Want to find 'cosmic brain' bugs, just like @0xACB and Sam Curry? 🤯 Use the following 'invisible' ranges in your payloads 👇#BugBountyTip 💥0x00 ➡️0x2F 💥0x3A ➡️0x40 💥0x5B ➡️0x60 💥0x7B ➡️0xFF

Slides for "Attacking Secondary Contexts in Web Applications" - docs.google.com/presentation/d…

I review JavaScript manually. Here are some videos by bounty hunters that should give you an idea to approaching targets with heavy JavaScript. Stok youtu.be/FTeE3OrTNoA TomNomNom youtu.be/FFGQ9TRYL6Q Filedescriptor youtu.be/Y1S5s3FmFsI #bugbountytips

I hacked a gaming company this year. Here's how I did it:

🔥1 year ago, I discovered a vulnerability in Facebook (now Meta) that earned me a $5.5k reward! 🎉 It all started with an exposed Swagger UI, which led to an escalation to SSRF (and almost RCE) Here's the story: (1/6) #BugBounty #Security

I've made over 100k on SSRF vulnerabilities. They aren't always as simple as pointing it at localhost or AWS Metadata service. Here are some tricks I've picked up over the past 5 years of web app testing:

I've made $500k+ from SSRF vulnerabilities. Here are my tricks:

Madeline Eckert Madeline Eckert, Sr. Program Manager, MSRC, joins the Azure Security Podcast with Sarah Young Sarah Young and Michael Howard to talk about the Microsoft Bug Bounty & Microsoft MVR programs. Tune in on Spotify: msft.it/601297N5n

🎉 Celebrating 10 years of impactful research! Watch our exclusive interview with Philippe Harewood, a researcher in Meta Bug Bounty, who has significantly contributed to the security and privacy of our platforms with over 500 impactful findings. Check it out: youtu.be/_Jmscy9Vh8g

I spent 3 days on trying to exploit an SSRF. And still FAILED. The Payloads were getting blocked. Started digging a bit and realised there's a TON of bypasses and workarounds out there than I thought: - Simple Headers can sometimes do wonders: X-Forwarded-For, etc. - URL

Leaking the phone number of any Google user brutecat.com/articles/leaki…

Had a great time presenting at REcon this weekend - always amazing meeting everyone and sharing research 🙌 For those that missed the conference, or just want to review my WhatsApp work, feel free to read the slides here & hmu if you have questions! docs.google.com/presentation/d…

Just published my first blog post "Cache Deception + CSPT: Turning Non Impactful Findings into Account Takeover" You can read the full write-up here: zere.es/posts/cache-de…

New Research by siunam! - lab.ctbb.show/research/crlf-… CRLF Injection → Nested Response Splitting (CSP gadget). Inject \r\n\r\n in headers to push HTML into the body and bypass script-src 'self'.

A few months ago, Harsh Jaiswal and I gave a talk, sharing the slides here in case they’re helpful to anyone.

Find the full article here ⤵️ yeswehack.com/learn-bug-boun…

buganizer.cc/hacking-gemini…