#bugbountytips — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #bugbountytips, aggregated by home.social.
-
$148,337 #BugBounty paid by Google to a researcher (@brutecat) who found debug endpoints on Google Cloud allowing to configure privileged workflows leading to full #RCE in Google Cloud production (CVE-2026-2031)
#CloudSecurity #BugBountyTips
👇
https://brutecat.com/articles/google-cloud-rce/ -
$148,337 #BugBounty paid by Google to a researcher (@brutecat) who found debug endpoints on Google Cloud allowing to configure privileged workflows leading to full #RCE in Google Cloud production (CVE-2026-2031)
#CloudSecurity #BugBountyTips
👇
https://brutecat.com/articles/google-cloud-rce/ -
$148,337 #BugBounty paid by Google to a researcher (@brutecat) who found debug endpoints on Google Cloud allowing to configure privileged workflows leading to full #RCE in Google Cloud production (CVE-2026-2031)
#CloudSecurity #BugBountyTips
👇
https://brutecat.com/articles/google-cloud-rce/ -
$148,337 #BugBounty paid by Google to a researcher (@brutecat) who found debug endpoints on Google Cloud allowing to configure privileged workflows leading to full #RCE in Google Cloud production (CVE-2026-2031)
#CloudSecurity #BugBountyTips
👇
https://brutecat.com/articles/google-cloud-rce/ -
$148,337 #BugBounty paid by Google to a researcher (@brutecat) who found debug endpoints on Google Cloud allowing to configure privileged workflows leading to full #RCE in Google Cloud production (CVE-2026-2031)
#CloudSecurity #BugBountyTips
👇
https://brutecat.com/articles/google-cloud-rce/ -
DOM XSS isn’t always in the HTML.
Sometimes your input never appears in the Source because JavaScript is building the page.
Source → Sink → Execution in real-world DOM flows. -
DOM XSS isn’t always in the HTML.
Sometimes your input never appears in the Source because JavaScript is building the page.
Source → Sink → Execution in real-world DOM flows. -
#Antgravity - an AI code editor from Google that has access to your entire codebase and terminal had a Remote Code Execution (#RCE) vulnerability - a great find and write-up by @HacktronAI earning them $10k #BugBounty!
#BugBountyTips
👇 -
#Antgravity - an AI code editor from Google that has access to your entire codebase and terminal had a Remote Code Execution (#RCE) vulnerability - a great find and write-up by @HacktronAI earning them $10k #BugBounty!
#BugBountyTips
👇 -
#Antgravity - an AI code editor from Google that has access to your entire codebase and terminal had a Remote Code Execution (#RCE) vulnerability - a great find and write-up by @HacktronAI earning them $10k #BugBounty!
#BugBountyTips
👇 -
#Antgravity - an AI code editor from Google that has access to your entire codebase and terminal had a Remote Code Execution (#RCE) vulnerability - a great find and write-up by @HacktronAI earning them $10k #BugBounty!
#BugBountyTips
👇 -
#Antgravity - an AI code editor from Google that has access to your entire codebase and terminal had a Remote Code Execution (#RCE) vulnerability - a great find and write-up by @HacktronAI earning them $10k #BugBounty!
#BugBountyTips
👇 -
Samuel Cohen's ( @metabugbounty ) presentation at TenguCon 2.0 is now available to watch online!
#TenguCon #InfoSec #tokyo #bugbountytips #Hacking #CyberSecurity -
Samuel Cohen's ( @metabugbounty ) presentation at TenguCon 2.0 is now available to watch online!
#TenguCon #InfoSec #tokyo #bugbountytips #Hacking #CyberSecurity -
The Best AI for Ethical Hacking In 2025, most programmers use LLMs to help them write code faster , which got me thinking , which LLM is the best to “ break ” code . The LLMs which will be co...
#bug-bounty-tips #bug-bounty #ai #cybersecurity #bug-bounty-writeup
Origin | Interest | Match -
Wrote an article about my first 5 minute Bug Bounty. I managed to get access to a Employee-Only Panel! Chrck out the full article!
https://systemweakness.com/my-first-5-minute-bug-bounty-1465e2cb517c
#infosec #bug_bounty #bugbounty #bugbountytips #bugbountywriteup #bugbountywriteups
-
Wrote an article about my first 5 minute Bug Bounty. I managed to get access to a Employee-Only Panel! Chrck out the full article!
https://systemweakness.com/my-first-5-minute-bug-bounty-1465e2cb517c
#infosec #bug_bounty #bugbounty #bugbountytips #bugbountywriteup #bugbountywriteups
-
Using #owasp tool Amass 5.0.0 for recon. Hope this helps!
https://medium.com/@marduk.i.am/amass-5-0-0-usage-for-recon-8041bc727480
#bugbountytips #bugbounty #CyberSecurity #resonnaissance #EthicalHacking
-
Using #owasp tool Amass 5.0.0 for recon. Hope this helps!
https://medium.com/@marduk.i.am/amass-5-0-0-usage-for-recon-8041bc727480
#bugbountytips #bugbounty #CyberSecurity #resonnaissance #EthicalHacking
-
Using #owasp tool Amass 5.0.0 for recon. Hope this helps!
https://medium.com/@marduk.i.am/amass-5-0-0-usage-for-recon-8041bc727480
#bugbountytips #bugbounty #CyberSecurity #resonnaissance #EthicalHacking
-
The payload contains '|/???/\b**\h,' which is meant to confuse WAF rules. Unusual characters are a common evasion tactic.
image by: win3zz
-
The payload contains '|/???/\b**\h,' which is meant to confuse WAF rules. Unusual characters are a common evasion tactic.
image by: win3zz
-
The payload contains '|/???/\b**\h,' which is meant to confuse WAF rules. Unusual characters are a common evasion tactic.
image by: win3zz
-
this is your reminder that if you're using Burp for web app testing, you should be using an extension that lets you use variables in your outgoing requests. variables functionality gives you a single place to update credential, token, and identifier values which improves productivity and reduces false positives. there are a few extensions that provide this functionality and I recommend my extension, Burp Variables, which is purpose-built for it: https://github.com/0xceba/burp_variables
#burp #burpsuite #burp_suite #pentesting #pentest #bugbounty #bugbountytips #hacking
-
this is your reminder that if you're using Burp for web app testing, you should be using an extension that lets you use variables in your outgoing requests. variables functionality gives you a single place to update credential, token, and identifier values which improves productivity and reduces false positives. there are a few extensions that provide this functionality and I recommend my extension, Burp Variables, which is purpose-built for it: https://github.com/0xceba/burp_variables
#burp #burpsuite #burp_suite #pentesting #pentest #bugbounty #bugbountytips #hacking
-
 Introducing KeyChecker – a CLI to fingerprint SSH private keys & map them to Git hosting accounts.
We have been talking about this in our classes for a long while, finally automation is present now.
 Blog: https://cyfinoid.com/automating-a-known-weakness-introducing-keychecker/
 PyPI: https://pypi.org/project/keychecker/ -
 Introducing KeyChecker – a CLI to fingerprint SSH private keys & map them to Git hosting accounts.
We have been talking about this in our classes for a long while, finally automation is present now.
 Blog: https://cyfinoid.com/automating-a-known-weakness-introducing-keychecker/
 PyPI: https://pypi.org/project/keychecker/ -
 Introducing KeyChecker – a CLI to fingerprint SSH private keys & map them to Git hosting accounts.
We have been talking about this in our classes for a long while, finally automation is present now.
 Blog: https://cyfinoid.com/automating-a-known-weakness-introducing-keychecker/
 PyPI: https://pypi.org/project/keychecker/ -
 Introducing KeyChecker – a CLI to fingerprint SSH private keys & map them to Git hosting accounts.
We have been talking about this in our classes for a long while, finally automation is present now.
 Blog: https://cyfinoid.com/automating-a-known-weakness-introducing-keychecker/
 PyPI: https://pypi.org/project/keychecker/ -
 Introducing KeyChecker – a CLI to fingerprint SSH private keys & map them to Git hosting accounts.
We have been talking about this in our classes for a long while, finally automation is present now.
 Blog: https://cyfinoid.com/automating-a-known-weakness-introducing-keychecker/
 PyPI: https://pypi.org/project/keychecker/ -
Are you located in the US/EU? Passionate about #appsec? Maybe you follow #bugbountytips or are an avid #ctf player and are ready to take the next step. If so, we're looking for our next #intern, so consider applying today - https://hackers.doyensec.com.
#doyensec #security #internship #bugbounty -
Are you located in the US/EU? Passionate about #appsec? Maybe you follow #bugbountytips or are an avid #ctf player and are ready to take the next step. If so, we're looking for our next #intern, so consider applying today - https://hackers.doyensec.com.
#doyensec #security #internship #bugbounty -
Are you located in the US/EU? Passionate about #appsec? Maybe you follow #bugbountytips or are an avid #ctf player and are ready to take the next step. If so, we're looking for our next #intern, so consider applying today - https://hackers.doyensec.com.
#doyensec #security #internship #bugbounty -
Are you located in the US/EU? Passionate about #appsec? Maybe you follow #bugbountytips or are an avid #ctf player and are ready to take the next step. If so, we're looking for our next #intern, so consider applying today - https://hackers.doyensec.com.
#doyensec #security #internship #bugbounty -
Are you located in the US/EU? Passionate about #appsec? Maybe you follow #bugbountytips or are an avid #ctf player and are ready to take the next step. If so, we're looking for our next #intern, so consider applying today - https://hackers.doyensec.com.
#doyensec #security #internship #bugbounty -
📁🫷🚧Can't control the extension of a file upload, but you want an XSS?
Read more on how we overcame this obstacle to further exploit entire organizations using Fortinet endpoint protection: -
📁🫷🚧Can't control the extension of a file upload, but you want an XSS?
Read more on how we overcame this obstacle to further exploit entire organizations using Fortinet endpoint protection:
