Very nice find Chirag Gupta ! Nice approach and straightforward automation. There's bound to be more of these out there folks, go hunt 🙃 #bugbountytips #BugBounty

Compromising AWS with an HTTP header! Don't forget to look for DNS rebinding in Referer headers in your #BugBounty #bugbountytips alex.kaskaso.li/post/dns-rebin…

DEFCON is free this year so definitely take advantage of it, Louis Nyffenegger is doing a workshop on JWT for AppSec Village ! and I can't wait to watch it, especially as JWTs are really common in service-based infrastructure + auth both on my 'to skill up' list

This paper on new timing attack technique based on HTTP2 multiplexing is beautiful! I’ve highlighted the key parts. Look at those request numbers! Now that Burp Suite supporte HTTP2 perhaps we can hope to have a hacker friendly HTTP2 stack available via API to benefitn this

Next week Alvaro Muñoz will present full details about the many RCEs he discovered in CMS platforms such as Atlassian Confluence, Alfresco, Liferay, Crafter CMS, dotCMS, XWiki, and Apache Ofbiz github.co/3hP8Ahp

The smartest way to search your #BugBounty programs... coming later this week 🤗 #bugbountytips

In case you missed it, there was an unauthenticated SSRF in Grafana released over the weekend. Go hit that cloud metadata endpoint! Also, patch yo stuff! rhynorater.github.io/CVE-2020-13379… #bugbounty #bugbountytips #Kubernetes

PortSwigger dropping knowledge again. There's gonna be some #bugbountytips in here.

Not a lot of hunters test for second order XS-Search attacks! Use an invalid value for non-primary parameters, depending on the execution order you'll be able to measure if the primary parameter value exists or not. Thanks for this PRO #BugBountyTip, terjanq! #BugBountyTips

bbrecon is in a limited beta, don't miss your chance to try it out! "Give me all the #BugBounty programs released in the last month that have web targets and reward cash" bugbountyrecon.com #bugbountytips #netsec

Trick for bypass the rate-limit.. (it worked for M4ll0k in many companies) #bugbountytips #bugbountytip #bugbounty

Simple but impactful tip for content discovery. Always use the subdomain as a path. Often it is the root of the application #bugbountytips #bugbountytip : kvothe.target.com try: kvothe.target.com/kvothe/ and then do content discovery kvothe.target.com/kvothe/FUZZHERE

Instant subdomain recon is coming this weekend for the bbrecon API 🤗 In the mean time you can get all your #BugBounty program scopes directly from the CLI, in JSON, like a hacker should. #bugbountytips github.com/serain/bbrecon

Third #bugbountytips Lucky I found the password of Stripe live token.This is how 1. I found the token in Strings.xml file printed as sk_live_24 characters. 2. Used curl api.stripe.com/v1/charges -u token_here: But it was saying enter host for passwrd. Now comes my finding part

techkranti.com/idor-through-m…

.Aiven just launched a public Bug Bounty program on HackerOne 🎉 Find fresh bug bounty programs with github.com/serain/bbrecon #BugBounty #infosec #CyberSecurity #ethicalhacking

Thank you for the 3k followers!, sorry after those big bounties I took a little break!, Now coming back with more tips, very simple one but many new hunters didn't know. #bugbountytips #bugbounty

Notifications for new Bug Bounty domains and programs coming soon... #bugbountytips #osint #Infosec

GitHub Recon - It’s Really Deep: medium.com/@shahjerry33/g… From SSRF to Compromise: Case Study: trustwave.com/en-us/resource… Bug Hunting with Param Miner: Cache poisoning with XSS, a peculiar case: medium.com/bugbountywrite… #PenTest #bugbountytip #OSINT #Hacking #redteam #BugBounty