YesWeHack ⠵

SSRF turns a server’s own outbound requests into your weapon against its internal network 🌐 From a single callback to full cloud account takeover, the escalation path is wild when you know the tricks 🔥 Full guide on hunting SSRF 👇 yeswehack.com/learn-bug-boun…

AI is “bad at knowing what’s actually exploitable” (cc @xclow3n), but “our expertise still lets us steer AI toward the right lead” (cc @aituglo). Plus: @LiveOverflow on why smaller models can beat larger ones on cost-to-recall. Our latest #BugBounty roundup 👇 yeswehack.com/news/ai-force-…

Ready to pwn Deadbolt on Dojo? 🚩 Discover how you can generate your own license key and achieve RCE! Hack the challenge and level up your YesWeHack profile 👉 dojo-yeswehack.com/challenge-of-t… #BugBounty #CTF

@Babauca Well done! Keep up the great work 💪

Just got a reward for a high vulnerability submitted on @yeswehack -- Insecure Direct Object Reference (IDOR) (CWE-639). yeswehack.com/hunters/babauca #YesWeRHackers

@smokie_7 This is impressive. GG! 🔥

Just completed the "Dojo #51 - DeadBolt" challenge on @YesWeHack! Level up with me! 🌟 dojo-yeswehack.com/challenge/play… #YesWeHack #ChallengeAccepted

@NoobosaurusR3x That's great! Congratulations 👏

Just got a reward for a critical vulnerability submitted on @yeswehack -- Default Credentials (CWE-1392) #YesWeRHackers

Missed the latest #TalkiePwnii? Now’s your chance 👀 @pwnwithlove breaks down a wildcard argument injection exploit on a @zerodaygym Dojo challenge - from initial discovery to full exploitation 👇 youtu.be/xsaa7dBn1jg

OS command injections are more common than you think! But how can you find them? Our guide walks you through detection techniques, payloads, and real-world examples to find OS command injections 👇 #BugBountyTips yeswehack.com/learn-bug-boun…

@1yz02 That's great! Congratulations 👏

Got 2 Broken Access Control vulnerabilities accepted on @yeswehack

@_warsang_ This is impressive. GG! 🔥

Project Glasswing at home! Just landed a CVSS 10.0 on @yeswehack (SSRF). 🎯My workflow combining OpenClaw🦞and Kimi for vuln research is starting to pay off. Still needs some hand-holding but this is the way!🚀#openclaw #lobster #kimi #llm #bugbounty #YesWeRHackers #CyberSecurity

Bug Bounty recon in 2026 is about precision, not noise. 🎯 Learn how to map attack surfaces, prioritise targets, find hidden assets, and turn recon into real vulnerabilities thanks to @amrelsagaei's latest video 👉 youtube.com/watch?v=H7AjEM…

@bytehx343 Well done! Keep up the great work 💪

🔓 Just solve the "Dojo #51 - DeadBolt" challenge on @YesWeHack!

@s0ufm3l That's great! Congratulations 👏

Just got a reward for a vulnerability submitted on @yeswehack -- Missing Authorization (CWE-862). yeswehack.com/hunters/s0ufm3l #YesWeRHackers

@AxleHacker That's great! Congratulations 👏

I just pwned the "Dojo #51 - DeadBolt" challenge on @YesWeHack! Who’s next to join the fun? 🚀 dojo-yeswehack.com/challenge/play… #YesWeHack #ChallengeAccepted

@CyberFrozenk That's great! Congratulations 👏

Just got a reward for a vulnerability submitted on @yeswehack -- Improper Authentication - Generic (CWE-287). yeswehack.com/hunters/frozenk #YesWeRHackers

@n_vbla Nice work!!

Started hunting on @yeswehack mid-December 2025. Currently #21 on the 2026 leaderboard. 🏴‍☠️

7/7 Race Conditions ⏱️ What if you clicked "apply discount" twice at the exact same millisecond? Sometimes the app only checks once but applies it twice. That gap is a race condition. This guide teaches you how to find and exploit race conditions! 👇 yeswehack.com/learn-bug-boun…

6/7 XXE (XML External Entity) 📄 If an app accepts XML input and is not configured correctly, you can read files or access internal networks. Do not skip this one. XXE shows up in real programs more than people expect 💡 yeswehack.com/learn-bug-boun…

🧵 Want to develop your hacking skills? This thread is for you! 🫵 We covered the 7 vulnerability types every bug hunter should at least know. One guide per post, all completely free to read. Check them out 👇