ApinLusen
@ApinLusenHacker | Security Reseacher | Google Hall of Fame | BSCP | OSCP | Security+
Similar User
@TopsecretArtpc
@The_Cyber_Lycan
@HanggoroSeto
@sourabh_tomar_
@peppespe
@mangekyo_sec
@avcatshy
@BitThr3at
@S41NTsec
@Astitwa_07
@AlHaxor
@Ar3ker0
@praveenstatuzz
@r3verseb0t
@Roshan90972416
During a bug bounty engagement for a program with four distinct Android applications, I discovered that one of the applications exposes a deep link handler associated with the login functionality, utilizing the scheme `scheme://login?token=...`. Read the Comments ⬇️
How I Took Over All Mail Operations Of A Client A thread. 🪡🧵 #bugbounty #infosec #javascript 1/n
Congrats!! Folks, if you want a MASSIVE program to test your skills on... Try FIS on @Bugcrowd Its literally endless targets and pays a ton. Read the brief very carefully, its got a lot of restrictions. Still a lot left out there to be sure. Maybe I will join you 🤣
Reported my first finding on @Bugcrowd SSRF to internal port scanning ! - Was on that same program @rounak131106
A few little easy checks for webapps that can land critical vulnerabilites (I do these every time, just in case). - Once you've logged in, search your password in Burp history. Make sure your plaintext password isn't being sent anywhere it shouldn't (like a logging service). -…
In this video I go over a simple $20,000 P1 #bugbounty report for IDOR based session stuffing that was found using a search engine, the Wayback Machine, and manual testing. Bug resolved, target information redacted. Get out there and slay them bugs yall'. Thanks @Bugcrowd!
Database of leaked credentials; find emails, passwords, and more. weleakinfo.io More... -> t.me/+YIT5lj0qIsg2Z…
In this new #ZwinKUniversity series, I go over my own P1/critical #bugbounty reports from the @bugcrowd platform so we can see what real world reports look like and discuss different bug types. These reports will all be in a resolved state and obfuscated or redacted…
🔒Bug Bounty Tips - Here's how I earned a $6000 Bounty by escalating a simple Elmah File Disclosure Issue 🔒 💡 If you haven't already, add /elmah and /elmah.axd to your wordlist! These paths often lead to Elmah file disclosures, a finding many researchers report as Low/Medium…
Another day another bug 🔥 This time we found #XXE in a PHP application by searching for the string: libxml_disable_entity_loader(false) It indicates that external XML entities are able to be loaded. Add it to your list :) #bugbounty #bugbountytips #Hacking
In the first new #bugbounty video, I go over (3) manual subdomain reconnaissance sites, how to check which are online, potentially find WAF bypasses, and how I use dorks to manually explore and pivot. This is an intermediate level video requiring some existing understanding of…
Here's a quick hack to easily find SSRF vulnerabilities! 🤑 Open your proxy interceptor and set the following match & replace rule! This will replace any URL in your incoming requests with your canary token! 👇
New report deep dive article for @Hacker0x01! @hacker_content hackerone.com/vulnerability-…
Editorial from @hackthebox_eu involves abusing a SSRF to read private data from an internal API, leaking a password. Then I'll abuse Git two ways, first finding another password in an old commit, and then exploiting CVE-2022-24439 to get root. 0xdf.gitlab.io/2024/10/19/htb…
If you're new to bug hunting, you've gotta check out offsec.tools! It's a HUGE collection of security tools designed to help pentesters and bug hunters in their every day tasks! 🧰 Check it out: offsec.tools
Yay, I was awarded a $15,000 bounty on @Hacker0x01! The program was running a 3x campaign and had an average of 0% critical vulnerabilities. An unusual combination of persistent tokens and good ol' Google Dorking. I will be doing a write-up for this one when it is resolved,…
I’ve already found several bugs within days of using it. Expected bounties is in mid 4 digits. This tool is simple, almost naive, but it works, so who cares🤷🏻♂️ If you want to play with it, check it out at github.com/ngalongc/authz… and let me know if you has any success using it,…
New giveaway, this time thanks to @hacker0x01! We will pick 10 winners to win a 1-month pentesterlab license! To enter: 1️⃣ Follow us @BugBountyDefcon and @hacker0x01 2️⃣ Like this post ❤️ 3️⃣ Retweet this post The giveaway is open until next Friday (10/25) Good luck Everyone!
![[Hacker + lover of bash] I Don't know how to hack but i know how to pwnd!](https://pbs.twimg.com/profile_images/1176789748322643968/bEReriMR.jpg)
United States Trends
- 1. Justin Tucker 15,9 B posts
- 2. Ravens 49,6 B posts
- 3. Packers 34,6 B posts
- 4. Steelers 54,7 B posts
- 5. Bears 72,5 B posts
- 6. Dustin Hopkins 1.718 posts
- 7. Browns 22,7 B posts
- 8. #OnePride 9.876 posts
- 9. Jordan Love 5.261 posts
- 10. #HereWeGo 8.637 posts
- 11. Vikings 26,5 B posts
- 12. WWIII 14,5 B posts
- 13. Taysom Hill 2.884 posts
- 14. Boswell 2.624 posts
- 15. $CUTO 9.250 posts
- 16. Drake Maye 6.605 posts
- 17. Broderick Jones 1.042 posts
- 18. Braxton Jones 1.678 posts
- 19. Jags 7.324 posts
- 20. Titans 32,3 B posts
Who to follow
-
Zodiac
@TopsecretArtpc -
Shubham
@The_Cyber_Lycan -
Rezn
@HanggoroSeto -
Sourabh_tomar_official
@sourabh_tomar_ -
🇮🇹peppespe🇪🇺
@peppespe -
Het Vikam
@mangekyo_sec -
avcatshy
@avcatshy -
Naman
@BitThr3at -
Saint_I_Aint
@S41NTsec -
Astitwa Rawat🇮🇳
@Astitwa_07 -
Haider Ali
@AlHaxor -
Ar3ker0
@Ar3ker0 -
praveen
@praveenstatuzz -
Saurabh Kumar
@r3verseb0t -
Roshan
@Roshan90972416
Something went wrong.
Something went wrong.