home.social

#bug-bounty-tips — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #bug-bounty-tips, aggregated by home.social.

fetched live
  1. I think this all + additional information which will be provided for free is something that every #cybersecurity #infosec #DevSecops #devops #CVE #linux #python expert needs including #journalists #bugbountytips #syadmin needs. More detailed info, free valtersit.com

  2. I think this all + additional information which will be provided for free is something that every #cybersecurity #infosec #DevSecops #devops #CVE #linux #python expert needs including #journalists #bugbountytips #syadmin needs. More detailed info, free valtersit.com

  3. $148,337 #BugBounty paid by Google to a researcher (@brutecat) who found debug endpoints on Google Cloud allowing to configure privileged workflows leading to full #RCE in Google Cloud production (CVE-2026-2031)
    #CloudSecurity #BugBountyTips
    👇
    brutecat.com/articles/google-c

  4. $148,337 #BugBounty paid by Google to a researcher (@brutecat) who found debug endpoints on Google Cloud allowing to configure privileged workflows leading to full #RCE in Google Cloud production (CVE-2026-2031)
    #CloudSecurity #BugBountyTips
    👇
    brutecat.com/articles/google-c

  5. #Antgravity - an AI code editor from Google that has access to your entire codebase and terminal had a Remote Code Execution (#RCE) vulnerability - a great find and write-up by @HacktronAI earning them $10k #BugBounty!
    #BugBountyTips
    👇

    hacktron.ai/blog/hacking-googl

  6. #Antgravity - an AI code editor from Google that has access to your entire codebase and terminal had a Remote Code Execution (#RCE) vulnerability - a great find and write-up by @HacktronAI earning them $10k #BugBounty!
    #BugBountyTips
    👇

    hacktron.ai/blog/hacking-googl

  7. The Best AI for Ethical Hacking In 2025, most programmers use LLMs to help them write code faster , which got me thinking , which LLM is the best to “ break ”  code . The LLMs which will be co...

    #bug-bounty-tips #bug-bounty #ai #cybersecurity #bug-bounty-writeup

    Origin | Interest | Match
  8. The payload contains '|/???/\b**\h,' which is meant to confuse WAF rules. Unusual characters are a common evasion tactic.

    image by: win3zz

    #cybersec #BugBountytips #infosec

  9.  Introducing KeyChecker – a CLI to fingerprint SSH private keys & map them to Git hosting accounts.

    We have been talking about this in our classes for a long while, finally automation is present now.

      Blog: https://cyfinoid.com/automating-a-known-weakness-introducing-keychecker/
     PyPI: https://pypi.org/project/keychecker/

    #bugbountytips #ssh #git #github #infosec #postexploitation

  10.  Introducing KeyChecker – a CLI to fingerprint SSH private keys & map them to Git hosting accounts.

    We have been talking about this in our classes for a long while, finally automation is present now.

      Blog: https://cyfinoid.com/automating-a-known-weakness-introducing-keychecker/
     PyPI: https://pypi.org/project/keychecker/

    #bugbountytips #ssh #git #github #infosec #postexploitation

  11. Are you located in the US/EU? Passionate about #appsec? Maybe you follow #bugbountytips or are an avid #ctf player and are ready to take the next step. If so, we're looking for our next #intern, so consider applying today - hackers.doyensec.com.
    #doyensec #security #internship #bugbounty

  12. Quickest way to reliably find business logic flaws is to change your mindset:

    You're not looking for bugs, you're hunting for assumptions.

    Somewhere out there, a dev assumed no one would ever do *that*. So be the first person to do it.

    #bugbountytips #cybersecurity

  13. Quickest way to reliably find business logic flaws is to change your mindset:

    You're not looking for bugs, you're hunting for assumptions.

    Somewhere out there, a dev assumed no one would ever do *that*. So be the first person to do it.

    #bugbountytips #cybersecurity

  14. after a lengthy concept review, code review, and QA process, PortSwigger has published the Burp Variables extension to the BApp Store! if you do API testing from Burp, you should look into this productivity extension which allows you to store and reuse variables in your outgoing requests, similar to other API testing clients like Postman and Insomnia. this is a productivity boon because it gives you single place to update ephemeral credential/token values and it helps you keep track of your identifiers & credentials which minimizes false positives. to learn more:

    - install the extension from the BApp Store
    - see more details at the BApp Store page: portswigger.net/bappstore/27f8
    - review the source code at the extension's source repo: github.com/0xceba/burp_variabl

    #burp #burpsuite #burp_suite #pentesting #pentest #bugbounty #bugbountytips #hacking #cybersecurity #infosec

  15. after a lengthy concept review, code review, and QA process, PortSwigger has published the Burp Variables extension to the BApp Store! if you do API testing from Burp, you should look into this productivity extension which allows you to store and reuse variables in your outgoing requests, similar to other API testing clients like Postman and Insomnia. this is a productivity boon because it gives you single place to update ephemeral credential/token values and it helps you keep track of your identifiers & credentials which minimizes false positives. to learn more:

    - install the extension from the BApp Store
    - see more details at the BApp Store page: portswigger.net/bappstore/27f8
    - review the source code at the extension's source repo: github.com/0xceba/burp_variabl

    #burp #burpsuite #burp_suite #pentesting #pentest #bugbounty #bugbountytips #hacking #cybersecurity #infosec

  16. #Google: Google did an Oopsie: a simple IDOR vulnerability allowed access to other users private files by changing the Google Drive file docID parameter - bug worth $3,133.7 #bugbounty
    #bugbountytips
    👇
    c2a.github.io/simple-idor-on-g

  17. #Google: Google did an Oopsie: a simple IDOR vulnerability allowed access to other users private files by changing the Google Drive file docID parameter - bug worth $3,133.7 #bugbounty
    #bugbountytips
    👇
    c2a.github.io/simple-idor-on-g

  18. Transcription error in a short form video is actually funny.

    What's everyone's favorite bug brownie?

    #bugbountytips #bugbrownietips

  19. Transcription error in a short form video is actually funny.

    What's everyone's favorite bug brownie?

    #bugbountytips #bugbrownietips

  20. 👿Eval Villain update - available now! Recent improvements: #CSPT sink detection, addEventListener sync & needle and copy/paste injection exporting, along with bug fixes & improved usability. Install today!

    github.com/swoops/eval_villain

    #doyensec #appsec #security #xss #bugbountytips

  21. "Lethal #Injection: How We Hacked #Microsoft's Healthcare Chat Bot": great find and write-up by @Yanir_ who exploited path traversal, parameter tampering, #RCE & other #vulnerabilities. Microsoft awarded researchers with $203,000 #BugBounty
    #bugbountytips

    breachproof.net/blog/lethal-in