Big #Bugbountytip / #bugbountytips Google Services Hunting Google services are amazing, and for bug hunters, it's amazing as well. In some cases, you can get some P1-P2-P3 from these services, such as Workspaces / Sheets / Groups / Drives / Etc... In groups: you can access emails / internal data/ credentials In Sheets, you can access PIIs / Edit access In Drive: you can access backups/ PII / Etc... still hard to find and It was an issue how to make good and at the same time fresh dorks for bug bounty programs Then I found out that a lot of links have the same path, and it was like this All Google resources I've found sites.google.com/a/domain.co… docs.google.com/a/domain.com… groups.google.com/a/domain.c… drive.google.com/a/domain.co… mail.google.com/a/domain.com… spreadsheets.google.com/a/do… spreadsheets0.google.com/a/d… spreadsheets1.google.com/a/d… spreadsheets2.google.com/a/d… spreadsheets3.google.com/a/d… spreadsheets4.google.com/a/d… spreadsheets5.google.com/a/d… spreadsheets6.google.com/a/d… spreadsheets7.google.com/a/d… spreadsheets8.google.com/a/d… UrlScan Dorking: page.url:"sites.google.com/a/*" page.url:"docs.google.com/a/*" You can replace * => the program domain Google Dorking: site:sites.google.com/a/* "inurl:/a/" Or for specific domain site:sites.google.com/a/* "inurl:/a/domain.com" GitHub Dorking: "sites.google.com/a/" Or for a specific domain "sites.google.com/a/domain.co…" Shodan Dorking: "sites.google.com/a" Web Archive web.archive.org/cdx/search/c… Don't forget: It's not just sites.google.com still you have to look for docs/groups/mail/drive/spreadsheetsX still working in Google Research and will add more and more soon ...... Happy Hunting♥ #bugbounty

GIVEAWAY!! 🔥 We’re giving away 1 seat of @AlteredSecurity Certified Evasion Techniques Professional (CETP) – Evasion Lab. 🚀 👉 How to participate: 1️⃣ Like 👍 this post 2️⃣ Repost🔁 3️⃣ Comment 💬 what makes it useful to you 4️⃣ Follow @nikhil_mitt & @AlteredSecurity A random winner will be announced on Monday, 8th September 2025. 🔗 alteredsecurity.com/evasionl… #EvasionWithAltSec #CETP #AlteredSecurity #RedTeam #Pentesting #InfoSec #CyberSecurity #Giveaway

Boost your red team skills with the Evasion Lab (CETP) 🛡️ Enjoy 20% off — just use code EvasionWithAltSec. Offer valid until Sept 10, 2025. 🔗 alteredsecurity.com/evasionl… #CyberSecurity #RedTeaming #EvasionLab #CETP #AlteredSecurity

Grateful to share a milestone 🙌 CRTP by @AlteredSecurity CRTA by @cyberwarfarelab eWPTXv3 by @INEsecurity It’s been a challenging but rewarding journey into Active Directory Security, Red Teaming, and Advanced Web App Exploitation. #CyberSecurity #RedTeam

Excited to share that I’ve passed the Certified Red Team Analyst (CRTA) exam! Looking forward to applying these new skills in real-world cybersecurity challenges. #CRTA #RedTeam #Cybersecurity #Certification

Woot woot! Completed the Attacking and Defending Active Directory Lab from #AlteredSecurity! alteredsecurity.com/adlab #ADLab #EnterpriseSecurity via @alteredsecurity cc @nikhil_mitt

Windows Privilege Escalation via Service Abuse | Active Directory Lab | Harry Potter Theme | WolfSec youtu.be/bD7bBAEj84A

Hello everyone ♥ a little bit write-up of #bugbountytip #bugbountytips I am going to write here ..... Title: getting unauthorized access on 3rd party's/workspaces & and building your checklist for quickly locating bugs there via massive recon we know that its helpful to look for google groups/docs/etc.. Slack as well just like when the amazing @h4x0r_dz shared days ago .. Use google dork "site:join.slack.com" so I was not in a good mode the last months to doing Google Dorks, so what I did was build a checklist ready for me & very huge one for EX: groups.google.com docs.google.com join.slack.com and here is just an example you can add more similar workspaces for your checklist thin I extracted all internet endpoints and as example here join[.]slack[.]com otx.alienvault.com/api/v1/in… virustotal.com/vtapi/v2/doma… web.archive.org/cdx/search/c… you can use the ready tools to do it such as waymore important note: you have to keep your checklist updated every week and from here I just keep looking for the company name or domain name to see if there's anything connected and mostly the company name or domain name in the URL it self EX: tesla join.slack.com/t/Tesla-Inter… Ex For Bugs found: 1 unauthorized access to the workspaces (PII | Information disclose) 2 account takeover as Ex: valid signup employee link 3 account takeover as Ex: valid reset password employee link now about Slack, as an example if you found an invitation link for tesla Tesla join.slack.com/t/Tesla-Inter… and that link was not valid, don't stop here it will redirect for Ex: tesla-internal[.]slack[.]com here back and start looking manually for endpoints of this subdomain as well EX: web.archive.org/cdx/search/c… now there are a lot of 3rd party's/workspaces I just shared here slack & Google Docs/groups What I wrote is a bit long and annoying to some, so I apologize. I hope, as usual, that this will be useful to all who follow me here. #Bugounty don't forget to retweet if you like it ♥♥♥

We're excited to announce our 2nd giveaway, thanks to @hackthebox_eu 🎉 We will pick 5 winners to win a Silver Annual subscription ( Exam)! To enter: 1️⃣ Follow @BugBountyDefcon and @hackthebox_eu 2️⃣ Like this ❤️ 3️⃣ Retweet this 🔁 You have time until next Friday (09/20).

Exploiting FTP on Metasploitable 2 Using Kali Linux & Metasploit youtu.be/JH_D1de5Wc8

OWASP Top 10 Overview: Essential Guide to Web Application Security youtu.be/LvIGP9LnFmg

Cybersecurity Basics: Understanding the CIA Triad youtu.be/sulXtSIU5WM

Networking Fundamentals: Understanding Ports, Protocols, and Services youtu.be/B4knIsL8v_0

Cybersecurity 101: Understanding HTTP/HTTPS, Proxies, and Burp Suite Configuration youtu.be/r3-pmhNPwss

Cybersecurity 101:Introduction to VAPT youtu.be/tH3L6RLDlXY

Cybersecurity 101: Your Ultimate Roadmap to VAPT Mastery youtu.be/dH66EROPuAU