XSS with no parenthesis 🔥 Thanks to Justin Gardner for sending me this target with a really weird filter. It was a fun challenge 🤟 Btw I'm not the one that discovered the use of instanceof for XSS ;) #bugbountytips

Good morning! I've been using this payload for over a year to discover XSS via open redirect vulnerabilities that bypass WAF. It works great: :DD Payload: javascript%3avar{a%3aonerror}%3d{a%3aalert}%3bthrow%2520document.cookie #BugBounty #bugbountytips #bugbountytip

If you found /actuator/jolokia/ endpoint in your target you can escalate it to LFI POC: https://target[.]com/actuator/jolokia/exec/com.sun.management:type=DiagnosticCommand/compilerDirectivesAdd/!/etc!/passwd

we earned $20,000 for Our submission on @bugcrowd Tuan Anh Nguyen⚡️ 🇻🇳 Godfather Orwa 🇯🇴 It's nice to work with you guys :) #Tip: Always check `viewstate` In Asp. Net More Info : notsosecure.com/exploiting-vie… bugcrowd.com/hackerx007 #ItTakesACrowd

It’s been tough being on social media the past couple of days. My own family, like thousands of Palestinians, was ethnically cleansed by Israel 75 years ago, and was denied the right of return to Palestine. For 75 years, Israel has forcibly displaced entire Palestinian

I’ve published the slides for my Security BSides Ahmedabad closing keynote: bit.ly/pwning-cloud-c… In this talk, I shared: “Lateral movement brute forcing” — a new technique that I covered and used against different targets to go, eg. From a limited GitHub token to achieve multi-lateral

مات الطبيب و المسعف و الجريح كل ذنبك يا فلسطين انك جميله كسيدنا يوسف و العالم خانك مثل اخوته

301party.com: the intentionally open redirect #bugbountytip

ISRAEL BREAKS INTERNATIONAL LAW

Most people believe SQL injections are in the past. They say it's hard to find them. The main issue is the use of automated tools like SQLMap. I'll go through the reasons in this thread so you can give your opinions.

Unexpected! 😂 But worth it! Add this 'database.create.json' in your wordlist. #BugBounty #bugbountytips

Still haven't found your first SSRF vulnerability? Or only found a useless blind SSRF somewhere but couldn't get to escalate it? You're probably looking at the wrong place... Here, a mega-thread on Server-Side Request Forgeries (SSRF) vulnerabilities👇️

you found Jfrog URL and you get 403 / 401 ? try to add /ui/repos/tree/General mabye you get lucky and found nuget / other compile customer source code :)

Check out my playlist: Road To Ethical Hacking youtube.com/playlist?list=… via YouTube

TanmayLP If you are running automated scanners. This is about 95-98% of the things that are missed. Also, if you want to make a name for yourself in BB or web app pentest world. Get really good at these.

Bypass Reset Password Code Lead to Account Takeover hackerone.com/reports/2383052 GitHub python script github.com/Lu3ky13/Bypass… #bugbountytips #bugbounty

This Writeup exaplains how we got ATO from Android Application medium.com/@ahmedelmorsy3… #BugBounty #bugbountytip #cybersecuritytips #hackerone

🚨 I am giving away 1 seat each of our June Red team (CRTP) and Azure (CARTP) bootcamps. 🚨 Repost, like and reply to this tweet to participate. I will announce the winners on Monday (27th May). alteredsecurity.com/bootcamps #redteam #pentest #giveaway

Configuring Android Emulator with Burp Suite owlhacku.com/configuring-an…

🚨 KNOXSS GIVEAWAY July 2025 ✅ Follow us ✅ Like and share this 🎁 Prize: KNOXSS Pro for 1 Month 🏆 Results: July 7th (3 winners) Want to find some vulns? Get one of our plans and test for #XSS consistently. Sign up now! 😀 knoxss.pro #BugBounty #PenTesting