Cyberman

Day 36/100 Found my first real bug today. IDOR on a live #BugBounty target. Fully documented; screenshots, PoC & written report. Then hit a signal wall, can't submit yet as a new researcher. But the bug is real & the report ready #IDOR

Day 64-65/100 Owasp Juice Shop still down so I shifted to portswigger, completed labs on DOM XSS via location.search and reflected XSS with heavy tag/attribute filtering and WAF restrictions. Understanding filters and how browsers interpret input matters #BugBounty #XSS

Day 63/100 🚀 Returned to OWASP Juice Shop today to continue testing a possible complaint system authorization issue involving manipulated userId values. Unfortunately the public Juice Shop instance went down mid-session, so testing paused for now. #BugBounty #CyberSecurity

Day 61/100🚀 Continuing OWASP Juice Shop testing on the complaints feature and request tampering. Reviewed earlier findings around userId manipulation in complaint creation and confirmed that requests are still accepted serverside Next is to map out full complaint flow #BugBounty

Day 62/100 Completed the #BountyHacker room on @tryhackme fully on my own as a side quest for today. Scanned ports, accessed ftp, analyzed files, gained ssh access and escalated privileges to root for the final flag. Starting to trust my process more..(it was an easy room)

I just completed Bounty Hacker room on TryHackMe! You talked a big game about being the most elite hacker in the solar system. Prove it and claim your right to the status of Elite Bounty Hacker! tryhackme.com/room/cowboyhac… #tryhackme via @tryhackme

The Jr Penetration Tester path just got a serious upgrade ⚡ 89 rooms. 17 modules. 70+ hours. From first scan to final report🛠️ Start the path today and win big 👀 🎟️ tryhackme.com/the-red-raffle…

@manojdotdev 😁😁

Mfs creating github accounts without knowing GIT

🤠 You talked the talk at the bar, now walk the walk. Recon, brute-force & privilege escalation✅ Escalate your privileges on a Linux host and take full control. See the thread for more 🧵 🔗 tryhackme.com/room/cowboyhac…

“𝘈𝘭𝘭 𝘵𝘩𝘪𝘴 𝘴𝘵𝘳𝘶𝘨𝘨𝘭𝘦 𝘫𝘶𝘴𝘵 𝘧𝘰𝘳 𝘭𝘪𝘧𝘦 𝘵𝘰 𝘦𝘯𝘥 𝘰𝘯 𝘢 𝘳𝘢𝘯𝘥𝘰𝘮 𝘥𝘢𝘺.” — 𝘍𝘺𝘰𝘥𝘰𝘳 𝘋𝘰𝘴𝘵𝘰𝘦𝘷𝘴𝘬𝘺

I completed the Web Security Academy lab: Multi-step process with no access control on one step @WebSecAcademy portswigger.net/web-security/a…

Day 60/100 🚀 Deciding to step back from live target testing for a bit and return to OWASP Juice Shop. Realized I need stronger repetition on vulnerability patterns, exploit flow and understanding why certain defenses fail instead of randomly chasing weak leads. #BugBounty

BUG BOUNTY IS NOT DEAD Choose a program/company that respects and value your contribution to the security of their systems. You will definitely WIN.

Day 58-59/100 🚀 Been testing input handling across profile features and seller application flows. Tried multiple XSS/SSTI payloads in different contexts; bio fields, display name inputs, form fields Most payloads were rendered as plain text/blocked by validation. #BugBounty

Day 57 🤦🏽‍♂️ my eyes were shutting when I made the post. I moved on from a return address form that seemed really protected... prepping myself for the next part

Day 54/100 🚀 Short session today. Mostly reviewing flows organizing notes, and preparing cleaner testing paths for the next round. Not everyday is about big findings; some days are about and sharpening understanding. This field seems well protected. Time to move on. #BugBounty

People dey chop money for this Cybersecurity thing ooo One day me sef go chop my own share

@CyberRacheal @cybermansec

Drop your handles in your in Cybersecurity. Engage with other cyber fellows.

Day 55-56/100 Away from my PC last night but back at it. Been probing WAF filter logic, bypassing keyword matching character by character. The filter seems smart but so is the methodology. Every error ID is data only this data cannot be exploited as its randomized. #BugBounty