Tarun Tandon (@ttandon25) 's Twitter Profile
Tarun Tandon

@ttandon25

Bugcrowd Top 220 || Bug Bounty Hunter || Cyber Sec Enthusiast|๐Ÿ‘จโ€๐Ÿ’ป๐Ÿž

ID: 3048684422

calendar_today28-02-2015 04:59:58

67 Tweet

659 Followers

106 Following

Tarun Tandon (@ttandon25) 's Twitter Profile Photo

This was a nice bypass on the profile picture as I changed the content type of the image and it got uploaded! Tip - Upload the XSS Image and try changing the content type of the uploaded payload. #Bugcrowd #bugbountytips #bugbountytip #ItTakesACrowd #BugBounty #CyberSecurity

This was a nice bypass on the profile picture as I changed the content type of the image and it got uploaded!

Tip - Upload the XSS Image and try changing the content type of the uploaded payload.
#Bugcrowd #bugbountytips #bugbountytip #ItTakesACrowd #BugBounty #CyberSecurity
Tarun Tandon (@ttandon25) 's Twitter Profile Photo

We never thought this could have gotten accepted. Thanks to the ASEs of bugcrowd who helped a lot. This generally goes P5 but a little bit of magic and it got accepted as P4. #Bugcrowd #bugbountytips #bugbountytip #ItTakesACrowd #BugBounty #CyberSecurity

We never thought this could have gotten accepted. Thanks to the ASEs of <a href="/Bugcrowd/">bugcrowd</a>  who helped a lot. This generally goes P5 but a little bit of magic and it got accepted as P4.

#Bugcrowd #bugbountytips #bugbountytip #ItTakesACrowd #BugBounty #CyberSecurity
Tarun Tandon (@ttandon25) 's Twitter Profile Photo

After a long wait, the bounty comes up. Escalating severities have become fun now. My friend Arth Bajpai ๐Ÿ‡ฎ๐Ÿ‡ณ knows it well! Lol xD Tip - See the feature and then write the impact accordingly! #Bugcrowd #bugbountytips #bugbountytip #ItTakesACrowd #BugBounty #CyberSecurity

After a long wait, the bounty comes up. Escalating severities have become fun now. My friend <a href="/arth_bajpai/">Arth Bajpai ๐Ÿ‡ฎ๐Ÿ‡ณ</a>  knows it well! Lol xD

Tip - See the feature and then write the impact accordingly!

#Bugcrowd #bugbountytips #bugbountytip #ItTakesACrowd #BugBounty #CyberSecurity
Tarun Tandon (@ttandon25) 's Twitter Profile Photo

A vulnerability that even I did not think could exist. Registration features can be different when it comes to normal signup and signup done through OAuth. It was an interesting find indeed! #Bugcrowd #bugbountytips #bugbountytip #ItTakesACrowd #BugBounty #CyberSecurity

A vulnerability that even I did not think could exist.

Registration features can be different when it comes to normal signup and signup done through OAuth. It was an interesting find indeed! 

#Bugcrowd #bugbountytips #bugbountytip #ItTakesACrowd #BugBounty #CyberSecurity
Tarun Tandon (@ttandon25) 's Twitter Profile Photo

Adding up domains always helps in finding vulnerabilities. It helps to maintain the rhythm of hunting! Tip - Never forget to check the program which has added new domains! #Bugcrowd #bugbountytips #bugbountytip #ItTakesACrowd #BugBounty #CyberSecurity

Adding up domains always helps in finding vulnerabilities. It helps to maintain the rhythm of hunting!

Tip - Never forget to check the program which has added new domains! 
#Bugcrowd #bugbountytips #bugbountytip #ItTakesACrowd #BugBounty #CyberSecurity
Tarun Tandon (@ttandon25) 's Twitter Profile Photo

Hello there people, it's been long since I posted anything. I was out on a trip to the beauty of India (Leh - Ladakh) enjoying the life. It's very necessary to take out time from our schedule and enjoy life with whatever we have to release the stress we go through. #enjoylife

Hello there people, it's been long since I posted anything. I was out on a trip to the beauty of India (Leh - Ladakh) enjoying the life.

It's very necessary to take out time from our schedule and enjoy life with whatever we have to release the stress we go through. #enjoylife
Tarun Tandon (@ttandon25) 's Twitter Profile Photo

I hardly worked in the month of April as I was traveling and resting, but I had good reports in hand and luckily most of them got accepted, not a bad month to finish it off! Need to start setting new targets now! P.S-The last tweet got deleted somehow! #bugbountytips #BugBounty

I hardly worked in the month of April as I was traveling and resting, but I had good reports in hand and luckily most of them got accepted, not a bad month to finish it off! Need to start setting new targets now!

P.S-The last tweet got deleted somehow!

#bugbountytips #BugBounty
Tarun Tandon (@ttandon25) 's Twitter Profile Photo

An interesting find where I tried bypassing the captcha using multiple methods on the forgot password page and eventually, it got bypassed with the methods I had on my bucket list! P.S - Use all the methods you have for bypass #Bugcrowd #bugbountytips #ItTakesACrowd #BugBounty

An interesting find where I tried bypassing the captcha using multiple methods on the forgot password page and eventually, it got bypassed with the methods I had on my bucket list! 

P.S - Use all the methods you have for bypass
#Bugcrowd #bugbountytips #ItTakesACrowd #BugBounty
Tarun Tandon (@ttandon25) 's Twitter Profile Photo

Finding sensitive data on targets is always fun! Especially when you find it without GitHub recon and waybackurls! Interesting find on API Endpoint P.S - Do check out the API endpoint where the user's data gets updated! #Bugcrowd #bugbountytips #ItTakesACrowd #BugBounty

Finding sensitive data on targets is always fun! Especially when you find it without GitHub recon and waybackurls! Interesting find on API Endpoint

P.S - Do check out the API endpoint where the user's data gets updated! 

#Bugcrowd #bugbountytips #ItTakesACrowd #BugBounty
Tarun Tandon (@ttandon25) 's Twitter Profile Photo

Looks like this is a month of blocker. Already solved 8 and many are pending on the company's end! Got hold of a new domain and tried everything on that! Do create your own checklist and roadmap, it feels easier to test! #Bugcrowd #bugbountytips #ItTakesACrowd #BugBounty

Looks like this is a month of blocker. Already solved 8 and many are pending on the company's end! Got hold of a new domain and tried everything on that! 

Do create your own checklist and roadmap, it feels easier to test!
#Bugcrowd #bugbountytips #ItTakesACrowd #BugBounty
Tarun Tandon (@ttandon25) 's Twitter Profile Photo

This is another vulnerability that I have started to love! A lot of subdomains need to be enumerated to find this one. We need to be very sure about the mail being dropped into the inbox. #bugbountytips #ItTakesACrowd #BugBounty Follow me on Medium - lnkd.in/debXiR4N

This is another vulnerability that I have started to love! A lot of subdomains need to be enumerated to find this one. We need to be very sure about the mail being dropped into the inbox.

#bugbountytips #ItTakesACrowd #BugBounty
Follow me on Medium - lnkd.in/debXiR4N
Tarun Tandon (@ttandon25) 's Twitter Profile Photo

Finding open redirects has started to be fun because the hidden URLs help a lot to find this vulnerability! And the most interesting thing is when the param works on every field then! #bugbountytips #ItTakesACrowd #bugbountytips Follow me on - medium.com/@Tarun_Tandon

Finding open redirects has started to be fun because the hidden URLs help a lot to find this vulnerability! And the most interesting thing is when the param works on every field then!

#bugbountytips #ItTakesACrowd #bugbountytips 
Follow me on - medium.com/@Tarun_Tandon
Tarun Tandon (@ttandon25) 's Twitter Profile Photo

I like performing server-side vulnerabilities especially when it is that easy! Although, we have to convince the ASE about the bug which doesn't seem easy at all! #bugbountytips #ItTakesACrowd #bugbountytips Follow me on - medium.com/@Tarun_Tandon

I like performing server-side vulnerabilities especially when it is that easy! Although, we have to convince the ASE about the bug which doesn't seem easy at all!

#bugbountytips #ItTakesACrowd #bugbountytips 
Follow me on - medium.com/@Tarun_Tandon
bugcrowd (@bugcrowd) 's Twitter Profile Photo

Week of #giveaways starts now! ๐ŸŽ Complete the tasks for your chance to win swag โคต โœ… Retweet โœ… Like โœ… Tag a friend in the comments #ItTakesACrowd #OuthackThemAll

The SecOps Group (@thesecopsgroup) 's Twitter Profile Photo

๐Ÿ›‘ ๐—™๐—ฟ๐—ฒ๐—ฒ ๐—–๐—ก๐—ฆ๐—ฃ ๐—˜๐˜…๐—ฎ๐—บ ๐—š๐—ถ๐˜ƒ๐—ฒ๐—ฎ๐˜„๐—ฎ๐˜† ๐—ถ๐˜€ ๐—ก๐—ผ๐˜„ ๐—Ÿ๐—ถ๐˜ƒ๐—ฒย ๐Ÿ›‘ ๐—™๐—ผ๐—ฟ ๐—ฎ๐—ป ๐Ÿด๐Ÿฌ% ๐—ฑ๐—ถ๐˜€๐—ฐ๐—ผ๐˜‚๐—ป๐˜ ๐—ผ๐—ป ๐—ฎ๐—น๐—น ๐—ผ๐˜๐—ต๐—ฒ๐—ฟ ๐—ฒ๐˜…๐—ฎ๐—บ๐˜€, ๐˜‚๐˜€๐—ฒ ๐˜๐—ต๐—ฒ ๐—ฑ๐—ถ๐˜€๐—ฐ๐—ผ๐˜‚๐—ป๐˜ ๐—ฐ๐—ผ๐—ฑ๐—ฒ: BF-80 Weโ€™ve dropped theย ๐—•๐—œ๐—š๐—š๐—˜๐—ฆ๐—ง ๐—š๐—œ๐—ฉ๐—˜๐—”๐—ช๐—”๐—ฌ ๐—ผ๐—ณ ๐˜๐—ต๐—ฒ ๐—ฌ๐—ฒ๐—ฎ๐—ฟ! ๐—™๐—ฟ๐—ฒ๐—ฒ

๐Ÿ›‘ ๐—™๐—ฟ๐—ฒ๐—ฒ ๐—–๐—ก๐—ฆ๐—ฃ ๐—˜๐˜…๐—ฎ๐—บ ๐—š๐—ถ๐˜ƒ๐—ฒ๐—ฎ๐˜„๐—ฎ๐˜† ๐—ถ๐˜€ ๐—ก๐—ผ๐˜„ ๐—Ÿ๐—ถ๐˜ƒ๐—ฒย ๐Ÿ›‘
๐—™๐—ผ๐—ฟ ๐—ฎ๐—ป ๐Ÿด๐Ÿฌ% ๐—ฑ๐—ถ๐˜€๐—ฐ๐—ผ๐˜‚๐—ป๐˜ ๐—ผ๐—ป ๐—ฎ๐—น๐—น ๐—ผ๐˜๐—ต๐—ฒ๐—ฟ ๐—ฒ๐˜…๐—ฎ๐—บ๐˜€, ๐˜‚๐˜€๐—ฒ ๐˜๐—ต๐—ฒ ๐—ฑ๐—ถ๐˜€๐—ฐ๐—ผ๐˜‚๐—ป๐˜ ๐—ฐ๐—ผ๐—ฑ๐—ฒ: BF-80

Weโ€™ve dropped theย ๐—•๐—œ๐—š๐—š๐—˜๐—ฆ๐—ง ๐—š๐—œ๐—ฉ๐—˜๐—”๐—ช๐—”๐—ฌ ๐—ผ๐—ณ ๐˜๐—ต๐—ฒ ๐—ฌ๐—ฒ๐—ฎ๐—ฟ! ๐—™๐—ฟ๐—ฒ๐—ฒ