#bug-bounty-tips — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #bug-bounty-tips, aggregated by home.social.
-
I think this all + additional information which will be provided for free is something that every #cybersecurity #infosec #DevSecops #devops #CVE #linux #python expert needs including #journalists #bugbountytips #syadmin needs. More detailed info, free https://www.valtersit.com
-
I think this all + additional information which will be provided for free is something that every #cybersecurity #infosec #DevSecops #devops #CVE #linux #python expert needs including #journalists #bugbountytips #syadmin needs. More detailed info, free https://www.valtersit.com
-
$148,337 #BugBounty paid by Google to a researcher (@brutecat) who found debug endpoints on Google Cloud allowing to configure privileged workflows leading to full #RCE in Google Cloud production (CVE-2026-2031)
#CloudSecurity #BugBountyTips
👇
https://brutecat.com/articles/google-cloud-rce/ -
$148,337 #BugBounty paid by Google to a researcher (@brutecat) who found debug endpoints on Google Cloud allowing to configure privileged workflows leading to full #RCE in Google Cloud production (CVE-2026-2031)
#CloudSecurity #BugBountyTips
👇
https://brutecat.com/articles/google-cloud-rce/ -
#Antgravity - an AI code editor from Google that has access to your entire codebase and terminal had a Remote Code Execution (#RCE) vulnerability - a great find and write-up by @HacktronAI earning them $10k #BugBounty!
#BugBountyTips
👇 -
#Antgravity - an AI code editor from Google that has access to your entire codebase and terminal had a Remote Code Execution (#RCE) vulnerability - a great find and write-up by @HacktronAI earning them $10k #BugBounty!
#BugBountyTips
👇 -
Samuel Cohen's ( @metabugbounty ) presentation at TenguCon 2.0 is now available to watch online!
#TenguCon #InfoSec #tokyo #bugbountytips #Hacking #CyberSecurity -
The Best AI for Ethical Hacking In 2025, most programmers use LLMs to help them write code faster , which got me thinking , which LLM is the best to “ break ” code . The LLMs which will be co...
#bug-bounty-tips #bug-bounty #ai #cybersecurity #bug-bounty-writeup
Origin | Interest | Match -
The payload contains '|/???/\b**\h,' which is meant to confuse WAF rules. Unusual characters are a common evasion tactic.
image by: win3zz
-
 Introducing KeyChecker – a CLI to fingerprint SSH private keys & map them to Git hosting accounts.
We have been talking about this in our classes for a long while, finally automation is present now.
 Blog: https://cyfinoid.com/automating-a-known-weakness-introducing-keychecker/
 PyPI: https://pypi.org/project/keychecker/ -
 Introducing KeyChecker – a CLI to fingerprint SSH private keys & map them to Git hosting accounts.
We have been talking about this in our classes for a long while, finally automation is present now.
 Blog: https://cyfinoid.com/automating-a-known-weakness-introducing-keychecker/
 PyPI: https://pypi.org/project/keychecker/ -
Are you located in the US/EU? Passionate about #appsec? Maybe you follow #bugbountytips or are an avid #ctf player and are ready to take the next step. If so, we're looking for our next #intern, so consider applying today - https://hackers.doyensec.com.
#doyensec #security #internship #bugbounty -
📁🫷🚧Can't control the extension of a file upload, but you want an XSS?
Read more on how we overcame this obstacle to further exploit entire organizations using Fortinet endpoint protection: -
📁🫷🚧Can't control the extension of a file upload, but you want an XSS?
Read more on how we overcame this obstacle to further exploit entire organizations using Fortinet endpoint protection: -
Latest lab write-up. Came out a bit long but very informative.
https://medium.com/@marduk.i.am/blind-sql-injection-with-conditional-responses-46ee90b5f2c0
#BugBounty #bugbountytips #SQL #SQLI #injection #informationsecurity #Portswigger
-
Quickest way to reliably find business logic flaws is to change your mindset:
You're not looking for bugs, you're hunting for assumptions.
Somewhere out there, a dev assumed no one would ever do *that*. So be the first person to do it.
-
Quickest way to reliably find business logic flaws is to change your mindset:
You're not looking for bugs, you're hunting for assumptions.
Somewhere out there, a dev assumed no one would ever do *that*. So be the first person to do it.
-
It's been a while but here is another SQLi lab. Enjoy!
#BugBounty #bugbountytips #SQL #SQLI #injection #informationsecurity #PortswiggerLabs
-
after a lengthy concept review, code review, and QA process, PortSwigger has published the Burp Variables extension to the BApp Store! if you do API testing from Burp, you should look into this productivity extension which allows you to store and reuse variables in your outgoing requests, similar to other API testing clients like Postman and Insomnia. this is a productivity boon because it gives you single place to update ephemeral credential/token values and it helps you keep track of your identifiers & credentials which minimizes false positives. to learn more:
- install the extension from the BApp Store
- see more details at the BApp Store page: https://portswigger.net/bappstore/27f89b068a3045649d4df77a863209c1
- review the source code at the extension's source repo: https://github.com/0xceba/burp_variables#burp #burpsuite #burp_suite #pentesting #pentest #bugbounty #bugbountytips #hacking #cybersecurity #infosec
-
after a lengthy concept review, code review, and QA process, PortSwigger has published the Burp Variables extension to the BApp Store! if you do API testing from Burp, you should look into this productivity extension which allows you to store and reuse variables in your outgoing requests, similar to other API testing clients like Postman and Insomnia. this is a productivity boon because it gives you single place to update ephemeral credential/token values and it helps you keep track of your identifiers & credentials which minimizes false positives. to learn more:
- install the extension from the BApp Store
- see more details at the BApp Store page: https://portswigger.net/bappstore/27f89b068a3045649d4df77a863209c1
- review the source code at the extension's source repo: https://github.com/0xceba/burp_variables#burp #burpsuite #burp_suite #pentesting #pentest #bugbounty #bugbountytips #hacking #cybersecurity #infosec
-
#Google: Google did an Oopsie: a simple IDOR vulnerability allowed access to other users private files by changing the Google Drive file docID parameter - bug worth $3,133.7 #bugbounty
#bugbountytips
👇
https://c2a.github.io/simple-idor-on-google -
#Google: Google did an Oopsie: a simple IDOR vulnerability allowed access to other users private files by changing the Google Drive file docID parameter - bug worth $3,133.7 #bugbounty
#bugbountytips
👇
https://c2a.github.io/simple-idor-on-google -
bird.makeup/users/hackin... Privacy Protection Tools Cheat Sheet 🔴⚫️Full HD Image: t.co/hdGaoiMEqC #infosec #cybersecurity #pentesting #redteam #informationsecurity #CyberSec #networking #networksecurity #infosecurity #cyberattacks #security #linux #cybersecurityawareness #bugbounty #bugbountytips
-
bird.makeup/users/hackin... Privacy Protection Tools Cheat Sheet 🔴⚫️Full HD Image: t.co/hdGaoiMEqC #infosec #cybersecurity #pentesting #redteam #informationsecurity #CyberSec #networking #networksecurity #infosecurity #cyberattacks #security #linux #cybersecurityawareness #bugbounty #bugbountytips
-
Transcription error in a short form video is actually funny.
What's everyone's favorite bug brownie?
-
Transcription error in a short form video is actually funny.
What's everyone's favorite bug brownie?
-
What is an API? What makes them special? And what kind of APIs are out there? #apisecurity #apis #bugbountytips #BugBounty
-
What is an API? What makes them special? And what kind of APIs are out there? #apisecurity #apis #bugbountytips #BugBounty
-
👿Eval Villain update - available now! Recent improvements: #CSPT sink detection, addEventListener sync & needle and copy/paste injection exporting, along with bug fixes & improved usability. Install today!
-
Last in a series of 3 labs. Enjoy
#BugBounty #bugbountytips #SQL #SQLI #injection #informationsecurity #PortswiggerLabs
-
By me @Forbes: Google has taken a new broom to the Chrome browser vulnerability rewards program. Hackers get ready...
https://www.forbes.com/sites/daveywinder/2024/08/28/google-chrome-hackers-offered-new-250000-payday/
-
Hunting #subdomains on a subdomain… 40k #permuations excessive? Maybe.. but I’ll take the 6x increase 📈
#bugbountytips #hackerone -
1001 Pen Test oraz Bug Bounty Tips & Tricks #6 – Korelacja czasowa ważności certyfikatu ( https://nfsec.pl/pentest/6446 ) #pentest #ssl #tls #security #recon #bugbountytips #twittermigration
-
"Lethal #Injection: How We Hacked #Microsoft's Healthcare Chat Bot": great find and write-up by @Yanir_ who exploited path traversal, parameter tampering, #RCE & other #vulnerabilities. Microsoft awarded researchers with $203,000 #BugBounty
#bugbountytipshttps://www.breachproof.net/blog/lethal-injection-how-we-hacked-microsoft-ai-chat-bot