![GodfatherOrwa's tweet photo. Hello everyone ♥
a little bit write-up of #bugbountytip #bugbountytips I am going to write here .....
Title:
getting unauthorized access on 3rd party's/workspaces & and building your checklist for quickly locating bugs there via massive recon
we know that its helpful to look for google
groups/docs/etc..
Slack as well just like when the amazing @h4x0r_dz shared days ago ..
Use google dork "site:https://t.co/ravW2tHHcP"
so I was not in a good mode the last months to doing Google Dorks, so what I did was build a checklist ready for me & very huge one
for EX:
https://t.co/wPxAHXvC18
https://t.co/hs3VHvhT92
https://t.co/ravW2tHHcP
and here is just an example you can add more similar workspaces for your checklist
thin I extracted all internet endpoints and as example here join[.]slack[.]com
https://t.co/OlHQSEQ6Qz
https://t.co/e8jB8H6nMS
https://t.co/w5h4VkESyQ
you can use the ready tools to do it such as waymore
important note: you have to keep your checklist updated every week
and from here I just keep looking for the company name or domain name to see if there's anything connected
and mostly the company name or domain name in the URL it self EX: tesla
https://t.co/QesyI4MHu2
Ex For Bugs found:
1 unauthorized access to the workspaces
(PII | Information disclose)
2 account takeover as Ex: valid signup employee link
3 account takeover as Ex: valid reset password employee link
now about Slack, as an example if you found an invitation link for tesla
Tesla https://t.co/QesyI4MHu2 and that link was not valid, don't stop here
it will redirect for Ex:
tesla-internal[.]slack[.]com
here back and start looking manually for endpoints of this subdomain as well EX:
https://t.co/w2dhvfdBhL
now there are a lot of 3rd party's/workspaces I just shared here
slack & Google Docs/groups
What I wrote is a bit long and annoying to some, so I apologize. I hope, as usual, that this will be useful to all who follow me here.
#Bugounty
don't forget to retweet if you like it ♥♥♥](https://pbs.twimg.com/media/GhQSCs4WAAA0DSc.png)
Olivia
Online
pt200
@_pt200
Cyber Security Engineer - Bug Bounty Hunter - Flysec Co-Founder (
Joined May 2021
138 Following
281 Followers
92 Posts
@Aes_le drink to die 😆
RCE Bug On T-Mobile's Custom Header
Vulnerable Header:
X-Export-Format: pdf ; Payload
Tip:
Always test your payloads on custom headers, as the header may be vulnerable, as in this case
#BugBounty #bugbountytips #redteam #cybersecurity #Developers #pentest
The first-ever "Flysec Hack Trip" #FSHT49, has ended, and what an incredible 10 days it was! This #FSHT49 was just for Flysec members only and our members embarked on a journey to the beautiful city of Da Lat, Vietnam where they combined their passion for hacking with the serene landscapes and cool weather:
⚔️ This exclusive event brought together Flysec members to compete in teams, focusing their skills on a single, challenging target: a product from Zoom. Over the course of the trip, participants demonstrated incredible collaboration and ingenuity. Their hard work paid off with a remarkable total of 33 submissions, a testament to the high level of talent and dedication within our community.
❤️🔥 But it wasn't all just hacking. The trip was filled with joyful moments—from team outings to exploring the city's scenic spots.
In short, the Flysec Hack Trip is more than just a competition. It’s a chance to build a community, solve complex problems, and create lasting memories with other cybersecurity enthusiasts, all while traveling.
🚀 The next "Flysec Hack Trip" event will come soon and open for more hackers/bug bounty hunters. Waiting for our announcement!
🥳 I'm in the Top 10 on @yeswehack for May 2025!
This community makes hacking fun and meaningful — thank you all!
Let’s keep hacking happy 💻✨
https://t.co/tFVX2EdUBS
It was an amazing experience in Prague. Although we didn’t make it to the next round, I’m grateful for the effort of all teams and the fantastic events. Big shout-out to Team Spain for giving it your all! Stay tuned for more in the next #AmbassadorWorldCup #Vietnam #Flysec
Give it up for the four teams headed to the next round of the #AmbassadorWorldCup! 🏆 👏
The teams from Greece 🇬🇷, Egypt 🇪🇬, Spain 🇪🇸 and The Netherlands 🇳🇱 dominated the Elite 8 round and will move on to go head-to-head as the final four.
Who do you think will make it to the #1 spot and take home the gold?🥇
Hello everyone ♥
a little bit write-up of #bugbountytip #bugbountytips I am going to write here .....
Title:
getting unauthorized access on 3rd party's/workspaces & and building your checklist for quickly locating bugs there via massive recon
we know that its helpful to look for google
groups/docs/etc..
Slack as well just like when the amazing @h4x0r_dz shared days ago ..
Use google dork "site:https://t.co/ravW2tHHcP"
so I was not in a good mode the last months to doing Google Dorks, so what I did was build a checklist ready for me & very huge one
for EX:
https://t.co/wPxAHXvC18
https://t.co/hs3VHvhT92
https://t.co/ravW2tHHcP
and here is just an example you can add more similar workspaces for your checklist
thin I extracted all internet endpoints and as example here join[.]slack[.]com
https://t.co/OlHQSEQ6Qz
https://t.co/e8jB8H6nMS
https://t.co/w5h4VkESyQ
you can use the ready tools to do it such as waymore
important note: you have to keep your checklist updated every week
and from here I just keep looking for the company name or domain name to see if there's anything connected
and mostly the company name or domain name in the URL it self EX: tesla
https://t.co/QesyI4MHu2
Ex For Bugs found:
1 unauthorized access to the workspaces
(PII | Information disclose)
2 account takeover as Ex: valid signup employee link
3 account takeover as Ex: valid reset password employee link
now about Slack, as an example if you found an invitation link for tesla
Tesla https://t.co/QesyI4MHu2 and that link was not valid, don't stop here
it will redirect for Ex:
tesla-internal[.]slack[.]com
here back and start looking manually for endpoints of this subdomain as well EX:
https://t.co/w2dhvfdBhL
now there are a lot of 3rd party's/workspaces I just shared here
slack & Google Docs/groups
What I wrote is a bit long and annoying to some, so I apologize. I hope, as usual, that this will be useful to all who follow me here.
#Bugounty
don't forget to retweet if you like it ♥♥♥
![GodfatherOrwa's tweet photo. Hello everyone ♥
a little bit write-up of #bugbountytip #bugbountytips I am going to write here .....
Title:
getting unauthorized access on 3rd party's/workspaces & and building your checklist for quickly locating bugs there via massive recon
we know that its helpful to look for google
groups/docs/etc..
Slack as well just like when the amazing @h4x0r_dz shared days ago ..
Use google dork "site:https://t.co/ravW2tHHcP"
so I was not in a good mode the last months to doing Google Dorks, so what I did was build a checklist ready for me & very huge one
for EX:
https://t.co/wPxAHXvC18
https://t.co/hs3VHvhT92
https://t.co/ravW2tHHcP
and here is just an example you can add more similar workspaces for your checklist
thin I extracted all internet endpoints and as example here join[.]slack[.]com
https://t.co/OlHQSEQ6Qz
https://t.co/e8jB8H6nMS
https://t.co/w5h4VkESyQ
you can use the ready tools to do it such as waymore
important note: you have to keep your checklist updated every week
and from here I just keep looking for the company name or domain name to see if there's anything connected
and mostly the company name or domain name in the URL it self EX: tesla
https://t.co/QesyI4MHu2
Ex For Bugs found:
1 unauthorized access to the workspaces
(PII | Information disclose)
2 account takeover as Ex: valid signup employee link
3 account takeover as Ex: valid reset password employee link
now about Slack, as an example if you found an invitation link for tesla
Tesla https://t.co/QesyI4MHu2 and that link was not valid, don't stop here
it will redirect for Ex:
tesla-internal[.]slack[.]com
here back and start looking manually for endpoints of this subdomain as well EX:
https://t.co/w2dhvfdBhL
now there are a lot of 3rd party's/workspaces I just shared here
slack & Google Docs/groups
What I wrote is a bit long and annoying to some, so I apologize. I hope, as usual, that this will be useful to all who follow me here.
#Bugounty
don't forget to retweet if you like it ♥♥♥](https://pbs.twimg.com/media/GhQS5zjWcAAJjPz.png)
Congrats🇻🇳squad's good win with 2nd highest score in the 1/8 finals of the #AmbassadorWorldCup, secure a spot in the Elite Eight round at Prague, 🇨🇿!
🔥Flysec has a great hacking experience in AWC 1/8 finals being in Top 1 of Report Leaderboard!
Fighting for semi-final spot!
Looking for a quick and easy-to-use tool to help with file upload vulnerabilities? 😎
Upload Bypass is a simple Python tool that performs checks for several file upload vulnerabilities! 🤑
Check it out on Github 👇
https://t.co/8l6cXsooFM
🇻🇳 are trying our best and enjoy hacking at #AmbassadorWorldcup @Hacker0x01 !
Great to collaborate with all 🇻🇳 members !
Congrats our great member @LamScun on being selected as a new HackerOne Ambassador representing Vietnam 🇻🇳 along with @haxor31337
❤️🔥@LamScun and @flysec_corp try our best to hack/secure harder together with 🇻🇳 hackers!
Check out this RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements
Credit: https://t.co/EFkryTeMvb
#BugBounty #bugbountytip #bugbounty #bugbountytips
Cool swags 🤓
Thanks @Hacker0x01
🐛 Bug Bounty Tips: Unlocking GraphQL's Hidden Potential 🌐
When it comes to GraphQL, it's easy to assume that all operations are accessible through a target app's functionality. But by limiting your research, you might miss out on valuable opportunities.
Today, I'll share steps to expand your attack surface on GraphQL target apps, gaining a competitive advantage in finding and reporting security issues that could lead to some rewarding bounties!
1️⃣ Identifying GraphQL Targets: Start by identifying GraphQL targets using the powerful Nuclei Scanning: nuclei -l <targetlist.txt> -t graphql-detect.yaml
You can find the nuclei template at https://t.co/av1sIKpUZh
2️⃣ Retrieve the GraphQL Schema for hidden Query/Mutations: If Introspection is enabled, you can obtain the GraphQL Schema, revealing hidden GraphQL Operations and Mutations using the following GraphQL Query:
{"query":"{__schema{queryType{name}mutationType{name}subscriptionType{name}types{...FullType}directives{name description locations args{...InputValue}}}}fragment FullType on __Type{kind name description fields(includeDeprecated:true){name description args{...InputValue}type{...TypeRef}isDeprecated deprecationReason}inputFields{...InputValue}interfaces{...TypeRef}enumValues(includeDeprecated:true){name description isDeprecated deprecationReason}possibleTypes{...TypeRef}}fragment InputValue on __InputValue{name description type{...TypeRef}defaultValue}fragment TypeRef on __Type{kind name ofType{kind name ofType{kind name ofType{kind name ofType{kind name ofType{kind name ofType{kind name ofType{kind name}}}}}}}}"}
3️⃣ Visualize with GraphQL Voyager: To visualize the GraphQL Schema effectively and craft your attack vector, use GraphQL Voyager—a powerful tool to help you navigate the schema: https://t.co/43jwfF5SCv
4️⃣ Retrieve Hidden Queries and Mutations: Retrieve GraphQL Queries and Mutations from JavaScript files when Introspection is disabled. These files may list hidden methods not accessible via the app's regular functionality. Try making direct requests to these.
5️⃣ Craft Your Attack: Craft your attack using the identified GraphQL Queries and Mutations. These methods are often vulnerable to various bug classes, including IDOR, RBAC, Race Condition, SQL, and more.
If you can't find more GraphQL Queries and Mutations, don't worry! Stay tuned for upcoming insights on how to brute force and discover hidden ones.
Takeaways: Don't hit a dead end with GraphQL apps. Dive deeper, find those concealed GraphQL Queries and Mutations, and unlock unimaginable functionalities that can lead to significant bounties! 💰🔐 #Cybersecurity #BugBounty #GraphQL #HackingTips #InfoSec #Hackerone #Bugcrowd #GraphQL #SecurityTips #BugBountyTips
I have got an awesome badge "Hacking Hackers" from @Hacker0x01
Great collaboration with my team 😋😋 @flysec_corp
Our 1st month bug bounty full-time 😋😋
Work hard, play hard together!!!
#flyseccorp #BugBounty #pentest
FlySec Journey's 1st month:
🔥Fired by A Critical Vulnerability affects massive companies
🔥Write-Up coming soon. Stay tune!
❤️🔥FlySec try our best to save the internet!
#FlySecJourney
Our Flysec team mascot - Psychic bug hunters
Most Popular Users
Elon Musk 
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.9M followers
Taylor Swift
@taylorswift13
80.7M followers
Lady Gaga
@ladygaga
72.2M followers
Kim Kardashian
@kimkardashian
69.4M followers
Virat Kohli
@imvkohli
68.6M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.2M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60M followers