Hey :) If you want to know how you can get started in bug bounties, the first and most important step is learning how to use Google, because that'll be your main tool for your whole career.
Pinned Tweet
Alex Birsan (parody)’s Tweets
Reached a point in my coffee obsession where I'm starting to think "maybe I can make nitro at home better than Starbucks"
My wallet will suffer
1
6
fwiw I got $0 when I reported something similar to Google during my initial research in 2020 - and I totally get it. It's nearly impossible to control what devs will do on their own machines.
Quote Tweet
Dependency confusion - mismanaged by @Google security VRT
giraffesecurity.dev/posts/google-r
Had the exploiter been malicious this could have led to product compromise, back door, and enterprise access.
1
9
talking about human height in inches sounds so funny like yeah bro, I'm 77 inches tall, fite me
1
Everyone on tiktok seems to like sped-up versions of random songs. This can only mean one thing
THE KIDS CRAVE HEAVY METAL 🤘
9
Things I learned about the US: They call it a pick up truck because they use it to pick up their coffee from Starbucks
1
1
31
Not only that, "The Sunshine State Spoofers" have dominated the top of the leaderboards and were the team who won the most bounties accumulating our overall Live Hacking Event performance.
Never underestimate the power of successful collaborations, onto the next one!
1
3
30
Show this thread
Won the Exterminator award for the most critical bug at 's H1-407 event teaming up with and hacking #EpicGames!
Huge Shoutout to and for their assistance on the winning bug 🤝
#BugBounty
16
8
324
Show this thread
Did anyone not expect Stadia to close down within a few years? It's like a self-fulfilling prophecy.
2
13
Finished the #H13493 live hacking event in first place and nabbed the Best Collaboration award as well! Had a blast in Barcelona, and a crazy couple of weeks leading up to it. Thanks to everyone who made this event possible!
32
9
302
TIL car rental companies will straight up charge you differently for the exact same rental depending on where you physically are when you book.
Getting a better price is sometimes as easy as going to .co.uk instead of .com
1
9
Back in 2012, Ubisoft accidentally added everyone as CC on a marketing email.
Long story short, someone hit Reply All and 10 years later the email thread is still going strong and I think that's beautiful.
21
536
2,898
Show this thread
Starting my journey to the #h1303 live hacking event in this beauty.
This'll be my first in-person H1 event. Super hyped for it 🤩🤩🤩
3
1
130
If right click -> open in incognito stops working one day, someone let me know and I'll move my stuff off Medium.
Quote Tweet
I'm not going to pay Medium to read hacking blogs. Sorry not sorry.
I hope some of you move away from that platform.
5
6
70
3
3
57
Many tech companies, including GitHub, use their geographically distributed workforce as a way to steal wages from workers. They call it "location-based pay grades" and other such nonsense. But it's wrong. So we've written something you can share:
165
4,502
18.3K
Show this thread
If you are not helping put up a parking lot on /r/place then what the hell are you doing
12
everyone be like "can you stil reproduce?". cmon dude I'm not *that* old
4
5
83
Solid advice. Have a buffer of at least 6 months - 1 year worth of savings before you go full-time. You shouldn't need to find bugs non-stop to make it work.
Quote Tweet
My advice to those who think about doing #BugBounty full-time:
Don't go full-time if you only live from month to month! Build up some savings before going that route. Personally, I'm able to survive 3 years without having to find a single bug using my savings.
(1/2) twitter.com/ITSecurityguar…
Show this thread
2
1
28
Why not allow your hackers to stay 100% anonymous throughout the disclosure and payment process?
14
1
119
Struggling to buy a €1000 phone on the site is probably the worst UX experience I've ever had. It might have just single-handedly pushed me to buy an iPhone instead
7
26
Dependency Confusion is 1st! 🤩
Quote Tweet
The results are in! We're proud to announce the Top 10 Web Hacking Techniques of 2021!
portswigger.net/research/top-1
15
17
230
Someone called me and we spoke like normal but... the call came from a completely different number than theirs?
Confirmed not a prank. We were both in a low-signal area if that's relevant.
The number is busy when I call it but rings when the other person calls.
WTF is going on
2
11
Not quite sure why 10,000 of you would want to follow me on here but thank you 🤗
8
1
109
tfw you reluctantly submit a report after like a week knowing full well that you were this 🤏 close to escalating the impact.
oh well... on to the next one!
33
Once you add the mandatory VPN, custom headers, check-in system and all that, it kinda stops *feeling* like hacking and starts feeling like... work
7
5
117
Also just realized the swag code is in the gif and rushed to order something before someone stole it 😅
5
Show this thread
My thinking was - with everyone guessing random numbers, the last layer was statistically likely to be a really small number like 1 or 2.
Don't have a formal proof for this but it feels right.
1
4
Show this thread
nice
Quote Tweet
Replying to @alxbrsn and @intigriti
Hey alxbrsn! You unwrapped the gift! Get that swag! What prehistoric animal is the fastest at wrapping gifts? The Velociraptor.
GIF
1
4
Show this thread
Cache Poisoning at Scale:
Identifying and Exploiting over 70 Cache Poisoning Vulnerabilities
21
564
1,206