Despite my long experience in iOS reverse engineering i prefer not targeting VDP/BBP iOS Apps that may result in getting my exploits burned for nothing 🤷‍♂️ Instead, I’m good with reporting iOS related stuff directly to Apple 🙃 #BugBounty #bugbountytips #CyberSecurity

Lesson Learned: To avoid Self-Dulplicate, when you discover the same vulnerability across different domains/endpoints, report just one and wait for it to be Resolved, then do the same for the others. #bugbountytips #BugBounty #CyberSecurity

Yay, I and my friend @uieyuyeriuzyer were awarded $1,900 bounty on @Hacker0x01 #TogetherWeHitHarder #BugBounty #CyberSecurity

I earned $$$ for my submission on @bugcrowd #ItTakesACrowd 😁 2FA Bypass [Duplicate > Resolved > FIX-Bypass] Neither BC Triage nor the Program Team were able to reproduce. Finally, a Team Member have figured out why the issue wasn’t reproducible ✅ #BugBounty #CyberSecurity

I find it really fun targeting and bypassing fixes of "Duplicated/Resolved" reports 😁 #BugBounty #CyberSecurity #bugbountytips

Yay, I was awarded a $150 bounty on @Hacker0x01! #TogetherWeHitHarder

While I was performing a retest for my report to a program on @Hacker0x01 , I’ve noticed an extra security layer was added, after testing it separately, I found it vulnerable to something 🤷‍♂️ I reported it and got it Triaged 🙃 #CyberSecurity #BugBounty

Yay, I was awarded a $1,000 bounty on @Hacker0x01! #TogetherWeHitHarder This was really fast ⚡️😃 Reported + Triaged on 17/04/2024 Retested on 18/04/2024 Resolved + Awarded on 19/04/2024 #BugBounty #CyberSecurity https://t.co/dmj7jPPaTF…

WOW 🤩 Triage, Fix and Retest were done in less than 24h I was invited to this PBBP at @Hacker0x01 since a month ago, (launched in 2020 with only 2 domains in-scope) 🤷‍♂️ Simple, no freaking tip 🙃 "api/vx/me/" => "api/vx/other_usrid/" #bugbountytips #BugBounty #CyberSecurity

Use FFUF for subdomains-list batch fuzzing 👇 Windows PowerShell Save the code in the pic below as "script.ps1" Linux Save this as " https://t.co/hnQ9C7yNvo" [#!/bin/bash for URL in $(<subs.txt); do ffuf…-u "$URL/FUZZ" … done] #bugbountytips #BugBounty #CyberSecurity

Thanks for the invitation 😃😃 I have to find an authentication flaw as this is the right way to say thanks 😁 #bugbountytips #CyberSecurity

Today, I received 20 private invitations to hack on private programs at @Hacker0x01 😃 Although I’m a lazy hunter 😅 I’ll try my best ! #BugBounty #CyberSecurity

Companies that don’t have BBP or VDP programs be like 👇 #BugBounty #CyberSecurity

Here’s how me and my friend @uieyuyeriuzyer demonstrated the HTML Injection impact 👇 All-in-One PoC 😅 We wrote a small report on the page itself in which we demonstrated 4 HTMLi examples in a single payload #bugbountytips #BugBounty #CyberSecurity

I got access to an IIS server vulnerable to SNS, managed to get into the Webroot directory and downloaded the content as PoC, triaged as P4. I reversed the DLL's and got sensitive information. Do you think Severity will increase? #bugbountytips #BugBounty #CyberSecurity

Bad luck 😐 I found a leaked "Authorization Bearer" that grant me access to read (internal/private repos content), I can even know what will be the upcoming updates! but it turned out to be a "read-only" token 😬 #bugbountytips #BugBounty #CyberSecurity

The 2nd submission was triaged in just 24 hours 😁 waiting for the other one ! Big shout out to @Bugcrowd Triage #BugBounty #CyberSecurity

First duplicate in 2024 ☹️ it was already triaged, then boom 💥the program found it duplicate 🥲 #BugBounty #CyberSecurity

Yay, I and my friend @uieyuyeriuzyer were awarded an extra $1100 bounty on @Hacker0x01 #TogetherWeHitHarder HTML Injection worth $1900 😅 Although XSS wasn’t possible, we found a way to escalate the HTMLi #bugbountytips #BugBounty #CyberSecurity https://t.co/U14d1KDlrl

Yay, I and my friend @uieyuyeriuzyer were awarded a $800 bounty on @Hacker0x01 #TogetherWeHitHarder Bug: HTML Injection XSS wasn’t possible due to CSP + WAF #bugbountytips #BugBounty #CyberSecurity

I earned $600 for my submission on @bugcrowd #ItTakesACrowd 😁 Bug: Broken Authentication Ability to initiate and re-generate a valid session by just using one leaked value in the requests. #bugbountytips #BugBounty #CyberSecurity