Open
Redirect
Vulnerability
Found in
Search
Button
🤑
🤏 Payload: <script>window.location="http:"</script>
What are your thoughts | experience on this >>>>>>
Do we often find it tough to locate the right email to report a vulnerability to?
#bug
BUG BOUNTY UPDATE
📍 Public Bug Bounty Programs 🪲
[Domain,Subdomain]
📍 Public Bug Bounty Platforms Around The World
📍 Public Bug Bounty/ Penetration Testing Reports
📍
An open letter to bug bounters 🪲
Here are 5 things to note about Bug Bounty:
1) Bug bounty is hard; I’m not gonna lie. Along the way, you will face a lot of frustrations with programs, triagers, duplicates, imposter syndrome, etc., but eventually, you will get some bugs
A few days ago after announcing the disbursement of the
#CAP
voucher, I decided to reach out to
@TheSecOpsGroup
for those who didn't receive the voucher in line with their career development.
Thank you so much
@TheSecOpsGroup
for considering the request.
#appsec
#cyberodyssey
Tell me why I need to gift you a Burp Suite Pro version as a professional ethical hacker/bug bounter in the comment session **
I'll pick randomly 😜
#burpsuite
#hacker
#pro
#bugbounty
#api
Am glad I showed up today 🌱
Lately though, but happy I did 💪
.
.
.
Long story trimmed short, I have been receiving numerous messages on my message box on how to locate vulnerabilities on websites, get paid, rewarded or how to get started in hunting for bugs (vulnerabilities) on
I wasn't prepared to speak but glad when
@MOBA_CyberSafty
invited me to speak on the topic "Monetize your Cybersecurity Tech and Soft Skills"
My thought on this is to strike a balance when it comes to monetizing our skills
👉Quality relationship matters
After studying those long notes and watching those lengthy videos on Ethical Hacking, SOC, GRC, Penetration Testing, Threat Intelligence, Digital Forensics 👇
WHAT NEXT? 🦅
Some wake up call with
#XSS
leading to 🤖
Payload:
<script>alert('HACKED_BY_SUDO')</script>
P.S: Don't try this if you are not ethical. 🦜 You'll get yourself in trouble and possibly get jailed. 🦜
@openbugbounty
#sudo
#appsec
#pentest
#bug
@_DeejustDee
This salary is trash though
Come to think of it
The least cost of any Cyber Security certification is worth over this salary range
Most organizations are just trusting their infrastructure without care
When goalposts are not set, goals are not scored! Whatever you are not prepared for, you are not ready to obtain.
As we stretch through the remaining months of the year 2024, here are my 5 point agenda goals for you this ember month - starting from September to December 2024:
Logo Design
▫️Brand name: Polygon Network
▫️Sphere: Blockchain Technology
▫️Inspiration: Cryptocurrency
▫️Duration: 3hr+ (On paper to system)
▫️Tool: Corel Draw
@CorelDRAW
Thank you. What do you think 🤔
#logo
#logodesigner
#Crypto
#blockchain
3 critical vulnerabilities found on an E-commerce website ?
As my seasoned culture, I only hunt for Low, Medium and High vulnerabilities and leave the rest for other bug bounters.😋
JavaScript Based Open Redirect - Low
Reflected Xss revealing cookie - High
OTP bypass to account
Some of the reasons why I have less energy to hunt for vulnerabilities on
@Hacker0x01
and
@Bugcrowd
** If a vulnerability is reported without remediation and another researcher reports it, at least the other researcher should be rewarded with a point.
What are your thoughts on
Yeah, that's a great question and I will keep on asking this question, "why wasn't it remediated after the first report ?"
At least, if they can't reward you a bounty, they should rather give you some points, I really don't know why they keep on doing that !
@Hacker0x01
Report that vulnerability As Fast As Possible (AFAP)
Don't sleep on it!
Do a screen record Proof of Concept (POC) if you can't write a proper document report. 🦜
#sudo
#bug
#tips
@Dghost_Ninja
Yeah... same website got Reflected XSS and sensitive data (API key) reveal 😂
I only work on 3 different kinds of vulnerabilities on any webplatforms and allow other bug bounters for collaboration to flex it too 😂😂
It's my win win mindset 👻