Eib

I just achieved one of my 2025 goals by gaining my first private invite on Bugcrowd ✌️✌️✌️

people are too busy in exploring chrome, kernel and other oss CVEs, meanwhile a DOMPurify bypass was silently dropped 👀 github.com/cure53/DOMPuri…

New redirect tricks from @castilho101 just dropped 🥷 ethiack.com/news/research/…

@F4tM4n2k Send a video poc, it works better

Got an RCE marked as Out of Scope because triage “couldn’t build the PoC file”. Meanwhile I had already documented almost every single step, note, and requirement needed to reproduce it. At this point I’m wondering if the vulnerability was harder to exploit… #RCE #bugbounty

Our first official Burp Suite extension is live! 🤠 Intigriti Quick Scope (IQS) fetches all your public & private programs directly from the Researcher API and auto-configures your Burp scope, and mandatory request headers with a single click! 😎 Get it now in the BApp Store! 👇 go.intigriti.com/get-iqs-bapp

@roohaa_n check out this video youtu.be/Pi-sdKx81hg

How u guys are using AI for bugbounty just curious to know about it or is there any blog or youtube channel :)

i'm taking a pause from hacking to resume building bugbountyhunter.com. i regret closing it down and I shouldn't of done it. everything will be back online EXACTLY as it was very soon and i've got some big plans for the future. and yes, that includes zseano methodology v2 ;)

We've just released a high fidelity scanner for CVE-2026-41940 (cPanel/WHM authentication bypass). All public PoCs so far lead to false negatives, and are not reliable. @SLCyberSec's research team's notes on this here: slcyber.io/research-cente… & tool here: github.com/assetnote/cpan…

"I'm still not an automation guy...it's not my style." - @ozgur_bbh Ozgur Alp joins WE'RE IN to share his views on AI and how he became a full-time independent security researcher: open.spotify.com/episode/7IQbxh…

One thing I’ve observed while doing bug bounty: It’s not always about learning more tools or techniques. Often, the difference comes from how deeply you analyze a feature. The same endpoint, tested with different perspectives, can lead to completely different findings. #bugbounty

Check this out. @cyberrado57/exploiting-supabase-misconfigurations-authentication-bypass-and-privilege-escalation-for-1-800-f20d02557e47" target="_blank" rel="nofollow noopener">medium.com/@cyberrado57/e…

Always stick to what makes you weird, odd, strange, different. That’s your source of power.

We've launched a new @WebSecAcademy topic on exploiting AI-powered security scanners! Learn how to use indirect prompt injection to steal data, cause damage & trigger exploit chains!

I've been learning a lot of new techniques by reading Synack exploit explained blogs synack.com/exploits-expla…

Here is a payload which might work for you, if you got an XSS, but it's blocked by Cloudflare WAF💥 Was able to bypass Cloudflare WAF with this and escalated it ultimately to ATO!

friendly reminder 🙃

Chained CSPT into full account takeover using a 2FA bypass technique I hadn't seen used in bug bounty before. whoareme.com/blog/cspt-acco…

@intigriti I'm going to self plug a relevant one here😁 saurinn.github.io/blog/xxe-oob-v…

Let others worry about being socially acceptable; those types are a dime a dozen, and you are after a power greater than they can imagine.

ROOT FOR YOUR FRIENDS