No, this was no lucky find, but 7 months of pain for me! 7 months ago, I saw something I couldn't sleep on, while it consisted multiple pieces to it which i collected over the months, but it was not yet complete or had little hope to![Thread/2]
Ok! so this was my best month so far. I made $29,532.26 in total, of which $18,000 from
@Hacker0x01
and $11,532.26 from
@Bugcrowd
. 😆🤣😀. Thanks to platforms.
When I realised the final piece to it, even tough I haven’t tested it yet, knowing it will work and left my desk. Everything around me Blacked out in a way I had near zero consciousness of my surrounding, it lasted pretty long. And It worked! I had an absolute time of my life![2]
Meet Shivam! Based in India, Shivam,
@v0sx9b
, is a full-time hacker. Shivam quit the traditional route of going to college and getting a desktop job and opted to pursue hacking as a full-time career. 🐂
More here:
#TogetherWeHitHarder
#HackForGood
India's first live hacking event! Stoked and stoned to get this beautiful
@Hacker0x01
h1-91832 MVH belt. Got to meet some Awesome hackers. Thanks for this amazing event, I had a very good time.
Meet Shivam! Based in India, Shivam,
@v0sx9b
, is a full-time hacker. Shivam quit the traditional route of going to college and getting a desktop job and opted to pursue hacking as a full-time career. 🐂
More here:
#TogetherWeHitHarder
#HackForGood
Sorry to all that came before him but think I just recorded my favorite Web Hacking ProTips interview to date with
@v0sx9b
. His
#bugbounty
success makes so much sense now. We talked a lot about the mental game to hacking and his approach to it is awesome. Hopefully up tomorrow.
So proud to host an amazing group of talented hackers and partner with the Paranoids of
@oath
for yet another incredible event! We had the greatest percentage of first-time participants at a live hacking event EVER! We ❤️ you Argentina!
#h15411
#eko14
You may steal headers above your Typical CRLF(which you cant push down with crlf to html body) by using a-c-expose-headers, a-c-allow-origin and a-c-allow-cred to read it with xhr such as /path/%0d%0a a-c-expose-headers: set-cookie
In 2017, I have submitted 22 vulnerabilities to 6 programs on
@Hacker0x01
! Check out my full recap at . Here's to many more reports to come!
#TogetherWeHitHarder
Hackers, hack your way to NYC this December for h1-212! An engineer of launched a new server for a new admin panel. He is completely confident that the server can’t be hacked, so he hid a flag. Details: .
#TogetherWeHitHarder
@mongobug
xss would read data from bank and even perform actions using locker key(csrf token) and i have many more and can write a full blogpost on scope.
@mongobug
Yes alot! I have many reports in small scope program on out of scope assets resolved! When the cookie scope is set to *.target.com its right their game over. Subdomain takeover / rce would steel them. Even if it’s cookies not scoped wide, alot CORS allow *.target.com and small1/2
@mongobug
I think those poorly protected houses DO have direct link with bank(in most cases) and alot of programs have been setting up wrong scope due to budget reasons/ less understanding etc (not talking about those who have no intentions to break into bank)