I'm about to start a 20-day bug bounty journey tomorrow on
@Hacker0x01
!
Gonna hunt for extreme Hours daily. Never been this serious before!
wait for the results will surely publish
#BugBounty
#Cybersecurity
My first disclosed report on
@Hacker0x01
IDOR - Delete all Licenses and certifications from users account using CreateOrUpdateHackerCertification GraphQL query
#BugBounty
Found a critical IDOR on
@Hacker0x01
Sandbox.
As the Feature was new, demo data was used.
the report was Informative and in reply, they said "This is how we set sandboxes. Flags get set, one of them giving access to this page and showing demo data" (1)
#bugbounty
Finally Crossed 100 Points
@Bugcrowd
with Severity at 3.94
Happy to work with Bugcrowd and make things Safe.
Next Aim is to get a Bugcrowd Swag, Hope to get it soon with a Lot of Bounties .
(1/2)
Tired of Duplicate on Long String DoS on the web apps?
Try this < Apply the Long String using the web app and open the same stuff in Android App. The app will crash always or will lag if vulnerable.
#BugBounty
#bugbountytips
Because of
@Hacker0x01
slow triaged I am suffering.
New featured was introduced and I found a bug in it but before the triager can reproduce it , they took the feature down thus making it a NA according to triager.
Is this case normal.
@PentesterLab
Essential badge 😍.... I just got the pro account yesterday and I am already in love with the way you guys teach there and those exercises..... Everything is top notch.... <3
a person below 3k reputation or 4.0 signal cannot comment on a closed report.
But can create a mediation which will increase the supports work which is already slow by leaps and bounds. People will be creating more mediation now. How are you tackling this
@Hacker0x01
@jobertabma
@Hacker0x01
is definitely one of the best programs I have hunted. They are not rigid like others and always ready to listen and correct if anything is wrong . I didn't create any support tickets , spam the report section or tagged Hackerone's staff on Twitter .❤️
A huge thank you to
@HarshDRanjan1
for patience relating to report . Severity went Medium -> High; bounty raised. Good programs will re-evaluate reports with rational arguments. Hackers, thanks for the CVSS "Privileges Required" feedback. Action underway.
@theXSSrat
If you need to understand the Life read "Bhagwat Gita" You will get all the answer regarding life, I prefer this over everything because it's not a Holy book it's the Life and any one can read this regardless of there religion and see the magic.
Hey folks,
Here is a Great video on Dos & DDoS by
@codingo_
Do not repeat my mistakes at
@Bugcrowd
but remember if the program has Out-of-scope Denial of Service.
1. Do not report a DDoS using wp-cron.php
2. Do not report Pixel flood attack
(1/2)
I find DOS to be very misunderstood. Let's talk about why, and what goes into an impactful DOS that matters within a bug bounty program. 👉
#bugcrowdtipjar
#bugbountytips
Programs are all Mighty.
Above everything , even if they scam you or being unfair, You cannot go against them.
The middleman may try to convince the client but won’t fight for you and that’s the truth of
#bugbounty
Learning Xss from Scratch , If you have any lab suggestions or Resources please do mention it below. I will add all my resources and labs here while I will learn in these coming days.
#bugbounty
#xss
@Cyber_Ritik
@Bugcrowd
@ADITYASHENDE17
Review your hacking methodology bro , you trying to win the game with luck and it’s dangerous. Congratulations for the first bounty, hard works always pays
(2/2)
what worked for me?
The program was having a chat feature, so I just send the long string in the chat but nothing happened in the web app but when I checked the Android app, the App stoped working and was awarded a p2 <3
let me know if this is a Duplicate tips 😂😂
I've made over 100k on SSRF vulnerabilities.
They aren't always as simple as pointing it at localhost or AWS Metadata service.
Here are some tricks I've picked up over the past 5 years of web app testing:
Happy Birthday to my partner-in-crime and work buddy! 🎉 From deadlines to caffeine-fueled brainstorms, we’ve tackled it all together. Here’s to more epic projects and unforgettable office shenanigans! 😜🎂
@errorsec_
May your day be full of happiness and a great life ahead.
I'm thrilled to announce "Listen to the whispers: web timing attacks that actually work" will premiere at Black Hat USA!
After nine months of running bulk timing attacks on thousands of live sites, I've got a lot to share :D
#BHUSA
@BlackHatEvents
Stop doing this and Try to contact the support, which is available on the right bottom side of the web app
@Bugcrowd
or Email them.
Posting this because a lot of people suggested me to do this.
@codingo_
A few months ago
@Hacker0x01
’s AI hack agent was capable to find basic vulnerabilities and thus solve the first few Hacker101 CTFs. Soon it’ll be able to solve all of them. Perhaps we should launch a leaderboard of developers that build AI agents that can solve the CTFs the
Worst Identity verification by
@Bugcrowd
🥲 can't match my face with my Identity Card so can't get verified for lifetime I guess. Same was accepted by other platform 🙂
Dear Scammer, (
@FalgunR
@cyberoctet
,
@cehvikas
)
I request You To Don't Use My Bounty Screen Shot and Name. Otherwise
( Ye last warning ⚠️ hain nhi to phir Name search krne per Sb se phele scammer wala article aayega tmsbka Google per )
#bugbounty
#BugbountyTips
we hackers only have access to Sandbox features and this really kills our time and is frustrating. please improve this and update the sandbox.
Multiple of my reports got closed as Informative because it was on Sandbox.
(2)
ATTENTION all India based researchers !!!!
Seems like
@Hacker0x01
payment partner[
@Currencycloud
] is no longer processing INR local & SWIFT (USD) payouts to India as per this post -
Kindly update your payout preference in
@Hacker0x01