Bug Bounty Reports Explained
@gregxsunday
Grzegorz Niedziela - a hacker who documents his hacking journey by creating and curating the best content about bug bounty and offensive security.
Am I the only one that reads Greg's posts in his voice/tone? Mixed in with the obligatory "Enjoy!" 😇 As always, great stuff!
If your GraphQL testing stops at introspection and ID swapping, you’re missing out. SQLi, CSRF, caching bugs, race conditions, WebSocket bypasses - it’s all there. I studies 90 real reports to find what actually works.
GraphQL isn’t just an API to deliver our payloads. Often, its implementations are what actually cause them. To see what bugs it can lead to, studied disclosed bug bounty reports. IDORs, privescs, DoS, CSRFs, SQLis - it's all there. Enjoy! youtu.be/9tNUPpB1gto
spent the entirety of the weekend binge listening @gregxsunday bbre podcasts, amazing stuff
Fuzzing vs broken access control bugs feat. @arthurair_es #bugbounty #bugbountytips #bugbountyhunter
I had to learn the hard way how restrictive WAFs can be — they can block you from accessing almost the entire internet 😅
This is why you should run bug bounty tools from a VPS feat. @arthurair_es #bugbounty #bugbountytips #bugbountyhunter
This is why you should run bug bounty tools from a VPS feat. @arthurair_es #bugbounty #bugbountytips #bugbountyhunter
I use this extension a lot! My memory isn’t the best, so having it log where I’ve placed my blind XSS payloads is super helpful for tracking and reviewing later. Definitely an essential tool for me! github.com/SeifElsallamy/…
Managing your blind XSS payloads feat. @arthurair_es #bugbounty #bugbountytips #bugbountyhunter
Managing your blind XSS payloads feat. @arthurair_es #bugbounty #bugbountytips #bugbountyhunter