The easiest P1/P2 afaik is Sensitive Information. You can mostly find this on Github. Using the correct dorks would result in quick $$$$. Here's a list of highly efficient Github dorks that I use on a regular basis. 🧵👇 #bugbounty #dorks #github #bugbountytips

Frans Rosen was on the pod last week and dropped some mind-bending X-Correlation Injection research on us. Including these gems on how to test for it... 1/7

PentesterLab Sam Curry Great post and reflection

Attacking UNIX Systems via CUPS, Part I evilsocket.net/2024/09/26/Att…

#WikiLoader - #TA544 - url > .msi > .dll #Signed - Canton Pure Jonna Network Technology msiexec.exe /I GlobalProtect64.msi C:\Users\*\AppData\Roaming\NitroSoftNPv1.3\notepad.exe (sideload)👇 \AppData\Roaming\NitroSoftNPv1.3\mimeTools.dll (1/3) IOC's github.com/pr0xylife/Wiki…

My DEF CON talk about how we made around $150k in Bug Bounty only with Denial of Services is out ! Let me know what you think 😁 youtu.be/b7WlUofPJpU?si…

$20,300 Bounties from a 200 Hour Hacking Challenge blog.voorivex.team/20300-bounties…… #infosec #bugbounty #TogetherWeHitHarder #inbbupdatesblogs

If you like bounties, I highly recommend this presentation from Martin Doyhenard on novel web cache deception techniques. It comes with Web Security Academy labs too! youtube.com/watch?v=70yyOM…

very pleased to announce the release of my new article based on my research that led to CVE-2024-46982 titled: Next.js, cache, and chains: the stale elixir zhero-web-sec.github.io/research-and-t… note: does not cover the latest findings shared in my recent posts enjoy reading;

Now this makes sense..... #deepseekai

One-liner to gather and crawl subdomains, then generate a custom wordlist from the target's discovered URLs 👇🏽 subfinder -d bugcrowd.com -silent | httpx -silent | hakrawler | tr '[:punct:]' '\n' | sort -u

Yeiii! Just got a reward for a critical vulnerability submitted on YesWeHack ⠵ -- Insecure Storage of Sensitive Information (CWE-922). #YesWeRHackers

After almost 10 hours I finally completed it 🔓 Just beat the "Dojo #42 - Hex Color Palette" challenge on @YesWeHack! Think you can match my skills? 🌟 dojo-yeswehack.com/challenge/play… #YesWeHack #ChallengeAccepted

Challenging, clever, and seriously fun. I enjoyed every second of it! "Dojo #43 - CCTV Manager"? Pwned! It was a blast on @YesWeHack! Think you can take it on? 🌟 dojo-yeswehack.com/challenge/play… #YesWeHack #ChallengeAccepted

HTTP Request Smuggling Explained (with James Kettle) 🎥👉🏼 youtu.be/QjPFjd8GJWY