Finally after lot's of hardwork and failure. Got Hall Of Fame from Microsoft. 🤩 #bugbounty #infosec #cybersecurity #recon #microsoft #security #bugbountytips #acknowledgment #osint #msrc #websecurity #pentesting #linux #vulnerability #india #bug #flaws @microsoft

1) subfinder -d https://t.co/Lt4RvWuTYw -all -silent | httpx -silent -status-code -title -tech-detect -o alive.txt — enumerate subs and keep only live, fingerprinted targets to pivot hard. 2) ffuf -u https://t.co/vH3zjxBzOe -w

Sensitive info leak via google dork site:.target.com ( "date of birth" OR confidential OR "internal use only" OR "balance sheet" OR "profit and loss" OR "banking details" OR "source code" OR "national id" OR "top secret" ) (ext:pdf OR ext:doc OR ext:ppt OR ext:txt OR ext:csv)

Why your refund is so slow? @IncomeTaxIndia @nsitharamanoffc @nsitharaman

💉 Complete Guide: The SQL Injection Knowledge Base Website: https://t.co/blWAJczlQ8 author: Roberto Salgado #infosec

I used Email: attacker@gmail.com'\"<svg/onload=alert(document.cookie)>

Easy Confirming SQLi: Entry point detection:- ' " ` ') ") `) ')) ")) `)) #sqli #bugbountytip

Find vulnerable with automation Tips :- 1. site:*.company. com ext:php 2. echo https://company .com | gau | grep "\?" | uro | httpx -silent > parameters.txt 3. nuclei -l parameters.txt -t fuzzing-templates 4. Found xss,sqli,ssrf,open redirect etc #bugbountytips

Email verification bypass 1. Take url: target.*/signup 2. Enter email now need 6 digits otp and enter random otp 3. Intercept request>Do Intercept>response to this request change : 400 to 200 OK "CodeNotFound" to "codeverified" "Incorrect Code" to "verified OTP code" #bugbounty

The Bug Bounty Hunter’s Arsenal: Essential Tools & Resources ⚔️📚 Ready to start your bug bounty journey? Having the right tools and resources is the key to success.

I documented every book a hacker need to read https://t.co/EbhDEbBEfB #bugbounty #bugbountytips #cybersecurity #hacking #books

⚡Bug Bounty Checklist for Web App ✅ Join Telegram to Download: https://t.co/Pz9cWGL18l ---------------------------------------------------------- 📖 Your Ethical Hacking Journey Starts Here → https://t.co/sEV7r0xpMA 🎓 Ready to Skill Up? Enroll Now → https://t.co/rowz4KQfBa

Chaos in favourite Location of CIA & hotspot of multiple intelligence agencies across the globe. Strength to neighbouring countries. #Int #geopolitics #peace

🚀 New video is live! xhacking_z Methodology – Part 1, Google Dorking & In information Disclosure 💰 How I Made $4,000 in 2 Months with Bug Bounty 🔥 Tips + Mindset + Recon Ideas Watch here 👇 https://t.co/MDYF2sQ2Jc #BugBounty #GoogleDorking #InfoDisclosure #xhacking_z

Sometimes, when you get "500 internal server error" when testing for SQLi, that could be an indication that SQL is happening behind the application; don't stop there, you've to keep testing, and don't forget to apply "break and repair" :).... let's wait for part 2 from @5hady_

Huge shoutout to the one I call "the SQLi master", @5hady_ Thanks so much for the help and tips, whatever is in this article is definitely inspired by your ideas, plus a mix of my own research and what I've learned along the way. https://t.co/EWGuujn8my

The Ultimate SQLMap Guide: Detecting and Exploiting SQL Injection https://t.co/mXocTP9ggN #bugbounty #bugbountytips #bugbountytip

API testing is a goldmine in bug bounty. Learn the tricks here: https://t.co/FYvOohAG4J

I’ve written an Open Redirect/SSRF security tool. If you like it, feel free to ⭐ the repo. Happy hunting 🔥🔥🔥 https://t.co/WXI9IRszMp

Last day I found an XSS that couldn’t be detected with Nuclei, Httpx, X8, ... cause of aggressive connection handling, even with all options, servers just didn’t respond. So I wrote a lightweight Go tool to reliably test GET/POST parameter reflections. https://t.co/XZHAyyAlU1

https://t.co/XVCw2bnbcO I created a bug bounty wordlist pack which is just a ZIP of ALL the wordlists i could find