l0cpd
@l0cpd
Followers
1K
Following
2K
Media
103
Statuses
892
| Father | Bug Bounty Hunter | RECON | MMA |
Joined September 2018
A lot of hackers fail because they only look for bugs, not systems. If you want to find vulnerabilities others miss, you need to model how the application works first. Here are 5 ways to do it right 👇 1️⃣ Identify valuable target data Start by asking: what data does the
1
21
87
“Full-Blown SSRF to Gain Access to Millions of Users’ Records and Multiple Internal Panels” by Skyer https://t.co/ridKB8NW91
0
0
5
I've included all the proven 403 bypass techniques that consistently work in real-world scenarios. After reading this write-up you won't need to refer to any other article or video on the topic anymore..i will update more things in it soon.. https://t.co/GFqZb3Hu5b
infosecwriteups.com
Master the art of 403 bypass with hands-on examples, tools and tips..
17
156
666
“Escalating Impact: Full Account Takeover in Microsoft via XSS in Login Flow” by Asem Eleraky https://t.co/vt13dJJlT4
0
3
16
Writing a technical book is only a small fraction of the work. You still need: 1. Technical review 2. General editing 3. Copy editing 4. Cover designing 5. Proof reading <— I am here “From Day Zero to Zero Day” is a way better book thanks to the amazing team at @nostarch and I
16
117
899
It's been on my TODO list for soooooooo long, but finally got my self-hosted interactsh server sorted, with file hosting. Thanks @pdiscoveryio for the great tools! 🤘 And also a nice Burp extension https://t.co/Qc3Mcf0AME which will be useful
1
3
54
Here’s my new blog post: “Redacted bugs #3: Hunting for bugs worth $7,750 in an adult content platform.” Happy reading!
securityrise.com
A security research describing 6 subscription-based adult content app-related vulnerabilities resulted in a $7,750 total bounty.
4
26
124
“A Journey of Limited Path Traversal To RCE With $40,000 Bounty!” by HX007 https://t.co/QTZcVxmyE1
0
0
0
How I Hacked a User Management System and Found 3 Critical GraphQL Vulnerabilities | by 4bd0_m4g3d | Jan, 2025 | Medium
0x4bdo.medium.com
Hi, I’m Abdo Maged, a bug hunter with 7 months of experience in identifying and reporting security vulnerabilities.
0
1
14
happy to release my new article entitled: Next.js and cache poisoning: a quest for the black hole https://t.co/v7aqiYJjyX good reading;
38
184
781
very pleased to announce the release of my new article based on my research that led to CVE-2024-46982 titled: Next.js, cache, and chains: the stale elixir https://t.co/UFndJxNYLI note: does not cover the latest findings shared in my recent posts enjoy reading;
45
242
998
[HackerNotes Ep.100] 8 Fav Bugs of 2024, Farewell Joel, Hello Shift - Cursor of Hacking
blog.criticalthinkingpodcast.io
It's the 100th episode! We've got some of the top hunters together to discuss their top bugs of 2024. We've also got a big CTBB pod announcement and a new (game-changer) plugin for Caido; Shift.
0
2
22
User/Pass, service name,... exposed on github Download service -> Decomplier -> find endpoints -> access data #BugBounty #bugbountytips
2
1
64
Program Manager’s Guide To Running a Successful Bug Bounty Program https://t.co/f60KmQHhTP
blog.criticalthinkingpodcast.io
How to run a bug bounty program hackers will love to hack on.
0
0
0