This was a nice bypass on the profile picture as I changed the content type of the image and it got uploaded! Tip - Upload the XSS Image and try changing the content type of the uploaded payload. #Bugcrowd #bugbountytips #bugbountytip #ItTakesACrowd #BugBounty #CyberSecurity

We never thought this could have gotten accepted. Thanks to the ASEs of bugcrowd who helped a lot. This generally goes P5 but a little bit of magic and it got accepted as P4. #Bugcrowd #bugbountytips #bugbountytip #ItTakesACrowd #BugBounty #CyberSecurity

After a long wait, the bounty comes up. Escalating severities have become fun now. My friend Arth Bajpai 🇮🇳 knows it well! Lol xD Tip - See the feature and then write the impact accordingly! #Bugcrowd #bugbountytips #bugbountytip #ItTakesACrowd #BugBounty #CyberSecurity

A vulnerability that even I did not think could exist. Registration features can be different when it comes to normal signup and signup done through OAuth. It was an interesting find indeed! #Bugcrowd #bugbountytips #bugbountytip #ItTakesACrowd #BugBounty #CyberSecurity

Adding up domains always helps in finding vulnerabilities. It helps to maintain the rhythm of hunting! Tip - Never forget to check the program which has added new domains! #Bugcrowd #bugbountytips #bugbountytip #ItTakesACrowd #BugBounty #CyberSecurity

Hello there people, it's been long since I posted anything. I was out on a trip to the beauty of India (Leh - Ladakh) enjoying the life. It's very necessary to take out time from our schedule and enjoy life with whatever we have to release the stress we go through. #enjoylife

I hardly worked in the month of April as I was traveling and resting, but I had good reports in hand and luckily most of them got accepted, not a bad month to finish it off! Need to start setting new targets now! P.S-The last tweet got deleted somehow! #bugbountytips #BugBounty

An interesting find where I tried bypassing the captcha using multiple methods on the forgot password page and eventually, it got bypassed with the methods I had on my bucket list! P.S - Use all the methods you have for bypass #Bugcrowd #bugbountytips #ItTakesACrowd #BugBounty

Finding sensitive data on targets is always fun! Especially when you find it without GitHub recon and waybackurls! Interesting find on API Endpoint P.S - Do check out the API endpoint where the user's data gets updated! #Bugcrowd #bugbountytips #ItTakesACrowd #BugBounty

Looks like this is a month of blocker. Already solved 8 and many are pending on the company's end! Got hold of a new domain and tried everything on that! Do create your own checklist and roadmap, it feels easier to test! #Bugcrowd #bugbountytips #ItTakesACrowd #BugBounty

This is another vulnerability that I have started to love! A lot of subdomains need to be enumerated to find this one. We need to be very sure about the mail being dropped into the inbox. #bugbountytips #ItTakesACrowd #BugBounty Follow me on Medium - lnkd.in/debXiR4N

x.com/arth_bajpai/st… I totally agree with what Arth Bajpai 🇮🇳 has to say! bugcrowd support team is outstanding. Helps a lot! Kudos to the team! <3

Finding open redirects has started to be fun because the hidden URLs help a lot to find this vulnerability! And the most interesting thing is when the param works on every field then! #bugbountytips #ItTakesACrowd #bugbountytips Follow me on - medium.com/@Tarun_Tandon

I like performing server-side vulnerabilities especially when it is that easy! Although, we have to convince the ASE about the bug which doesn't seem easy at all! #bugbountytips #ItTakesACrowd #bugbountytips Follow me on - medium.com/@Tarun_Tandon

Week of #giveaways starts now! 🎁 Complete the tasks for your chance to win swag ⤵ ✅ Retweet ✅ Like ✅ Tag a friend in the comments #ItTakesACrowd #OuthackThemAll

🛑 𝗙𝗿𝗲𝗲 𝗖𝗡𝗦𝗣 𝗘𝘅𝗮𝗺 𝗚𝗶𝘃𝗲𝗮𝘄𝗮𝘆 𝗶𝘀 𝗡𝗼𝘄 𝗟𝗶𝘃𝗲 🛑 𝗙𝗼𝗿 𝗮𝗻 𝟴𝟬% 𝗱𝗶𝘀𝗰𝗼𝘂𝗻𝘁 𝗼𝗻 𝗮𝗹𝗹 𝗼𝘁𝗵𝗲𝗿 𝗲𝘅𝗮𝗺𝘀, 𝘂𝘀𝗲 𝘁𝗵𝗲 𝗱𝗶𝘀𝗰𝗼𝘂𝗻𝘁 𝗰𝗼𝗱𝗲: BF-80 We’ve dropped the 𝗕𝗜𝗚𝗚𝗘𝗦𝗧 𝗚𝗜𝗩𝗘𝗔𝗪𝗔𝗬 𝗼𝗳 𝘁𝗵𝗲 𝗬𝗲𝗮𝗿! 𝗙𝗿𝗲𝗲