Want to dive into forgotten bug bounty write-ups and blog posts from some of the most notable hackers in our community? 🧐 We promise that you will learn a thing or two about web security! 🤠 In this issue, we feature 5 compelling articles (that are still relevant today) from
1️⃣ (The) Postman Carries Lots of Secrets @trufflesec discovers over 4,000 live API credentials publicly leaked on Postman's platform. https://trufflesecurity.com/bl...
@trufflesec 2️⃣ $20,300 Bounties from a 200 Hour Hacking Challenge Two bug bounty hunters shared their journey of how they earned $20,300 by dedicating 200 hours to a single public program challenge, including their findings! https://blog.voorivex.team/203...
@trufflesec 3️⃣ MongoDB NoSQL Injection with Aggregation Pipelines @irsdl demonstrates how MongoDB NoSQL injection via aggregation pipelines can access other collections beyond the initially targeted one, significantly increasing attack impact! https://soroush.me/blog/2024/0...
@trufflesec @irsdl 4️⃣ Testing Two-Factor Authentication This resource by NCC Group provides a comprehensive guide for testing two-factor authentication implementations, covering common vulnerabilities in TOTP, WebAuthn, and SMS-based systems. https://www.nccgroup.com/resea...
@trufflesec @irsdl 5️⃣ Persistent XSS on Microsoft Bing\.com by poisoning Bingbot indexing @Supakiad_Mee shares how he discovered a (second-order) stored XSS vulnerability in Microsoft Bing's video indexing system that occurs when Bingbot crawls and stores video metadata! https://infosecwriteups.com/pe...
@trufflesec @irsdl @Supakiad_Mee That was it! We hope you've learned something new (and enjoyed) this thread! If you have enjoyed this thread: 1. Follow us @INTIGRITI for more of these threads! 🐛 2. Retweet the first Tweet to share it with your friends 💙
I’ve started working on this in Notion after Medium. I’m not sure how long it’ll take, but once it’s done, it’s going to be one of the best bug hunting methodologies you’ve seen. It’ll have 80+ modules, including private methods I’ve never shared before. Just keep supporting on
Need a list of in-scope bug bounty assets? Check out @sw33tLie's bbscope - a powerful scope aggregation tool for all major bug bounty platforms! Install here 👉 https://github.com/sw33tLie/bb...
What are some linux commands any bug bounty hunter should know? curl, sed, awk, grep, dig? what else? 🤔
33000$ + 5000$ bonus for account takeover this was my second ATO on meta👌 #bugbounty #bugbountytips
