Olajeedae Jr 🇳🇬

Opened my HackerOne account in 2023, haven't hunted on the platform since then. Took a long break. Back now. Now we wait.

@damnsec1 I have been in that spot before.

I got a DM this evening. Someone needed me to explain how to get an IP address from someone's phone number. Obviously, I had to explain that these were different technologies and you can't just do that, but it's nice to see that people still think what I do is magic.

@akintunero AD is an on-premises, server based identity system, while Entra ID is a cloud-native, Identity-as-a-Service (IDaaS) platform.

You’re in a job interview and get asked the difference between Active Directory (AD) and Entra ID, but you can’t go into a long explanation… what’s your answer?

This is beyond frustrating, @Bugcrowd. For 5 months, I’ve been trying to receive my payouts. I followed every step, provided every document, and even spent ~$500 to register a UK business just to comply.

@commando_skiipz Happy birthday man

Happy birthday to me! 😅🎉

This is where I draw the line for me.

If you're using Payoneer, how did you get around $29.95 annual fee? I read you need to hit a certain transaction threshold yearly to waive. Nigerian hunters on intigriti, how are you receiving your bounties?

@nvm_hermes1 Hopefully this might help you @instatunnel/insecure-direct-object-references-idor-the-1-billion-authorization-bug-cfc342ba428a" target="_blank" rel="nofollow noopener">medium.com/@instatunnel/i… There are also more on YouTube from Nahamsec and others

@r007User Resources to learn idors please, some writeups

Reported another broken access control vulnerability on Intigriti. Another one to the queue

@S_pentest Thanx man hopefully it does not end up as duplicate

@r007User Congratulations 🍾🎈🎊

@MicrosoftEdge :D

Just wondering, how many tabs do you have open right now?

Exciting news: we have teamed up with @intigriti Bug hunters can now earn a FREE 6-month Burp Suite Professional license by hitting 400 reputation points on Intigriti. More power. Deeper testing. Bigger impact. Happy hunting 🐝 #BugBounty #Intigriti #BurpSuite

Common mistakes to avoid when using AI for vulnerability reports! 🧐 ❌ Letting AI write lengthy paragraphs (triagers need concise reports) ❌ Including untested PoCs (always verify your payload works) ❌ Copy-pasting AI reproduction steps (they lack target context) ❌ Following AI suggestions that violate platform rules (e.g. uploading PoC videos to YT without consent) ❌ Including speculative attack vectors without proof ❌ Using AI to respond to triage feedback requests More in next post! 👇

@tech_cyber1447 BAC

@r007User What's the bug type? Congratulations 🎊

Report just passed preliminary review on HackerOne.

No algorithms= parameter. The library doesn't know what algorithm to enforce so it accepts anything the token claims.

@Oluwakomiyo_ I can’t give tips on it yet. Waiting for the report process to finish on HackerOne.

@r007User Can u share the tip

@_jensec It also depends on what u able to do with the hours.

Biggest disadvantage of bug bounty is that your output (income) is tied directly to input(number of hours)

@FagbemiDamilo10 Okay boss

@r007User If it works It a sign for me Keep me posted boss

Opened my HackerOne account in 2023, haven't hunted on the platform since then. Took a long break. Back now. Now we wait.

I'm sure some people already have their own way of doing things, but I figured I'd share a Claude Code / general vibe-coding tip for people that I've found super useful. I don't think it's a secret that you should be getting an LLM to write your main instruction file (CLAUDE.md or equivalent). However, I've had really good results by telling the LLM to create this plan document, giving it a brief description of the thing I want to build, and including the following: > Reminder: I want a plan as the output here, not the code. > IMPORTANT: I want you to ask me questions now about any details, edge cases, features, etc. so that I can better instruct you. Keep asking me questions and DO NOT start writing the plan until I have explicitly told you I think you have enough information. (> included here for clarity). The reminder I've found useful because sometimes the LLM will go off and try to be too helpful, actually starting to write the code for you. The final line is key though. A good LLM will keep asking better and better questions, often giving you options to choose from. Iteratively refining the prompt until you have more information than you would have given it on your own.

If you’re looking to take the OSCP exam anytime soon this repos will help you a lot oscpdb.vercel.app