🚨
As of tomorrow I am permanently reducing my course cost by 50% to $100 so more people have access to it and can get those bounties while they are still hot. And yes, they are still hot. The internet is still full of stupid problems waiting to be found for those looking, at least for now...
https://t.co/ZQDJvWYVZb
I suspect we have about 2 years of decent #bugbounty hunting left before most companies have access to and properly leverage the tools like Mythos that effectively replace "most" hackers.
Using the EXACT methods in this course, I found 20+ critical bugs on a target in a matter of hours the other day. Nothing fancy. The internet is just too dang big to fix and patch in a small amount of time, even if AI is finding the bugs. Internal legacy human processes with 500 steps are still bottle-necking remediation.
What the bug bounty world becomes next is anyone's guess. My suspicions, hackers will be paid flat rates for hacking and/or patching targets any way they can (be it AI, manually, or both). So, here's to the next evolution of hacking, which is hopefully round-table LHE's where we all work together on targets to harden them as best as possible, instead of working against each other to try to "be the best hacker".
Re-post for a chance to win 1 of 5 course coupons for a give away on May 14th. I'll have Grok pick the winners.
🚨A group of North Korean hackers possibly exploited a VSCode/Cursor vulnerability to steal $285M.
> they posed as a trading firm for 6 months
> met the devs at a conference
> deposited $1M+ to build trust
> shared repo that likely compromised a contributor
> Cursor sets Workspace Trust off by default
> opening a cloned repo auto-executes a malicious .vscode/tasks.json. no click.
> VSCode asks you if “you trust the authors of this project”, and you likely said yes every time
> Cursor has this setting disabled “to prevent confusion between Workspace Trust’s ‘Restricted Mode’ and Cursor’s ‘Privacy Mode’
> still not fixed.
TO BE TRANSPARENT, Drift’s forensic investigation is still ongoing and VSCode/Cursor is mentioned as “one possibility”, but the risk is real and if you’re a dev using Cursor with default settings might need to look into this and enable WT.
Keep your eyes peeled on these endpoints. 👀
/login ➡️ authentication bugs
/reset-password ➡️ATO
/upload ➡️ RCE
/api/v1/user/1001 ➡️ BOLA
/search?q=query ➡️ Injection bugs
/view?file= ➡️ SSRF
/admin ➡️ internal access
Which endpoint have you found the most bugs on? 👇
I’ve added here
https://t.co/HoZmigQxkT
PDF file for XSS, it can bypass any waf
for who looking for Stored XSS , and it can be changed to blind if you want to
Simply I encoded the payload as ASCII hex
You can edit the payload over notepad++
#bugbountytips#bugbountytip #bugbounty
Day TWO of FIVE days of celebrating our 2 year ARCANUM-VERSARY! @arcanuminfosec
3rd Giveaway = FOUR seats to our new course by @the_IDORminator "Zero to [BAC] Hero" !
👍 1 Like = 1 Entry!
♻️ 1 Share = 2 Entries!
Winners announced 1/21! Syllabus link below 👇
Happy Arcanum-versary!
@arcanuminfosec 's 1st giveaway for the week is FOUR seats to our EPIC Advanced Client-Side Hacking course by myself and @xssdoctor !
👍 1 Like = 1 Entry!
♻️ 1 Share = 2 Entries!
Winners announced 1/21!
Syllabus for the course below 👇
Found an XSS bypass during a bug bounty:
Backend was only stripping quotes ("), so payload like:
<s"vg o"nload=al"ert() />
turns into a valid:
<svg onload=alert()>
🚨 Never rely on poor input filtering!
#BugBounty#CyberSecurity