Begin n Bounty
910 posts
Begin n Bounty
@beginnbounty
👉Practical Bug bounty tips 👉Beginner friendly 👉Pentesting DM for queries
Katılım Şubat 2021
262 Takip Edilen7.2K Takipçiler
Stryker cyber attack: Employees still unable to work more than a week after hack mlive.com/news/kalamazoo…
English
🚨 BREAKING: The cybersecurity industry is about to get completely disrupted.
Someone just open-sourced a fully autonomous AI Red Team.
It's called PentAGI. 8,200+ stars on GitHub.
Not one AI agent. An entire simulated security firm. Researchers, developers, pentesters, and risk analysts. All AI. All coordinating with each other before launching a single attack.
No Cobalt Strike. No $100K/year pentest retainers. No OSCP required.
Here's what's inside this thing:
→ An Orchestrator agent that plans the full attack chain
→ A Researcher agent that gathers intel from the web, search engines, and vulnerability databases
→ A Developer agent that writes custom exploit code on the fly
→ An Executor agent that runs 20+ pro security tools (nmap, metasploit, sqlmap, and more)
→ A memory system that learns from every engagement and gets smarter over time
Here's the wildest part:
It runs everything inside sandboxed Docker containers. Full isolation. It picks the right container image for each task automatically.
It has a knowledge graph powered by Neo4j that tracks relationships between targets, vulnerabilities, tools, and techniques across every single test.
Cybersecurity firms charge $25K-$150K per engagement for this exact workflow.
This is free.
100% Open Source. MIT License.
English
Imagine the pain of getting a critical (10.0) duped just by one day 😭.
PS. (this is a different one than my previous post)
English
I'm documenting my journey of learning how to hack LLMs and building with AI so I'm so excited for this week's video: BECOMING AN AI HACKER (Episode 1) 👉🏼 youtu.be/dG6NFXQOmsE
YouTube
English
Which bug hunter inspires you most right now? Tag them below👇
English
Alright, alright. I admit it. I’m tired of living a lie.
Claude code can’t find any bugs. Cancel your subs.
English
We finally had @thedawgyg on the pod to talk about his origin story, recent Chrome research and how he optimises his AI workflow, his famous 180K payout on Yahoo and a LOT more.
This is an episode we know a lot of people have been looking forward to, check it out!
youtu.be/kpFfde3rNFs
YouTube
English
What it takes to be in the industry ;p
#BugBounty
Patrickbatman@hamidonsolo
I made close to $10,000 from bug bounties this month. I'm 19. Still in engineering school. Here's what I didn't show you. I found a Critical RCE — Remote Code Execution via path traversal on a company's server. The kind of bug that pays $5,000-$20,000. Duplicate. Someone found it 12 days before me. $0. Same work. Same skill. Same report. Wrong timing. That's one of dozens. For every bounty I post, there are 15+ reports that got: → Duplicated → Marked informative → Ignored for months → Closed as "not applicable" → Lowballed after months of follow-ups But you know what I do when that happens? I wake up. No emotion. No hate. I open Burp Suite. Next target. Next report. Because if I don't, someone else will. Every day I take off is a day someone else dupes me on the next find. So I show up. Even when I don't feel like it. Even when it hurts. Bug bounty is not "find bug, get paid." It's find 50 bugs, fight for 6, get duped on some of your best work, get ghosted on others, and still show up the next morning. The $10K months are real. But behind every mountain is a hundred steps nobody sees. If you're starting out and getting duped and rejected — that IS the path. You're not doing it wrong. You're doing it. Keep going.
English
JUST IN: 🇦🇪🇮🇷 UAE considers taking action against Iran.
English
@thedawgyg @UK_Daniel_Card those morons can only kill school childrens or babies.
English
@UK_Daniel_Card These idiots don't know what the hell they are doing. They fact that he repeatedly claimed he completely 'obliterated' them was enough to know they likely didn't do shit.
English
@IAMERICAbooted So you are supporting killing civilians, destroying middle east?
English
My fellow Indians:…is the news always this intense?? 😂😂😂
Dom Lucre | Breaker of Narratives@dom_lucre
🔥🚨DEVELOPING: Indian State Media coverage of the conflict in Iran have been going viral due to how ‘overstimulating’ their news is compared to the rest of the planet.
English
Critical: Client-Side Encryption Collapse
site.com
↓
some_javascript.js
↓
Line no 80519 → encObj + base64 key
↓
atob(val) → "Encoded_Password"
↓
CryptoJS.AES.decrypt(encObj, passphrase)
↓
55 configuration properties → 107 operational secrets exposed
→ Azure AD client_secret → OAuth client_credentials flow
→ RSA public keys → Forge encrypted /enc/ API requests
→ HMAC key → Backend-accepted payload signing
→ Direct Line token → Production chatbot access
→ Monitoring / RUM keys → Telemetry manipulation
→ Auth0 + reCAPTCHA config → Auth flow manipulation
→ 31+ encrypted authentication endpoints mapped
↓
Use extracted Azure AD credentials
↓
Request token from Microsoft OAuth endpoint (client_credentials)
↓
Receive valid JWT with high-privilege role (e.g., AllAccess)
↓
“Super token” accepted by backend across protected API routes
(No user interaction required, role-based authorization granted)
↓
All sensitive authentication and account endpoints
were wrapped in client-side hybrid encryption
→ Every request payload encrypted in browser
→ AES-256-CBC used for body encryption
→ RSA-OAEP used to wrap per-request AES key
→ Server accepts any request that decrypts successfully
→ Decryption success treated as implicit authorization
↓
Reverse-engineer encryption module (@**6246)
→ Algorithm: AES-256-CBC + RSA-OAEP (SHA-512)
→ Random 32-byte AES key per request
→ IV derived client-side
→ AES key wrapped with embedded RSA public key (promocode_pem)
→ Final format: { "key": base64(RSA_key), "body": hex(AES_ciphertext) }
↓
Hook JSON.stringify + XMLHttpRequest
↓
Capture plaintext BEFORE encryption (credentials, OTPs, tokens)
Capture encrypted wrapper AFTER encryption
Capture correlated server responses
↓
Analyze MFA implementation
↓
IP-based rate limiting only (lockout resets on IP change)
OTP expiration not strictly enforced server-side
Encrypted payload fields trusted after decryption
↓
Mass takeover method
↓
1. Trigger MFA or password reset
2. Rotate IP to bypass rate limiting
3. Reuse or brute-force OTP under weak enforcement
4. Complete password reset flow
5. Authenticate as victim
6. Capture decrypted OTP and auth tokens via runtime hook
7. Reuse valid 2FA tokens for subsequent authenticated requests
↓
Full attack chain achieved:
→ Extract secrets from client bundle
→ Generate high-privilege JWT (“super token”)
→ Read any plaintext request (credentials, PII, tokens)
→ Forge any encrypted request the server will accept
→ Bypass MFA protections via IP rotation
→ Reset victim passwords
→ Decrypt authentication flows in runtime
→ Mass account takeover
English