Day 16 - Full Time Bug Bounty - Today was educational day. - Read about http request smuggling & hacktivity.

Day 27 / 30 — RESOURCES: Learn-by-Doing Platforms Stop hoarding tutorials. Build skill on labs. → PortSwigger Web Security Academy — FREE, gold standard portswigger.net/web-security → HackTheBox — VMs retired boxes → TryHackMe — guided learning paths → PentesterLab — exam-aligned exercises → HackingHub (@NahamSec) — real bug bounty scenarios hackinghub.io → Intigriti Hackademy — beginner-friendly For writeups specifically: → pentester.land/list-of-bug-b… → github.com/ngalongc/bug-boun… → HackerOne Hacktivity (filter by program/bounty) Read 1 writeup daily. Pattern recognition compounds. #bugbountytips #learning #bugbounty #infosec

I have seen you several times on programs hacktivity, amazing, keep going!

Day 21 / 30 — RESOURCES: Newsletters & Blogs Worth Your Inbox → Pentester Land — weekly writeups digest pentester.land/newsletter → Bug Bounty Reports Explained (@gregxsunday) bbre.dev → Critical Thinking podcast (@rez0__ @Joe_Hacker) → Intigriti Bug Bytes — monthly newsletter → The Daily Swig (PortSwigger) — appsec news → HackerOne Hacktivity — filter by program, by bounty amount → Tib3rius blog — tib3rius.com → Six2dez blog — six2dez.com (incredible recon notes) Subscribe to 3. Read what lands. Drop what doesn't. #bugbountytips #resources #infosec #bugbounty #cybersecurity

🎯🐞 Want To Learn Bug Bounty The Right Way? Skip random payload dumps and focus on learning how vulnerabilities actually work. Start with these: 1.🧪 PortSwigger Web Security Academy 🔗 portswigger.net/web-security → Hands-on labs for XSS, SQLi, SSRF, CSRF, authentication flaws, access control bugs, and real web exploitation. 2.🛡️ OWASP Testing Guide 🔗 owasp.org/www-project-web-se… → Learn proper web application testing methodology, security concepts, and vulnerability assessment process. 3.📄 HackerOne Hacktivity 🔗 hackerone.com/hacktivity → Read real disclosed bug bounty reports and understand how researchers find, validate, and report vulnerabilities. 4.🎓 Bugcrowd University 🔗 bugcrowd.com/hackers/bugcrow… → Structured learning path covering recon, web security basics, bug hunting workflow, and reporting. 5.🔍 Real Target Recon Notes 🔗 github.com/topics/bug-bounty → Study recon workflows, subdomain enumeration, endpoint discovery, and attack surface mapping techniques. 6.📓 Your Own Vulnerability Journal → Keep notes of: • Interesting endpoints • Recon findings • Working payloads • Failed attempts • Vulnerability patterns That is how real bug hunters improve over time. #BugBounty #WebSecurity #CyberSecurity #EthicalHacking #InfoSec

Day 4 - Full Time Bug Bounty - Didn't Hunt today - Read Reports from Hacktivity.

HackerOne Hacktivity provides real disclosed reports for learning. Filtering by Business Logic and Access Control reveals recurring patterns. Explore here hackerone.com/hacktivity #BugBounty #Hacktivity #CyberSecurity #InfoSec

amazon.east.pa2 manages @ClintonGlobal @NSAGov [CSS] Special Access Program Private Access Line Permissive Action Links: - amp.com (jira-esque pedo-pedia) - keymanagement.com (jira-esque hacktivity request) 4801 ATX Clinton-Epstein/Sinaloa 239 GMD Anonymous

Business Logic Errors are dominating HackerOne Hacktivity in 2026. Examples include non premium users disabling ads and password policy bypasses. Logic flaws are outperforming complex payloads. #BugBounty #EthicalHacking #Hacktivity

for me annihilating @ClintonGlobal @CIA-backed russian mafia Anonymous false flag Ukraine Ops; for me ending @ClintonGlobal @DHSgov Anonymous hacktivity; for me discovering @HillaryClinton-Epstein's human-trafficking & narco-terrorism, & NGO ecosystem. @NSAGov [CSS] has my logs.

just checked yeswehack hacktivity this guy has 0 impact in 42 reports.. looks like spam report to me ._.

The one thing that will make you better at security faster than anything else: Read post-mortems and incident reports. Not tutorials. Not courses. Real incident reports from real breaches. - AWS security bulletins - Google Project Zero blog - HackerOne Hacktivity (public reports) - Krebs on Security breach analyses - Company transparency reports after incidents Every breach report is a free lesson in what went wrong and why. The patterns repeat. Once you've read 100 incident reports, you start seeing the same mistakes everywhere you look. That's the skill. Recognizing patterns. Everything else is just tooling.

11 blogs & writeup sources for security researchers & bug bounty hunters: 1. Pentester Land — pentester.land/writeups 2. HackerOne Hacktivity — hackerone.com/hacktivity 3. Infosec Write-ups — infosecwriteups.com 4. Intigriti Blog — intigriti.com/blog 5. YesWeHack Blog — blog.yeswehack.com 6. PortSwigger Research — portswigger.net/research 7. Assetnote Research — blog.assetnote.io 8. ProjectDiscovery Blog — blog.projectdiscovery.io 9. GitHub Security Lab — github.blog/category/securit… 10. Google Project Zero — googleprojectzero.blogspot.c… 11. Sam Curry — samcurry.net #bugbounty #bugbountytips #infosec #cybersecurity #hacking

If you go to hackerone hacktivity and filter by status: closed and spam/invalid the first 3 pages all reports to cURL. No wonder @bagder stopped the program

Agree, no serious lab would, but when it comes to some. the AI slop start ups... I find the claim credible, Bugcrowd has no publicly accessible data like HackerOne's Hacktivity and I find it difficult to believe the bc team would lie publicly about it

Curl is spamming the h1 hacktivity

As it turns out, it was hacktivity on my account. Someone trying to hack it. So all is forgiven to Bluesky. Terrible timing of course. Just when the Great Big Fucking War started. Still fun to be back. Seems like there are many more international sources on here.

Collaborative #BugBounty reports on @YesWeHack have increased 520% since 2022 📈 Download our 2026 report for more ‘hacktivity’ insights, final 2025 leaderboards and survey findings covering hunters’ AI tool use, scope selection & other hacking habits 👇 choose.yeswehack.com/bug-bou…

I never forget your kindness when we talk in Hacktivity, Hungary. RIP 😥

There has been loads and loads of hacktivity already (for years) with other things! @Cyberknow20 trackers show this.