The Bug Bounty Hunter
Happy hunting! thebugbountyhunter.com [email protected]
Mostrar másCarga de datos en curso...
- Suscriptores 90.28%
- Canales 1.41%
- A través del enlace 0.65%
- Grupos 0.61%
- Búsqueda en Telegram 3.85%
- Mensajes directos 1.36%
- Otro 0.48%
Mensajes | Vistas | Acciones | Ver dinámicas |
01 Creating A Wordlist For CI/CD Hacking (Using AI)
https://www.youtube.com/watch?v=6KGWNPEc4uY | 1 362 | 16 | Loading... |
02 5 Methods I Use To Discover APIs
https://medium.com/@red.whisperer/5-methods-i-use-to-discover-apis-6d646baa3ffb | 2 005 | 47 | Loading... |
03 Hello Hackers 👋!
We're thrilled to announce that we've already selected the three lucky winners of our prizes. But before we dive into that, we want to extend a heartfelt thank you to each and every one of you for taking the time to participate in our annual survey. Your valuable feedback is crucial to us as it helps us better understand the needs of our community and provides us with insights to continue improving and adding value.
🍀 Congratulations to all three of you! We'll be reaching out to you shortly to arrange the delivery of your well-deserved prizes.
It is the public URL https://app.randompicker.com/protocol/835172x45843
Once again, thank you all for your participation and for helping us make the Bug Bounty Hunter community an even better place
Let's keep moving forward together! 🚀
Happy Hunting
The Bug Bounty Hunter Team | 2 170 | 4 | Loading... |
04 How 18-Year-Old Me Discovered a VirtualBox VM Escape Vulnerability
https://j0nathanj.github.io/Dusting-off-the-VM-Escape | 2 285 | 19 | Loading... |
05 The truth about ethical hackers: Are they trustworthy?
https://blog.intigriti.com/2024/04/29/the-truth-about-ethical-hackers-are-they-trustworthy/ | 2 236 | 9 | Loading... |
06 Making Sense of the Sisense News
https://www.hackerone.com/vulnerability-management/sisense-breach | 2 049 | 7 | Loading... |
07 How I Exploited an Auth0 Misconfiguration to Bypass Login Restrictions
https://amjadali110.medium.com/how-i-exploited-an-auth0-misconfiguration-to-bypass-login-restrictions-c5d8c20d5505 | 2 077 | 31 | Loading... |
08 We Hacked Google A.I. for $50,000 - Lupin & Holmes
https://www.landh.tech/blog/20240304-google-hack-50000/ | 2 398 | 32 | Loading... |
09 Advanced Frida Usage Part 9 – Memory Scanning in Android
https://8ksec.io/advanced-frida-usage-part-9-memory-scanning-in-android/ | 2 157 | 20 | Loading... |
10 How we escalated a DOM XSS to a sophisticated 1-click Account Takeover for $8000 - Part 2
https://thefrogsec.github.io/2024/04/06/How-we-escalated-a-DOM-XSS-to-a-sophisticated-1-click-Account-Takeover-for-8000-Part-2/ | 2 491 | 37 | Loading... |
11 How we escalated a DOM XSS to a sophisticated 1-click Account Takeover for $8000 - Part 1
https://thefrogsec.github.io/2024/04/06/How-we-escalated-a-DOM-XSS-to-a-sophisticated-1-click-Account-Takeover-for-8000-Part-1/index.html | 2 357 | 35 | Loading... |
12 Misconfig Mapper - Hacker Tools
https://www.youtube.com/watch?v=YXxKTbtnOBQ | 2 241 | 20 | Loading... |
13 Palo Alto - Putting The Protecc In GlobalProtect (CVE-2024-3400)
https://labs.watchtowr.com/palo-alto-putting-the-protecc-in-globalprotect-cve-2024-3400/ | 2 213 | 8 | Loading... |
14 Want to become a PRO bug bounty hunter with core review skills? Look into Patchstack: https://discord.gg/FS6b9ghzU3 | 2 113 | 9 | Loading... |
15 Introducing Misconfig Mapper
https://blog.intigriti.com/2024/04/29/introducing-misconfig-mapper/ | 2 171 | 19 | Loading... |
16 How an empty S3 bucket can make your AWS bill explode
https://medium.com/@maciej.pocwierz/how-an-empty-s3-bucket-can-make-your-aws-bill-explode-934a383cb8b1 | 2 253 | 22 | Loading... |
17 How We Hacked Voice Communication Solutions Company And Found BAC + Info Disclosure + IDOR :D
https://medium.com/@eslam.zayedw/how-we-hacked-voice-communication-solutions-company-and-found-bac-info-disclosure-idor-d-6884037064f0 | 2 293 | 21 | Loading... |
18 How A Blackbox Target Turned To Whitebox With Recon
https://medium.com/@red.whisperer/how-a-blackbox-target-turned-to-whitebox-with-recon-e46536672702 | 2 668 | 33 | Loading... |
19 HackerOne Company Values Matter: Default to Disclosure
https://www.hackerone.com/culture-and-talent/hackerone-company-values-matter-default-disclosure | 2 817 | 4 | Loading... |
20 Grafana backend sql injection affected all version
https://fdlucifer.github.io/2024/04/22/grafana-sql-injection/ | 2 895 | 28 | Loading... |
21 Hey hackers!
Last hours of the survey, on the 30th we will make the draw!
https://t.me/thebugbountyhunter/8510 | 3 117 | 3 | Loading... |
22 Automating API Vulnerability Testing Using Postman Workflows
https://haymiz.dev//security/2024/04/27/automating-apis-with-postman-workflows/ | 3 524 | 61 | Loading... |
23 How We Prevented a Mass Breach On One OF The Biggest CryptoCurrency Gateways On A Web3 Platform.
https://medium.com/@eslam.zayedw/how-we-prevented-a-mass-breach-on-one-of-the-biggest-cryptocurrency-gateways-on-a-web3-platform-2d8393070b10 | 3 431 | 16 | Loading... |
24 How to setup in 30 min your Web3 lab in Windows
https://coinsbench.com/how-to-setup-in-30-min-your-web3-lab-in-windows-e0026185b64 | 3 259 | 37 | Loading... |
25 Privilege Escalation to Admin through an Import Feature
https://medium.com/@cristivlad/privilege-escalation-to-admin-through-an-import-feature-ac8ac6b6abad | 3 137 | 20 | Loading... |
26 Unveiling the 5 hidden costs of a cyberattack
https://blog.intigriti.com/2024/04/26/unveiling-the-5-hidden-costs-of-a-cyberattack/ | 3 102 | 13 | Loading... |
27 (The) Postman Carries Lots of Secrets ◆ Truffle Security Co.
https://trufflesecurity.com/blog/postman-carries-lots-of-secrets | 3 595 | 30 | Loading... |
28 Latest Nuclei Release v3.2.5!
https://github.com/projectdiscovery/nuclei/releases/tag/v3.2.5 | 3 183 | 6 | Loading... |
29 How a Race Condition Vulnerability Could Cast Multiple Votes
https://www.hackerone.com/vulnerability-management/sherrets-race-condition | 3 269 | 18 | Loading... |
30 Dependency Confusion Vulnerability Found in an Archived Apache Project
https://www.legitsecurity.com/blog/dependency-confusion-vulnerability-found-in-an-archived-apache-project | 3 161 | 8 | Loading... |
31 DOM Purify Type Confusion by @slonser_
https://www.youtube.com/watch?v=iv9BusZdpfM | 2 999 | 12 | Loading... |
32 Coverage Guided Fuzzing - Extending Instrumentation to Hunt Down Bugs Faster! - Include Security Research Blog
https://blog.includesecurity.com/2024/04/coverage-guided-fuzzing-extending-instrumentation/ | 3 389 | 25 | Loading... |
33 Baldur
https://baldur.dk/blog/embedded-mitel-exploitation.html | 3 464 | 12 | Loading... |
34 Hack Me I’m Famous #2 – Live Hacking Event with Louis Vuitton
https://www.youtube.com/watch?v=-GRPi9HGD-0 | 3 671 | 10 | Loading... |
35 AWS Cloud Security Config Review using Nuclei Templates
https://blog.projectdiscovery.io/aws-cloud-security-config-review-using-nuclei-templates/ | 3 342 | 35 | Loading... |
36 How i Manage to Get Sensitive Informations via docker image
https://medium.com/@ph-hitachi/how-i-hacked-globe-gcash-services-and-manage-to-get-access-on-multiple-databases-including-ssh-9ca781348e8f | 3 193 | 21 | Loading... |
37 HackerOne Celebrates Global Work from Home Day
https://www.hackerone.com/culture-and-talent/hackerone-celebrates-global-work-home-day | 3 560 | 4 | Loading... |
38 Counting Down to Hardly Strictly Security
https://blog.projectdiscovery.io/counting-down-to-hardly-strictly-security/ | 3 821 | 5 | Loading... |
39 Here’s how to become a top researcher in month by finding vulnerabilities in WordPress plugins.
https://medium.com/@zpbrent/from-first-rejection-to-monthly-top-c0dedd4bbc7f | 3 587 | 29 | Loading... |
40 BlackBerry MDM Has Some Authentication Flaws
https://emptynebuli.github.io/tooling/2024/04/22/blackberryMDM.html | 3 506 | 6 | Loading... |
📚 Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training 💵 Support the Channel: You can support the channel by becoming a member and get access exclusive content, behind the scenes, live hacking session and more! ☕️ Buy Me Coffee:
https://www.buymeacoffee.com/nahamsecJOIN DISCORD:
https://discordapp.com/invite/ucCz7uh🆓 🆓 🆓 $200 DigitalOcean Credit:
https://m.do.co/c/3236319b9d0b💬 Social Media -
https://twitter.com/nahamsec-
https://instagram.com/nahamsec-
https://twitch.com/nahamsec-
https://facebook.com/nahamsec1#bugbounty #ethicalhacking #infosec #cybersecurity #redteam #webapp
While working on a target, some of the most interesting parts to test is its API. APIs are dynamics, they get updated more often then other…
Click to see the public record of the drawing conducted by RandomPicker.
VirtualBox VM Escape Vulnerability - A Research Walkthrough
To outmanoeuvre cybercriminals, the key is to beat them to the punch by working with ethical hackers. However, a question often arises: Can we trust ethical hackers? Especially when we don’t know them personally? Through platforms such as Intigriti, the short answer is yes, you can trust these individuals. However, the word ‘hacker’ carries a […]
CISA issued a warning to CISOs that it was investigating a breach of Sisense. Let's make sense of this breach and what it means for organizations.
Auth0 Misconfiguration: Bypassed Login Restrictions. #BugBounty #Security
In part-9 of Advanced Frida Usage, learn about API provided by frida called Memory.scan() which can help you to scan bytes from memory & help you to patch them.
This is the second part of our blog series on How we escalated a DOM XSS to a sophisticated 1-click Account Takeover for $8000