65+ million customers PII exposed, including passwords in *plaintext* Probably I will write about this if I'm allowed to. keywords: path traversal - secondary context - error message

John The Ripper - I have just completed this room! Check it out: tryhackme.com/room/johntheri… #tryhackme #passwordcracking #john #hash #johntheripper0 via #CyberSecurity

I love information disclousre :) #CyberSecurity

Intro to IR and IM Room, easy and good tryhackme.com/r/room/introto… #CyberSecurity #tryhackme

And the next room :) #CyberSecurity #tryhackme tryhackme.com/r/room/openvpn

How many bugs can you find in this? 🪲🔍

Was able to escalate this to a 0 click!! Glory to God, I was awarded $20,000 for my report on HackerOne . Would do a writeup soon. Never give up fellow noobs💪🏾 #BugBounty #hackerone

#BugBounty Tip of the week: Resource: Check out tinyxss.terjanq.me for a collection of concise XSS payloads tailored for various contexts. Perfect for testing environments with specific feature allowances Enhance your XSS testing strategy! #CyberSecurity #XSS

#BugBounty Tip of the Week: Don't forget about API endpoints! Regularly scan for exposed endpoints and try sending unexpected data types in API calls (e.g., pass an object where a string is expected). Always validate and sanitize inputs rigorously. #APIsecurity #cybersecurity

I completed the Web Security Academy lab: SQL injection UNION attack, finding a column containing text :) #cybersecurity Web Security Academy portswigger.net/web-security/s…

🚀 Celebrating 1000 Days Streak on 🎉 Proud to be in the top 1%! Huge thanks to the TryHackMe community for the constant support and inspiration. Onward and upward! 💻🔒 #Cybersecurity #TryHackMe #1000Days #bugbounty #LifeLongLearning #InfoSec #PenetrationTesting

#BugBounty Tip: Test for IDOR by changing parameter values like user IDs in URLs (/profile?id=123). Accessing different profiles? You’ve found a vulnerability. It’s a simple but effective way to uncover sensitive data exposures! #WebSecurity #BugBountyTips #CyberSecurity

A quick and easy way to find forgotten hosts that are still exposed to the internet is by checking the SSL/TLS certificate! 🤑 Here's how you can filter by expired SSL certificates in Shodan! 👇 org:"<company>" ssl.cert.expired:true #bugbountytips

2025 was good, but 2026 will be much better! tryhackme.com/recapme-2025/P… #tryhackme #hacking via TryHackMe

Took some time, but finally updated my Google Dorks repo. Lots of new dorks added — OpenAI, Kubernetes, cloud, OSINT & more. 👉 github.com/Proviesec/goog… #BugBounty #CyberSec #Hacking

github.com/Proviesec/goog… new Google Dorks for #azure #antropic #slack #firebase and many more. #BugBounty #googledorks #CyberSec

We hacked the AWS JavaScript SDK, a core library powering the entire @AWScloud ecosystem - including the AWS Console itself 🤯 How did we do it? Just two missing characters was all it took. This is the story of #CodeBreach 🧵👇

RCE on Google Cloud, writeup soon! :)

Ask and watch the magic happen 🪄

Most fuzzing is still guesswork. I rebuilt my tool PSFuzz to change that: → understand target first → then fuzz Less noise. More signal. GitHub: github.com/Proviesec/PSFu… Article: medium.com/bugbountywrite… #bugbounty #cybersecurity #websecurity #ai