Discover and read the best of Twitter Threads about #bugbounty

Most recents (24)

Here's a couple of things worth a try to get an IDOR

Comment below if you've other useful tips & techniques.


#bugbounty #bugbountytips #infosec
1. Change file type

If you've an endpoint such as /users/passoword you might want to try /users/password.json or other extensions like .xml etc.
2. Convert ID to json body or array

If you've {"id":111} that gives you 401, you might want to try {"id":[111]} and {"id":{"id":111}}
Read 10 tweets

😁You might have come across

Read about them below, It's a 💯 thread. 🧵
Let me know if I missed any.
#infosec #oob #CyberSecurity #bugbountytips #BugBounty @theXSSrat @ADITYASHENDE17
Retweet for 📈
1. Burp Collaborator

2. WebHook(.)site
Read 20 tweets
If an LFI vulnerability exists, look for these files:

1-Linux system and user files:

#bugbounty #bugbountytip #bugbountytips
2-Log files:
3-CMS configuration files:
WordPress: /var/www/html/wp-config.php
Joomla: /var/www/configuration.php
Dolphin CMS: /var/www/html/inc/
Drupal: /var/www/html/sites/default/settings.php
Mambo: /var/www/configuration.php
PHPNuke: /var/www/config.php
Read 5 tweets
October was - by far - my best #BugBounty month ever! I made 160k USD from 40 bugs across @Hacker0x01 and @synack with almost zero automation involved.

I usually don't talk about my bounty income, but I'm quite proud of my work TBH 🙂 So here's a little bit of statistics. (1/3)
Bug class allocation (based on # of bugs):
IDORs: 36%
Other Authz: 28%
Business Logic: 11%
Reflected XSS: 11%
Authn issues: 8%
Stored XSS: 2%
CSRF: 2%
Mobile: 2%

Those 40 bugs resulted from 4 programs. Here are the program ages and their relative share on the total
bounty amount:
2x > 3 years: 92%
2x < 1 year: 8%

So probably a good reminder: Stop thinking that old programs have been thoroughly tested and there's nothing to find anymore.

Thanks to those private programs that made it happen 😎

Read 3 tweets
Android Webview:
Android WebView is a system component powered by Chrome that allows Android apps to display web content.
There are many apps out there that are simply wrappers around web pages, or web content stored in the app.
Android Webview debugging:
In Android WebViews have a debugging feature, that allows you to use the ADB remote debugging extension for chrome to debug the contents of the WebView.
Read 13 tweets
The Dunning–Kruger effect :

Hypothetical cognitive bias stating that people with low ability at a task overestimate their own ability, & that people with high ability at a task underestimate their own ability

People in #bugbounty experience this✅

A thread 🧵👇
Examples of the Dunning-Kruger effect:

➡️Work : Dunning-Kruger effect can make it difficult for people to recognize and correct their own poor performance.

That’s why employers conduct performance reviews, but not all employees are receptive to constructive criticism received.
➡️ Politics:
Supporters of opposing political parties often hold radically different views without realising what they actually knew.
Read 7 tweets
Thread 🧵: how to automate the extraction of endpoints from javascript files with Linkfinder and Bash

#infosec #cybersecurity #bugbounty
subjs fetches javascript files from a list of URLS or subdomains

Read 8 tweets
Here's a list of some of the Youtubers I'm following as a beginner bug bounty hunter. ( They're in no particular order of ranking )

1. @zseano <3<3<3

Channel :

Personal favourite :

It's the mindset that matters, always.
2. @theXSSrat My man <3

Channel :

Personal favourite :

(Bet you saw this coming ? :P)
Read 9 tweets
I posted a thread on SSRF protection bypasses with different encodings yesterday.

But there's a lot more you can do to bypass filters.

Let's look at some of them below. ( Also, comment your most used and favourite bypasses )

1. DNS Pinning

To get an A-record that resolves into IP, use the following subdomain.

2. Bypass with Open Redirection

Eg. /nextPage?path=
Read 9 tweets
Bypass SSRF protection with different encodings.

A thread.

1. Hex encoding.

If is blocked, try 0x7f.0x0.0x0.0x1
2. Octal encoding.

If is blocked, try 0177.0.0.01
Read 8 tweets
🚨🚨 Another 10K giveaway

50 Like - Burp Suite Ext Dev - 10 Coupons
100 Likes - SOP Zine - 10 Coupons
150 Likes - Web Auth Zines- 10 Coupons
200 Likes - Bundle - 3 Coupons

Thanks to @FeedHive_io for post conditions functionality.
#Security #Learn365 #bugbountytips #bugbounty
Woah we hit 50 Likes, here is the link for Burp Suite Plugin Development Guide :…

Only 10 Grab Fast.
Woah we hit 100 Likes, here is the link for SOP Zine :…

Only 10 Grab Fast.
Read 7 tweets
10 Useful websites for cyber security.


#infosec #bugbounty #security
1. @DanielMiessler

An experienced cybersecurity expert, consultant and writer. Worth reading his blogs, curated newsletters, essays, podcasts and high-quality writing.

2. @gcluley

A longtime industry expert who held senior roles with Sophos and McAfee before deciding to begin “working for myself” in 2013

Read 11 tweets
File Upload Restriction Bypass Checklist

1-Try various file extensions-Try different versions of the file extensions, for example php3, .php4, .php5, phtml for PHP scripts, asp,aspx

#bugbounty #bugbountytip #bugbountytips
2-Append an extra file extension-If the application is not properly validating for the file extension, this can be exploited by appending another extension, for example from script.php to script.php.gif or script.gif.php
3-Change the casing of the extension-Try different combinations of lower and upper case, for example pHp, PhP, phP, Php etc
Read 13 tweets
Awesome GitHub Repos :

1. Book of Secret Knowledge =
2. Awesome Hacking =
3. Awesome Bug Bounty =
4. Awesome Penetration Testing =

#bugbountytips #bugbounty #cybersecurity #infosec
5. Awesome Web Hacking =
6. Awesome Hacking Resources =
7. Awesome Pentest =
8. Awesome Red Teaming =
9. Awesome Web Security =
10. Penetration Test Guide based on OWASP =
11. Pentest Compilation =
12. Infosec Reference =

Read 3 tweets
Data leak exposed 38 million records, including COVID-19 vaccination statuses | Engadget…
And then this BS!!! F U @Microsoft @Azure
@Microsoft @Azure So when i report it APRIL 8th, 2021 it's NBD!!!! OooookkkkkkkkkKKK WTF is Going on HERE!!!!


#bugbounty #infosec #scam #fraud #security #DataLeak @guardian @cnnbrk @washingtonpost @FBI @FBI
Read 4 tweets
Rant about how @Bugcrowd and @Hacker0x01 setup their platforms to let vendors who host private programs abuse researchers. Entirely based on a true story with @Bugcrowd in my case. This is for my #bugbounty friends out there. 1/n
Let's say you are a researcher invited to a private program. You spend 10-20 hours looking for vulnerabilities and you finally find one! You report it to the vendor and... they say it's not applicable. 2/n
You still think it's a serious vulnerability. You try to use the platform's "mediation" feature to work with the vendor. The problem? At the end of the day, the vendor has the final say on whether or not it's a vulnerability. 3/n
Read 14 tweets
[T 0052]
Latest in Security 🧵👇

#infosec #bugbounty #security
Hacker Tools: ReNgine – Automatic recon by @ojhayogesh11 @intigriti…
Hakluke's huge list of resources for beginner hackers by @hakluke…
Read 10 tweets
A Big Curated List Of Resources For OSCP Prepration

A thread 🚨 👇

#infosec #cybersecurity
#bugbounty #oscp @offsectraining
Offensive Security Certified Professional is an ethical hacking certification offered by Offensive Security that teaches penetration testing methodologies and the use of the tools included with the Kali Linux distribution.

All about OSCP :

Read 9 tweets
Are you a CTO, a CISO or an AppSec lead in charge of securing a Software as a Service? 🦄

Here are 12 macro-projects to enable an application security program. ☂️

#appsec #bugbounty #cloudsecurity #cybersecurity #devsecops

Read the thread ⬇️
🏀 Manage vulnerabilities and security weaknesses

Centralize every potential vulnerability in a @Jira-like issue tracker. A vulnerability remediation workflow is a typical bug fixing flow but with more status for the #appsec team to triage alerts and verify fixes.
👾 Run crowd-sourced security programs

Starting with a Vulnerability Disclosure Policy (VDP). Publish a @securitytxt note to show bug hunters the reliable process to reach the #appsec team and report vulnerabilities and security weaknesses in your assets.
Read 14 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!