Ben Sadeghipour

Hosting bug bounty village at @BSidesSF

1 day left before the Bug Bounty Village takes over #BSidesSF. 🛠️ Advanced Workshops with Caido 🚩 A dedicated WEB CTF 🏆 Massive Prize Pools Your logic vs. our challenges. Are you in?

@Blaklis_ @swisscom_csirt That's sick!

The best trophy I received in my bug bounty career, by far! Thanks @swisscom_csirt - it always has been pleasure to work with you all - and happy to see my work appreciated and respected! 9 years of hunting it - 10th one coming soon! 🎂 #bugbounty

@hackinghub_io sorry /actuato%72/heapdum%70

@hackinghub_io /actuator/heapdump

Keep your eyes peeled on these endpoints. 👀 /login ➡️ authentication bugs /reset-password ➡️ATO /upload ➡️ RCE /api/v1/user/1001 ➡️ BOLA /search?q=query ➡️ Injection bugs /view?file= ➡️ SSRF /admin ➡️ internal access Which endpoint have you found the most bugs on? 👇

Super excited to do a live demo of these at our Bug Bounty Village at @BSidesSF!

🚀Visit the Bug Bounty Village: HackingHub x Caido x Bugcrowd at BSidesSF (March 21–22). Workshops, high-value prizes, and a dedicated Web CTF🚩 #BSidesSF #BugBountyVillage

We'll be hosting another Bug Bounty Village at @BSidesSF this year with some hands on labs, live workshops, and CTF with prizes! See you there!

Shoutout to @rez0__ for coming on the first episode. May or may not release the next one next week.

I'm documenting my journey of learning how to hack LLMs and building with AI so I'm so excited for this week's video: BECOMING AN AI HACKER (Episode 1) 👉🏼 youtu.be/dG6NFXQOmsE

This is exactly the kind of content we love to see 🙌 Watching @NahamSec dig into AI hacking recon in real time is a masterclass. Honored that Neo has earned a spot in his pentest toolkit. If you're into AI security, this series is one to follow 👇

Excited to bring Bug Bounty Village back to BSidesSF with @hackinghub_io and @CaidoIO with @Bugcrowd's support! We'll be hosting some live workshops, hands-on challenges, and a CTF!

.@NahamSec teaches me bug bounty basics! He fills me in on the platforms, programs, and how the scope has grown so much now. Ben walked me through threat modeling and had a slick demo of his real-world bugs found with Red Bull and others 😎 Video: youtu.be/lNuvI48ysVo

New Hub: Naham CRM 🕶️ This bug was worth $15,000, but the exploit isn't just about a payload. You have to understand the logic of how applications talk to each other, and exactly where that communication breaks. Watch the full video and get started. 👇 app.hackinghub.io/hubs/nahamcrm

Different teams, diverging maturities. The core app blocked it. The events app didn’t. That gap is where the money was.

@CryingHacker @Hacker0x01 Thank you!

@NahamSec @Hacker0x01 Crazy how such a simple xss can get you so much congrats 😲 (and your shirt is diabolical)

I found really interesting XSS at a @hacker0x01 LHE that required a few bypasses. Do you think it was worth $15,000? youtu.be/oJM8GxyWs20

@thedawgyg 👀

@NahamSec That version of Chrome is vuln to RCE :P

I spent three days breaking this PDF renderer on the same target just to be sent the following user agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/145.0.0.0 Safari/537.36 - /

Wave 2 of @GraySwanAI’s Indirect Prompt Injection Challenge goes live today at 1 PM EDT. New targets, $10K in wave prizes, and every successful break still counts toward the $14K overall pool. Challenge: hubs.ly/Q043HD1M0 Discord: hubs.ly/Q043HBsh0