✨Neha Tariq✨

Alhamdulillah, first goal of this year has achieved :) Leveled up to level 0x05! @SynackRedTeam @synack

Happy New Year everyone! I hope the past year was wonderful for you and this one will be even more amazing. #Welcome2024

Thanks a lot @synack @SynackRedTeam for sending this amazing jacket 🔥🔥🔥 #synack #redteam #BugBounty

@ShawarkOFFICIAL @SynackRedTeam Congrats btw did you get the coin holder as well?

@SynackRedTeam challenge coins. Rewarded based on achievements and levels.

New blog post on a recent collab with @UsmanMansha420 where I bypassed Akamai WAF to get RCE on a Java application with Spring EL injection. Spent some time writing about the process of constructing the custom payload. Hope you enjoy! h1pmnh.github.io/post/writeup_s…

Au pays des rêves. #HappyNewYear2023

I just published a blog post for the people that want to get into bug bounties. I hope it helps people that are thinking about doing bug bounties, but haven't started yet. It explains what to expect and how to deal with common problems / situations: shubs.io/so-you-want-to…

I earned $2,500 for my submission on @bugcrowd bugcrowd.com/l0cpd #ItTakesACrowd SQL to RCE Thanks for the post below that gave me the idea. infosecwriteups.com/how-i-escalate…

Got my first ever XXE accepted on @SynackRedTeam. Here's a writeup on how I did it: kuldeep.io/posts/second-o…

Thank you @synack and @SynackRedTeam for the amazing gifts #swag #redteam

@Mdhsan19 @0x1int The lowest impact is Reflected XSS which can be done with the following payload: <domain>/docpicker/internal_proxy/http/brutelogic.com.br/poc.svg

@0x1int Can you explain little bit about the 2nd report I actually I found a same issue some time ago but they closed it as informative how you increase its severity

I hacked a gaming company this year. Here's how I did it:

Bypassing WAF to Weaponize a Stored XSS infosecwriteups.com/bypassing-waf-…

6 Free Labs to master XXE attack 🧵

@phyr3wall Not decided yet!

@nehatarick @synack @SynackRedTeam Nice work! Looking forward to seeing how you display them. Are you going to put them in a frame or display box?

Got my full collection of coins today. Thank you @synack for this amazing gift.

@Spy0x7 @SynackRedTeam @synack no, 2021

@nehatarick @SynackRedTeam @synack Congratulations 2022 15,15?

Blogged about a fun SSRF I found last month on @SynackRedTeam #bugbounty #bugbountytips infosecwriteups.com/svg-ssrfs-and-…

Check out my vulnerability write up about critical bugs in Apple infrastructure worth 36,000 in bounties. @StealthyBugs/2c43e81bcc52" target="_blank" rel="nofollow noopener">medium.com/@StealthyBugs/… #BugBounty #exploit #infosec #whitehat #bugbountytips #ethicalhacking

Exploiting DOM Based XSS via Misconfigured postMessage() Function @armaanpathan/exploiting-dom-based-xss-via-misconfigured-postmessage-function-bfc794969a0a" target="_blank" rel="nofollow noopener">medium.com/@armaanpathan/…

@HannanHaseeb11 @SynackRedTeam @synack Congrats 🎉

Alhamdulillah! Leveled up to 0x03! via @SynackRedTeam @synack #BugBounty #bugbountytip