Like for hacker cat. Retweet for hacker dog. You can only choose one...
Follow
bugcrowd
@Bugcrowd
The leading provider of crowdsourced cybersecurity solutions purpose-built to secure the digitally connected world...Unleash Ingenuity™
bugcrowd’s posts
When you encounter a 403 Forbidden page 🚫 , try adding an "X-Client-IP" header with the value "127.0.0.1" #bugbountytips ✌🏽
When you encounter a 403 Forbidden page, try adding a "X-Client-IP" header with the value "127.0.0.1". #bugcrowdtipjar
Bringing an important tip back! 👇
When you encounter a 403 Forbidden page 🚫 , try adding an "X-Client-IP" header with the value "127.0.0.1"
#BugBountyTips
🎉 100k Giveaway 🎉
Hackers walked so Bugcrowd could run. Thank you for being part of our community! 🏃 💯
To show our appreciation, we're giving away swag all day! 😎
To enter 🎟️ ⤵️
🔁 RETWEET
🧡 LIKE
✅ Drop your fave Bugcrowd memory below👇
#ItTakesACrowd
Found a Wordpress site? The easiest place to find bugs is in the plugins.
1. Find the installed plugins with WPScan
2. Set up your own WP instance and install the same plugins
3. Hack your own instance
4. Report your bugs!
The most common bug you'll find with this method is XSS
⏰ Time for a #GIVEAWAY!
💬 We want to hear from you.
How to win swag?
📣 Retweet
📣 Like
📣 Complete the survey
📣 Drop an emoji once completed
Click here to get started: ⤵
surveymonkey.com/r/T9VDH22
Week of #giveaways starts now! 🎁
Complete the tasks for your chance to win swag ⤵
✅ Retweet
✅ Like
✅ Tag a friend in the comments
#ItTakesACrowd #OuthackThemAll
Our Web Hacking Resources Kit will help you to master the basics and get you on your way to your next P1! 😎
Check it out! 📲
#BugBountyTips #Hackers
view.highspot.com/viewer/5f3aba1
What's your favorite part of this hacker setup? 💻👇
We would share ours, but we can't choose just one. 👀
It's. Too. Cool. 😈 😎
Thanks for sharing!!
When hunting for bugs, look for features that are complex. As a rule of thumb:
More complex = less secure. #BugBountyTips
In case you missed it, this Web Hacking Resources kit is here for you. 😎
What tools would you like to see added? 👇 #BugBountyTips
Have you been lookin for a crash course on XXE bugs? It's a class of bugs often missed by even the most seasoned hackers. 🤓
Here is everything you need to know to start finding XXE bugs. Godspeed! Happy hacking! bugcrowd.com/blog/how-to-fi
New to bounties?
We've created this page containing links to everything you need to know including free educational resources, researcher docs, how to find bugs, beginner resources, how to get private invites, and more. Login to view! bugcrowd.com/welcome #BugcrowdTipJar
If you ever find a SSRF on a Windows box, try running responder.py on your own VPS, then send the SSRF to file://<yourvps>. With a bit of luck, the server will send you some tasty Windows NetNTLMv2 hashes to crack!
What are other methods do you use? #BugcrowdTipJar
XSS is the most common bug class! It pays to be good at finding them. In the latest how-to blog post, covers what XSS is, different discovery methods, contexts, filter bypasses, weaponized payloads, and more.
While he hits some pretty big bounties, you might be surprised how got started in bug hunting.
Join us for this researcher spotlight and down to earth chat with Ahsan Khan! bgcd.co/33SPAcH #ItTakesACrowd
When you find an XSS, at minimum, use alert(document.domain) over alert(1). This helps to demonstrate the context that the JavaScript is executing in. Even better, escalate the XSS to perform an account takeover!
Don't forget to share your own XSS tips using #BugBountyTipJar
. has launched a public #bugbounty program with ! Get all the new program details here: bgcd.co/2LRLavp #OuthackThemAll
A meme a day keeps the blues away.
🔁 Retweet for meme 1
💙 Like for meme 2
⚠️ We will choose one random participant to win SWAG!
#BugBountyMemes by
👉
👋 Researchers!
What's a hacking tool all beginners should be using? 🛠️
Asking for a friend! 🤭
#ItTakesACrowd
We're giving swag, you're giving tips!
Day 4 of #giveaways 🎁 👇
What's the best resource you've added to your #bugbounty library? 👀
Today seems like a good day to watch YouTube 🥱
Tell us your favorite #hacker content creator and be entered to win a Pentesterlab Subscription!👇
Week of #giveaways day 2 🎁
Knowing regex is a very powerful skill for hackers. It allows us to be more productive, and also gives us an insight into how we might exploit Regex-based security controls.
Read this blog by to learn more! bgcd.co/3rIsd07
New year, new swag, new game!
Hacker's choice: THIS or THAT❓
Drop your choice below and be entered to win NEW swag! 👇
#MacintoshDay
Want to WIN SWAG?🏆
Play the game!🎮
🔒Guess the password (26 letters)
🔢Numbers correspond to letters
✍️Example: 1 = A, 2 = B, 3 = C
🔑We'll drop a hint for every 100 likes
👇Comment your guess below, no letters allowed
Hint: #StarWars
#MayTheForceBeWithYou #WorldPasswordDay
We're dropping some #BugBountyTips 👉 Chain AutoRepeater and Taborator to Automate SSRF Findings.
Created by: 👏
Check the thread below for more details ⤵️
Today’s #BugcrowdScholar challenge is simple!
Comment below with your best bug bounty tip that's helped you save time or make impact and we'll choose some random scholars! #BugBountyTips #BugcrowdTipJar 🤓
🚨CHALLENGE TIME🚨
Can you popup an alert?😉
Rules⤵️
📣DM us a screenshot once complete
📣100 likes & we'll release a hint
15 winners⤵️
🥇5 winners: hoodies
🥈5 winners: t-shirts
🥉5 winners: stickers + glasses
GO 👉 bgcd.co/3PKAefZ
Challenge by
Testing an e-commerce checkout? Try a test credit card number like "4242 4242 4242 4242" on a production site. Test responsibly, and report it if it works!
More details on testing card numbers for Stripe integrations here: stripe.com/docs/testing #BugcrowdTipJar #BugBountyTips
GIF
👀 Want to win swag?
👇 As a hacker, tell us 1 way you take care of your mental health.
🧡 Reminder: #YouMatter #YourMindMatters #MentalHealthAwarenessMonth
You can never have too many resources! 🤗
Which hacker YouTube channel is your favorite? 👩💻 📹 ⏬
#HackerTube #BugBountyTips
[News] Today we announced Bugcrowd University to educate and empower the Crowd with the latest skills and methodologies. bgcd.co/2Okvv5r #ItTakesACrowd #OuthackThemAll
Help! 🙏 eLFI wants to know how to set up his desk! 🖥️
Check out Casey's vibe below! 😎👌
What does your #hacker space look like? 👇 Drop a pic below for the chance to be one of the 10 shirt winners! #hackerz4theholidayz
Recycling funny memes ♻️
Share your favorites below for the chance to get featured 🤪
#BugBountyMemes
Looking to further your career in infosec?
Today we are launching the #BugcrowdScholar Program! A month of challenges, swag, and giveaways! Day one's challenge to enter for a chance to win, retweet this tweet and fill out the submission form: forms.gle/gfgEuaLHBVGZzL
There were some very inspiring talks at nahamcon! got us thinking about VHost hopping. It's worth brute forcing Host headers to discover hidden admin dashboards! #BugcrowdTipJar
Changes are coming to Bugcrowd Vulnerability Disclosure Programs.
Starting Monday, Points will no longer be awarded on VDP submissions.
Find out why we are making this change in our latest blog post here 👇
