Client-side bugs are still one of the most overlooked areas in bug bounty.
In this video, I break down postMessage from first principles.
How it works, where it fails, how developers mess it up, and how to exploit it step by step.
🎥 Client Side 01: postMessage Bugs
🔗 https://t.co/CVIJZrwaHw
#BugBounty #WebSecurity #ClientSideSecurity #JavaScript #EthicalHacking #AmrSec
With a single command, xnldorker gathers dork results from multiple search engines.
Another nice tool by @xnl_h4ck3r
Github link 👇
https://t.co/MrpQRxqGV7
We shared first rank with The Black Hat Cartel. It was super fun collaborating with you guys!
@krishnsec@0xMstar
Last three days were thrilling.
Congratulations to @GodfatherOrwa@XHackerx007 as well!
The Crowd always finds a way to surprise us 😈
After weeks of fierce competition, the crown is being shared between 𝑻𝒉𝒆 𝑩𝒍𝒂𝒄𝒌 𝑯𝒂𝒕 𝑪𝒂𝒓𝒕𝒆𝒍 and 𝑶𝒏𝒆 𝑷1, co-champions of this year’s Hacker Showdown: Mind Cathedral.
🫱🏆🫲
Collaboration came through BIG this year. That’s what makes the Bugcrowd community the best there is! 💥🧡
Just finished Cocoon and it blew my mind. 🌀
Huge appreciation to @CarlsenGames and team for crafting such a brilliant game.
The puzzles, the dimensional shifts, the silent storytelling, everything was perfectly woven together.
An absolute masterpiece. Must try👌#CocoonGame
Searching https://t.co/IEusFeCho4 returned around 78.8K JS URLs in less than a second. Previously https://t.co/URCUJO3R7b was giving nothing in response.
JS Explorer will become a game changing tool for BB hunters and security researchers now! 🚀
@krishnsec@0xMstar@RogueSMG I agree @krishnsec
Report 2-3 bugs at a time and then wait till they get accepted or duplicated. That gives an idea about how the program treats researchers.