Thank you @Bugcrowd

Hacking Google with A.I. for $500,000 brutecat.com/r/hacking-googl…

some supply chain compromise

Whoa! Big bounty! 🎉

Ask AI

Been in the space for decade so I know what I’m talking about. Everybody tweeting those hot takes are either still actively hunting for bugs, or got a full time job.

“Bug bounty is dying” is noise. Lock in. Make money. Use AI to 10x your output. If it eventually dries up, you’ll have enough capital to start that biz or enough experience to land a job. Simple as that.

I can't stress it enough when I say I would rather commit ritualistic japanese suicide and die a warriors death than sit around training bug bounty platforms to automate me out of the pipeline with my bug reports

I'm not sure the community will like this. @Hacker0x01 will now reuse your novel techniques / exploits / old reports to look for vulns on the rest of the customer's infra. I guess they will add you as collab and give you a bounty, right? right?!

honestly if you can't make money in an age where you can literally ask a computer to hack something and it just does it for you you don't deserve the money anyway

11 bugs. One target. $40,000. Critical infra leak. ATO. SSRF x2. OAuth bypass. DoS. Sometimes one target is all you need. #BugBounty

Made approx 50k this month using both manual and AI from @Hacker0x01 and @Bugcrowd this month hackerone.com/rohaa_n bugcrowd.com/h/Rohan_Gupta #BugBounty

Last year, on a vacation, @S1r1u5_ and I were discussing about the human need for validation and how most things we do can be tied to it, consciously or subconsciously. Mohan asked, Would you still be doing what you do (hacking, publishing blogs, competing, etc.) if no one was there to see it? At that time, my answer was "yeah, probably?" Today, the world has somewhat come to that. All the things you thought gave you validation are now norms. Things you once took pride in can be replicated in a few prompts. I mean, people are dropping 0days everyday now, and there's an unlikely chance of your blog getting reads so there goes that validation. So would you still do it on your own? For your own sake and sanity? My answer is a confident yes now. In the last couple of months, I've seen models find bugs autonomously or sometimes with just a bit of a hunch from me, but sharing these bugs publicly hasn't been rewarding. And not in the sense of likes or reach alone, I've just been less motivated overall. I have a few blogs sitting in my queue, and what I'm noticing is I keep procrastinating, because there's not much authenticity to my own work in them, and I don't have the enthusiasm to share the same story again, how the model found this and that. I think if you really love the game, sooner or later, you have to come to terms with the fact that to stay sane, you need to go back to that problem-solving phase, otherwise it gets pretty depressing. As much as I love watching LLMs find bugs, it feels soulless at times.. all this is a signal to me that I can't function like this in the long run. It makes me feel dopamine-deprived, and I need to be hacking shit on my own.. Now, when I say "on my own", I don't mean no AI, AI bad. No, not at all.. There's a big difference between using an LLM as an accelerator in your work vs delegating your understanding to it. From a long-term pov, the former is the only path imo, and even then, the mind map you build on your own is very different from the one you'd end up with leaning on LLMs. The dopamine hit isn't even close to figuring shit out on your own. Seeing how AI is making 0days the norm and CTFs no longer the same.. The question is more real now than ever. Would you still sit down and hack stuff even when no one's watching, knowing people might be on top of the leaderboard via AI, just for the love for the game?

I spent ~6 hours yesterday working on a target. If you check my recent post about "Step 1", I was on part "D". I found 3 distinct P1s, one of which probably could have been broken down into 8 specific BAC issues but that sounded like too much work. Issue 1: LFI/traversal As I mentioned, this was found by searching all of my recon files (batch GAU outputs) for "filename=", then tinkering with any of them that looked susceptible. This was literally a one-liner in a GAU file, that could have been easily overlooked because the stem of the URI path actually ended in .PDF, which turned out to have no impact on the URI param itself. Probably why it was missed in the past. So it looked like /app/filename.pdf?filename=test.pdf; but /app?filename=test.pdf still brought the file back, and the LFI was in the filename param. Issue 2: Account Takeover After self registering on a site, I was able to find a section that lets you "invite a user" to your team, and assign a role like admin. However, the payload didn't check the team integer belonged to me, so I could invite myself via email as an administrator to any team in the system, granting full access. Oops. This was an IDOR in a POST JSON body. You find this stuff by using the software and interacting with it. Issue 3: Privilege Escalation BAC After self registering for a site, I dumped all of the API paths from any JS I could find. I made sure to remove any that said logout or logoff. I do this so my session isn't logged off while testing. I then hit them all in intruder with my authenticated session, and noted those which did not 403 or 302 redirect to the logoff or logon page (indicating no access). I then assessed each request that had a 200, and noted ~8 administrative pages that had read/write access to important functions and PII. In summary, no I do not think bounty has gotten any harder, looks like the same game. That was about a $2500/HR hunting spree assuming no duplicates and what not. AI is a capable tool now for hunting, but it will be a long time if ever before it effects the bug count on the internet at large. That said, I hear actually getting triaged and paid may be a different matter these days 🤣 How did AI help? AI was able to very quickly help me find LFI paths given the architecture/stack to dump important files AFTER discovering the bug. This would have been more difficult in the past. I use it for very specific tasks to speed things along, help with payloads, parse JS, and things of that nature... when needed. Its not the first thing I turn to.

the duality of Claude

when claude hits you with the "🎯🎯🎯 MASSIVE" and the "🎉🎉🎉 CRITICAL", you know the results are going to be disappointing

Which one is actually better: Claude AI or Codex?

Hey @Payoneer_Help @Payoneer my payment of $1,664 (Payment ID: #988364323 | Customer ID: #103667206) was canceled after sitting in "upcoming" for 5 days, and then you permanently closed my account with zero explanation.

Bug bounty and AI-generated reports are scaling faster than any team can triage manually. Most read like real vulns now -- the only way to know is to actually reproduce them. Triage does exactly that. Reproduces every report in an isolated sandbox, confirms exploitability with real evidence, and filter the noise automatically. Works with HackerOne, Bugcrowd, Claude Code reports. projectdiscovery.io/triage