@chybeta@ngalongc While one may think sateeshn was inspired by our video, we believe this bug was introduced after the video was made. Please do not direct any hate towards sateeshn. This is a brilliant finding. ❤️
As promised, a blog post in response to a reader's email.
"Reading RFCs for bug bounty hunters" — https://t.co/FbeNU0W8IW.
This blog post covers how reviewing RFC literature can be beneficial for bug bounty hunters, and includes tricks for speeding up the reading process.
You shared topics you would like to see bug bounty hunters blog about. Here is an opportunity to be featured in my next blog post and have your bug bounty questions answered.
➡️ Send me a DM or email with your question, and I will respond to the best questions in a blog post.
Don't assume XSS in out-of-scope/sandboxed domains is not worth reporting! Check out how you can escalate it for a bigger impact in this video.
https://t.co/MLgI08G8ai
‘Soft skills are the most under-researched area of the bug bounty industry’ – ‘Reconless’ YouTubers (@0xReconless ) on filling a gap in infosec education https://t.co/C0OQVzVc0x
Don't assume XSS in out-of-scope/sandboxed domains is not worth reporting! Check out how you can escalate it for a bigger impact in this video.
https://t.co/MLgI08G8ai
Ever wondered how an exploitation and the impact of a JWT bug look like? Check out our latest video, where we exploit a critical JWT without a signature to take over any account without user interaction on Microsoft Outlook! https://t.co/8N5cJ3jmZ2
Check out our latest video in the 1Password Hacking series, where how @ngalongc found simple API bugs that nobody had looked at after decrypting the protocol!
As a frequent request, we have made a video covering how to find DOMXSS with DevTools! @filedescriptor walks through how to use Untrusted Types to turn a manual process into semi-automated.
https://t.co/D4Rg1EnkHK