If you want to master API security, open this thread! APIs are used EVERYWHERE for applications to communicate, but let's see how you can HACK them! 👩‍💻 A Thread 🧵👇

The #1 confusion I get from new hackers is “I found an IDOR but the program has made it NA because I need the victims cookies” you have the victim and the attacker the wrong way round. You need to make requests on the victim account, replace the cookie with the attackers cookie,

Do you always skip testing static websites? 🤔️ Maybe after this you won't anymore! 😎️ THREAD 👇

You asked and we answered... Because of the interest in our merch, we've decided to run a giveaway! We're offering merch bundles to 10 lucky winners (items may vary to those shown). To enter: 🛡️ Follow us and CySec Careers 🛡️ Retweet this tweet Worldwide. Closes Jan 5, 2024

1- Found login page 2- Intercept POST login request 3- Found parameter called config= 4- But Payload ../../../../../../../../../etc/passwd 5- Successfully read data and sorry it's path traversal not LFI #bugbounty #bugbountytips

Remote command execution tutorial for beginners in just 3 posts 🧵👇

🔐Bug Bounty Tips: How to Identify and exploit Akamai Cache Deception/Poisoning Issues? 1️⃣ Assuming you're navigating an Akamai site and spot headers like cdn-cache; desc=MISS or cdn-cache; desc=HIT or any other headers Indicating a cache HIT, you're in luck! 🍀 2️⃣

Bug Bounty Tips!!! IDOR Steps to Reproduce 1.Go to https://example{.}com/ 2.Go to vendor login. 3.Make one attacker account and one victim account. 4.Login as attacker. 5.Go to My Account. 6.Update your profile and intercept your request with burp suite, make sure your foxy

Unveiling the Hidden: The Chatroom Message Retrieval Vulnerability - A Deep Dive into User Privacy and Data Security blog.beetles.io/2023/11/12/unv… #bugbountytips #bugbountytip #bugbounty #cybersecurity #infosec #ethicalhacking

Excited to announce that our team Federal_bonk_Investigations🇧🇩 achieved – 3rd position in the International CTF! 🏆 Grateful to my teammates for their dedication specially Kazi Ashikur Rahman vaiya🫡Thanks to Knight Squad for organizing a competitive contest. #ctf #cybersecurity #knightctf2024 #fbictf

Privilege Escalation through ID Reflection thejulfikar.com/bug-bounty-wri… #bugbountytips #bugbountytip #bugbounty #cybersecurity #infosec #ethicalhacking #apipentesting #nodebb #pentesting

Thanks a lot TheTeamPhoenix for arranged  amazing event. #Phoenix_Summit_2024

Believe in you folks! That’s the first you need to do 🫶

Congratulations to our Top 60 Hunters for making it to the Finale of HackerOne BUG HUNT 2024 - Bangladesh's Premier Cyber Security Competition & Conference! 🎉🎊 🔗More at bughunt.info #bughunt2024 #TheHuntIsOn #turnupthehype

Do you remember when you joined X? I do! #MyXAnniversary

We're excited to announce one of our giveaways thanks to "Caido" 🎉 We will pick 5 winners to win a 1-year Caido Pro license! To enter: 1️⃣ Follow us @BugBountyDefcon and Caido 2️⃣ Like this post ❤️ 3️⃣ Retweet this post 🔁 You have time to participate until Friday (9/13)!

I vibe coded and shipped an app in three days. It got hacked. Twice. Here’s what I learned. 🧵

Do you remember when you joined X? I do! #MyXAnniversary

Spent the last week reading 250+ IDOR reports on HackerOne 🕵️‍♂️ Now I’ve compiled 200+ easy-to-search IDOR test cases for beginners! Want the file? Comment IDOR & I’ll send it 💾 #BugBounty #CyberSecurity #IDOR #EthicalHacking #AppSec

#hackerone #bughunt2026  #bbcbd