Sabitlenmiş Tweet
Automated creativity gives endless possibilities, but it's your duty to maintain authenticity, for newer possibilities.
English
Fardeen A. 🇮🇳 🇵🇸
1.5K posts
Fardeen A. 🇮🇳 🇵🇸
@insecrez
🌐| Security Engineer 🐞| Part-Time EH ⚡️| Memer 🫂| Need professional help.? Book now 👇👇
India Katılım Ekim 2019
199 Takip Edilen5.3K Takipçiler
Underrated Bug-Bounty resources for new hunters :-
CAIDO - The web hacking toolkit designed to scale manual testing through AI and teamwork.
Resource - caido.io
Peace and Salam✌️
#BugBounty #security #assessments #resource #cybersecurity
English
Underrated Bug-Bounty resources for new hunters :-
MITRE Caldera - A cybersecurity framework developed that empowers cyber practitioners for automated security assessments.
Resource Link - caldera.mitre.org
Peace and Salam✌️
#BugBounty #cybersecurity #tweet #resources
English
> pip install litellm
Congratulations you have exfiltrated your SSH keys, with all other sensitive data from your system.
English
@hakluke Why not. As a researcher, not internal, but other informations can be shared that are non-sensitive in nature.
English
Bug bounty question:
If you submit a bug, and it gets marked as an internal dupe because "the team already knew about it", is it fair to ask for proof?
English
@infoscresearchr Can you Help me getting into Bug Bounty? I am 15...
English
Bug-Bounty Tip for new hunters
Find Login Portals with HTTPX
cat subs.txt | httpx -path /login -status-code -title -silent | grep -Ei "200|302"
Easily identify login portals — great for brute-force, bypass, or misconfig tests.
Peace✌️
#BugBounty #bugbountytips #cybersecurity
English
@insecrez people need to stop working with the programs that dont care.
English
The right answer by @thedawgyg for anyone who is going through massive Duplicate / NA streak in Bug-Bounty Hunting
dawgyg - WoH@thedawgyg
Your choosing the wrong programs if your getting dupes on 9+ CVSS reports, or your scoring them wrong. The vast majority of programs have SLAs to fix High and Criticals (most companies have to fix criticals in 7 days or less, highs in 30 days or less), and if they arent fixing them that fast, you are wasting your time because they dont care about security (they are also likely violating their own published docs in their SOC 2 and other Audit stuff, which is another indicator they dont care about security).
English
Underrated Bug-Bounty resources for new hunters :-
Vibe Security -> The pathway of Junior PT is absolutely free (Use Code: FREE50) (Limited Time Only)
Resource -> vibsecurity.com/certifications
Peace and Salam✌️
#bugbounty #cybersecurity #bugs #tweet #SecurityWarning
English
im a different bread of psycho who sleeps as 7 am and wakes up at 7 pm
Esluva 🎀@Vesper_2005
Only a psycho can sleep at 3am & wake up at 7am
English
Underrated Bug-Bounty resources for new hunters :-
OverTheWire: The portal to learn linux and networking for offsec in a fun way
Resource -> overthewire.org/wargames/
Peace and Salam✌️
#bugbounty #tips #Bugs #tweet #bugbountytips
English
I made close to $10,000 from bug bounties this month. I'm 19. Still in engineering school.
Here's what I didn't show you.
I found a Critical RCE — Remote Code Execution via path traversal on a company's server. The kind of bug that pays $5,000-$20,000.
Duplicate. Someone found it 12 days before me.
$0.
Same work. Same skill. Same report. Wrong timing.
That's one of dozens. For every bounty I post, there are 15+ reports that got:
→ Duplicated
→ Marked informative
→ Ignored for months
→ Closed as "not applicable"
→ Lowballed after months of follow-ups
But you know what I do when that happens?
I wake up. No emotion. No hate. I open Burp Suite. Next target. Next report.
Because if I don't, someone else will. Every day I take off is a day someone else dupes me on the next find. So I show up. Even when I don't feel like it. Even when it hurts.
Bug bounty is not "find bug, get paid." It's find 50 bugs, fight for 6, get duped on some of your best work, get ghosted on others, and still show up the next morning.
The $10K months are real. But behind every mountain is a hundred steps nobody sees.
If you're starting out and getting duped and rejected — that IS the path. You're not doing it wrong. You're doing it.
Keep going.
English
Underrated Bug-Bounty resources for new hunters :-
awesome-firmware-security -> a github repository that pushed you to learn Firmware security and testing.
Resource - github.com/PreOS-Security…
Peace and Salam✌️
#BugBounty #cybersecurity #bugbountytip #resource #GitHubVibeRiders
English
Underrated Bug-Bounty resources for new hunters :-
osx-and-ios-security-awesome -> a github repository to get you started with IOS security and penetration testing.
Resource -> github.com/ashishb/osx-an…
Peace and Salam✌️
#BugBounty #bugbountytip #resourcepack #skillup
English
Underrated Bug-Bounty resources for new hunters :-
@MobileHackLab : An initiative that has some free get-to-start beginner courses for Mobile Hacking.
Resource - mobilehackinglab.com
Peace and Salam ✌️
English
QAM
English
@NahamSec Upload RTFM over custom GPT and ask LLM Model from it ✅
English
@GodfatherOrwa @hunter0x7 doing some crazy stuff, and sharing it to the community. Thanks mahn
English
What a amazing find , and the post it self contained all the steps
That’s what #bugbountytips I loved to see ❤️
Ahsan Khan@hunter0x7
Critical: Client-Side Encryption Collapse site.com ↓ some_javascript.js ↓ Line no 80519 → encObj + base64 key ↓ atob(val) → "Encoded_Password" ↓ CryptoJS.AES.decrypt(encObj, passphrase) ↓ 55 configuration properties → 107 operational secrets exposed → Azure AD client_secret → OAuth client_credentials flow → RSA public keys → Forge encrypted /enc/ API requests → HMAC key → Backend-accepted payload signing → Direct Line token → Production chatbot access → Monitoring / RUM keys → Telemetry manipulation → Auth0 + reCAPTCHA config → Auth flow manipulation → 31+ encrypted authentication endpoints mapped ↓ Use extracted Azure AD credentials ↓ Request token from Microsoft OAuth endpoint (client_credentials) ↓ Receive valid JWT with high-privilege role (e.g., AllAccess) ↓ “Super token” accepted by backend across protected API routes (No user interaction required, role-based authorization granted) ↓ All sensitive authentication and account endpoints were wrapped in client-side hybrid encryption → Every request payload encrypted in browser → AES-256-CBC used for body encryption → RSA-OAEP used to wrap per-request AES key → Server accepts any request that decrypts successfully → Decryption success treated as implicit authorization ↓ Reverse-engineer encryption module (@**6246) → Algorithm: AES-256-CBC + RSA-OAEP (SHA-512) → Random 32-byte AES key per request → IV derived client-side → AES key wrapped with embedded RSA public key (promocode_pem) → Final format: { "key": base64(RSA_key), "body": hex(AES_ciphertext) } ↓ Hook JSON.stringify + XMLHttpRequest ↓ Capture plaintext BEFORE encryption (credentials, OTPs, tokens) Capture encrypted wrapper AFTER encryption Capture correlated server responses ↓ Analyze MFA implementation ↓ IP-based rate limiting only (lockout resets on IP change) OTP expiration not strictly enforced server-side Encrypted payload fields trusted after decryption ↓ Mass takeover method ↓ 1. Trigger MFA or password reset 2. Rotate IP to bypass rate limiting 3. Reuse or brute-force OTP under weak enforcement 4. Complete password reset flow 5. Authenticate as victim 6. Capture decrypted OTP and auth tokens via runtime hook 7. Reuse valid 2FA tokens for subsequent authenticated requests ↓ Full attack chain achieved: → Extract secrets from client bundle → Generate high-privilege JWT (“super token”) → Read any plaintext request (credentials, PII, tokens) → Forge any encrypted request the server will accept → Bypass MFA protections via IP rotation → Reset victim passwords → Decrypt authentication flows in runtime → Mass account takeover
English
Underrated Bug-Bounty resources for new hunters :-
OpenSSF -> a place from where you can learn basics of secure software development.
Resource -> openssf.org/training/cours…
Peace and Salam✌️
English
