7 Free Practice Labs to Master GraphQL Attacks 🧵

Want to find more vulnerabilities using BurpSuite match & replace rules? 🤑 Open this thread! 🧵 👇

A Comprehensive Guide for Pentesting Grafana rootxsushant.medium.com/a-comprehensiv…

Tips & Tricks for Information Disclosure youtu.be/ODhLUi24DxQ?si… via YouTube

Ending the year with a duplicate. Let's hope for more triages and exciting findings in 2025! 💪✨

If your target uses Rails, look for Action View CVE-2019-5418 - File Content Disclosure vuln. Although this is an old bug, it can still be found. Intercept the request in Burp and replace the Accept header with: `Accept: ../../../../../../../../../../etc/passwd{{` #bugbountytips

While hunting on one of the targets, I came across a cool way to access documents inside target's internal portal. Here's the writeup: #bugbountytips #BugBounty #CyberSecurity #togetherwehitharder medium.com/@cyberpro151/a…

It's been 1000+ hours into bug bounties since the day I started. Hunting: 1002 hrs Cyberstudy: 363 hrs Days worked: 271 days Here's the top 59 lessons/advice/learning I've been giving myself since day one that have helped me reach where I am today (a thread 1/60): #BugBounty

Another day, another 403 bypassed Straight into the Django admin panel Might drop a write-up this weekend Stay tune ⚡️ #bugbounty x #pentest

Found a critical vulnerability in a leaked Docker Hub image exposing private keys, scoring a $500 bounty! Tip: Automate your searches with DockerSpy to find sensitive data faster.[github.com/UndeadSec/Dock…] #BugBounty #bugbountytips #cybersecuritytips

🎉 GIVEAWAY TIME! 🎉 I’m giving away "Hacker Plan" of iScan.today to one lucky follower! 🚀 To enter: 1️⃣ Follow me 2️⃣ Like & Reply 3️⃣ Retweet Winner will be announced on 01 March 2025! 🏆 Good luck! 🍀 #bugbountytools #giveaway #iScanToday

no hate but compared to the insane number of HackerOne ambassadors, the concentrated effort is see is only in BLR region. Rest are just lifeless.

Make sure to apply only if you can come to the meetup in Mohali/Chandigarh. March 15- March 21: hack on a dedicated target virtually March 22: Attend the meetup in person, network and collaborate ! Exact meetup venue will be shared soon. Looking forward to meet u all :)

In the first quarter, I spent some time exploring bug bounty but focused more on learning new things, especially in Web3. Still, I managed to submit 23 reports across different programs! Thanks to HackerOne for the opportunities.Let’s see what happens in Q2learning never stops

Take a look at my blog w/ bugcrowd where I talk about RCE and one of the ways it landed me a critical payout! bugcrowd.com/blog/remote-co…

I've often hesitated to participate in public bug bounty programs, mistakenly believing that if a program is public, it's likely already been thoroughly tested and is bug-free. However, I've been proven wrong. Over the past 2 years, I've learned valuable lessons that have

Get ready for our first-ever Live Hacking Meetup in Udaipur! 🎉 Join us in person on April 20 for a day full of hacking. The hacking continues online from April 21–27 virtually. Open to all skill levels — RSVP by April 15 to be part of the action👉 h1.community/events/details…

Are you using Cursor right? For H#cking? It's easy to customize open-source tools now IMO, Just visit github.com/tess-ss/shrewd… download the tool as "Download ZIP", upload it to the cursor, be precise with prompt,s for example: Me: Hey, cursor analyze the code very carefully