[+] Linkedin XSS vulnerability affecting 40+ domains... youtu.be/VwLSUHNhrOw #AEMSecurity #bugbountytips

The full story of my #bugbounty journey! Doing this since May 2021. and in this month I earned total of $19,750 (almost $20K :c) I don't like clichés, but you should never give up when doing this job. I remember not sleeping for 2 days when I'm a beginner. Thanks HackerOne!

13 common security issues in 2FA implementations and how to look for them. Great read. research.nccgroup.com/2021/06/10/tes…

Got Awarded approx $7k of bounty in first 7 days of this month at Synack Red Team and HackerOne , Received my first feedback on HackerOne , On 30 days $30k challenge to myself :) Most of the bugs were ACPV and IDORS #bugbounty

Special thanks to Daniel Thatcher for such an amazing research on HTTP header smuggling. As a small contribution to the hacker community I'm posting this mind map containing key points of that research. #BlackHat null Ahmedabad (n|u Ahmedabad)

TikTok disclosed a bug submitted by Imran nissar: hackerone.com/reports/1452375 - Bounty: $6,000 #hackerone #bugbounty

As the HackerOne Ambassador's competition came to an end, it sure has many areas to get better on, but overall it was a nice experience. During the event, I managed to find 45 valid submissions: 5 Crits, 5 High, 17 Medium and 18 Low. All on Public(!) programs. #bugbounty

Yay! I've finally crossed the magical 1,000,000 USD #BugBounty mark on HackerOne !! Thanks for providing me with a great platform to hack on 😎 A very special thanks goes to my favorite private program 🍻! So here are some stats: -Paid through 571 reports (741 total) 1/4

I've released the first episode of Bug Bounty Redacted today (Exposed Redis & HAProxy): youtube.com/watch?v=mWNaGn… This series walks you through real bug bounty reports that were rewarded, and explains the discovery process, and reporting process in detail. New episodes Monthly!

Sam Curry Katie Paxton-Fear The Graph Brett Buerhaus A few recent ones reported and paid out: -medium.com/immunefi/redac… ($560k) -medium.com/immunefi/optim… ($2m) -medium.com/immunefi/polyg… ($75k) -medium.com/immunefi/notio… ($1m) -medium.com/immunefi/polyg… ($2.2m)

What a month it was on Synack Red Team , technically I'm almost 100k with pending ones but time is ended before they got triaged and paid out. There are 3 more vulns to be triaged, considering max payout is 3K per vuln on Synack, almost all of them were SQLis. #BugBounty

Inspired by Corben Leo’s tweets about hacker stories, I’ll share one of mine. When looking at a global company, I realised that certain sub divisions in different countries of the company were more vulnerable than others. How did I identify these assets? 1/n

I wrote the story of exploiting a double-edged SSRF on a bug bounty program for both server and client-side impact. yassineaboukir.com/blog/exploitin…

(a LONG thread) 🧵 Inspired by shubs & Corben Leo here's one of my fun hacker stories: = The complete compromise of a password manager company = Here's how I did it (so you can learn): I was given the project to pentest a password manager company: *.redacted.com (1/16)

Check out my vulnerability write up about critical bugs in Apple infrastructure worth 36,000 in bounties. medium.com/@StealthyBugs/… #BugBounty #exploit #infosec #whitehat #bugbountytips #ethicalhacking

Let's recap how this happened. Was provided a subdomain and creds > crawled and found a chunk.js > link finder pulled all API endpoints > parameter bruteforce with seclists (GET & POST) > found POST "filename" param > burp found /etc/passwd on active scan >

0day.click/recipe/discour…

500 Bug Submissions Done on HackerOne The first submission was on 16 July 2020. 100th submission took 2 years, 2 months and 6 days. 200th submission took 3 months and 100 days. 500th submission took 5 months and 24 days. Thank you so much Hackerone for this great platform.