@Th3G3nt3lman 5️⃣ Write-up: AWS Document Signing Security Control Bypass Ozgur shares a cool way of abusing application logic to bypass AWS Document Signing! https://t.co/4bQM414fPb

@GodfatherOrwa @net_code 3️⃣ We Hacked Apple for 3 Months: Here’s What We Found A classic write-up by 5 talented researchers that briefly talked about their experience hacking Apple for 3 months! https://t.co/ZljiBJd489

This post is logically so do reply with logic #BoycottSushantMehta

I've made $500k+ from SSRF vulnerabilities. Here are my tricks:

🇮🇱 Israel is MASSACRING CHILDREN in Gaza. 🚨 The media WILL NOT show you the truth.

Stop war against children 🇵🇸❤️

🇵🇸🇮🇱 An Israeli strike hit Palestinian rescue teams in Gaza.

🇮🇱🇵🇸 The moment Israel BOMBED Gaza’s Baptist Hospital. Over 500 are reported dead. This is a crime against humanity.

A group of children miraculously survived the Holocaust at the Al-Ahli Arab Hospital after the Nazi Israeli occupation bombed the hospital, resulting in the deaths of 500 martyrs and the injury of 600 other civilians, most of whom were children and women.

XSS -> ATO Escalation Brain Dump: * Change email -> password reset * Change password * Change phone -> SMS password reset * Change security questions * Add SSO login (login with GitHub, ect) * Force logout -> Session Fixation * Steal session token via non-HTTP only cookie * Steal

Found my first RCE on a bb target, probably the best one too :) HTMLi to RCE 🚀 If the backend is python and the application offers a pdf render endpoint there are high chances that they are using reportlab (very popular) to generate those pdfs . POC: https://t.co/L3Xf8iUnOV

I've earned more than 5-figure bounties from sensitive links, sent via email, that were leaked without any user interaction. Surprisingly, the leaks came from the very security vendors that were supposed to protect the victims. Curious how this happens? 👇 #BugBounty

Vulnerability accepted! @StateDept Vulnerability: Reflected XSS Tip: Try second or third level URL encoding if application won’t allow you to use simple XSS payload. #infosec #CyberSecurity

Alhamdulillah ❤️ I and @xshebix did collab on a private target and reported a HIGH severity bug “Account Takeover via Host Header Injection” and got bounty. Also we got bonus for report quality 😎 That was a nice bypass. Thanks @xshebix #bugbountytip #BugBounty #infosec

Bug bounties in 2023 - extended roadmap 1.1. Common web vulnerabilities Injection attacks 1.1. SQL Injection 1.2. NoSQL Injection 1.3. Command Injection 1.4. LDAP Injection 1.5. XML Injection 1.6. XPath Injection 1.7. Server-Side Template Injection (SSTI) 1.8. Code Injection

Failure is a first step towards success 😎 Found CRITICAL security vulnerability in @opensea platform. Unfortunately it got duplicated with another researcher. #bugbounty #nft #hackerone #opensea #infosec

Just got an appreciation from @_federacy CTO @jsulinski 😃 Thank you so much for the cool private targets and providing such a great bug bounty platform #BugBounty #federacy #infosec #vapt #CyberSecurity

Alhamdulillah! Best month so far in @Bugcrowd #BugBounty #infosec #penetrationtesting #bugcrowd

Alhamdulillah! Good Morning with this kind of appreciation and bounty from the program triager. Bug type: Stored XSS bypass to steal Oauth User token and many more sensitive data of user’s Bug Severity: HIGH I’ll publish a writeup soon after fixation of this issue #bugbounty

Alhamdulillah! Reported security vulnerability to @NASA Bug type: Unrestricted Access to sensitive files #security #vulnerability #bug #nasa #infosec #bugbounty #pentesting #hacked