I earned $600 for my submission on @bugcrowd #ItTakesACrowd 😁 Bug: Broken Authentication Ability to initiate and re-generate a valid session by just using one leaked value in the requests. #bugbountytips #BugBounty #CyberSecurity

Yay, I and my friend Samwell were awarded a $800 bounty on HackerOne #TogetherWeHitHarder Bug: HTML Injection XSS wasn’t possible due to CSP + WAF #bugbountytips #BugBounty #CyberSecurity

Yay, I and my friend Samwell were awarded an extra $1100 bounty on HackerOne #TogetherWeHitHarder HTML Injection worth $1900 😅 Although XSS wasn’t possible, we found a way to escalate the HTMLi #bugbountytips #BugBounty #CyberSecurity x.com/_public_void/s…

First duplicate in 2024 ☹️ it was already triaged, then boom 💥the program found it duplicate 🥲 #BugBounty #CyberSecurity

The 2nd submission was triaged in just 24 hours 😁 waiting for the other one ! Big shout out to bugcrowd Triage #BugBounty #CyberSecurity

Bad luck 😐 I found a leaked "Authorization Bearer" that grant me access to read (internal/private repos content), I can even know what will be the upcoming updates! but it turned out to be a "read-only" token 😬 #bugbountytips #BugBounty #CyberSecurity

I got access to an IIS server vulnerable to SNS, managed to get into the Webroot directory and downloaded the content as PoC, triaged as P4. I reversed the DLL's and got sensitive information. Do you think Severity will increase? #bugbountytips #BugBounty #CyberSecurity

Here’s how me and my friend Samwell demonstrated the HTML Injection impact 👇 All-in-One PoC 😅 We wrote a small report on the page itself in which we demonstrated 4 HTMLi examples in a single payload #bugbountytips #BugBounty #CyberSecurity

Companies that don’t have BBP or VDP programs be like 👇 #BugBounty #CyberSecurity

Today, I received 20 private invitations to hack on private programs at HackerOne 😃 Although I’m a lazy hunter 😅 I’ll try my best ! #BugBounty #CyberSecurity

Thanks for the invitation 😃😃 I have to find an authentication flaw as this is the right way to say thanks 😁 #bugbountytips #CyberSecurity

Use FFUF for subdomains-list batch fuzzing 👇 Windows PowerShell Save the code in the pic below as "script.ps1" Linux Save this as "script.sh" [#!/bin/bash for URL in $(<subs.txt); do ffuf…-u "$URL/FUZZ" … done] #bugbountytips #BugBounty #CyberSecurity

WOW 🤩 Triage, Fix and Retest were done in less than 24h I was invited to this PBBP at HackerOne since a month ago, (launched in 2020 with only 2 domains in-scope) 🤷‍♂️ Simple, no freaking tip 🙃 "api/vx/me/" => "api/vx/other_usrid/" #bugbountytips #BugBounty #CyberSecurity

Yay, I was awarded a $1,000 bounty on HackerOne! #TogetherWeHitHarder This was really fast ⚡️😃 Reported + Triaged on 17/04/2024 Retested on 18/04/2024 Resolved + Awarded on 19/04/2024 #BugBounty #CyberSecurity x.com/_public_void/s…

While I was performing a retest for my report to a program on HackerOne , I’ve noticed an extra security layer was added, after testing it separately, I found it vulnerable to something 🤷‍♂️ I reported it and got it Triaged 🙃 #CyberSecurity #BugBounty

Yay, I was awarded a $150 bounty on HackerOne! #TogetherWeHitHarder

I find it really fun targeting and bypassing fixes of "Duplicated/Resolved" reports 😁 #BugBounty #CyberSecurity #bugbountytips

I earned $$$ for my submission on @bugcrowd #ItTakesACrowd 😁 2FA Bypass [Duplicate > Resolved > FIX-Bypass] Neither BC Triage nor the Program Team were able to reproduce. Finally, a Team Member have figured out why the issue wasn’t reproducible ✅ #BugBounty #CyberSecurity

Yay, I and my friend Samwell were awarded $1,900 bounty on HackerOne #TogetherWeHitHarder #BugBounty #CyberSecurity

Lesson Learned: To avoid Self-Dulplicate, when you discover the same vulnerability across different domains/endpoints, report just one and wait for it to be Resolved, then do the same for the others. #bugbountytips #BugBounty #CyberSecurity