TIL: If you find API keys that look sus but can't quite figure out what service(s) to try with, @pdnuclei has 240+ token spray templates which you can pass a single token or a text file of tokens to:
#BugBounty
gr3pme
370 posts
gr3pme
@gr3pme
Joined January 2019
- Yay, I was awarded a $5,100 bounty on @Hacker0x01! hackerone.com/gr3pme #TogetherWeHitHarder #bugbounty
- Big shout out to @NahamSec for his SSRF workshop at Defcon. Come back home, started hunting and dropped 2x SSRFs -> RCE with some collabs with @ajxchapman I'd always look for it on pen tests but never bug bounty (I have no idea why), and it's massively paid off.
- If you wanted a bit more insight into my approach when threat modelling for bug bounty, the LHE scene and how I pick and approach targets, last week's @ctbbpodcast HackerNotes is for you:
- First LHE down at #h10131 with @Hacker0x01 in Scotland. Met some incredibly talented hackers and had a really enjoyable experience. Massive thank you to the team and @amazon for such a great event. Till next time!
- We're back with a huge double whammy @ctbbpodcast HackerNotes. We cover how to attack Chrome extensions, their components & threat model, plus a whole bunch of cookie and clientside gadgets from Kevin Mizu + more. Check it out below:
- Seeing all the Wrapped stats has made me reflect on what a wild year it's been! Starting with zero experience hunting, just an idea for @ctbbpodcast HackerNotes, and a total shot in the dark messaging @Rhynorater, it’s crazy to see how far it’s come. Those long hours were worth
- The latest @ctbbpodcast HackerNotes has just dropped! Check out a bunch of fresh HTMX bypasses and a Cloudflare cdn-cgi gadget below 👇👇👇
- In case you missed it, Frans Rosen dropped some GOLD last week on @ctbbpodcast covering some fresh research & crazy tips on X-Correlation header injection. Check out the HackerNotes below: blog.criticalthinkingpodcast.io/p/hackernotes-…
- Using Cursor for POC creation, fresh research with some SQLi, encryption oracles, content types for XSS and a $5k clickjacking bounty on Google with a bunch of neat gadgets. Check out last week's @ctbbpodcast HackerNotes below:
- This week's @ctbbpodcast HackerNotes has dropped, covering a bunch of takeaways with Lupin and Justin from Google's BugSwat event in Vegas! Check it out below:
- This week's @ctbbpodcast HackerNotes is a banger if CSS injection is on your radar, we've got: • Universal RCE - Browser Extensions Research • CSPT To XSS • Full-time Bug Bounty Blueprint • CSS Injection tips, tricks, techniques and writeups Check it out:
