W31rd0

@hamidonsolo @capablanca_h1 Once you get bounty and triage reputation shows. Only if you have a dupe you get the points when original report is resolved

@capablanca_h1 i dont know then hackerone rep is complex

@_jensec i would disagree, the amount of hours you spent does not guarantee that you will have an income, especially one that you have set as goal,given there are many factors that can influence the payments

Biggest disadvantage of bug bounty is that your output (income) is tied directly to input(number of hours)

@yeswehack that you have limited control over the outcome of your reports :D

What’s something you wish you’d learned earlier in Bug Bounty? 👇 #BugBountyTips

@offsecrunner i suppose if you are happy with the program overall its a good thing to do :)

@Troll_13 Thanks It's on h1 for now I informed them, as of good faith

Hey folks need some advice. I reported a bug in an API endpoint it got patched and I was asked to re-test. During retesting, I found a different bypass on the same endpoint but it’s a different vulnerability category. Should I disclose it now or wait and report it after payment?

@I_Am_Jakoby Good luck

Im doing a demo for threatlocker in 20 min The last stage of my job interview is at 2:30 God please recognize my hard work and bless me with these opportunities I am so fucking nervous. Im scared. Im hopeful. God please. 3 years straight ive been grinding everyday. Through hells most people cant imagine. Please I need this.

@I_Am_Jakoby those avg bounties per severity are all over the place. looks weird

🤬🤬🤬🤬🤬🤬🤬🤬🤬🤬 finally broke the 3 day dry spell find a HIGH just to see their program is paused and they are offering $25 for it didnt even cover my stress induced door dash delivery lol 🙍‍♂️💥🔫 ima go to bed and pretend i dreamt this whole hunt

@0xw2w HackerOne should be shaping the industry instead of "following" it, by leading and pushing for better rewards/treatment for researchers. claiming such actions are standard for mature programs feels even weirder

Here's HackerOne's official response to this matter. /security sets an example of best platform practices, and H1 admits to bounty benchmarking against undisclosed programs “to make sure it is fair and competitive,” which "does not reflect a reduced commitment to researchers."

@zseano there were layoffs recently, probably reallocating budget to new products/services AI related

uh... why are loads of staff leaving hackerone? what's going on?

@zack0x01 understood, but i suppose collabing needs to built some trust first. and to put some time together to get those cool bugs. its not easy for sure

@zack0x01 you can always add someone as a collaborator and give them a small % if they pointed you to a target that landed you a bug and maybe they ll return the favor

@Toubaahmed59 have a speedy recovery! 💚

Thank you everyone for your kind wishes. Your support means a lot. I’ll come back stronger 💪🙏

@pR0MinD σωστος, και κανει και μετα κινηση οταν βλεπει οτι θα παρει το σουτ ο τσεριν ενω ο ρενατο τα χωνε στον σβι διχνει χαρακτηρα και διψα

To point δεν ειναι αν ειναι αργός ή γρήγορος ούτε ο Ταμπόρδα ούτε ο Μπακασέτας Είναι οτι ο ένας ΨΗΝΕΤΑΙ ΝΑ ΠΑΙΞΕΙ και ο αλλος οχι Το παιδί απλά ΘΕΛΕΙ να παιξει. Γιαυτό,στο σύνολο τον βαριεστημένων υπαλλήλων που λέγονται ποδοσφαιριστές του #paofc ξεχωρίζει σαν τη μύγα μεσ'το γάλα

Σε αυτά τα 2 στιγμιότυπα βλέπουμε τον "αργό" Ταμπόρδα να ξεκινάει 20 μέτρα πίσω από τον Μπακασέτα και να φτάνει 15μέτρα μπροστά του πατώντας περιοχή σε ~6'' #paofc

@Bl4ckSec shouldn't this be Critical? or i am missing something

🔴 IDOR Vulnerability Discovered an IDOR vulnerability in the Forgot Password feature. The issue is that the password reset token is not properly bound to the account email. An attacker with a valid reset token could change the password of another user’s account due to improper token validation. Example request structure: { "email": "victim@example.com", "newPassword": "NewPassword123!", "token": "VALID_RESET_TOKEN" } #bugbountytip #hackerone #infosec #BugBounty #Hacking

@perpant @triapentedyo ticketmaster.gr/panathinaikos-…

@triapentedyo Κυκλοφόρησαν τα εισιτήρια? Κι αν ναι,απο που τα προμηθευόμαστε?

Έγινε το τεστ την περασμένη εβδομάδα και πήγε εξαιρετικά, παρά τον καιρό. Πάλι στο ΟΑΚΑ το ματς στις 5/2, αυτήν την φορά με διαφορετική τιμολογιακή πολιτική. €20 στο κέντρο (€30 / €40 απέναντι) €12 στα πέταλα / κόρνερ Ταπεινή μου άποψη: κακή ιδέα.

To help celebrate @arcanuminfosec Information Security's two-year anniversary, @Jhaddix gave me 5 codes good for any Arcanum course to give away! Winners will be announced on 1/22. 👍 1 Like = 1 Entry! ♻️ 1 Share = 2 Entries!

Kicking off the New Year the right way 🚀 We’re launching a new hacking meetup with a public @Hacker0x01 program, for the Greek community 🇬🇷 All bounties are doubled—up to $20K for criticals! 📅 Starts Feb 23 More information below: 👉 h1.community/e/m29dgj/ #bugbounty

@Bugcrowd the mug

If you had to choose: Which gift would you pick? 👇🎁 Choose wisely👀

I did have a target of getting to 10k followers by the end of the year, not sure why, it's just a nice round number. Only 195 to go, if you like web app security, CTF or full stack dev give us a follow, if you already follow give us a share 🙏

@alexbindrei congrats!!🔥

I won the Most Valuable Hacker award at H1 3120! 5 months ago I was invited to my first LHE where I achieved a 2nd place. It was an amazing experience that made me want to work harder to compete against myself. And after spending 15h a day in front of my laptop here we are :) Big thangs to @Hacker0x01 and @salesforce for all the work during this event. Also to all the amazing hackers I’ve met during this days. Last but not least… 🧵