Hey Everyone, do checkout how me and my brother @Zero2Infinity_ bag our 1st $$$$ bounty individually. https://t.co/rvo9GM8tuq #bugbounty #bugbountytips #bugbountytip #bughunter #hacker #cybersecurity #hackerone #bugcrowd

My notes from the @1_00_proof interview on @bountyhunt3rz (@0xriptide) - About the guest - Sept 2022: found a Notional issue (probably https://t.co/KQrNB2Dem2) - Kyber bug (mid-2023): https://t.co/QSyBQVEZLg ($1m reward) - https://t.co/WEvSmeU9KJ (~$300k: 2C, 1H, 1L)

Everyone knows {{7*7}}. Very few know how to turn SSTI into RCE when filters hit. New video: SSTI From Input To RCE Jinja2, Twig, FreeMarker, Razor Blind SSTI, OOB callbacks, polyglots Understanding engines instead of memorizing payloads Watch 👉 https://t.co/EjjEzlm3PN

Some People Said, "You're too young to achieve this". But they never saw the story behind. It's been 7055 days since I was born. And I always wonder what I've done so far. Because I always feel there's something I still need to do and this is the only thing that keeps pushing

New Blogpost:

(Short) #BugBounty Tips for the Coming Year: 1. Skill - A lot of advice out there say you should go complete all PortSwigger Labs before you start hunting. While there's nothing wrong in that, I genuinely feel that is counter productive. Here is what I do instead - Pick a Main

For the SupaPwn( https://t.co/0Cl8GDdHvF), I did something similar, not sure if we can call task injection, but precisely its confused deputy. 1. prompt the agent to dump its current role into a public table. 2. edit the entry to a low-privilege role. 3. ask the agent to retrieve

Bad CPR is better than no CPR, 📍Rajasthan

CPR की विधि। मरीज़ अगर बेहोश हो गया है और रिस्पांस नहीं दे रहा तो मरीज़ को सीधा लेटा दें। आस पास में किसी को मदद के लिए बुलायें और नज़दीकी अस्पताल या एम्बुलेंस को कॉल करें। 108 एंबुलेंस का नंबर है। मरीज़ का pulse चेक करें। पल्स चेक करने में 5 सेकंड से कम नहीं और 10 second से

Interested in the security of AI Agents 💁🛡️? Then you've likely heard of "prompt injection", but do you know what "task injection" is? If you're curious, check out our latest post for a description and some real-world examples we discovered. https://t.co/72U89PBNwR

instead use this way~ cat domains.txt | httpx-toolkit -silent -sc -td | grep -Ei "Next\.js|React" cat domains.txt | httpx-toolkit -silent -sc -td | grep -Ei "Next\.js|React" | awk '{print $1}' | nuclei -t .local/nuclei-templates/http/cves/2025/CVE-2025-55182.yaml -silent after

I found an IDOR on a program. They paid me $5,000. Twice. Here is the story: 🧵

"Found a weird IDOR bug through an AI chatbot By changing the current_url and Referer, an attacker could edit any user’s product if the product ID was saved in the AI’s database AI was trusting old data without checking auth! #BugBounty #bugbountytips https://t.co/trh3j3lnMp

🚨Alert🚨:CVE-2025-66516 (CVSS 10.0): Critical XXE Bug Hits Apache Tika 🔥PoC : https://t.co/AgUg8hKP9l 📊12.6K+ Services are found on the https://t.co/ysWb28Crld yearly. 🔗Hunter Link: https://t.co/xZZGyc6J6L 👇Query HUNTER : https://t.co/q9rtuGgxk7="Apache Tika"

Crazy XSS chain. Very impressive find by @H4R3L, @BrunoModificato and @sudhanshur705 Read at👇   https://t.co/FFAzuzz3hN

In the last 5 years, I have tested 50+ bug bounty tools... Each has its own superpower. Here is the MEGA list of bug bounty tools you need to bookmark: 🧵

Logic flaws can result in various impactful outcomes 🤠 But you have to learn to identify them at first... 🥲 In our latest article, we explored how to identify & exploit logic flaws, including how to measure impact and distinguish them from the non-impactful, functional bugs.

1 - Start by enumerating subdomains using any tool you like (subfinder or others) and save everything to domains.txt. 2 - Run dnsx on the list and see which subdomains actually resolve, and where they point. 3 - Use httpx to check which resolved hosts expose web services on

the paper is currently being written and will be the last one of 2025 - in shā’ Allāh the year flew by...

Logic bugs New write-up #bugbountytips https://t.co/RwNnD61ONQ

When You Can’t Find Bugs: A Reset for Bug Bounty Hunters https://t.co/Wa5z4gJ3Au #bugbounty #bugbountytips