So many beginners ask what to do after finding subdomains 🧵 1. Do directory search 2. Do Github dork 3. Do google dork 4. FUZZ for params 5. FUZZ for vhosts 6. Find Wayback data (gau, waybackurl) 7. Find javascript files 1/n

Thread about hunting on the main application 🧵 1. Check the login process - Do they allow signup with email or Google etc - Do they allow you to signup with the @company email - what is the content-type of the signup/login page - when you enter valid cred, on which page you

Bug Testing Methodology Series: 𝐈𝐃𝐎𝐑 (𝐈𝐧𝐬𝐞𝐜𝐮𝐫𝐞 𝐃𝐢𝐫𝐞𝐜𝐭 𝐎𝐛𝐣𝐞𝐜𝐭 𝐑𝐞𝐟𝐞𝐫𝐞𝐧𝐜𝐞) Learn how to test for IDORs step by step on real #bugbounty programs. Thread🧵👇 #cybersecurity #cybersecuritytips #infosec #hacking #bugbountytips #infosecurity

Day 16: Collab with Cr4zy_Z3R0o Time spent: 1 hour 🚨 Bugs found: 1 Bug: 🔥IDOR leads to Info Disclosure🔥 #30daysofbugbounty

Becoming a pro in finding client-side bugs is simple. Not easy, but simple. 1. Go through a JS tutorial and understand the basics. 2. Ready everything on this blog 8x until you understand it: ysamm.com 3. Read JS for Hackers by Gareth Heyes \u2028 4x Then go hack stuff

🥳new #blog out for IDORs, goes in depth into some vulns. These blogs are posted to VIPs in the discord first so check that out if interested: medium.com/@atomiczsec/on… #bugbountytip #bugbountytips #bugbounty #IDOR

If you're not finding a way to enumerate UUIDs for UUID-based IDORs then you're leaving money on the table. Here are some ways I've done this in the past:

Hello everyone. Please if you need any resources about anything. Comment under this tweet or tag me with your needs and i will do my best to find the resources. Thanks and have a great day.

Excited to share that my team and I successfully completed the BlackHat MEA CTF competition! 🏆 Ranked #68 in the finals. Grateful for the experience and looking forward to more cybersecurity challenges ahead! #BHMEA23 #CTF #Cybersecurity #Teamwork

In January, I submitted 7 vulnerabilities to 1 program on HackerOne. #TogetherWeHitHarder hackerone.com/last-month

I found an interesting ATO via CSRF in an old BBP main app 🔥 Check this write-Up for more details: medium.com/@Z3R0O/unveili… #bugbounty #bugbountytips

Dive into privilege escalation with my latest write-up: medium.com/@Z3R0O/privile… #bugbounty #bugbountytips #writeup

Just got a reward for a vulnerability submitted on YesWeHack ⠵ -- Improper Access Control - Generic (CWE-284). #YesWeRHackers #bughunting #bugbounty

Just wrapped up a super productive collaboration with my bro @Bakor24495157, We reported 10 vulnerabilities over 2 weeks in total: 9 Privilege Escalation , 1 BAC 2 Info, 2 Duplicates, 6 Rewarded! $$$$ 💸 Hunting together made it way more fun and effective. #BugBounty

Bug bounty hunters: What’s your advice for someone who’s trying to make their first $100,000 in 2025? What should they do/learn? What should they avoid?

Ben Sadeghipour Pick a niche, become an expert, find bugs maybe even 0days or reverse n-days, and write blogs. Even if you don’t hit those $100k bounties, it’ll be a stepping stone toward a $100k job. What niche? How to pick? Examples? infosec being so vast from web3 sec to web2, mobile,

Thrilled to be added to Google’s Honorable Mentions after finding a couple of bugs! It was a great new experience for me. Big thanks to Google VRP (Google Bug Hunters) team for the recognition. #BugBounty #bugbountytips

$1,000 GIVEAWAY 🎁‼️ Here’s how to enter: 1️⃣ Fill out the ITMOAH survey 2️⃣ Like this post 3️⃣ Comment your fave tool 4️⃣ Repost bc your friends deserve a chance too Giveaway closes Sept 30 at 11:59pm ET. One hacker takes home $1K. 20 others will score $200 each. Already filled

Happy Arcanum-versary! Arcanum Information Security 's 1st giveaway for the week is FOUR seats to our EPIC Advanced Client-Side Hacking course by myself and xssdoctor ! 👍 1 Like = 1 Entry! ♻️ 1 Share = 2 Entries! Winners announced 1/21! Syllabus for the course below 👇