete detection chain: Entry: ActivityLifecycleCallbacks → Kotlin coroutine → 5 separate checks (TracerPid, emulator detection, su binary, /proc/mounts, Xposed/Zygisk detection) → SafetyNet/Play Integrity → AlertDialog popup → finishAffinity() app kill Script Writing: — Wrote a 317-line Frida script with 14 hooks across 7 layers: root detection methods, coroutine blocking, dialog callback interception, exit prevention with stack trace checking, AlertDialog monitoring, RootBeer library bypass, and SafetyNet hooks Testing + Self-Debugging: — Launched app with Frida — hit a bug in hook signatures — Read the error, fixed the Frida script autonomously — Relaunched — coroutine intercepted successfully — Captured UI with uiautomator dump — no root dialog, app shows normal content — Tapped navigation tabs to verify full app functionality — Did a full clean restart to confirm bypass is consistent Strong methodology. The dynamic-first approach was the right decision — the uiautomator dump immediately revealed the exact popup text, which guided the static analysis to the right classes. The agent correctly identified that root detection runs through Kotlin coroutines and hooked at the suspend function level — that's not trivial to figure out from obfuscated code. Smart to hook at multiple layers rather than just the check methods. The self-debugging when hook signatures failed shows adaptability. 102 tool calls, 16 minutes. Next : AngularJS sandbox escape + CSP bypass XSS #DeepSeek #ai #DeepSeekV4Pro

@SuyashS91823422 @Bugcrowd Bhai 8 RAR and 2.5 months se Support ke sath behas baji krne ke baad inka trigger likhta hai ki. We are sorry your report is now under examined

why @Bugcrowd not responding to RAR if no one review RAR then what's the use of this feature?