Patrickbatman
@hamidonsolo
Followers
2K
Following
272
Media
45
Statuses
692
19yo hacker i break stuff for fun and profit
Joined June 2024
I asked pro CTF teams to recruit me. Nobody replied. So I'm building my own. I'm 19. I make $10K/month breaking companies. But I'm tired of hunting alone. Looking for 2 killers: → CTF player who shows up every competition. Not sometimes. Every time. → OR a dev who wants to
1
1
12
I asked pro CTF teams to recruit me. Nobody replied. So I'm building my own. I'm 19. I make $10K/month breaking companies. But I'm tired of hunting alone. Looking for 2 killers: → CTF player who shows up every competition. Not sometimes. Every time. → OR a dev who wants to
1
1
12
Looking for a pro CTF team. I'm not asking to learn. I'm asking to compete. What I bring: → Web specialist — $10K/month in bug bounties. I don't just solve CTF web challenges, I break real companies. → Active player — I show up for every CTF. Not sometimes. Every time. → Pwn
8
3
123
Looking for a pro CTF team. I'm not asking to learn. I'm asking to compete. What I bring: → Web specialist — $10K/month in bug bounties. I don't just solve CTF web challenges, I break real companies. → Active player — I show up for every CTF. Not sometimes. Every time. → Pwn
8
3
123
Two characters broke an entire platform. ../ That's it. That's the payload. for $2,500. I put a path traversal in a URL hash fragment — the # part that the server never sees. No WAF caught it. No server log recorded it. No security tool flagged it. Because the attack only
patrickbatman.hashnode.dev
Intro I want to tell you about the night I stared at my screen for way too long, convinced I was looking at nothing — and then suddenly realized I was looking at everything. This is the story of how I
18
40
314
Two characters broke an entire platform. ../ That's it. That's the payload. for $2,500. I put a path traversal in a URL hash fragment — the # part that the server never sees. No WAF caught it. No server log recorded it. No security tool flagged it. Because the attack only
patrickbatman.hashnode.dev
Intro I want to tell you about the night I stared at my screen for way too long, convinced I was looking at nothing — and then suddenly realized I was looking at everything. This is the story of how I
18
40
314
I'm 19 and just started making money from bug bounties not a lot just 10k per month. AI is already finding 22 CVEs in Firefox in two weeks. Bro at least let me hit my first $1m before you take my job 😭 But real talk — this isn't replacing hunters. It's replacing the ones who
22
6
273
I'm 19 and just started making money from bug bounties not a lot just 10k per month. AI is already finding 22 CVEs in Firefox in two weeks. Bro at least let me hit my first $1m before you take my job 😭 But real talk — this isn't replacing hunters. It's replacing the ones who
22
6
273
I'm 19 and made $10K this month. Here's what nobody sees:
11
4
127
I'm 19 and made $10K this month. Here's what nobody sees:
11
4
127
Closing out February with a $2,500 bounty. CSRF + Client-Side Path Traversal chain that auto-approved malicious pull requests and leaked every secret in the build environment. AWS keys, database passwords, Stripe tokens — all exfiltrated with one click. February total: $9,129.
6
10
232
I made close to $10,000 from bug bounties this month. I'm 19. Still in engineering school. Here's what I didn't show you. I found a Critical RCE — Remote Code Execution via path traversal on a company's server. The kind of bug that pays $5,000-$20,000. Duplicate. Someone found
37
51
771
I made close to $10,000 from bug bounties this month. I'm 19. Still in engineering school. Here's what I didn't show you. I found a Critical RCE — Remote Code Execution via path traversal on a company's server. The kind of bug that pays $5,000-$20,000. Duplicate. Someone found
37
51
771
Closing out February with a $2,500 bounty. CSRF + Client-Side Path Traversal chain that auto-approved malicious pull requests and leaked every secret in the build environment. AWS keys, database passwords, Stripe tokens — all exfiltrated with one click. February total: $9,129.
6
10
232
This is not just a beginner tip the goal is to prove you point allways and make them pay for your work not for what they want
day3 beginner tips: how to hit quick 3000$ scamming bug bounty programs :) Bug bounty programs will patch your bug, call it fixed, then have the exact same vulnerability on another page. I found an XSS by prompt injecting a company's AI chatbot. Chained it with OAuth token theft.
0
2
35