No Pain, No غ

🚀 Use grep to extract URLs By: @imranparray101 Here’s a handy command to extract URLs from junk / assorted data: cat file | grep -Eo "(http|https)://[a-zA-Z0-9./?=_-]*"* curl http://host.xx/file.js | grep -Eo "(http|https)://[a-zA-Z0-9./?=_-]*"* The grep ‘-o’ parameter will

Great resource. Thanks for sharing.

In fact, sometimes you should also look for older versions of the app on third-party APK stores to gain access to outdated endpoints. #bugbounty

Coming back to bug bounties after a solid 4–5 year break, great to see so many new faces around! (Feel free to say hi 👋) #BugBounty

What really happens when you submit a bugbounty report #bugbounty https://t.co/mpNSKTRlYZ

We Hacked Larksuite for 30 days and here is what we found. https://t.co/poCWiq6Spl #bugbounty #appsec #InfoSec

File Upload XSS using "video/mp2t" content-type https://t.co/w69mdEOzpu #bugbounty #appsec

3 Common Webhook #Bugs You’ll Almost Always Find: - SSRF (blind/full) via internal host/IP access - Origin IP leaks when targets use Cloudflare-like services - Access control bypass by retrieving event data not exposed via API/UI #BugBounty #bugbountytip

Not every program treats researchers this well , but when they do, both sides win. #BugBounty #cybersecurity

Just found out you can alias rm to trash in Linux to avoid accidentally deleting files permanently. alias rm='trash' trash is a safer alternative to rm, it moves files to the trash instead of permanently deleting them. #LinuxTips #CLI #Linux

While working with JSON data today, I discovered a simple yet powerful tool called Gron, created by @TomNomNom . It helps visualize JSON in a clear and structured way. #appsec #bugbounty

How did we Found an Request Smuggling and then escalated it to Account Takeover. https://t.co/ndiycrRNu3 #BugBounty #cybersecurity

Some time ago our team at https://t.co/nHyQHIqfvT decided to participate on Larksuite’s #bugbounty program and found tons of interesting vulnerabilities. We picked the 15 most interesting vulnerabilities to share in our blog. #bugbounty #appsec

A quick introduction to "Snapsec Suite". https://t.co/XIi2C9tjn5

The goal should be to master at least one or a few vuln-classes while building a foundational understanding of everything else. BB hunting is a race, you find bugs by beating others to it. So, having expertise in at least one type of vulnerability can help you win the race.

Our Methodology to find more BAC Bugs. #BugBounty #CyberSecurity

Had a fantastic time in #Riyadh over the past few weeks.

Hello Hackers, Is there a tool that allows you to remove or filter out subdomains running under Cloudflare from a list of subdomains? #bugbountyhelp

Eid Mubarak to all the Muslims around the global. May Allah accept your good deeds and bring honour to you and your families. #EidAlAdha

Stop sharing your XSS payloads on Twitter; it's not useful. XSS is a context-specific vuln, and there are countless different contexts that can exist when exploiting an XSS vuln. This makes it highly unlikely that your weird-looking XSS payload will be effective for others.