sieferhackx

@ThomasArtistic no problem!

@vfxacs Sure but if possible can we talk in DMs?

Looking for developer/designer who can build a responsive website for a vacation rental. I need stunning design work, modern conversion optimized. What I want from you read below ⬇️⬇️⬇️⬇️⬇️

@mmmoiez I opened it for you 😀

@vfxacs Definitely interested, but how do i contact since your dm is closed? @vfxacs!

@laurath0_ You will, I would highly appreciate creating a demo site!

@vfxacs Also dropped you an email, make sure to check it! Looking forward to hearing back from you...

@ThomasArtistic I will, I would highly appreciate creating a demo site!

@vfxacs I sent you an email regarding the website, looking forward to hearing from you soon.

@ammaddyaseen opened my dms 😀

@vfxacs Hey Sieferhackx, Developer and Designer here to help you out lets connect!

@ammaddyaseen opened my dms 😀

@vfxacs Hey! I design and build responsive websites and would love to help with your vacation rental project. I focus on modern UI and conversion optimized experiences. Your DMs seem closed follow back and I can send over my portfolio.

@ItsAdnanHeto opened my dms 😀

@vfxacs The fact you mentioned not just a brochure website already says a lot, most rental sites look decent but make people feel nothing. The smooth transitions + parallax + fast load balance is where this gets interesting. Your DMs seem locked on my side though.

@nayab11098 Send to my email 🫶

@vfxacs lets connect

@Apex_Uiux Send to my email 🫶

@vfxacs hello i am a website designer i design professional responsive website

This is NOT just a brochure website. I want something that makes people want to book. To apply, send me the sample page and show me your best animated/interactive work. Good pay for good work. 🔥 Reply to: Adrian.Siefer@proton.me

•3–5 page high-converting website •Mobile optimized, flawless on every device •Smooth scroll-based animations & parallax •Micro-interactions and polished page transitions •Clean, distinctive UI/UX — not generic •Fast loading despite the visuals

I dont know bout you, but my Claude got way dumber in the last days. History repeats itself 😭😭😭

@WoCStreet same bro same

Just started using Codex 20x Plan. Used 5% of the weekly limit and it got reset. not sure if i should be happy or sad 😐

@Arjungupta78047 @divyansh2401 @Hacker0x01 Lern how to properly map your Targets

@divyansh2401 @Hacker0x01 Hello bro 👋 What areas and bugs should a beginner bug bounty hunter focus on to achieve their first bounty?

Yay, I was awarded a total of $5,500 in bounties on @Hacker0x01! hackerone.com/eliteoffensive Vulnerabilities Found: 1. Privilege Escalation (Trial User → Platform Admin)   1. While reading the site's JavaScript files, I found an API endpoint and noticed it accepted an "author" parameter in the request body.   2. The JS hinted that the "author" value was used to identify who the request belonged to — and that this value needed to be an admin's email for certain actions.   3. I collected 15–20 employee emails through public sources (OSINT).   4. I tested them one by one as the "author" value. One matched a platform admin account, and that request was accepted.   5. Using that admin's email as "author" along with my own account ID, I changed my account "plan" from "trial" to "internal". The request went through, and my role was updated.   6. Root cause: the endpoint was authorizing the request using a value from the request body instead of the role from the user's authenticated session. 2. SSRF → Cloud Metadata Credential Exposure   1. The app had a feature that fetched user-supplied URLs from the server side.   2. Confirmed by pointing it at a public echo service — the response showed a cloud server IP, not mine. The server was making the request.   3. The URL filter blocked the metadata service IP in its standard dotted form, but didn't normalize alternate representations. Converting the same IP to its decimal form bypassed the filter cleanly.   4. From there, the standard two-step metadata flow worked: first request returned a session token, second request used that token to return temporary instance role credentials.   5. Root cause: block-list URL filtering without IP normalization. A single canonicalization step on the resolved address would have caught this. 3. IDOR Exposing 285,000+ Customer Invoices   The invoice download endpoint used sequential IDs with no ownership check. Changing the ID returned other customers' invoices. 4. IDOR Enabling Cross-Tenant Audit Log Manipulation   A "log move" endpoint trusted client-supplied IDs, which allowed moving log entries across tenant boundaries and tampering with audit history. 5. Unauthenticated Path Traversal   A public endpoint accepted file paths without sanitization, allowing partial file reads across the platform with no authentication required. Key lessons: → Never authorize based on request-body fields. Use the session/JWT role. → URL-fetch features need allow-lists, and must normalize alternate IP forms. → Sequential IDs are fine; missing ownership checks are not. → "Unauthenticated" doesn't mean "untrusted input is safe." #bugbounty #securityresearcher #ethicalhacker #cybersecurity #vulnerability #penetrationtesting #securityaudit #digitalsecurity #tech #innovation #hackerone #freelance #freelancer #pentester #ssrf #idor #privilegeescalation #pathtraversal #appsec #infosec #TogetherWeHitHarder #bugbountytips

@syaedowais yess

@vfxacs As a roadmap? You mean methodology??

Day 37 of 200: - Tried to escalate a finding today , nothing worth reporting though. - Earnings: $0/$15000

@syaedowais I really love your idea with Hunting, could you share more of your work highly appericate it

Let's try opus 4.7 for hunting today

@GommedMost55698 @ClaudeCodeLog I had over 30% left, just gone wtf

@ClaudeCodeLog why they reset the used ? lol

Claude Code 2.1.112 is about to be released #cccnext

@claudeai Just hit a reset for all limits! Enjoy Opus 4.7 y´all 🏆