3 events, 3 days, over $3m paid and a new bug bash industry record. If you’re not hacking on @Bugcrowd you’re missing out on the best events the industry has to offer.
Love our crowd. You are all so incredible.
I'm giving away $1000 worth of @PentesterLab to celebrate passing 10,000 twitter followers 🙌@PentesterLab have matched this for a total of $2000 worth of subscriptions to give out. Details 👇👇 youtube.com/watch?v=30jFtl…
If you're a student, or new to Infosec, please DM. I have 30 @PentesterLab subscriptions I'm giving away. Must be an active twitter account, would appreciate if you pay it forward one day.
Learning to chain bugs is invaluable, and exploring impact is key to success as a pentester, bug bounty hunter, or red teamer. Digging through some of my old submissions in a chat with @InsiderPhD to brainstorm a collab, aiming to teach some of this soon!
Work in progress, but just made Dorky public - a new tool to quickly do keyword searches over Gitlab and Github for OSINT & bug bounty recon.. Useful when paired with @trufflesecgithub.com/codingo/dorky
A new, but incredibly useful resource.. Essentially, a more modern/accurate can-i-take-over list for the STO you likely don't yet know about: github.com/indianajson/ca…#bugbountytips
Bug Bounty advice to avoid:
- you're being told to hunt DMARC/SPF
- you're being told to hunt clickjacking
- you're being told to use nuclei, but not how to build templates
Sources stating these are giving bad advice if money is the goal, learning to hack properly is key.
The operating system wars of "you can't hack from Windows" or "you must use Linux" are ridiculous. Born from the 90s where people wanted to feel validated for spending a day or more setting up an environment, but they aren't valid, and you can hack on anything. You do you.