PinkArmor

🎯 Bug Bounty Tip: Hunting on targets running Jira, Confluence, Bitbucket, Jenkins, Solr, or Nexus? Bookmark this PoC goldmine 👇 github.com/shadowsock5/Poc CVEs + payloads ready to test. Save hours of recon. #bugbounty #infosec #cybersecurity #bugbountytips

Found a pretty solid fuzzing resource for web security testing 👀 👉 github.com/gh0stkey/Web-F… Contains: • endpoint discovery wordlists • XSS/SSRF/LFI payloads • parameter fuzzing lists • Burp Intruder payloads • recon & web fuzzing dictionaries Useful with: ffuf • Burp Suite • dirsearch • arjun Good repo for bug bounty & web app testing workflows. #BugBounty #CyberSecurity #WebSecurity #InfoSec #EthicalHacking

@Rockpratapsingh How ???

Hit 28 XSS today, will report them tomorrow 😅 Currently attending the Jhaddix class

Awesome Large Language Models for Vulnerability Detection github.com/huhusmang/Awes…

A tool for bug bounty hunters to find exposed secrets: betterleaks - github.com/betterleaks/be… #BugBounty #BugBountyTips #InfoSec #AppSec

@saqibarif98 @Hacker0x01 =)) really

VDP program @Hacker0x01 Paid bounty WTF

@gabson0x Which platform sir

same bug asset scope , same company go where you are valued

IT'S GIVEAWAY SEASON! We will pick 6 winners to win one of the following: 1x Annual VIP Hack The Box Licence 5x Pentesterlab 3 Month Licences To enter: 1️⃣ Follow us @BugBountyDefcon 2️⃣ Like this post ❤️ 3️⃣ Tag 3 hacker friends in the comments 4️⃣ Retweet this post 🔁 Giveaway open until Thursday May 14th! GOOD LUCK!

To guys who are struggling to get their first valid bug/bounty this is a list of Self hosted Bug Bounty Programs that paid me for reporting Vulnerabilities : - liquidweb.com/policies/bug-b… - vivid.money/en-eu/bug-boun… coinfinity.co/bug-bounty - docs.digiteal.eu/Policy/Digitea… More in comments

How yo make your LLM better 1000 times by just a small add-on ?? the full writeup/prompt/skills:- 0xzyo.medium.com/how-to-make-yo…

@BugBountyDEFCON @hunt_n27493 @Bugcrowd @intigriti @hackprove_

@shreerajaput @Bugcrowd Can u share ur write-up 🥰

I earned $5,000 for my submission on @bugcrowd bugcrowd.com/h/{id: "cyber_shree"} Still finding real impact in “secured” flows. Consistency > everything. Still hunting #bugbounty #infosec #cybersecurity #jwt #ethicalhacking

@OreoB1scuit Why they dont fix issues from 2024 🙄

Got marked as a duplicate for a bug that allows leaking basically any Udemy course. It’s been around since 2024. I get that things are “free,” but not this free, haha. 🫠

Android Pentesting Skill github.com/DragonJAR/Andr…

@ngosytuanbug Peak quá a ơi

This weekend, I gave a talk on web browser security research at a student-organized conference. I tried to make the talk reasonably beginner-friendly, so the slides (linked here) could hopefully be useful to someone as a learning resource. docs.google.com/presentation/d…

Bug Bounty tip 🧵 Don't just swap IDs — wrap them. ❌ {"Account": 1111} ✅ {"Account": {"Account": 3333}} Auth validates the outer key. Business logic executes the inner one. Scanners miss it. You won't. #BugBounty #IDOR #APIHacking

Google VRP Writeups — Real Exploits, Real Bounties 🐛🔥 Curated list of Google VRP (Vulnerability Reward Program) writeups: • Real-world bugs → XSS, SSRF, RCE, IDOR, Privilege Escalation • High bounty cases → $100k+, $50k, $20k reports • Google Cloud, YouTube, Gmail, Chrome attack surfaces • Both blog + video writeups from top researchers If you're serious about bug bounty, this is where real learning happens — not theory. 🔗 github.com/xdavidhu/aweso… #BugBounty #GoogleVRP #Pentesting #CyberSecurity #Infosec #AppSec

7 Claude prompts for pentesters. Attack surface mapping. PrivEsc paths. CVE analysis. Lateral movement planning. 🧵