Ashutosh
@0xmarvelmaniac
Followers
1,100
Following
193
Media
13
Statuses
471
Explore trending content on Musk Viewer
#JACKANDJOKEREP5
• 477596 Tweets
Florida
• 470021 Tweets
BTS BTS BTS
• 468124 Tweets
EP5 U STEAL MY HEART
• 426500 Tweets
Hurricane Milton
• 310882 Tweets
Call Her Daddy
• 164572 Tweets
Chilpancingo
• 162640 Tweets
BTS PAVED THE WAY
• 114269 Tweets
Category 5
• 72510 Tweets
Rigathi Gachagua
• 54623 Tweets
Cat 5
• 50581 Tweets
世界さん
• 40185 Tweets
ランクイン
• 31040 Tweets
Floridians
• 24060 Tweets
NAISSANCE OF YUNJIN
• 21087 Tweets
Gazze365GündürDireniyor
• 19799 Tweets
Andrés Iniesta
• 16271 Tweets
Alien Isolation
• 16241 Tweets
Yucatán
• 15565 Tweets
Riggy G
• 14420 Tweets
Johan Neeskens
• 14330 Tweets
Kibaki
• 10994 Tweets
BABYMONSTER DRIP SOON
• 10021 Tweets
Pinned Tweet
Just got the UK visa! Will be attending
#h10131
in-person at Edinburgh, Scotland! So excited to meet the amazing hackers and see their work live!!! Thanks for the invite
@Hacker0x01
7
1
80
Yay,
@0xcharan
@0xdln
and I earned a total of $24,000 on
@Hacker0x01
for submitting 8 SQL injection issues to a private program!
Few SQLis were found by burp scan😅and we had to create a custom burp extension to find the rest on the program.
WriteUp soon!
#TogetherWeHitHarder
23
19
349
Yay I found a critical on Reddit and got my highest bounty so far in 2 years :)
#BugBounty
#Bounty
#togetherwehitharder
21
3
248
Finally received my 100th bounty on
@Hacker0x01
! My current bounty average to date is $924.96 :)
#bugbounty
#bugcrowd
#hackerone
14
2
114
Stats of the issues submitted and the respective bounties:
1 x critical = $3k
2 x high = 2 x $1.5k
2 x medium = 2 x $500
#BugBounty
#hacking
#bounty
Yay, Me and
@0xmarvelmaniac
earned $7000 in just one week by collaborating on a private program at
@HackerOne
#TogetherWeHitHarder
10
3
96
7
2
67
I have disclosed an IDOR report submitted to Linkedin on
@Hacker0x01
. The bounty paid was $2500 which is a good amount I do agree but according to their bounty table it is the lowest high severity bounty they pay. The CVSS score of the issue was 8.2 :)
1
7
44
3
5
59
I have finally crossed 2000 reputation points on
@Hacker0x01
#TogetherWeHitHarder
#BugBounty
#hacker
4
2
51
5
0
51
Making your first $100k is tough. After that making your first $1M is tough I guess.
#BugBounty
0
0
41
Hi everyone ! I wrote about this old finding of mine on medium. It was an interesting find and my first critical bug :) Do give it a read 😄
1
3
38
Hacking on a single program for a long time is great for bounties but not so great for fast reputation gains. Agree or Disagree ?🤔
3
1
19
Hey folks! I wrote about a recent finding of mine - Reflected Xss. It was a very peculiar xss and had to bypass lots weird checks to takeover accounts. I hope you find it interesting:
0
5
18
I've been getting constant vdp invites nowadays. It's actually fun writing reject invite feedbacks like - "Sorry I don't work for free..." or "It's concerning to see being asked for free labour like this..." or "Oh so the folks managing this program work for free? Sorry..." 😂
1
0
15
Chasing leaderboards is the most annoying thing to do in hacking honestly. Once you start on this journey you can't back off easily 😮💨
2
0
14
Happy New Year in advance! Wishing everyone joy, good health, success, and prosperity in the coming year!
My 2023 year highlights and achievements in Bug Bounties -
2
0
13
@galnagli
In today's world I don't think it's fair for any company to expect free labour from the people. It's really concerning seeing how big companies shamelessly launches vdps on bug bounty platforms.
0
0
13
Apparently there is a limit to how much you can loose but there is no limit to how much you can gain. It is too easy to get super overwhelmed with the gains and loose track of how much you actually need to gain.
0
1
9
Finally crossed 1000 reputation points on
@Hacker0x01
A small personal achievement worth sharing : )
#TogetherWeHitHarder
2
0
10
Explained everything to the program triager regarding why the issue is a high not medium and in the end I get a reply saying they will keep it medium because they feel like it's medium.
Just fuck CVSS3.0 or the impact hacker is showing right?
1
0
7
Personally speaking I don't think the bounty paid justifies the severity score of the report( which again was calculated by an internal team member only). The feature that was compromised is a core feature of linkedin and many users use it to provide/receive services.
#BugBounty
1
1
7
bug bounty is not fun when teams just do whatever the hell they want...
2
0
7
India should take Cyber Sec seriously. Almost 99% of the companies and gov sites have crazy simple exploitable Crits and god knows how many times they got hacked and the citizens' data was dumped and sold in the black market. Cyber security scene in India is horrible seriously
2
0
6
All is well until a program analyst lowers the severity of a good impact issue without any explanation and it's the weekend time + holidays season🤡
2
0
6
@Hammad7361
@Hacker0x01
@bug_vs_me
There can be one of these two things happening here - 1) this was a mistake and they need to correct it and triage your report 2) triager mentioned the wrong report ID in the comment. Talk it through they'll understand and respond. Good luck 🤞
0
0
0
@noob_labs
@0xcharan
@0xdln
@Hacker0x01
php...no sqli was not everywhere. Out of say 30-45 endpoints we found it on 8, that too on specific parameters. Not all parameters were vulnerable
0
0
2
@Abhishe11755518
@Marvel_India
lol it was in comics that way . Except for jane who lifted the hammer? But yeah I agree that there was unnecessary comedy in the movie and the story wasn't that great . But it didn't have much impact impact in mcu as a whole so we can think of this movie as a casual thor movie :)
1
0
5
1
0
4
@dccybersec
@Bugcrowd
@intigriti
@Hacker0x01
I have accounts on all three but have been hacking on hackerone for a while now : )
1
0
4
@harris0ft
@Hacker0x01
reputation milestone or live hacking event swag ??? If rep milestone then how much rep needed??
2
0
4
Hey
@k4k4r07
, I would really like to have a small chat regarding a private program we both are in . Mind checking my twitter dm : )
Sorry for the unexpected mention , I assure you there will be no annoying questions just a 2-3 min chat should do : )
2
0
3
@hetmehtaa
People who know cyber security for real should get paid at least above 12LPA( in India). And for those you fake it on social media and resume should get paid nothing IMO( they just set a bad example of the hard working people in the cyber security industry)
1
0
4
@Ishansharma7390
Failure comes more often than success and its totally okay and we should know how to deal with them. That was never taught in schools, infact it was more like if you fail you are committing a crime.
0
0
3
@eagle_0408
@0xcharan
@0xdln
@Hacker0x01
We used simply SQLi detection techniques and implemented those technique in the custom extension too to find the rest. Burp Scanner generates too much traffic and it was missing some endpoints initially.
1
0
3
confidence < over-confidence < Adipurush < VDPs run by multi-billion dollar companies
💩
0
0
4
I don't understand the concept of assigning stored xss bugs (with no user interaction) leading to straight account takeover MEDIUM SEVERITY !!
JUST WHY ??
#bugbounties
1
0
4
I wrote a mini blog with 4 basic points on how to find
#securitybugs
more often in live targets or mainly what is the correct approch (from what I have learnt so far in my bug bounty journey) . Its a 3-4 mins read : )
#bugbountytips
#bugbounty
1
0
4
@shakti_sec
@0xcharan
@0xdln
@Hacker0x01
luckily no wafs were present when we found these issues. After reporting these findings program implemented waf 😂
2
0
4
@SuyashS91823422
@0xcharan
@0xdln
@Hacker0x01
I personally don't rely much on burp scanner. However in this case burp's initial discovery helped us find the rest sqlis in this target. Basically if you system has a lot of ram( >16 gb) then it will not hang but it could harm a production site in many ways too. Be careful!
1
0
3
@AkashHamal0x01
People want everything to be served to them on a golden plate. They never google basic stuff and ask basic things. Because of this trend many companies/people scam them easily by providing the basic things already available for free in a sweet subscription model or course lol
0
0
3
@0xTib3rius
@0xLupin
@alicanact60
physical address of a customer is considered PII and the hacker was able to disclose them at scale by iterating the id. Confidentiality impact is definitely high if I'm not missing anything and it is definitely a critical issue from bug bounty standpoint. Overall its a critical.
1
0
2
I discovered a github account which has all the answers in it after failing the test twice (couldn't score in top 30%) 👀
0
0
3
@BountyOverflow
If you have an xss and the cookies have samesite attribute *lax* , then you can perform cors attacks and steal sensitive information.
1
0
3
Created a
#LinkedIn
account and took a "cybersecurity" skill test and failed to get a badge twice lmao . I thought I knew these basic theoretical things after doing
#bugbounty
for more than a year and a half but apparently not .
ps: now I need to wait for 6 months to give it .
1
0
3
@ZydTech
@tabaahi_
@rana__khalil
@stokfredrik
@thedawgyg
@ajxchapman
@impratikdabhi
@Farah_Hawaa
@shahrukhiqbal24
I would recommend checking out portswigger xss labs for better understanding of what xss is : )
1
0
2
@Darshan_Cyber
@Bugcrowd
There isn't much impact here tbh. Some programs accept it as low/p4 but mostly platform triagers close it as informative.
1
0
2
@AkashHamal0x01
I have come across cases where the API instantly doesn't show deleted: true but after sometime it does show...probably happens due to refresh delays internally if that's a thing 😅
0
0
2
@HusseiN98D
Do you think going towards freelance pentesting on platforms like h1/cobalt etc. along with bug bounties is a good backup to tackle unpredictability? I'm young(but hardly any responsibilities for now) but the unpredictability always worries me...
2
0
2
Just imagine a country with no borders or military forces. How weak and vulnerable it will be from outside attacks? That's exactly the case with Indian's 99% of IT infrastructure. Very few are taking baby steps but that's not even enough at today's date.
1
0
2
@ott3rly
@0xcharan
@0xdln
@Hacker0x01
Thanks! Check dm once, I want to ask something regarding this.
1
0
2
@0xTib3rius
@0xLupin
@alicanact60
CVSS doesn't cover the impact in all situations. Even HackerOne standards say that disclosure of any form of PII in mass scale is critical -
And here the integrity was also affected. Definitely a critical IMO.
🙌🏻
1
0
2
@renniepak
happens on monthly basis mostly when I am least productive or procrastinate a lot on hacking or learning new stuff
0
0
2
- interested in foreign clients because comparatively they take security way seriously than us and also pays good amounts for reporting them.
1
0
2
literally in a position where if I test any further, I will get banned from the program completely for going against the policy. Pinging the internal team to look into the issue and waiting for it to get triaged ;p
1
0
2
@tabaahi_
Better he could have used the developer tools and write down alert(document.cookie) in the console lol
1
0
1
1
0
1
@bug_vs_me
Send them a poc video of a mobile browser and also add the version of it(mention that its the latest). They'll reopen your report :)
1
0
2
@lohigowda_in
@NotionHQ
Yeah I've noticed they have all these business logic issues but can't report because they have listed it OOS 😂
1
0
2
@bug_vs_me
@imranHudaA
We need this. But this will never happen because programs(run by companies) are the main source of income for h1 I guess
1
0
2
@praveenstatuzz
@h4x0r_dz
@Alra3ees
@GodfatherOrwa
@ADITYASHENDE17
Read reddit's policy page on h1 lol (if its on reddit )
0
0
2
Le Indians: Paying for both 😂
0
0
2
While learning something (from basics/intermediate/advance whatever) never expect that you'll learn it in one day. It involves multiple days, just know that ! Helps you mentain the peace of mind while learning : )
0
1
3
