Another triage on a public program 🫰 #bugbounty #hackerone

In April, I submitted 4 vulnerabilities to 3 programs on HackerOne. #TogetherWeHitHarder hackerone.com/last-month

I Just Found a Critical Privilege Escalation That Leads to Workspace Takeover From the Owner Hope It will Not be a Duplicate 🫠 #BugBounty

If i found a pdf that contains Customer name , Full address and his Flight details Is this considered as Sensitive data exposure and the program will accept it ? #hackerone #bugbounty #bugcrowd

I earned $$$ for my submission on @bugcrowd #ItTakesACrowd #BugBounty Writeup soon ...🔥

I just published How I Discovered Authentication Bypass That Blocks Users from Accessing the Website ? Check it now 🔥🔥 link.medium.com/x3FfaaKwWKb #bugbountytips #BugBounty

How I Got Easy Account Take Over ? 1- I went to web.archive.org 2. Put the domain i have and search for urls 3. Type in the filter ( %40 ) and search 4. I got a lot of urls that have a parameter leaks the email and password of the users #BugBounty #bugbountytips

Nice try ..😮‍💨 #BugBounty #bugcrowd

3rd p2 Duplicate in the same week... 💀💀 #BugBounty #bugcrowd

- Replace the id in the delete request and send it >> 500 internal server error - Check the victim's account , and the content has been deleted - Don't rely on the status code or the response 🧐 #BugBounty #bugcrowd

It’s been a while since I last posted any write-ups. I felt there was value in focusing on manual testing for IDOR and Access Control bugs, so I quickly put this one together. #bugbounty #bugbountytips c0nqr0r.medium.com/idor-and-broke…

I'm excited to share a recent business logic vulnerability I discovered in a public bug bounty program. Here is the writeup : sayedv2.medium.com/business-logic… #bugbounty #cybersecurity

الحلقة الرابعه مع Souhaib Naceri H4x0r.DZ 🇰🇵 واتكلمنا فيها عن حاجات كتير وتجربتة في الوصول لـ LHE بتاع هاكرون وفيه نصايح جداً مهمة لتطوير مستواك، وحاجات تانية كتير تقدر تشوفها من هنا : youtu.be/uuxACNbB6Zk #BugBounty

I just published a write-up on how I bypassed team member limits on a bug bounty program by exploiting two race conditions! 💥 Writeup link : sayedv2.medium.com/double-race-co… #BugBounty #bugbountytips

Is this normal ? I can do unauthorized actions even after being logged out and the request is valid for 24 hours before the token expiration. And this is their response after the report being triaged from bug crowd staff and they marked this as NA . bugcrowd #bugbounty

Now i can sleep ... #BugBounty

GraphQL Penetration Testing Guide & Common Attacks deepstrike.io/blog/graphql-a… #penetration_testing #BugBounty

Happy to keep Meta platforms secure by finding and reporting a 2FA bypass vulnerability #Meta #BugBounty

A few shots from our latest HackerOne Egypt 🇪🇬 Club meetup! Amazing turnout, great hacking sessions, career discussions, and tons of knowledge sharing. Thanks to everyone who showed up!