-
Yay, I was awarded a $6,000(x3) bounty on
@Hacker0x01! https://hackerone.com/byq Would be impossible without my bounty mate@_act1on3_. It's definitely#TogetherWeHitHarder P.S. New personal record by single payout. -
We are going public with our some of the products in our
#bugbounty program@Hacker0x01. ~10 services will go from private -> public. This will be done gradually over the next two months. The program is now online at https://hackerone.com/visma Happy hacking!#togetherwehitharder pic.twitter.com/qUMA1RoTHaPrikaži ovu nit -
CSRF Account Takeover Advice: - Subdomain Enumeration - Map out attack surface / Spider - Right click on targets -> Engagement Tools -> Analyze Target - Look for password reset with no CSRF token - Reset Password and email generate PoC - Report - $$$
#TogetherWeHitHarder -
https://noobsec.org/project/2019-12-16-How-We-Get-4000$-in-5-Minutes/ … How we get $4000 in 5 minutes (Indonesian Language)
#bugbounty#bugbountytip#bugbountytips#ittakesacrowd#togetherwehitharder -
Yay, I was awarded a $2000 bounty on
@Hacker0x01! For multiple vulnerabilities-ssrf- highest level of privilege escalation-admin account access. https://hackerone.com/cuso4#TogetherWeHitHarder -
Yay, I was awarded a $2,300 bounty on
@Hacker0x01! RCE + Blind SSRF https://hackerone.com/delisyd#TogetherWeHitHarder -
Transparency builds trust: a blog from yours truly about public disclosure, vulnerability, culture, trust, and hackers. https://www.hackerone.com/blog/transparency-builds-trust …
#TogetherWeHitHarder -
For those who are asking How I found my last SQL injection Here is a simple POC
#bugbounty#bugbountytips#TogetherWeHitHarder#hackingpic.twitter.com/gRSPYNFjP6
Prikaži ovu nit -
Yay, I was awarded a $30,650 bounty on
@Hacker0x01! for Various reports https://hackerone.com/malcolmx#TogetherWeHitHarder -
Writeup of an SOP bypass on
#Hackerone using a little trick learned from@BitK_ ! https://enumerated.wordpress.com/2019/12/24/sop-bypass-via-browser-cache/ …@Hacker0x01#TogetherWeHitHarder#bugbounty -
New Write-up About a dom xss From a private project 500$ https://jinone.github.io/bugbounty-a-dom-xss/ … Merry Christmas to you all ! Thanks
@Hacker0x01#TogetherWeHitHarder#BugBounty#bugbountytip -
Hacker tip: when you’re looking for IDORs in a model that references another model, try storing IDs that don’t exists yet. I’ve seen a number of times now that, because the model can’t be found, the system will save the ID. (1/2)
#TogetherWeHitHarderPrikaži ovu nit -
Request has a 64 chars long csrf token in the header and same in the cookie. I can use any random string of 64 chars but they should have same value in both places. Any ideas how I can possibly exploit this csrf for another user?
#bugbounty#TogetherWeHitHarder -
In January, I submitted 28 vulnerabilities to 6 programs on
@Hacker0x01.#TogetherWeHitHarder https://hackerone.com/last-month -
In January I submitted 3 vulnerabilities to 2 programs which turned out to be duplicate. I learnt: do your own research and find unique vulnerabilities. Understand the target and pinch the critical nerves.
#TogetherWeHitHarder#learning -
Yay, I was awarded a $250 bounty on
@Hacker0x01! The infamous $250 only tweet lol say what you want about@Hacker0x01 i love the company. rhhttps://hackerone.com/dondata#TogetherWeHitHarder -
Finally 5k reputation
@Hacker0x01
#togetherwehitharder#bugbounty pic.twitter.com/Gipv6flSYr
-
8 duplicates on a row, I guess it's safe to call me the King of Duplicate reports
#togetherwehitharder
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.