youroldman

@_jensec @TeslaTheGod

Drop some Links; Who is your Favourite Cyber Security content creator? I am looking for some partnership

@tabaahi_ i think he would have appreciated more if you didnt straight report the bug but discuss with him how exactly you found that bug. this will help the community deepdive into how a successful hunters brain works. Nonetheless, youre doin great!

Let's go. Join: discord.gg/PW9P2SFD

I find a subdomain that has a login. I don't have access. If I create an account, it has to be approved... No problem 😈 I read the JS files > find some interesting paths like /proxy/... > Python script to extract all the URIs from JS > full access to data💥#bugbountytips

@falendar_ The competition ended 3 months ago, and they are rewarding now? Is that how long it takes to review your reports!?

From winning cents in contests straight to 4 digits. Not bad, considering how much I’ve been slacking. No more slacking.

Whatt

@j_domeracki @GoogleVRP thats insane, to hack your way into that, i tried that for days with different methodologies but could never suceed

@thedevtask @GoogleVRP Good catch, it's a separate topic which I intend to cover in the writeup. TL;DR There were pretty much two options: 1. Become a "partner" 2. Hack your way in Eventually managed to do both

Another one of my reports got disclosed 🎉 bughunters.google.com/reports/vrp/T2… @GoogleVRP did a great job of nearly eliminating XSS-es from their core apps, but some are still to be found. A technical writeup, describing this and corresponding issues, should be published by end of month 🤞

@rez0__ @shellbreaker_ sure i just assumed you were using the free tier! My bad!

@thedevtask @shellbreaker_ why would i do that?

If I wanted to never make any money from bug bounty, I would do these things: - Report immediately without reproducing - Spend 12 hours on a theoretical self-XSS - Skip reading the bounty scope - Write a tool that finds "Server" header disclosure - Convince myself that rate-limit bypass is always critical and report it as often as I can

@rez0__ @shellbreaker_ Are you using the free tier?

@thedevtask @shellbreaker_ it's exactly like i said

@rez0__ @shellbreaker_ Still doesnt work, after many tries to bypass. Think you can leave your exact chat here?

@thedevtask @shellbreaker_ Try again

@rez0__ @shellbreaker_ it says content restriction policies

@shellbreaker_ Just give ChatGPT a picture and say “make it ghibli style”

Individual intelligence is finite. ⚫️ Collective intelligence is infinite. ⚪️

@mcipekci what platform is that?

Money doesn’t bring sole happiness, this has no meaning anymore. Treasure yourself and your dear ones. #bugbountytips PS: thanks to all collabs who made this possible

bug bounties can be a great way to start your career but it can't be an endgame.

Getting the mind and body right to find some crits today!

@fattselimi how did you come across this report man?

@fattselimi and i almost thought of posting it on twitter

WTF #bugbounty

@Tur24Tur Dm

Looking for a bug bounty hunter for a penetration testing role. Your college degree doesn’t matter just share your bug bounty profile, research blogs, and any relevant work. DM if you're interested!

“What’s on your mind?” Me: