rejection

@0mbrish @FroztNova127 @hamidonsolo @wearehackerone @Hacker0x01 It might be your settings you can disable most vdp invites

I'm only getting VDP invites why this happening to me 🙂 @FroztNova127 @hamidonsolo @wearehackerone @Hacker0x01

@0day_ninja 😂 The average black hat sits in telegram channels begging for logs, you are giving black hats very high standards if you think the average is building a tool to obfuscate shell code

I stand corrected but i strongly believe the average black hat tends to be smarter and superior to the average white hat. My reasoning is that there's really no source material for most of what they do. Say building a tool to obfuscate shellcode to evade antivirus and security software detection(crypter).

🦾❤️ #BugBounty

@relax3fcy @Hacker0x01 learn all of the vulnerability types and you'll spot them ;)

@apihog @Hacker0x01 Which type of vulnerability do you find more?

Crossed 1000 reputation today on @Hacker0x01 :)

@termireum awesome writeup!

Hacking Google Support: Leaking millions of customer records ($14,000 Bounty) michaeldalton.au/posts/hacking-…

@Bugcrowd SSTI

Argument parsing is really important, especially when they are used as inputs to other functions or commands.  Spot the Bug 🐞👇

@robertgraham you clearly don't understand the debate behind "think of the children" if you think that applies to this lol

Such a precious hot take pretending that this hasn't been debated for 40 years. People were making the same arguments in the '80s -- with the same emphatic moralizing, "think of the children". To be fair, he's right about the other side being equally obtuse, as if their comments, too, haven't been continually rehashed over 40 years.

@sheikhrishad0 @Hacker0x01 congrats!!!

30K reputation on @Hacker0x01 👾 #HackForGood

The people that disagree with this are just ignorant tbh. The argument that "the company is ignoring me so im going to publish everything" is so selfish and attention seeking. If the company really "ignores" you (you can say this confidently, only IF you've waited more than a year, because you don't know at all how things operate internally), then so be it, let them worry about a potential data breach, if you have TRULY done everything in your power, just move on and stop trying to make everything about yourself, nobody serious is going to be impressed about the shitty bug you discovered on a program that doesn't even have a bbp. If the company doesn't fix what you reported, then let them deal with the consequences. that is not your problem at all what the company does and doesn't do and the only people you are going to impress by publishing the vuln is equally as talentless people (there are rarely exceptions obv). And there's a good chance nobody malicious is going to even discover what you've found anyway so publishing it has the same impact as exploiting it lol Also if we're sooo against these "evil companies ignoring us security researchers", why are we even putting our time and energy into doing security research for websites that don't even have a proper VDP? its extremely contradicting what these people say...

New video: The responsible disclosure debate is hiding what's really going on. These kids aren't mad about security. They're mad about life. They don't have a principled position on disclosure, they have anger problems and AI. They need guidance & mentorship, not encouragement.

@ArchAngelDDay a check to see if you are paying attention lol

This is a “puzzle”?

@Bugcrowd send as is, endpoint implies it will return users

⏰ 30s to find a bug 1️⃣ You can only send a single HTTP request 👇 What’s your payload?

@syaedowais this has happened to me before, got needs more info'ed and spent an hour or two writing a huge poc and video, only to get duped lol. just be happy you found a valid issue and move on to find something better :)

After so much time, almost 20 days marked as dupe. They reviewed it then told me to provide a video poc, which I did. Now they say it's duplicate .

No one cares you got duplicated on your bugs, it’s only interesting to you because until a $20 Claude subscription could find them you likely didn’t actually produce any. The faster you take the emotion out of bug bounty hunting, the happier you’ll be for it. Don’t get upset or let it impact your mental balance.

I don't understand how you guys find so many low severity bugs, what is considered low, I see profiles full of them? I've only ever found 3 low severity issues out of 50 valid reports... would love to find more of them ;)

@erickfernandox @Hacker0x01 would love to see a writeup for this ;)

My first vulnerability capable of compromising accounts on a social network. Yay, I was awarded a $15,000 bounty on @Hacker0x01! hackerone.com/erickfernandox #TogetherWeHitHarder

@Itx_Shad0w 🎂

Today is my birthday 🥳

@Shabosec @GoldmanSachs Dude calm down it’s not that deep 😭😭 it’s a registration otp the impact is low as it is