Deev Pal

@the_0nly_way Thanks a lot

@techycodec08 Nice one brev !!

🚨 Yo #BugBounty crew! Just dropped a 🔥 blog about sneaking past Trello's "Invite Only" gate via Slack! 😎 Found a privilege escalation bug, scored $1,200 from Atlassian, & had a blast with Burp Suite. Wanna see how it went down? 👀 Check it: blogs.bbhtechycodec.com/Atlassian/2025… What's your fave vuln find? Hit me up! #CyberSec #Trello #Slack #Hacking

@kindnessuae Thanks a lot buddy

@techycodec08 Impressive work uncovering the Trello-Slack flaw. Your thorough approach in reporting vulnerabilities drives progress in platform security and sets high standards for responsible disclosure. Congratulations on the impact.

@DeepankBajaj @Meta Through LinkedIn

@techycodec08 @Meta Congrats! How did you get this opportunity? How did you apply?

I received a lot of DMs, Mentions and Comments as to why I left Bug-Bounty, where did I vanish, when would I continue with my 100k challenge and so on. So here is the answer. I have joined @Meta — London, UK as a Product Security Engineer which I still can't believe just happened. I was extremely busy with the interview preparation, the interview itself and Visa Requirements afterwards for this huge change in my life. I am extremely grateful for this opportunity and ready for the challenges ahead. Here’s to new beginnings! Regarding bug-bounty, I will soon resume on the 100k challenge, but this time, with more energy, power, focus determination and hardwork. #Meta #SecurityEngineer #DreamJob

@theodorezra @Meta I have a bachelor's and a master's degree in computer science and software engineer apart from the two certificates you mentioned.

@techycodec08 @Meta Congrats on your next adventure. Do you mind if I ask you what kind of certs or college degree you held besides proving your skill for this kind of positions? I have seen you get your CRTP and Security+ from your last posts.

@web3hindustan @Meta 8th August

@techycodec08 @Meta When did you move to UK?

@kaustubh_43 @Meta Yups

@techycodec08 @Meta Congratulations. Did you move from India to uk?

@sy710481 @Meta Nope Always a Security Engineer

@techycodec08 @Meta How do you transition to product security engineer I think you were a devops engineer ?

@Gh05t4s1 Full time Mtech offered by my company

@techycodec08 Are you doing a part time MBA? Or anything similar?

Day 80-81: 0-100k in Bug Bounty with a 9-5 Job With everything going on in my life, be it Work Load or Final Year Major Project Submission or Family Medical Problems, its becoming difficult for me to consistently give time to bug-bounty or even creating posts and blogs. I am trying my best to give every little time I get to hunting, but its getting extremely difficult. Nevertheless, I wont give up. Regarding Bug bounty: I have started to hunt for CSRF and CSPT on the vulnerable application, with lots of code review to find the vulnerable Sources and Sinks. While doing that I found a few Web-Socket requests which might be vulnerable to IDOR leading to a High Impact Priv Esc, but I am not very experienced with Web-Sockets, which is why it is getting difficult to show Impact. @Rhynorater

@fteagleeye1 Client Side Path Traversal

@techycodec08 CSPT? What does that mean?

@ssdd934 I generally just go through the application first understanding all the world flows and functionalities, after which I check my burp for the different requests it captured and understand them.

@techycodec08 hi bro, kindly ask how did you do the first step in the bug bounty program, I mean the information gathering. There are some general methodologies, but I still wanna know how to do it in real program. Thank you in advance.

Day 79: 0-100k in Bug Bounty with a 9-5 Job Continued with my research on CSPT and CSRF bug classes. I read around 100 Reports, from the day I started and I never imagined Client Side could be this Interesting. Probably from tomorrow I will start my hunt for them. @Rhynorater

@benhij96 Unfortunately 😕

@techycodec08 ah damn would've been p2,p1 sucks it wasn't in scope

My second blog post is now live on my website: blogs.bbhtechycodec.com In this post, I delve into a security vulnerability I discovered in September 2024 within the OpenAI's platform. Check out the full story here: blogs.bbhtechycodec.com/OpenAI/2024/In…

@OxMolo @Rhynorater You can follow the path given by @Rhynorater in his pinned post

@bigbrainer33 Clokify and Notion

@techycodec08 What app do you use to track ur time

CSPT Resources: 1. CSPT on Instagram: facebook.com/notes/99673499… 2. CSPT in Grafana: @maxime.escourbiac/grafana-cve-2023-5123-write-up-74e1be7ef652" target="_blank" rel="nofollow noopener">medium.com/@maxime.escour… 3. Portswigger On-Site Request Forgery: portswigger.net/blog/on-site-r… 4. CSPT to ATO: kapytein.nl/security/web/2… 5. CSPT-Levels: matanber.com/blog/cspt-leve…

I also thought of sharing my stats on every day posts for you guys to have a look. So here it goes: Total Bugs Reported: 11 Accepted: 4 (P3 -3, P4-1) Duplicate: 2 NA: 5 Bounty Earned: $4000 Total Time Spent on Hunting: 223:22:06