Adͥitͣyͫส

. My 2024-25 Goal 👨🏻‍💻 . Slow progress build character . #Newbie #Pentesting #Goals2024

#NCSC #CyberSecurity #BugBounty #ResponsibleDisclosure #InfoSec #EthicalHacking #SecurityResearcher #WebSecurity #NCIIPC

Happy to secure Dutch Government @NCSC 🤩 I found some archived urls via my tool WEBURLS, which leaks PII of users like payment details. Vulnerability: BAC / Misconfiguration Tool : github.com/enterlectury/w… Reward: Official NCSC-NL T-shirt on the way👕 write-up coming soon! 💻

Level up your bug bounty workflow 🚀 💎 One-Liners by 0xPugal = a goldmine of powerful recon & exploitation commands — all in a single line. 🔥 What you get: • ⚡ Fast recon pipelines • 🎯 Ready-to-use XSS / SSRF / LFI chains • 🧠 Real-world automation workflows • 🛠️ Tool chaining like a pro 🔗 Source: github.com/0xPugal/One-Li… ❌ Don’t just copy-paste ✅ Understand the chain → hunt smarter #BugBounty #CyberSecurity #Infosec #Hacking #Recon #

My methodology for finding xss via @KN0X55 x.com/alra3ees/statu… x.com/alra3ees/statu… It’s very easy and very simple. I don’t use anything else. NO SECRETS. NO PRIVATE TOOLS.

I earned $650 for my submission on @bugcrowd bugcrowd.com/suyash_technor… Tip- Use tools like dnsgen and alterx to find hidden/newly added subdomains #ItTakesACrowd #bugbountytips #bugbounty

Big shoutout to my teammates Gautam, Anshu, Sachin, and Sumit for their dedication and teamwork 🙌 #HackathonWin #ThirdRank #VIRASAT #PatnaWomensCollege #EducationForAll #InclusionMatters #Empowerment #TeamWork #TeamEffort #TechForGood

Happy to share that our team secured 3rd rank 🥉 at the VIRASAT Hackathon, hosted by Patna Women’s College 🎉 It was an amazing experience working on the theme Education, Inclusion & Empowerment—we learned a lot, built together, and grew together 💪

@ProwlSec I saw ur video, u check at first does site support xxe payload and then u use your own xxe payload that retrieve data form server. Is I'm correct ? Correct me if I'm wrong. Btw congratulations for bugs.🎉

@enterlectury the parameters

How hackers exfiltrate data blindly and earn $$$ bounties? Watch here: youtube.com/watch?v=iAwDsQ… In this video I have explained how blind data exfiltration works and how to perform it properly with some payloads too. Make sure you give it a try in your next bug hunting!!

Grateful to be part of @GdgPatna 💚 Google DevFest Patna as a volunteer 🙌✨ Learning, networking, and great vibes all around! 🚀 #GDGPatna #DevFestPatna #GoogleDevFest #DevFest2025 #VolunteerLife #TechCommunity #DeveloperCommunity #Learning #Networking #TechEvents

Grateful to GDG Patna for an inspiring and value-driven experience. Leaving motivated and excited to apply these learnings ahead #GDGPatna #DevFest #TechCommunity #Frontend #Al #Firebase #Flutter #Entrepreneurship #Salesforce #learning

It was great to see the Salesforce team actively engaging with the community and sharing industry perspectives. Kudos to Anurag Verma and Barkha Agarwal for organizing such a smooth event, and thanks to all the volunteers who made it successful.

A Day of Learning, Innovation, and Inspiration at DevFest Patna: Insights Beyond the Code💡 Pankaj Rai Sir (GDG Android Oslo & Firebase Me) shared clear, practical insights on using Firebase and modern tools to build fast and scalable solutions.

Google dorks that i use to fetch about chinese APTs, Adversaries, malwares and security related blogs. Cyber Blogs: site:*.cn intext:"网络安全" | intext:"cybersecurity" | intext:"恶意软件" | intext:"高级持续性威胁" -inurl:(signup | login) malwares: site:*.cn intext:"恶意软件开发" | intext:"malware development" | intext:"恶意代码" -inurl:(forum | bbs | login) Adversaries: site:*.cn intext:"高级持续性威胁" | intext:"APT" | intext:"网络威胁行为者" | intext:"威胁情报" -inurl:(news | login) Blogs: inurl:(blog | blogs) intext:"网络安全" | intext:"恶意软件" | intext:"APT" lang:zh -inurl:(signup | login) You can change the intext, based on the content you need to fetch or read or research etc etc .

if the target uses zendesk to handle support emails you could send an email with payload `{{ticket.ccs[0].name}}a{{ticket.ccs[0].phone}}` by adding `victim@gmail.com` in CC and extract victim info ranging from phone, address to payment info #bugbounty #bugbountytips

🔍 Question of the day: Which tools are your go-to choices for bug bounty automation? 1) amass 2) subfinder 3) github-subdomains 4) findomain 5) assetfinder 6) securitytrails 7) Rapid DNS 8) crt(.)sh 9) dnsx 10) massdns 11) puredns 12) httpx 13) naabu 14) RustScan 15) katana 16) hakrawler 17) wayback 18) gau 19) waymore 20) nuclei 21) Intelx 22) Short Name Scanner 23) axiom 24) ShadowClone 25) anew 26) qsreplace 27) chaos 28) notify 29) ffuf 30) gotator 31) gowitness 32) dorks_hunter 33) dehashed 34) dirbuster 35) LinkFinder 36) Param Miner 37) Arjun 38) clairvoyance 39) sqlmap 40) Ghauri 41) XSStrike 42) dalfox 43) dnsReaper Let me know If I've missed out on any other Important ones :) #BugBountyTips #HackerOne #BugCrowd #SecurityTips #InfoSec #CyberSecurity