Honoured to receive the Harper’s Bazaar India Woman of the Year: Sports 💫
Grateful to share the stage with fearless, trailblazing women whose strength and vision inspire endlessly - women who dare to dream and do. ❤️
Just released Passive Recon – my Burp Suite extension for recon during manual bug hunting. Give it a try!
Automatically scans every request/response for:
• Endpoints
• Subdomains
• GraphQL queries (even meta-GraphQL)
• URLs
https://t.co/7tIhDXSyde
Grateful to the bug bounty community Started with zero coding knowledge, learned along the way through bug hunting. I don’t do it regularly, but whenever I do, I end up finding impactful bugs. Crossed $100k in bounties on @Hacker0x01#bugbounty
Hi Everyone,
Here’s my first write-up!
Found a DoS bug in WhatsApp Desktop triggered by corrupted thumbnails in PDF & location messages.
I’ll also be sharing some of my interesting HackerOne findings in the coming days.
#BugBounty
https://t.co/wiEq0bGrhr
Just an opinion:
Never go too hard in bug bounties. You might earn more in the short term, but you'll drain your energy faster than you realize and eventually burn out.
Take it easy. If you're doing it full-time, limit yourself to 4–5 hours a day. You might earn less, but you'll stay healthy and consistent.
#bugbountytips
#BugBounty
Hey @grok , based on your analysis of the last 365 days, list in sequence 10 accounts that frequently visit my profile. Do not mention the person, only @.username and the rate of visits to the profile per month.
Always check GraphQL requests don't rely on UI, the REMOVE option for super admin user was not shown on the UI of website, however the admin is able to remove the user via GraphQL request. #BugBounty
Website allows to add your own link, I have visited that page many times tried different variations but not able to exploit. However after reading this blog https://t.co/ekQ4L971WE
Exploited using : javascript://huli.tw/%0aalert(1)
Credit to @aszx87410#bugbountytips#xss
Add website link before XSS payload which can lead to sanitiser bypass.
Payload: https://t.co/SVoaRPcZ5S'"“><svg><img/</onerror="alert();//"on/onerror/error/ddddddscript/src="kk".><img src=x onmouseover="alert();//">{{'7'*7}}<img src onerror=alert()>
#bugbountytip@Hacker0x01
🚨 Hackers can hijack your car over Bluetooth.
New “PerfektBlue” flaws let attackers run remote code on Mercedes, VW & Skoda—just by pairing.
They can track location, record audio, and even reach engine controls.
Full story → https://t.co/JBvlpjqCc7
Whenever you find the XSS at the same place via 2 different input fields, just report the XSS via one input field and wait for the report to be resolved and after that report the second. #bugbountytip@Hacker0x01
🌀 𝗦𝗺𝘂𝗴𝗴𝗹𝗲𝗙𝘂𝘇𝘇 - A modular HTTP request smuggling fuzzer built for deep desync exploration.
👉 https://t.co/YuS8gOcjNz
Perfect for testing reverse proxies, finding obscure smuggling vectors, and pushing fuzzing boundaries.
#CyberSecurity#RedTeam#BugBounty