« Wow you’re a hacker?! You must be so smart! » Me, switching ?id=1 to ?id=2 for a living:

Hilarious, I found a bypass 2 minutes after they "resolved" the issue. #bugbounty #bugbountytip #bugbountytips #infosec #bbp

I was awarded $1500 for an xss, then the program marks that as resolved, then I found a bypass but they just pay me $300 . What is the point of find bypasses? Do you know why is that "regression" thing? #bugbounty #bugbountytip #bugbountytips #infosec #bbp

I finally found where in the program brief says that bypasses will be rewarded with just %20 of the initial bounty, search for "flowchart" in programs to avoid surprises XP #bugbounty #bugbountytip #bugbountytips #infosec #bbp #CyberSecurity

Wild YouTube email leak exploit chain by skull 🔥 Gaia ID leak via /get_item_context_menu -> Map GAIA ID to email via Pixel Recorder API (WriteShareList endpoint). Also, cool evasive trick via long title to finish off. $10k #bugbounty. #bugbountytips #cybersecurity

It's recently started and I have 6 duplicates and milky way is out of scope. #BugBounty #Memes

this is how machine learning actually works (gradient descent with bad starting parameters)

There is an endpoint which has /from path, if you change the path to /nonexistent, the request delays for a minute and returns 504 gateway timeout, question: What is happening in the backend? #bugbounty #bugbountytips

Some server expects parameterA to be a list with strings, if one string contains $(whatever) it returns 500, but if we add an space it returns 200 also: $any(1) -> 500 $("") -> 500 $(\u000a) -> 200 $( -> 200 anyhting -> 200 What is happening here? #BugBounty #hacking #infosec

And sooner or later as you progress you understand that the days when something looks promising are good days in themselves. First rule of exploit club: we don't talk about the days where you hop functions one by one and can't generate a single valuable idea about them.