@Me9187@fwrnr@Hacker0x01 i see your point but i don’t think it’s a healthy mindset for platforms to encourage. after all, researchers are what make these platforms valuable so i think taking them for granted will (in the long run) lead to them choosing alternatives that value them instead.
@caseyjohnellis I think there is quite a big difference here, Casey. He created something out of knowledge that he and his team collected themselves. No terms were changed during that ride. Was it always the plan to create AI-automation out of the reports hackers sent through Bugcrowd?
A few months ago I found an SSTI on a large media company's bug bounty program. I got duped on the original report by four minutes, but came back a few months later and found a bypass that ended up being writeup worthy.
https://t.co/BDtUr2lsiY
@DarkWebInformer your name / physical address / dob / national identity number is essentially public information in sweden, so this mostly just affects people who have a hidden identity
tools such as gau don’t work well on non-prod targets since they likely haven't been indexed by the sources these tools rely on
for better results, grab endpoints from all subdomains of the target's root domain and then test them on the in-scope target
#bugbountytips
The master @fransrosen is back with some insane research on X-Request-ID headers and how to use them to... **checks notes** destroy the internet. LOL
This one is a bit better on YouTube, so check it out over there for the visual. Don't miss it!
https://t.co/Jox1LSkolQ