Eib

I just achieved one of my 2025 goals by gaining my first private invite on Bugcrowd ✌️✌️✌️

Your SSRF filter blocks 127.0.0.1 and localhost. That's okay! Try these: 2130706433 (decimal) 017700000001 (octal) 127.1 (shorthand) 127.0.0.0 (with subnet tricks) 0x7f000001 (hex) They all resolve to localhost. Many blacklists don't catch all of them. Try this technique, and plenty of other SSRF techniques, in our free SSRF labs! portswigger.net/web-security/s…

@intigriti shubs

Who's your inspiration in the infosec community? Could be a researcher, author, speaker, or even someone from your team, mention them below! 😎

Conversor from @hackthebox_eu features XSLT injection and os.path.join abuse for file write, and CVE-2024-48990 in needrestart (plus a config GTFObin) for root. 0xdf.gitlab.io/2026/03/21/htb…

@rez0__ Thank you

@eib_____ Yes but not much.

claude code is all you need

Still trusting Python built-ins to keep you safe? 👀 This research shows how pitfalls in os.path.join, urljoin, pickle.loads and PyYAML turn simple logic into real vulns like Path Traversal, SSRF and RCE 👇 yeswehack.com/learn-bug-boun…

It’s my day off.. And why is it so hard to just do nothing!?

Throughout your life you will encounter tedious situations, and you must cultivate the ability to handle them with discipline.

The Spring Boot Actuators can expose some sensitive informations like env vars, heap dumps, configs, and internal metrics And sometimes, with simple bypass tricks we can find them: actuator/env;.. ;/actuator/env actuator;/env actuator/env%00 actuator/env; ..;/actuator/env static../actuator/env actuator/health/..;/env #bugbounty #bugbountytips #cybersecurity

I just published a new #article on Medium. How I Earned $76,000 Bounty From a Single Program on @Bugcrowd . #BugBounty #Bugcrowd #CyberSecurity #EthicalHacking @Hacker0x01 @yeswehack @intigriti anonhunter.medium.com/how-i-earned-7…

Instead of internalizing a bad situation, externalize it and face your enemy. It is the only way out.

@intigriti Burpsuite

what's your most used bug bounty tool? 😎

Pick your battles carefully. Danger comes from trying to surpass your limits.

I had this on my backlog for a while, but here it is: an article explaining a vulnerability I discovered with @fattselimi years ago. medium.com/p/i-found-a-ba… I hope you learn a thing or two ✌️ happy hacking fam 🫶

In order to separate yourself from the pack, to harness a speed that has devastating force, you must be organized and strategic.

I went after the wrong rabbit hole today 🙃 Just wasted 5 hours 😪

You can master the Linux fundamentals required for hacking in just 7 hours. We’ve updated the course with @JohnHammond to include the "big three" of text manipulation and editing: Sed, Awk, and Vim. 2 hours of fresh content are waiting for you.

Excited to bring Bug Bounty Village back to BSidesSF with @hackinghub_io and @CaidoIO with @Bugcrowd's support! We'll be hosting some live workshops, hands-on challenges, and a CTF!