Yay, I was awarded a $5,000 bounty on @Hacker0x01!. @EpicGames the Best team on H1 #TogetherWeHitHarder.

Great collaboration XSS to P2 esclation.

in case some guys say it don't work you have to use it with specific tag and trick WAF regex :) i cant share full payload as they will fix it

Akamai + cloudflare bypass if onerror=alert() blocked i mean ofcource its blocked so you can use below payload

onToggLe='let%20x=%60javascri%60%3Blet%20y=%60pt:aler%60%3Blet%20z=%60t()%60%3Blet%20a=x+y+z%3Blocation=a'>.

Hey anyone have good self hosted bug bounty program, please DM me, we will collaborate there.

Looks like i need to left bug bounty and start new life.

And i got ban for low quality report ( i don't think so), and contacting team member 😶‍🌫️.

i blocked this shit ads multiple times still it shows on every YT video, @YouTube i dont wana see this, why can't you block this adv, if user once reported it. :/

Anyone know how to bypass Instagram SSL pinning?.

0xe751bf33164b8786c71d59c48f668d22408e142d.

I have like $24 in my bank account right now,😂.

I can be better triager at @Bugcrowd.

Spent 2 days escalatin' a false positive bug—shit hurts :). But still, learned hella new stuff while tryin’ to escalate that vuln.

Need help, i am running a application ( using pnpm) locally on my macbook, i want to proxy all application request through burp-suite, for example application sent a request in backends to GitHub API to fetch data, how can i capture and intercept that request?.

I am writing here because i tried my best to get help from @Hacker0x01 and @GitHubSecurity team non of any responded that's really demotivating, so have to write here to get some help.

Hi anyone from @GitHubSecurity team here?. 2 months ago me and my friend reported a Stored DOM XSS on GitHub main domain with great chain to make it high severity report, but someone from team came set severity low, rewardes low bounty and closed report without any explanation :(

Write-up soon 🎉.