After 3 months of hacking on Airbnb BBP in
@Hacker0x01
, here are the stats:
- Ranked 10 on the Leaderboard
- Earned 69K in bounties
- Secured Rank 2 for 2024
- Bounties ranged from 2K to 22.5K. Excited for the challenges and rewards in the next 11 months!
2022 was a fantastic year for me! I earned a massive 100K+$ in bounties, including a huge 60K$ from a single program in Q4. I also achieved Rank 1 in Uber bug bounty program and reached the top of the leaderboards, earning Rank 1 on 🇲🇦H1 2022.
#hackerone
#bugbounty
I'm happy to announce that I have achieved a small milestone which is Rank 1 in 🇲🇦 on the Q4 Leaderboard at
@Hacker0x01
1 Target --> 17K$ Bounties and more to come
I finally got some time to make a blog about URL shortners misconfiguration for fun and profit
Feedback is more than welcome
#bugbounty
#infosec
#bugbountytips
Quick tactic for Critical Bug
#bugbountytips
Add '_profiler' in your path `target/_profiler` if 200 OK
Check for `Symfony` in the body if OK
You can see logs and env and database credentials
and any request cookies
#retweet
if you like it :)
#hackerone
#bugcrowd
#bugbounty
Hey Hackers 👋
I have created a small script to automate the workflow mentioned in
by
@m4ll0k
I would love to hear some suggestions to the tools name
#bugbounty
#hackerone
#bugcrowd
N.B: Some of his tools used in the gist are still private
Request smuggling is an amazing bug class! But I barely ever did more than running Request Smuggler. So I've analysed tens of reports and in this video, I'll break down the most common root causes and I'll give you some ideas for future research. Enjoy!
Yo, just wanted to shout out to the world that I'm now the top dog in Uber's Bug Bounty program for 2022. Big ups to the team at Uber for giving me the opportunity to flex my skills and keep their platform safe. Ain't no stopping me now!
#1
#BugBounty
#Uber
Hey hackers 👋
Celebrating 1K followers I just published another write-up of one of my findings showing the power of Waybackurls by the legend
@TomNomNom
Check it out here
#bugbountytips
@Hacker0x01
Thrilled to secure the
#1
spot on HackerOne's Moroccan leaderboard! 🏆 Reflecting on a year of hard work and fun challenges. Hats off to the formidable competition,
@Yukusawa18
,
@Yassineaboukir
&
@wld_basha
. Grateful for the learning and growth. Here's to more exciting bugs! 🚀
🏆 Delighted to announce reaching a major milestone: $100K in Uber bounties! 🚀 It's been a year-long journey of persistence and dedication. 🙌 Securing rank 1 in 2022/23, along with a solid 4th position on the Uber overall leaderboard, fills me with immense pride.
#BugBounty
Spent 3 hours diving into Admin GraphQL queries on a bug bounty mission, crafting them for a regular user. Encountered null responses, initially thinking they were non-functional. Plot twist: I was wrong! Always double-check. 👀🔍
How to get good at infosec / bug bounty & pentest ?
- Simply get your
@PentesterLab
- Do badge's and Note what you learned
- Add the learning to your To-Do list when Hacking
- You will definitely improve
Kudos to
@snyff
<3
#bugbountytips
#Pentesting
Happy to be selected as HackerOne ambassador representing Morocco 🇲🇦 alongside
@OriginalSicksec
We'll also be recruiting for Ambassador World Cup (AWC) 2024 soon, so let us know if you're interested. In the meantime, we invite all fellow Moroccan hackers to sign up for our club
Exciting news! 🎉 We're setting up a Discord server exclusively for the
@Hacker0x01
community in the Morocco region. Join us to unleash your cybersecurity skills
- Send DM for more info
- Comment if you want opt-out
- Retweet for reach
Spent 3 hours diving into Admin GraphQL queries on a bug bounty mission, crafting them for a regular user. Encountered null responses, initially thinking they were non-functional. Plot twist: I was wrong! Always double-check. 👀🔍
Yay, I was awarded a $250 bounty on
@Hacker0x01
!
#TogetherWeHitHarder
Bruteforce subs -> found a 302 in /admin -> tested credentials (admin|admin) -> got in
Bounty is low since the panel is for testing not prod
Just put in a relentless 3-hour hustle into GraphQL like an absolute boss, sculpting a 566-line masterpiece Query with fragments nested 3 levels deep. 💻 All in the name of a Bug Bounty mission - and guess what? Mission accomplished, we've got PII for any order/user! 🔍🏆
Just remember whenever you use a public bb tool that helps you tremendously in your tasks and in a daily basis, make sure to give back to the creator/owner to help and encourage them to create more and dedicate more time into them
#bugbountytools
I think I'm gonna wait 30 days after the log4j release,
just to give time to developers to fix and be sure that I will get a bounty for it, instead of scanning the whole internet and causing damage :)
Exciting news! To commemorate the introduction of
@OvercastASM
, The innovative Attack Surface tool designed for bbh and pentesters, we're offering 3 premium
@PentesterLab
- Sign up at
- Like & Retweet
- Follow
@OvercastASM
for announcement of winners.
Excited to hit that follow button for h1_analyst_bernard on Twitter [Link me]
🚀! This triager is setting some serious goals:
🔥 Lightning-fast triage skills
💡 Nailing those CVSS updates with crystal-clear explanations
👔 Always bringing the utmost professionalism and
First time
I reported a potential issue that can cause problem and it was triaged and the team understood the potential risk
and working on a fix
#hackerone
#BugBounty
Hey 👋 Twitter
My friend has some serious health issues and I helped her setup a
#GoFundMe
Page
If you can help or re-tweet will be much appreciated
Here's her story <Her own words>
#fundraising
#charity
#dogood