The $15,000 secret of viewing posts from private Instagram accounts. #bugbounty #bugbountytips #writeup.

getJS will now ignore certificate errors, so that your bug bounty automation will less likely error on the hosts that are the most interesting (e.g. self-signed certificates).

RT @VolerionSec: Our models identified the correct product (CPE), versions (semver) and gathered remediation options. This data is availabl….

RT @spaceraccoonsec: Pre-orders have started shipping and getting to readers around the world!. Whether you’re new to vulnerability researc….

RT @VolerionSec: We just launched our blog!.

CVSS 4.0 version as well 👀 Go boost your bug bounty report severities!.

CVSS can be confusing. Therefore, I've created a CVSS calculator with lots of information (click the ? icons) and even a guided walkthrough. Let me know what you think! . #bugbountytips #bugbountytip #infosec.

RT @VolerionSec: Launching today!. Volerion transforms raw CVEs into structured and instant insights. #CVE #CyberSecurity #infosec https://….

RT @infosec_au: Our research on vulnerabilities caused by the great firewall was nominated for the top ten web hacking techniques this year….

@FIRSTdotOrg There are a lot of bad copy paste mistakes as well, but the main issue is that the comments do not apply to the spec and are telling the reader more often what the result is, rather than why that is the result. It's confusing overall. I can supply a correct version if needed 😄.

RT @hackermondev: 1 Bug, $50K+ in bounties: how Zendesk left a backdoor in hundreds of companies #bugbountytips .

@FIRSTdotOrg that 'if a specific configuration is required for an attack to succeed, the vulnerable system should be assessed assuming it is in that configuration.'. More than half of the given examples have incorrect metric evaluations like this🙃 [2/2].

@FIRSTdotOrg While someone is at it, please redo the CVSS v4.0 Examples. Comments such as 'Attack requirements are present. Only applications built with a specific configuration are vulnerable.' are at odds with the spec defining [1/2].

Hey @FIRSTdotOrg, any chance we could get the CVSS 4.0 supplemental metrics in the same order across the overview image, section 5 and the calculator? Kinda triggered ngl😆.

is pretty dope! It's a follow-up to CVE-2023-46137. Most affected servers are running some cPanel instance 👀. In short, Twisted.web servers can mess up pipelined requests, leading to info leaks. Cool PoC out there too! #bugbounty #bugbountytips #twisted.

Exciting News! I just released getJS v2.0.0! . New features and improved compatibility!.Check out the gif to see simple CLI usage in action! 👇. Integrate it right into your custom recon tools, as it's importable as Go package. #bugbounty #bugbountytips

RT @wikileaks: JULIAN ASSANGE IS FREE. Julian Assange is free. He left Belmarsh maximum security prison on the morning of 24 June, after ha….

RT @Karel_Origin: Found myself in a scenario where I had to query a rate-limited API. The sleep command works but will waste a lot of time….

@trick3st @trick3st I see you got getJS as option. Nice! Just a small typo in the description: (`can be piped to gets`, should be `getjs`).

RT @rub003: The $15,000 secret of viewing posts from private Instagram accounts. #bugbounty #bugbountytips #write….

#1337up1023 from @IntelSecurity & @intigriti was a success, and I'm happy with my team ending up in the top 3 on the teams leaderboard 🥳. Congratulations to @erbbysam, @arneswinnen & @MattiBijnens for being the top 3 individuals!.