Manoel Abreu

Here it is. My $50M CTF writeup: github.com/manoelt/50M_CT… Hope you enjoy. @Hacker0x01 @daeken

@BugBountyDEFCON @hackinghub_io Just for the Labubu… 😅

Giveaway brought to you by @hackinghub_io: 5x Blind XSS vouchers 5x Web Exploitation vouchers How to enter: 1⃣ Follow @BugBountyDEFCON + subscribe to our YouTube channel 2⃣Follow @hackinghub_io 3⃣ ❤️+🔃 this post 4⃣Comment this post Winners will be picked on Friday 8/29 Youtube channel: @BugBountyVillage" target="_blank" rel="nofollow noopener">youtube.com/@BugBountyVill… And if you made it this far, you might as well join our other social media channels and subscribe to our mailing list! it only takes a minute, and It helps us a lot, and makes possible to bring these giveaways to you. Mailing list: bugbountydefcon.com/mail TikTok: @bugbountydefcon" target="_blank" rel="nofollow noopener">tiktok.com/@bugbountydefc… LinkedIn: linkedin.com/company/bugbou… Instagram: instagram.com/bugbountydefco…

This is awesome!

Delayed Christmas gift. 😅 Thanks @arthurair_es

@Jhaddix @Shopify @Hacker0x01 x.com/lbherrera_/sta…

Hey @Shopify @Hacker0x01 ... I have had two bug hunters come to me and tell me horror stories about your bug bounty lately. Valid bugs being exploited and you coming out saying... "oh we had planned on fixing that... no impact" That is NOT the bug bounty contract. If there is a PoC showing the bug was exploitable at ANY time, you should pay the researcher. Don't contribute to a bug bounty community that makes researchers think bug bounty is a scam. Also - dont hide behind the new CVSS. Program owners looking to downgrade bugs to save money using the new CVSS and splitting bugs are SUPER scummy. Contact @G0LDEN_infosec

"Additionally we set Attack Complexity to High because the attack depends on the victim using a computer"

@pqcorvo Na próxima a gente só vai dar as camisas para quem mostrar o extrato com pagamento da h1! 😂😂

toda pessoa que vejo usando blusa da hackerone não faz bounty - corvo #bolhasec

Nice technique.

Google's Product Security Team (my broader team!) is hiring in Brazil! Here's the link for the Manager we want to hire there to start the team! google.com/about/careers/…

tramoia.sh ??.??.2024

Começamos a Village de Bug Bounty na @h2hconference ! Teremos adesivos e camisas da @Hacker0x01 . Bora! @arthurair_es @0xTeles

🚨 @Hacker0x01 Bug Bounty Village na @h2hconference!!!! A agenda da nossa village de bug bounty na H2HC já está disponível. Vamos ter talks absurdas com bastante história e tricks. Para participar dos sorteios que irão ocorrer, se cadastra aqui: h1.community/events/details…

@ellisonleao Salvei essa squad incontáveis vezes.

@xcarolixs @g1 A depender do que você reportou você pode ter cometido um crime, e como eles não te autorizaram, cabe processo. Eles não terem te agradecido só mostra imaturidade quando o assunto é pesquisador externo e talvez por isso nem tenham aberto um programa de bug bounty.

@reefbr @g1 Não digo pagar pelos reports e sim ao menos responder e não corrigir a falha apenas sem comunicar a todos que reportaram e segundo, ilegal seria se eu vendesse as informações deles ou tomasse o ambiente, eu reportei a falha a eles tanto que fizeram a correção :)

@xcarolixs @g1 Sim, ou programa privado, quando você é convidado.

@reefbr @g1 Vocês que trabalham com isso só reportam falhas quando a empresa tem um programa público? (duvida genuína)

@r3tr074 @h2hconference Congrats @r3tr074 !

It’s so bad that I wrote a thread 🧵 ⤵️

Vamos ter uma Village de Bug Bounty durante a @h2hconference . Quer nos contar sobre algum bug ou técnica? Por favor, submeta sua talk! Vamos ter o apoio da @Hacker0x01 ! forms.gle/b1qAzsqJmshffv…

@Hacker0x01 @codecancare Congrats @codecancare !!!

Congratulations @codecancare for reaching $4 million in bounty payouts! Whether you’re finding bugs or providing support and advice, we thank you for your contributions to our community and being a role model to hackers everywhere!