I¯\_(ツ)_/¯I \ (•◡•) /

What a great month it was July 2022! I have ranked #2 world wide on @Bugcrowd bugcrowd.com/leaderboard

Been following @damian_89_ work for years, used his EASM product for bug bounty and it was one of the best out there. Now he just dropped ArgosDNS focused on subdomain intelligence, exactly what the recon space needed. The data quality is crazy, do yourself a favor and check it.

Why to use a simple #XSS vector like this 🤔 <img src=x onerror=alert(1)> when you can use a much better one? 🤩 1'//"</Script><Img/Src%0AOnError=alert(1)// The vector above pops in HTML and JS scenarios for single and double quotes! 🤯 Try it here: x55.is/brutelogic/xss…

New Rhino Blog Post: CVE-2025-0693: AWS IAM User Enumeration bit.ly/3QcEpnx

blog.cloudflare.com/resolving-a-mu… I don’t work there anymore but it’s truly so sick seeing this level of weird bug being patched so fast Hell yeah

Thanks to the recent @PortSwigger top 10, I finally found the motivation to finish writing the 2nd article about DOMPurify security! 😁 Before releasing it, I would like to share a small challenge 🚩 Challenge link 👇 challenges.mizu.re/xss_04.html 1/2

@krishnsec Solo Leveling is such a wild ride! The character growth and battles keep getting better. Can't get enough!

solo leveling is 🔥

@elmehdimee @ArmanSameer95 @Bugcrowd Congratulations bro

I earned $65,000 with @ArmanSameer95 for my submission on @bugcrowd #ItTakesACrowd

Unleashing The Power of a JavaScript Bookmarklet for Endpoint Discovery in Bug Bounty and… execure.medium.com/unleashing-the…

@3th1c_yuk1 @intigriti @renniepak Seems rennie deleted his twitter so original post is gone :/ but someone made a post about it here with the code: execure.medium.com/unleashing-the…

@krishnsec and then P1 P2

Intense curiosity leads to fortune.

Got a CSRF attack being blocked by Content-Type validation? You might be able to bypass it with this quality technique. x.com/lukejahnke/sta…

After a 4-month break, I’m backon @Bugcrowd ! Life kept me busy with something truly special—welcoming my adorable daughter into the world. 🍼💕 Feeling so blessed! 🥰

There is a public website with the following folder path: txyz.com/wp-content/upl…<filename> Does anyone know of any tricks for WordPress websites that would allow me to list all files and folders in the 'uploads' directory? #thanks-in-adv

@bug_vs_me earned Bounty finished.... then back to bug bounty again

Back to bug hunting after a long time. 💪 Let's bounce back!

@krishnsec And P1 is the aim!

P4 is love

I was facing a very strict WAF while trying to exploit a XSS : no gt/lt signs, no parentheses, no double quotes, no backticks. I was injecting inside an html tag. Turns out the solution was very simple (and not well documented): <img src=x onerror=alert&#40document.domain&#41>

🚨Alert🚨CVE-2024-30103: Microsoft Outlook Remote Code Execution Vulnerability ⚠This Microsoft Outlook vulnerability can be circulated from user to user and doesn’t require a click to execute. Rather, execution initiates when an affected email is opened.This is notably dangerous for accounts using Microsoft Outlook’s auto-open email feature. 📰Refer: blog.morphisec.com/cve-2024-30103… #Outlook #Microsoft #hunterhow #infosec #infosecurity #Infosys #Vulnerability

@Burp_Suite you will effect after 1 day, as it is slow

... what would it taste like? twitter.com/endingwithali/…

@Burp_Suite Sadly I dont see any improvement despite your focus on performance, from the last 6 months, I already sent information many times in the past!

@BountyOverflow Please drop us an email at support@portswigger.net - we have a heavy focus on performance issues, so getting to the bottom of this would be very useful!

it sucks. Just after opening @Burp_Suite