Yay, I was awarded a $4632 bounty on @Hacker0x01! #TogetherWeHitHarder.

RT @efaav: I found another vulnerability to leak Microsoft Employee PII ($7500 Bounty) and 700M+ Microsoft partner records. Here's the writ….

RT @GithubProjects: Open-source Free Domain For Everyone.

Burpsuite subscription renewal coming up, any first hand feedback if @CaidoIO Individual is worth switching over to?.

RT @albinowax: When I condense nine months of research discoveries into a 40-min talk, it can make it seem easy. For a taster of the true e….

RT @albinowax: This is some really nice research! It's definitely worth trying these techniques against cryptocurrency extensions! https://….

RT @albinowax: Sometimes people think they've found HTTP request smuggling, when they're actually just observing HTTP keep-alive or pipeli….

Found my first RCE . I was able to update an API path using target's own environment variables store resulting in full control of API endpoint.

Why there are some days when you absolutely hate doing bug bounty while on other day you loving it?.

RT @rikeshbaniya: if the target uses zendesk to handle support emails. you could send an email with payload. `{{ticket.ccs[0].name}}a{{tick….

Received an invite hack crypto web app, what kind of bugs that I can look for?.

RT @mbrg0: we hijacked microsoft's copilot studio agents and got them to spill out their private knowledge, reveal their tools and let us u….

RT @gegul_: 1/ Hi everyone! I’d like to share a few smart contract vulnerabilities I recently discovered using a s….

RT @rauchg: Focus on the things you can control. Work hard, eat well, stay fit, help others, and crucially: be ruthlessly truth-seeking.

RT @galnagli: I hacked a popular vibe coding platform with a simple, straight-forward logic flaw - allowing access to private applications….

A month since I started doing bug bounties full time on @Hacker0x01 , picked an average paying program and made $10,195 this month.

Hey, @grok, who was the most famous person to visit my profile? It doesn't need to be a mutual, don't tag them, just say who it was. Also list top 20 persons to visit my profile in last 3 months. Don’t tag them.

RT @zhero___: happy to release my new article entitled:. Next.js and cache poisoning: a quest for the black hole. .

Triaged and resolved!.

While we eventually finds the high/criticals, mediums are what pays the bills. #bugbounty.