zbcrypt

@Xuseranon420 so this is the kind of life people like you have

@BgmiKaam41919 @zack0x01 I'm curious too because if you think about it nothing really is wrong on the surface because just like passwords its on the user responsibility to protect his QR code for authentication, no?

@zack0x01 Netflix also uses a similar Device Code flow. Was this rewarded because of Zero-Consent (automatic login on click) or a lack of IP/Network binding? Curious about the root cause.

@_jensec should've checked first in downforeveryoneorjustme.com before reporting 😂

@anonymous02121 @FightBell

@FightBell Haha idc what the kid did you don’t talk to them like that if you aren’t the father. If I was the kid I would have encouraged him to do something and then empty a clip on him when he tries 🤣 who’s yapping with blood coming up out your mouth

bro absolutely had enough 😭

@AbhiX10010 i don't understand did your report get labeled as duplicate of your previous report?

Here is the #tips for #hackers, Earlier i reported this #bug without proper exploit and they dismissed it as informational, but now that i reported it with proper exploit they have marked it as duplicate. #hackers #hackerone #hacktips #burpsuite #pentester

@Bl4ckSec i submitted few of these uuid idors but only got informative they argued there is no way for an attacker to obtain the id

🔴 IDOR Vulnerability Missing validation of user's relationship with org_id. The system relies only on memoryId without verifying organization ownership. { "org_id": "152ace33-d28f-4c21-bb8a-0130fe64bb24", "memoryId": "9f3c2a41-7b8e-4d6a-a2f1-3e6c8d9b1a42" } Modify or delete other organizations' data by simply changing the memoryId. #BugBounty #bugbountytips #Hacking #infosec

I've been finding a lot of potential SSRF vulnerabilities recently but I couldn't find good impact, what is best writeup you know about SSRF? The usual exploits seem heavily protected now.

@Stephen_DJ_ @zack0x01 there are many github repositories that are regularly updated fetching bug bounty assets just search for them on github

@zack0x01 Hi, could you give us the method to collect all subdomain from bug Bounty platforms, do we have any technique or method to get them all ?

@zack0x01 your internet provider must really like you in able to flood your network like that

@mugh33ra I like that you used emoji to add impact to the title 😂

Reported some Access Control issues today :D #BugBounty #hackerone #idor #sqlinjection #bugbountytip #xss #injection #privateinvitation

@08xDof20784 @zack0x01 the real question is how tf he found 280K targets 😭

@zack0x01 Dude, what's the exploit? Which tool in the exploit is being used to exploit it?

@roohaa_n i experienced the same on hackerone i found an idor then next day it was fixed, i even had video poc of the bug 😭

They fixed it internally but i just have burp logs as a proof will that work ? #BugBounty

@DarkCyberHack mentor me please kind sir

When your intense research pays off. Tip: ignore the noise, focus on yourself and skills, build the tool, update the tool, read, read, hack, update tool, hack, update tool, read, update tool, hack, report😀 Alhamdulillah

@sonahri501 @Bugcrowd drop the program name so we don't waste time

bugcrowd triaged the bug as P1 and this program downgraded this to P4 and also took 2 months to reward it. this was worst experience on @Bugcrowd never working with them again

@h1_david96 @Hacker0x01 mentor me pls kind sir

Yay, I was awarded a $50,000 bounty on @Hacker0x01! hackerone.com/david96 #TogetherWeHitHarder HTTP Request smuggling

@intigriti there are no easy bugs nowadays triagers wont accept a bug report that doesn't scream rce /s

What's the easiest vulnerability type to find in 2025? 👀

@FearedBuck oh no

Chinese company XPENG unveiled their female humanoid robot

@gabbytech01 good find keep it up, for those who doesn't know, sometimes servers performs extra protections by checking origin and referer value to block cors note that the headers are browser based protection only

What attack did I perform here 😎 Bug bounty hunting is getting more fun for me!!!!

@thehelpdeskgirl nah its still not enough i need to grind

hey. if you’re going through a lot, you should rest now so you can continue going through a lot tomorrow. follow my acct for more great tips.✨

@h1Disclosed are they trolling curl 😭

⚡ Hi Hacker 👨🏻‍💻 @<iframe src= ➟ curl ⬜ None 💰 None 🔗 hackerone.com/reports/3409186 #bugbounty #bugbountytips #cybersecurity #infosec