(Short) #BugBounty Tips for the Coming Year: 1. Skill - A lot of advice out there say you should go complete all PortSwigger Labs before you start hunting. While there's nothing wrong in that, I genuinely feel that is counter productive. Here is what I do instead - Pick a Main

You're good with Google Dorking, even shodan Dorking, not to talk of Duckduckgo But have you tried Yandex before. Try and come back here 😂

Sometimes, what holds you back isn't strength 💪 but it's the belief you've never challenged

Learn more dorking methods today and it's really fun. Someone used yandex dorking which I shared before and found some PII on one big public bug bounty program. Congratulations bro

Relearning about Race condition, Its Basically, when multiple requests hit the server simultaneously before it updates. sometimes ago, i met someone who got a VTU website, he complained about how a malicious person had less that 1k in his account and was able to withdraw 100k+.

Got critical vulnerabilities from Amazon just by using Yandex dorking Congratulations bro. Im happy my little tips help.

I just published Critical API Authorization Flaw: 5,000 Euro Bounty; How a Missing Check Led to Complete Account… medium.com/p/critical-api…

Set a reminder for my upcoming Space! x.com/i/spaces/1lDGL…

Set a reminder for my upcoming Space! x.com/i/spaces/1lDGL…

Set a reminder for my upcoming Space! x.com/i/spaces/1vOxw…