Short writeup about bug which helped me to win Meta BountyCon 2024 hacking event

Thank you @metabugbounty and everyone who attended Meta’s Bug Bounty Researcher Conference #MBBRC2025 in Tokyo! It was nice catching up with everyone and meeting new people! I had an amazing time and enjoyed all of the talks and events!

Alhamdulillah, $250,000 in total with bonuses for this bug, another record broken. Many thanks to @Meta and the Yes Team @phwd_ @JosipFranjkovic @vulnano , crazy we're still doing it after all these years.

Thanks Meta @fbsecurity for event and my colleagues @phwd_ , @JosipFranjkovic , @samm0uda with my other Facebook researcher friends for support)

like/dislike any youtube video on android https://t.co/Jrr6lLnDtJ

Thanks for year-end nice prizes))

📸Dzmitry Lukyanenka @vulnano is a full-time White Hat from Belarus with 8 years of experience. He thinks White Hats are independent, curious, ethical, patient, and inventive. Let's get to learn from him: https://t.co/W4oJlAwkkV #hack #infosec #bugbounty #AppSec #websecurity

I got lucky and won the first place in Meta Bug Bounty Researcher Conference, This was a new life achievement since i made $200k+ in bounties in a single event, i guess bug bounty will always be a thing for sure in the coming years. Congrats to all other contenders. #BugBounty

Last days I've spent on Meta's BountyCon event hosted in Seoul, Korea. Together with my teammates(@phwd_, @samm0uda and @JosipFranjkovic ) we took 1-2 places and won 5/7 nominations. Also special thanks from me for event collaboration with @_bagipro & @OversecuredInc scanner.

Here comes the Q1 reward in 2023!!!🥳 TOP 3 are $200 each, $100 for every one remaining; Rising Star Award $200 to 0xdhinu, Diligent Individual Award $200 to Hellboy_Aditya! Bonus will be sent this month. Thanks to all researchers. #hack #infosec #bugbounty #appsec #TECNOsecurity

Meta Quest: Attacker was able to subscribe any Oculus user on attacker's account without user approval. My short writeup:

@Hacker0x01 I have got more detailed response from them today on my question 29jun, now situation became a bit clear, thanks for supporting:)

How @Hacker0x01 support solves payments issues? Just closes the tickets without explanation.

Anyone from Singapore or a resident there who could apply for a Business/Tourist visa for me through the eServices portal ? Thanks.

PayPal has blocked our business account and is holding $1.3M for more than 2 months without explaining what exactly they are not happy with. Even @PayPal support doesn't know what's going on. ⚠️This endangers the production of Flipper Zero in general. More details in thread 1/5

Hackerone steals from researchers based on nationality, using sanctions as pretense. Proof that their executive team (@martenmickos @michielprins) publicly lied about sanctions when there are none (confirmed by OFAC)

React debug.keystore key was trusted by Meta(Facebook) which caused to Instagram account takeover by malicious apps. More information -> https://t.co/O3nBWn32ps

Hackerone might be the only company that decided to not pay citizens of Belarus/Russia what they owed them prior to invasion of Ukraine. They won't send $25k that I earned in 2021. They say sanctions are the reason, but actually the reasons are not legal, but... ideological. 1/

Lie. @Hacker0x01 is not sending payments anywhere if you have Belarussian/Russian passport. And they call me " valued member of our community" in survey email, really? Support completely ignores questions from your "valued" member, you don't send payments anywhere.

Hi is completely true