For aspiring bug bounty hunters: please don't post screenshots of your untriaged P1s, it's not a crit until it's confirmed. We are all happy to celebrate your triaged and/or paid bugs though! 💪

🐝 Another week, another Hive Five The Bee's Knees: ➕ From 0 to $100k in 1 year of bug bounty Justin Gardner ➕Why shubs became so deeply invested in server-side security ➕ A definite guide to LLM prompting Hrishi ➕ Free courses & certificates

🐞 #BugBountyTips 🐞 👨‍💻 Tired of juggling multiple terminals for bughunting or other administrative tasks? Let me introduce you to a game-changer: tmux! 🧵👇

Exploiting ASP .NET TemplateParser to get RCE in Sitecore (CVE-2023-35813) and SharePoint (CVE-2023-33160) by Markus Wulftange in two parts: part 1 at code-white.com/blog/exploitin… is live now and part 2 will follow in a few days...stay tuned!

🐝 Hive Five 141: 🎙️ Bug Bounty Podcast is back 🌐 The archivist behind archive.today 🚀 CVE-2023-40044 🕵️‍♂️ Exploiting HTTP Parsers Inconsistencies 💾 The complete source code to Sub7 Take them by swarm 💪

CTF Player vs Bug Bounty Hunter

I created a little blog, feel free to check it :) blog.hks.ec

Ok fam. I’m giving away TWO free tickets to my course which takes place in two/three weeks. All you have to do to win is like, retweet this tweet, and reply with “tbhmlive.com!” I’ll pick winners next week! If you haven’t seen my course, check out the link!

I'm really close to 50k subscribers on YouTube and it's my birthday🥳 Can we make it to 50% of the silver button today?😏 Subscribe if you haven't already, RT if you have! youtube.com/channel/UCZDyl…

I'm proud to be the H1 ambassador for Poland🇵🇱 All the polish hackers interested, DM me to join to hack and have fun together😏

Poland has now a H1 Brand Ambassador! Congrats Bug Bounty Reports Explained

Browser-powered desync #bugbounty #bugbountytips #bugbountyhunter

Hey, Polish hackers! 🗣️ The first meeting of the Poland HackerOne Club is tomorrow, April 23! Join Bug Bounty Reports Explained and Paweł Kusiński for an exciting agenda of lectures and networking. RSVP here to reserve your spot: bit.ly/49NCGfT

Today @bugcrowd, we're expanding our product line to offer VDP's for free bugcrowd.com/blog/introduci…, marking the next evolution of our VDP product, following our removal of incentives some time back. This marks a change in the industry, providing a no cost entry point for

I recently found a decade old Server-Side Browser on a #BugBounty program. Exploiting it was a bit of a ride. I wrote up the experience so others may learn from my (many) mistakes! blog.ajxchapman.com/posts/2024/05/…

🔥🔥🔥 #HackerHideout0524 #hh0524

With 12h more of hacking (and A LOT of reports to be processed, so it's all subject to change), we're 3rd as a team 🇵🇱 of the H1 Ambassador World Cup qualis Plus individually, we occupy 2 out of top 3 spots for bounties with DrBrix absolutely killing it in the 1st I'm so happy!

When researching Palo Alto PAN-OS, Assetnote's Security Research team discovered an authentication bypass due to flaws in its architecture. Our team digs a lot deeper than surface-level CVEs; this research is an example. slcyber.io/blog/nginx-apa…

I created a tool called "Creatures Of Habit" which accepts a GitHub username/organisation finds all public repos and extracts endpoints from popular web frameworks github.com/BuildHackSecur…

I plan to expand this by listing all the org repo, finding all the contributors and then scanning their public repos