There are no API endpoints in the HTTP traffic, and the target has some defenses against introspection.

So, how can we find the hidden GraphQL endpoint? 🤔

buff.ly/3Wc9rQT

How do you stay focused when doing bug bounty? 🤔🧐

What's your approach to single-page applications? 🤠

What tools have you created that helped you with bug bounty? 🤓😎️

Almost halfway into the Intigriti April challenge 👀

It's a really cool one from a top Microsoft hacker (@kire_devs_hacks), including elements he's come across in real-world bug bounty programs! 💜

challenge-0424.intigriti.io

Happy #NationalPetsDay ! 🎉 Our furry friends are stealing the show today as they hacked their way into our hearts. Share a photo of your pet and tell us how much they helped you along your #hacking journey 🐱🐶 #intigriti #hackwithintigriti

On what feature did you find your very first client-side template injection vulnerability on? 🧐️ 😎️

What are your favorite tools or web extensions for tracking down DOM-based vulnerabilities? 😎

Another quick one this week! In today's Web Security Academy lab, we'll exploit an access control vulnerability by inducing the API to reveal user credentials 😈

buff.ly/3TSqBQm

Do you test for client-side template injections? 🧐️

And do you use any automated tooling for testing CSTI vulnerabilities? 🤠