Here's why avoiding VDPs makes sense: Same company, two public profiles: VDP & BBP. 🔗 BBP: 🔗 VDP: Reputation points don’t pay bills. Many programs have BBP, but they’re private.

@M7moud_mk99 @Hacker0x01 Congrats, Critical for these 2 files only?!

@h4x0r_dz @elonmusk Any advice for a complete beginner on investing their bounties? Leaving it in the bank doesn’t feel right (no interest, of course).

@OriginalSicksec I don’t quite understand what you mean, but after reporting it to the team, they should verify if it works in production. If it does, then it should be considered a production-level issue.

Does Islam forbid reporting vulnerabilities found through automation to companies in industries like poker, adult content, or alcohol sales? I rarely find these, but am I just losing money without any good deeds? Any thoughts with evidence? #bugbounty

@m19o__ عليه الصلاة والسلام, ربنا يزيدك إيمان وتقوى يا صديقى

RT @Jayesh25_: 🚀 Unspoken Bug Bounty Rules – From many years of failures & experience! 🕵️‍♂️ Got a similar bug across multiple assets but…

@zhero___ @gui_scombatti @Hacker0x01 Congrarts, Allahumma barik! Make sure your DMs are open for non-verified users so people can reach out to you.

Marked as a duplicate to 'internally tracked.' 100% sure this isn’t a duplicate, but there’s nothing I can do. Takeaway: If the company doesn’t want to pay, they won’t. Move on. Bug hunters need lawyers.

@zhero___ Good detailed research, I think I have a few targets, Can't DM you, Can you send a message?

Excellent research! I read it years ago and have always wondered if it’s ever been used in a real-world exploit.

@XavOppa @yeswehack If that's true, share his name and the conversation between you two so others can avoid falling into the same trap. Collaboration is built on trust. May Allah bless you with something better.

I couldn’t stop laughing at this; he used the only real weapon bug hunters have!

I know HackerOne’s triaging has had a lot of mistakes lately, and I've experienced it myself, but this? Seriously! And of course, the mediation has been going on for 3 months with no response, as usual.

@Itx_Shad0w @GodfatherOrwa @XHackerx007 @h4x0r_dz @zack0x01 PM me, I will try to help you

@albinowax Would it be possible to make all submitted articles public, not just the nomination list? This way, others can help catch anything missed, and it could also be a great place for gathering public research, even if some articles aren't nomination-worthy.

@0xAwali Nice, I think param miner does the same with more capabilities

@c3l3si4n Why not make all the data freely accessible? People could benefit from using regex directly, and implementing it online can be a bit challenging.

RT @omooretweets: New productivity hack - I asked Gemini Realtime to watch my screen, and yell at me when I waste time. It gets increasin…