🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

~Django Admin Panel Pwn

If you missed it, you can watch my presentation on "Diving Deeper Into Subdomain Takeovers & Mitigations" here: youtube.com/watch?v=-vmZOS…

🍾🪩🪅🎉🥳Giveaway time! 🥳🎉🪅🪩🍾 We are going to send a t-shirt and few goodies to one person who follows PentesterLab and likes this tweet !! And we are going to give a 1-year voucher to someone who RT this tweet!

A few months ago, I collaborated with Hussein Daher to find critical vulnerabilities in a bank. It involved finding a 0day in dotCMS. You can read about the discovery and exploitation process here: blog.assetnote.io/2022/05/03/hac…

Search for all leaked keys/secrets using one regex! regex: gist.github.com/h4x0r-dz/be69c… #BugBounty #bugbountytip

I have finally finished one of my many writeups due to the community. In celebration, I will be giving out 3 1-month subscriptions to PrettyRECON. Comment, RT and follow to be considered for the giveaway! #bugbountytips #bugbounty #cybersecurity medium.com/@masonhck357/t…

Finally, my first blog post on an interesting advanced sqlmap use case I found recently through a code audit. Shows how to combine sqlmap options to automate a complex scenario involving a mid-parameter SQLi on an error page. Enjoy! h1pmnh.github.io/post/advanced-…

If you haven't yet seen, this is how we hacked a BIG bank 😱 . With shubs , We were able to gain RCE on more than 100 different subdomains by exploiting a 0day we discovered. Reported through their #bugbounty program. Enjoy the read! blog.assetnote.io/2022/05/03/hac…

Multiple bugs chained to takeover Facebook Accounts which uses Gmail. ( $42k ) ysamm.com/?p=763

Not every research ended with RCEs, but I can promise the bugs (especially the Auth-Bypass) in my #BHUSA talk must be fun and insane! Black Hat

Whitehat satya0x reported a critical vulnerability in wormholecrypto on Feb 24 via Immunefi. The bug was quickly patched, no user funds were affected, and satya0x received a $10 million payout from Wormhole, the largest bounty payout on record. medium.com/immunefi/wormh…

Thread - Confluence Blind OGNL Injection analysis from our limited java knowledge. From vulnerable sink to becoming admin of the confluence instance. #CVE-2022-26134. Tested on latest vulnerable version 7.18.0.

How I found a Critical Bug in Instagram and Got 49500$ Bounty From Facebook Write-up: medium.com/@root.n33r4j/h…

I’ve never done a similar giveaway but got 2 professional passes to Security BSides Ahmedabad 🇮🇳 that I’d love to donate should you be interested in attending and haven’t purchased one yet. Just FOLLOW me and RETWEET this post to participate 🤍

New blog post looking back on my first 2 years in bug bounty, happy to answer questions or comments about the experience here: h1pmnh.github.io/post/2022-sep-…

📢#infosec AMA v2.0 #61 Our next guest for v2.0 is :- ✨✨ Ahsan Khan ✨✨ Ask him about #bugbounty #cybersec or anything else. RT, Like, ask question to win (guest selects the winner) a voucher by PentesterLab Date :- Oct 7

Here are a couple things I always check when looking at a web application: 🧵

I found a vulnerability that allowed me to unlock any Google Pixel phone without knowing the passcode. This may be my most impactful bug so far. Google fixed the issue in the November 5, 2022 security patch. Update your devices! bugs.xdavidhu.me/google/2022/11…

New blog post outlining a fun phishing technique to look out for! medium.com/@cachemoney/ex…

3 months ago, I took the challenge to take over one of the most hardened bug bounty programs ever. 30 days later, ranked top 1 within the rules and exited. Since then, I still have the crown. Sharing a couple mental tips ⏬️