/search?q=<script>alert(1)</script>
You dropped this payload, nothing happened. ๐ซย
Now what?
Check this quick explainer by @InsiderPhD on what to do after sending your failed XSS payload. ๐
1
4
53
3,044
Haha I got the AWS already. Nasa is the prize and not bugcrowd nasa.....Nasa Nasa. Gotta be from Nasa via NVD
1
1
10
Proud to be featured among security researchers contributing to the U.S. Department of Homeland Securityโs Vulnerability Disclosure Program. ๐บ๐ธ๐
#CyberSecurity #EthicalHacking #VulnerabilityDisclosure #DHS
@Bugcrowd @wizard_1124 @DHSgov
9
Ashar Mahmood retweeted
May 28
Made approx 50k this month using both manual and AI
from @Hacker0x01 and @Bugcrowd this month
hackerone.com/rohaa_n
bugcrowd.com/h/Rohan_Gupta
#BugBounty
40
17
422
17,314
Bug hunter struggling with manual prompting?
youtube.com/watch?v=1PXy8mVjโฆ
#immunefi #hackenproof #intigriti #bugcrowd
@OOBEonSol
21
Autonomous project auditor
Struggle with manual prompting? This agent fetch fresh bug bounty programs & audit them, we'll get ready reports Everything customizable, the repo: github.com/BenraouaneSoufianโฆ supported are: Immunefi, bugcrowd, hackenproof, intigriti,.... Note: you'll need working claude code or claude code router because the agent execute the audit task after fetch the program.
youtu.be/1PXy8mVjVqU via @YouTube
40
17h
Someone should report bugcrowd and hackerone too that they are using research from American hackers and selling it to adversaries.
Jun 12
bugcrowd.com/blog/savant-bugโฆ
so the bug bounty community freaked out a few weeks ago when hackerone had a single slide that talked about using AI agents for testing based off our reports. bugcrowd's new strategy sounds even more brazen, sly and egregious.
submit reports -> your "signals" (aka creative thought process and work) feed into their AI agents -> AI agents find bugs without you (unclear incentive structure).
that's if the technology even works though lol. these days I have trouble even adding collaborators in reports without the app erroring out.
the messaging is so much more slick too. "connect those signals" - does that mean they are training on our reports? at least whoever did this PR release was careful to not blatantly say that they are training on our reports.
but lol what does connecting those signals actually mean at the end of the day? extremely unclear if they train on our reports.
this requires actual transparency from both platforms, not just marketing, and messaging tactics that you use when you're trying to convince you're not a wolf in a sheeps clothing.
19
Jun 13
Lol. You just prove that you dont have any idea how AI works. Why do you think hackerone/bugcrowd havent created the perfect bug hunter if what they need is only the things on the internet?
18
๐ข Building a successful bug bounty program requires a strong foundation of trust, clear triage processes, and a commitment to continuous testing.
Moving from annual audits to continuous testing lets you find vulnerabilities as code changes. This creates a predictable workflow where external researchers safely report findings, giving developers the clear data needed to fix bugs faster. A win-win for everyone. ๐ฅ
Read the full interview with our CISO & CIO, Nick McKenzie, at Tech Nadu: technadu.com/bug-bounty-progโฆ
1
5
1,262
Jun 13
@Bugcrowd so with the release of new ai models and at accelerating speed people are finding sending reports to you . MY ONLY QUESTION IS WHEN YOUR PLATFORM IS GOING TO SHUTDOWN.
27
Preemptive security starts before the attacker has the advantage.
๐๏ธ Joe Castellanos, Senior Director of Product Management at Bugcrowd, shares how security teams are moving beyond reactive vulnerability management toward continuous, attacker-informed testing.
From shifting testing left in the SDLC to understanding your external attack surface from the outside in, this is a good watch for teams building a program designed to reduce risk earlier.
Watch the full discussion: event.on24.com/wcc/r/5338391โฆ
1
1
8
1,821