James

@0xLupin Trying to balance the full time job, getting the startup off the ground, hitting the bug bounty goals, all while trying to be a good family man. Life is good though I can’t complain, hoping to be able to make tweets like yours soon 😎

@jtcsec Hehe thank you James ! Long time no see, how have you been ???

WE DID IT ! WE RAISED $5.9M PRE-SEED 🥳🎉🎉

@rez0__ Get a hefty $500 for a crit IIRC fun stuff

They have a vdp and maybe a bb program if someone wants to dig in and find out what happened for a report

Fascinating and very in depth writeup of active exploitation

Doing a source code review, and found they encode every single static variable value with a custom base64 function that also obfuscates it, it’s so irritating. Just makes me more determined to find bugs in it 😈

Siemens recently published an advisory containing several vulnerabilities I reported to them on devices using their ROX Firmware, was fun to dig deep into the backend code of an industrial networking device :) cert-portal.siemens.com/productcert/ht…

Accidentally finding a command injection vulnerability because you have an @ in your password and the rest of it fails to resolve into a valid hostname 🤔

@Jhaddix @jtsec Happened to be scrolling through this thread on my own and was shocked to find my one piece of content - thanks for the shoutout! I’m glad people can make good use out of it

.@jtsec has a video guide for those interested where he creates a custom CORS check: youtube.com/watch?v=bHXkQj… 5/x

A thread🧵 💸Secrets of automation-kings in bug bounty💸 Finding 1day (or 1month) web exploits that haven't made their into scanners yet can make you big money. Read more to understand where and how to get an edge in this area! 🚨Retweet, follow, & like for more! 🚨 1/x

PD tools stay winning

@ceos3c @BugBountyHunt3r I struggle with attention span and wasn’t confident in myself. Trying to start on real targets I’d do lots of searching and couldn’t tell if no bugs there or my error. BBH forces you to practice your skills and you know bugs are there - easier to stay motivated

As a Bug Bounty Hunter, what is the single most valuable resource (course, blog, cert, book) that has boosted your skills the most? 👇✍️

@ITSecurityguard Gotten bounties from this before, disclosed localhost request to really wack custom paths to an admin dashboard, which in turn was externally accessible. Excellent tip!

Do you want to create a wordlist for yourself? Not sure where to start? Not sure what others are doing? Go to any public program and find a /metrics endpoint accessible, extract the paths, profit #BugBounty #bugbountytip #bugbountytips

@Jhaddix Its true the bugs still pay, which is why I keep going back to them, but won't spend the time to take a deep dive for crits. Even if I get lots of dupes, they are still at least paying some of them, which is better then my test H1 target that is only VDP

@jtcsec It’s just to get my tooling back up to snuff & shake off the dust. Tbh tho, I know a TON of people complain about it, I have had 3k+ P1s, plus the low/easy stuff adds up. I guess my pro tip would be, for them, you have to really focus on the writeup. Explain to them the impact

Pulling out an old but good target tonight to get warmed up. Starts with a “w” and ends with a “rt”. Didn’t always pay consistently but has a giant scope and is a good confidence builder. #BugBountyDiary

I spend so much of my time away from the keyboard theorycrafting things to try, particularly automation, and then when I can sit down and actually work on it I instantly lose all motivation

@hakluke I clicked the link then…

Write a security professional's nightmare in 5 words or less. 👇

@joehelle How many pentests are fully remote vs travel to client and test on site? How much time do you spend hacking vs preparation/writing reports for an engagement?

Up late. Ask me anything.

Python 3 support praise the good lord

@0xLupin Hits close to home 😅

Here is a little graphic to understand How to Become a Full time Bug Hunter 👀 #BugBountyTips

Anyone in the US have suggestions for good conferences to go to? Never been to one and I’d love to change that this year. East coast is ideal but I don’t mind traveling for good quality