bugcrowd There’s tons of tips for using ffuf the best thing as I see from testing Finding hidden directory’s /.FUZZ /-FUZZ /~FUZZ /../FuZZ

Read how I used a custom scanner to discover a GitHub Actions vulnerability hiding in plain sight for 3 years in a Google OSS repository and earned a $7,500 💰 #bugbounty! adnanthekhan.com/2024/04/15/an-…

It is a gold mine 💰 I already have some reports about leaking secret API keys to authentication via Postman public workspace on a big target before 😃

Excited to share my journey on discovering my first Remote Code Execution (RCE)! Check out the article here: mchklt.medium.com/how-i-found-my… #BugBounty #bugbountytips #cybersecuritytips #CyberSecurity

I earned $1,500 for my submission on @bugcrowd bugcrowd.com/sh0a1b Sometimes little encouragement helps a lot. Tip: Bruteforce API endpoints -> paramspider-> collect all endpoints-> run arjun-> hidden parameters -> Email/Id -> IDORs #Bugbountytip #bugbountytips #ItTakesACrowd

*XSS* "></ : [filtered] <img> <iframe>tags : [filtered] &quot;&lt;&gt; : [filtered] HTML entity: &#x3C;a href=javascript:alert(1)&#x3E;click : filtered (javascript:alert) : [filtered] Final payload: "aaa&#x3C;a href=javas&#x26;#99;ript:alert(1)&#x3E;click" 🫡🧙‍♂️ #bugbounty #xss

Always consider covering second order takeovers, because in most cases they are evaluated as critical, like a blind XSS, which is remotely controllable and even application-wide. Tip : Care checking DOM elements, for down CDN servers. #bugbounty #bugbountytips #xss

This how i was able to find 2 IDOR using my phone on the middle of Bali island 🏝️ Hope you like it 🙂 ! #bugbounty #bugbountytip #togatherwehitharder medium.com/@zack0x01_/how…

GIVEAWAY 🎁🎁 It's simple, here are the rules: 🧑‍💻 Be a hacker 🔁 Retweet ❤️ Like 📝 Fill out the survey 👇 Drop an emoji when done You could win an entire swag bundle just by filling out the survey 😱 surveymonkey.com/r/WBRQLGX

You've found a GraphQL target... But you don't have much time to test your target for every vulnerability... 😴 Here are 4 tools you can easily use to find over 5+ vulnerabilities in GraphQL APIs! 🤑 A thread! 👇

I want to talk about a simple but effective method to narrow down your scope, sometimes it helps to think simple. waybackurls --dates domain(.)com | grep '?id=' Payload : if(now()=sysdate(),SLEEP(8),0) #BugBounty #BugBountyTips Intigriti

x.com/i/article/1799…

In April I reported two bugs to Sei. One that would’ve compromised their $SEI token and another that would’ve halted block production on their network. Both were caught just before the vulnerable code was shipped to production. Details: usmannkhan.com/bug%20reports/…

Here’s a thread about a bug I discovered in the Sovryn | DeFi for Bitcoin codebase and submitted on Immunefi. The issue was swiftly addressed, and I was awarded $15k by the project. A detailed thread on the thought process that led to the bug’s discovery.

[ ZOOMER ] US GOV MOVES $2B IN SILK ROAD COINS: ONCHAIN

I just Published - A Comprehensive Guide to Manually Hunting SQL Injection in MSSQL, MySQL, Oracle, and NoSQL (MongoDB) - nav1n0x.gitbook.io/a-guide-to-man… I tried to explain everything I could. Let me know your opinion and suggestions, if any. I will keep updating the article whenever I

Researchers have asked for greater transparency in past Reports, so that's what we're giving you today. 😄 You can now filter reports by Severity Level and Report Type here: reports.immunefi.com May this improvement earn you many bounties 🫡

🌙 Ramadan Kareem! 🌙 Celebrate the spirit of giving with our special Ramadan giveaway! Win a RedotPay physical card or $100 USDⓈ! To enter: ✅ Follow RedotPay official account ✅ Share this post ✅ Tag 3 friends in replies & ask them to open a new RedotPay account( accounts

git.distrust.co/milksad/data

beincrypto.com/bitcoin-wallet…