Proviesec

I just published Broken Link Hijacking — 404 Google Play Store— xxx$ Bounty link.medium.com/SXAJg6rS9kb #BugBounty #infosec #Hacking

@mqst_ Here's another tip :)medium.com/bugbountywrite…

👾 Web Fuzzing Guide: Fuzzing Web Apps to Find Bugs with Burp Suite Blog: hackers-arise.net/2023/12/12/web… #infosec #fuzzing

@BugBountyCenter github.com/Proviesec github.com/Proviesec/PSFu… github.com/Proviesec/goog… :)

GitHub repos for bug bounty hunters: 1. github.com/0xmaximus/Gala… 2. github.com/coffinxp/nucle… 3. github.com/0xKayala/Custo… 4. github.com/HackTricks-wik… 5. github.com/cipher387/Dork… 6. github.com/techgaun/githu… 7. github.com/s0md3v/Awesome… 8. github.com/TakSec/google-… 9. github.com/arainho/awesom… 10. github.com/0xInfection/Aw… 11. github.com/0xMrNiko/Aweso… 12. github.com/Lissy93/web-ch… 13. github.com/jakejarvis/awe… 14. github.com/swisskyrepo/Pa… 15. github.com/m14r41/Pentest… 16. github.com/ayoubfathi/lea… 17. github.com/streaak/keyhac… 18. github.com/devanshbatham/… 19. github.com/SecShiv/OneDor… 20. github.com/Hari-prasaanth… 21. github.com/djadmin/awesom… 22. github.com/Az0x7/vulnerab… 23. github.com/nahamsec/Resou… 24. github.com/daffainfo/AllA… 25. github.com/fuzzdb-project… 26. github.com/qazbnm456/awes… 27. github.com/infoslack/awes… 28. github.com/enaqx/awesome-… 29. github.com/reddelexc/hack… 30. github.com/tomnomnom/hacks 31. github.com/danielmiessler… Drop the ones I'm missing or the ones you find most useful in your hunting workflow. #BugBounty #BugBountyTips #WebSec

@bountywriteups If anyone has any ideas for the tool, bring it on :)

PSFuzz: Rethinking Web Fuzzing in the Age of AI infosecwriteups.com/psfuzz-rethink… #bugbounty #bugbountytips #bugbountytip

@shakquraa @v3d_bug I also included some response analyzes. Maybe an inspiration for you too. ;) I'll test your tool now :)

@shakquraa @v3d_bug Damn I had the same idea🤣 github.com/Proviesec/PSFu…

ffuf just got smarter 🤖⚡ ffufai brings AI into fuzzing — smarter payloads, better endpoint discovery, less noise. Stop guessing. Start targeting. 🎯 🔗 Source: github.com/jthack/ffufai #BugBounty #Infosec #WebSecurity #Recon

Most fuzzing is still guesswork. I rebuilt my tool PSFuzz to change that: → understand target first → then fuzz Less noise. More signal. GitHub: github.com/Proviesec/PSFu… Article: medium.com/bugbountywrite… #bugbounty #cybersecurity #websecurity #ai

@wha_nex @the_IDORminator yes sometimes :).

@proviesec @the_IDORminator It will probably be out of scope and most program won't accept it

Isnt it interesting that most #bugbounty programs wont pay for leaked credentials? What do you make of that? and... When an entity that has 100+ internet facing domains only puts www[.]oneWebsite[.]com in scope -- do you instantly hit "Next" without looking like I do? 🤣

@intigriti It was an admin interface of a large portal. I injected it through a report.

@proviesec cool find, what app component? 👀

What was your first valid vulnerability? 😎

@intigriti @Burp_Suite and @WebSecAcademy. All from @NahamSec and Spirit from @stokfredrik 💪

Top hackers! You have been asked so many times on how to start with bug bounties 😅 Help us build the ultimate beginner's guide, what resources helped you the most when starting out? 👇

@Behi_Sec Thx for the Tip :)

I missed many bugs simply because I did not review and analyze all the JavaScript files. This Burp extension is now closing that gap for me: github.com/jenish-sojitra…

@d3dn0v4 @intigriti I love IDOR bugs :)

@proviesec @intigriti thank u , it was IDOR

1st accepted bug on @intigriti not a bad way to start my morning 😉

@bugbountywizard I love IDOR Bugs 👍💪

IDOR Vulnerability in Staff Management Endpoint — Arbitrary Deletion of Staff Members — $500 by Hasan Khan @Hasan_khan0x/idor-vulnerability-in-staff-management-endpoint-arbitrary-deletion-of-staff-members-500-aff5c84de2ff" target="_blank" rel="nofollow noopener">medium.com/@Hasan_khan0x/… #bugbounty #bugbountytips #bugbountytip

@kassem_S94 Thx :)

@proviesec youtu.be/wDQxVVHDlfc

💰$1500 bounty for IDOR discovered using My Secret Hunter Tool 🧘‍♂️"OLD BUT GOLD" -Exposed endpoint -Unauthorized access -Sensitive data disclosure 💁‍♂️The right tools don’t replace skills they amplify impact 🚨Join Us t.me/kassems94 #BugBounty #hacking #hackers

@0xmicho1 @Hacker0x01 It looks like this is mutual :)

I love hackerone ❤️ @Hacker0x01

@Behi_Sec So true, good list 👍

You can find a critical bug on any target by applying 4 simple rules: - Use the target service as a customer - Use every single feature they provide - Read every single doc they have - Test basic common bugs on all of those features This is literally all you need to succeed.

@HannanHaseeb11 @yeswehack Congrats 👍

Really happy to share that I recently got rewarded for the XSS vulnerabilities I reported on one of the top public programs on @YesWeHack. I reported around 45 XSS vulnerabilities, and the program team handled everything very professionally.