Finally, I got listed in the @msftsecresponse Hall of Fame for the first time, and I'm proud to be recognised by the @Microsoft security Team as a #bugbountyhunter 😍🥰😍🤩😍🥰

Developed this tools github.com/Hun33er/Virustota… inspired by @GodfatherOrwa

🦜Only for Educational Purposes: Recon: repository.root-me.org/Explo… teletype.in/@babrya/OEaHaC7x… binarytides.com/blog_files/s… hackware.ru/?p=6045 Android Testing: repo.zenk-security.com/Magaz…

How to Exploit an IDOR Vulnerability for Privilege Escalation In this video, I demonstrate how broken access control can lead to unauthorized privilege escalation through IDOR. Watch: youtu.be/E52di-jdCAk?si=0ihD… #BugBounty #CyberSecurity

This is what I've been saying. You see all those old people who claim to be activist then. Now they attain political post finish, and they're oppressing the young activist.

All this older people ehn... God forbid I read all this rubbish

Am i the only one having difficulty understanding "Autorize Burp extension" these days

Set a reminder for my upcoming Space! x.com/i/spaces/1vOxwdXXXWVKB

You made money, we made money and companies got more secure. That WAS the deal @BugBountyHQ

So, today i decided to learn about XML external entity (XXE) injection, then proceed to read @Hacker0x01 disclose report about it. and do some research more about it.

(Short) #BugBounty Tips for the Coming Year: 1. Skill - A lot of advice out there say you should go complete all PortSwigger Labs before you start hunting. While there's nothing wrong in that, I genuinely feel that is counter productive. Here is what I do instead - Pick a Main Bug: This is your mass hunt specialty. This is the bug you should be able to hunt in your sleep. Learn everything about it, read everything until Programs hate to see you coming. Could be BAC, XSS, Info Disclosure. Anything - Pick a secondary High Severity or more: This is your Highs and Crits lane. Basically you don't actively find these because they're rare, but whenever you do come across it. You best be able to pop a High or a Crit. Things like SSRF, Auth issues, Account Takeovers etc fall under here. 2. Program Selection - One of the most popular advice out there is to stick to one program for months, while I do believe in this 100% but you need to actually be clever about it - You see triagers and security teams in companies are humans like us, they take breaks, they go on leaves just like the rest of us. If you spend months hacking and submitting reports to one program and response slows down or they go on break. Guess what happens to you ? - For me I test 3 Programs weekly: - Main: This is the most program I spend my hours on, at least 4 - 7 hours a day. - Secondary: This is more of a have multiple income sources type program. I dedicate at least 2 - 3 hrs to this - Unicorn: This is your moonshot program, basically you test on this not with the mindset of finding numerous bugs, but with the mindset of "YOU ONLY NEED TO WIN ONCE". These are your high paying programs that you can earn $10k - $50k just by popping an IDOR. I only test these on the weekends. 3. Hack more than you read - Bug Bounty is a hands on field, if you're not actively hunting bugs you learn, you wont actually know anything about it. You'd just be the ChatGPT of vulnerabilities. Heck even ChatGPT would be better than you at that point. So Solve @yeswehack Dojo Challenges, Solve labs, @intigriti used to run a monthly XSS challenge, I don't know if its still active but you get the point. Basically actively hacking >> Reading writeups or texting people to teach you. - Run from the content creator trap. It is easy to feel like you need to start posting bounties, sharing write ups for every finding but in the beginning you should avoid this. Your time should be spent hacking => learning => more hacking => oh would you look at that. Its MORE HACKING. - Outwork everyone. You see a lot of bug bounty has to do with luck. But you don't get lucky if your not actively putting yourself in positions to actually get lucky. HACK HACK HACK 4. Finance - The wisest decision I made was to start treating bug bounty as a Capital Generation scheme not as a career. You see you are going to have months where you find nothing, months where you enter dupe city. Its inevitable, it happens to all of us. So the wise choice is to use bug bounty as an avenue to fund other things that would actually give you the life you want. Be it a business, skills, education or investments. Whatever. - Treat every bounty as a little soldier. @NahamSec posted a video this year about this where he talks about allocating a percentage of every bounty you earn to an account for a purpose. I can not emphasize how important that advice is and how it changed my approach to hunting for the better. Here is the video => youtube.com/watch?v=j5nm38fS… 5. Health - Bug bounty is hellish work lol. You spend hours daily sitting in front of a screen. You need to at least try and do the following: - Gym or any sort of movement - Sleep Properly - Touch grass occasionally Remember, A burned-out hacker finds nothing. Good luck on your hunts in the coming year and most importantly, never stop learning !!! #Bugbountytips

I just published Critical API Authorization Flaw: 5,000 Euro Bounty; How a Missing Check Led to Complete Account… medium.com/p/critical-api-au…

Got critical vulnerabilities from Amazon just by using Yandex dorking Congratulations bro. Im happy my little tips help.

Relearning about Race condition, Its Basically, when multiple requests hit the server simultaneously before it updates. sometimes ago, i met someone who got a VTU website, he complained about how a malicious person had less that 1k in his account and was able to withdraw 100k .

You're good with Google Dorking, even shodan Dorking, not to talk of Duckduckgo But have you tried Yandex before. Try and come back here 😂

Learn more dorking methods today and it's really fun. Someone used yandex dorking which I shared before and found some PII on one big public bug bounty program. Congratulations bro

Sometimes, what holds you back isn't strength 💪 but it's the belief you've never challenged