Konstantin :C_H:<p><script>alert(1)</script> - 403 Forbidden<br><img src=x onerror=console.log(1)> - 403 Forbidden<br><svg onload=print()> - 403 Forbidden</p><p>I've recently encountered a web application firewall in a pentest, blocking all my attempts to insert an XSS payload.</p><p>In such cases, I love to use the <a href="https://infosec.exchange/tags/PortSwigger" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PortSwigger</span></a> cross-site scripting cheat sheet: <a href="https://portswigger.net/web-security/cross-site-scripting/cheat-sheet" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">portswigger.net/web-security/c</span><span class="invisible">ross-site-scripting/cheat-sheet</span></a></p><p>I copied all payloads to the clipboard, pasted them into the Intruder's word list and hit the "Start attack" button.</p><p>Within seconds, I had a working proof of concept.</p><p>How do you use the XSS cheat sheet? I'm keen to know!</p><p><a href="https://infosec.exchange/tags/Pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Pentesting</span></a> <a href="https://infosec.exchange/tags/AppSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AppSec</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/BugBounty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BugBounty</span></a> <a href="https://infosec.exchange/tags/Hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Hacking</span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
mastodon.gamedev.place is one of the many independent Mastodon servers you can use to participate in the fediverse.
Mastodon server focused on game development and related topics.
Administered by:
Server stats:
5.1Kactive users
mastodon.gamedev.place: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.8
#bugbounty
4 posts · 4 participants · 2 posts today
Bug Bounty Shorts<p>This article explains CSRF, a web security vulnerability where attackers can trick users into performing unauthorized actions on authenticated accounts. The blog illustrates this through an example involving online banking and offers solutions like using CSRF tokens, referer validation, SameSite cookies, and requiring user re-authentication for critical actions. <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/BugBounty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BugBounty</span></a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersecurity</span></a></p><p><a href="https://medium.com/@natarajanck2/cross-site-request-forgery-csrf-made-easy-a-beginners-perspective-037b4ba6d62a?source=rss------bugbounty-5" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">medium.com/@natarajanck2/cross</span><span class="invisible">-site-request-forgery-csrf-made-easy-a-beginners-perspective-037b4ba6d62a?source=rss------bugbounty-5</span></a></p>
ByteSectorX<p>The Rise of Artificial Intelligence in Cybersecurity: What to Expect</p><p><a href="https://bytesectorx.blogspot.com/2024/11/the-rise-of-artificial-intelligence-in-cybersecurity-what-to-expect.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">bytesectorx.blogspot.com/2024/</span><span class="invisible">11/the-rise-of-artificial-intelligence-in-cybersecurity-what-to-expect.html</span></a></p><p><a href="https://mastodon.social/tags/BugBounty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BugBounty</span></a> <a href="https://mastodon.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://mastodon.social/tags/AI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AI</span></a> <a href="https://mastodon.social/tags/Hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Hacking</span></a> <a href="https://mastodon.social/tags/ArtificialInteligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ArtificialInteligence</span></a> <a href="https://mastodon.social/tags/development" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>development</span></a> <a href="https://mastodon.social/tags/CYBER" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CYBER</span></a> <a href="https://mastodon.social/tags/redteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>redteam</span></a> <a href="https://mastodon.social/tags/infosecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosecurity</span></a> <a href="https://mastodon.social/tags/informationsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>informationsecurity</span></a> <a href="https://mastodon.social/tags/CloudSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CloudSecurity</span></a> <a href="https://mastodon.social/tags/networksecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>networksecurity</span></a> <a href="https://mastodon.social/tags/TechNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TechNews</span></a></p>
Marco Ivaldi<p>A couple of days ago, I unearthed my first <a href="https://infosec.exchange/tags/computer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>computer</span></a>, an <a href="https://infosec.exchange/tags/MSX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MSX</span></a> straight from the ‘80s. It was lost in some box in the basement for who knows how long. Just feeling its power switch gave me the goosebumps…</p><p>This discovery came after sharing my hacker’s origin story with Nic Fillingham and Wendy Zenone in a new episode of Microsoft’s <a href="https://infosec.exchange/tags/BlueHat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BlueHat</span></a> <a href="https://infosec.exchange/tags/Podcast" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Podcast</span></a>. </p><p><a href="https://thecyberwire.com/podcasts/the-bluehat-podcast/52/notes" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">thecyberwire.com/podcasts/the-</span><span class="invisible">bluehat-podcast/52/notes</span></a></p><p>Join us while we chat about my first-ever <a href="https://infosec.exchange/tags/CVE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CVE</span></a>, overlooked <a href="https://infosec.exchange/tags/vulnerabilities" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vulnerabilities</span></a> that continue to pose significant risks today, <a href="https://infosec.exchange/tags/ActiveDirectory" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ActiveDirectory</span></a> and <a href="https://infosec.exchange/tags/password" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>password</span></a> security, my unexpected journey into <a href="https://infosec.exchange/tags/bugbounty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bugbounty</span></a> hunting and my involvement in the <a href="https://infosec.exchange/tags/ZeroDayQuest" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ZeroDayQuest</span></a>, how to learn new things, mentorship and positive leadership, and of course pineapple pizza 🍍🍕</p>
Daniel Šnor<p>Narážím na limity svého kódu, takže teď místo toho, abych konečně opravil tu “drobnou” chybku s obrázky, procházím postupně celý kód a dodělávám tam validity checky, protože bez nich už vidím jen `null is not an object (evaluating 'e.errors’)`...</p><p><a href="https://mastodon.social/tags/zpravobot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>zpravobot</span></a> <a href="https://mastodon.social/tags/bugbounty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bugbounty</span></a></p>
The New Oil<p><a href="https://mastodon.thenewoil.org/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Microsoft</span></a> now pays up to $30,000 for some <a href="https://mastodon.thenewoil.org/tags/AI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AI</span></a> vulnerabilities</p><p><a href="https://www.bleepingcomputer.com/news/microsoft/microsoft-now-pays-up-to-30-000-for-some-ai-vulnerabilities/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/micr</span><span class="invisible">osoft/microsoft-now-pays-up-to-30-000-for-some-ai-vulnerabilities/</span></a></p><p><a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://mastodon.thenewoil.org/tags/BugBounty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BugBounty</span></a></p>
Lenin alevski 🕵️💻<p>New Open-Source Tool Spotlight 🚨🚨🚨</p><p>Scopify is a Python-based recon tool for pentesters, leveraging `netify.ai` to analyze CDNs, hosting, and SaaS infra of target companies. Optional OpenAI integration adds AI-guided insights for deeper testing. Built by <span class="h-card" translate="no"><a href="https://infosec.exchange/@Jhaddix" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>Jhaddix</span></a></span> & Arcanum-Sec. <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/BugBounty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BugBounty</span></a></p><p>🔗 Project link on <a href="https://infosec.exchange/tags/GitHub" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GitHub</span></a> 👉 <a href="https://github.com/Arcanum-Sec/Scopify" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/Arcanum-Sec/Scopify</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Infosec</span></a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersecurity</span></a> <a href="https://infosec.exchange/tags/Software" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Software</span></a> <a href="https://infosec.exchange/tags/Technology" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Technology</span></a> <a href="https://infosec.exchange/tags/News" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>News</span></a> <a href="https://infosec.exchange/tags/CTF" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CTF</span></a> <a href="https://infosec.exchange/tags/Cybersecuritycareer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersecuritycareer</span></a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hacking</span></a> <a href="https://infosec.exchange/tags/redteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>redteam</span></a> <a href="https://infosec.exchange/tags/blueteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>blueteam</span></a> <a href="https://infosec.exchange/tags/purpleteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>purpleteam</span></a> <a href="https://infosec.exchange/tags/tips" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tips</span></a> <a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>opensource</span></a> <a href="https://infosec.exchange/tags/cloudsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cloudsecurity</span></a></p><p>— ✨<br>🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴☠️</p>
Discernible<p>🪲 New Security Communication Drill: The Bug Bounty Researcher's Perspective</p><p>Join us tomorrow for an interactive security communication drill that flips the script on traditional security exercises. Instead of focusing on the vendor side, we'll put participants in the shoes of security researchers navigating the challenges of vulnerability disclosure.</p><p>This hands-on scenario will challenge you to:</p><p>🐛 Navigate security assessments with limited visibility into internal architectures</p><p>🐞 Build credibility when you have less system context than internal teams</p><p>🐛 Communicate effectively through multi-layered teams (triage vendors vs. security engineers)</p><p>🐞 Balance respect for internal expertise while confidently advocating for your findings</p><p> 🐛 Manage disclosure expectations under tight time constraints</p><p>🐞 Push for security improvements without full visibility into compensating controls</p><p>Whether you're a security researcher, bug bounty program manager, or security engineer, this drill offers valuable insights into improving communications in the vulnerability disclosure process from both sides.</p><p>🗓️ Date: Wednesday, April 23 <br>🕰️ Time: 12pm ET <br>🗺️ Location: Discernible Drills Slack </p><p>🔥 Subscribe to Join: DiscernibleInc.com/drills</p><p><a href="https://infosec.exchange/tags/BugBounty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BugBounty</span></a> <a href="https://infosec.exchange/tags/SecurityCommunications" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecurityCommunications</span></a></p>
Vasileiadis A. (Cyberkid)<p>Top Web Application PenTesting Tools by Category ⚔️</p><p>🔖Hashtags:<br><a href="https://defcon.social/tags/WebSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WebSecurity</span></a> <a href="https://defcon.social/tags/PentestingTools" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PentestingTools</span></a> <a href="https://defcon.social/tags/EthicalHacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>EthicalHacking</span></a> <a href="https://defcon.social/tags/BugBounty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BugBounty</span></a> <a href="https://defcon.social/tags/WebAppSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WebAppSecurity</span></a> <a href="https://defcon.social/tags/RedTeam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RedTeam</span></a> <a href="https://defcon.social/tags/OWASP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OWASP</span></a> <a href="https://defcon.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a></p><p>⚠️Disclaimer:<br>This content is for educational purposes only. Only use these tools in environments where you have proper authorization. Hacking without permission is illegal and unethical.</p>
Vasileiadis A. (Cyberkid)<p>SQL Injection (SQLi) 💉 – Everything You Need to Know</p><p>What is SQL Injection?<br>SQL Injection is a code injection technique that allows attackers to interfere with the queries an application makes to its database.</p><p>Types of SQLi:</p><p>1. In-band SQLi – Most common and easy to exploit.</p><p>2. Blind SQLi – Data isn’t visibly returned but can still be extracted through inference.</p><p>3. Out-of-band SQLi – Uses external servers to get results (less common but powerful).</p><p>4. Time-Based Blind SQLi – Server delay used to infer info from the database.</p><p>Attack Scenarios:<br>▫️Bypassing logins<br>▫️Dumping database contents<br>▫️Modifying or deleting data<br>▫️Escalating privileges<br>▫️Accessing admin panels</p><p>Common SQLi Targets:<br>🔹Login forms<br>🔹Search boxes<br>🔹URL parameters<br>🔹Cookies<br>🔹Contact or feedback forms</p><p>How to Prevent SQLi:<br>▪️Use parameterized queries<br>▪️Employ ORM frameworks<br>▪️Sanitize all user inputs<br>▪️Set least privilege for DB users<br>▪️Use Web Application Firewalls (WAF)</p><p>♦️Red Team Tip<br>Test all user input points, especially where data touches the database. Think beyond login forms—SQLi hides in unexpected places.</p><p>🔖Hashtags:<br><a href="https://defcon.social/tags/SQLInjection" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SQLInjection</span></a> <a href="https://defcon.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://defcon.social/tags/EthicalHacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>EthicalHacking</span></a> <a href="https://defcon.social/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://defcon.social/tags/WebSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WebSecurity</span></a> <a href="https://defcon.social/tags/RedTeam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RedTeam</span></a> <a href="https://defcon.social/tags/BugBounty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BugBounty</span></a> <a href="https://defcon.social/tags/Pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Pentesting</span></a></p><p>⚠️Disclaimer:<br>This content is for educational purposes only. Always perform security testing with explicit permission. Unauthorized testing is illegal and unethical.</p>
Vasileiadis A. (Cyberkid)<p>Everything About SQL Injection 💉</p><p>What is SQL Injection?<br>SQL Injection is a web vulnerability that lets attackers manipulate database queries. This can lead to unauthorized access, data leaks, or even full control of the system.</p><p>🔬Types of SQL Injection</p><p>1️⃣ Classic SQLi – Injecting raw SQL commands.<br>2️⃣ Blind SQLi – No errors, but the response changes.<br>3️⃣ Time-Based SQLi – Uses response delays to extract data.<br>4️⃣ Union-Based SQLi – Merges malicious queries with valid ones.<br>5️⃣ Out-of-Band SQLi – Exfiltrates data through DNS, HTTP, etc.</p><p>♦️Potential Impact<br>▫️Access & dump sensitive data<br>▫️Bypass login systems<br>▫️Alter or delete database entries<br>▫️Full system compromise</p><p>🔰Common Entry Points<br>▫️Login forms<br>▫️Search inputs<br>▫️Contact forms<br>▫️URL query parameters</p><p>Defense Strategies 🛡<br>✅ Use parameterized queries<br>✅ Validate & sanitize inputs<br>✅ Apply least privilege to DB accounts<br>✅ Monitor logs for anomalies<br>✅ Perform regular security audits</p><p>📀Image Description (for visual):<br>🔹A sleek cyber-themed layout with:<br>🔹A hacker icon injecting code<br>🔹A login form being exploited<br>🔹Database icons showing exposed data<br>🔹A shield labeled “Prepared Statements” blocking the attack</p><p>🔖Tags<br><a href="https://defcon.social/tags/SQLInjection" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SQLInjection</span></a> <a href="https://defcon.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://defcon.social/tags/EthicalHacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>EthicalHacking</span></a> <a href="https://defcon.social/tags/WebSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WebSecurity</span></a> <a href="https://defcon.social/tags/BugBounty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BugBounty</span></a> <a href="https://defcon.social/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://defcon.social/tags/Pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Pentesting</span></a> <a href="https://defcon.social/tags/OWASP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OWASP</span></a> <a href="https://defcon.social/tags/DatabaseSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DatabaseSecurity</span></a> <a href="https://defcon.social/tags/HackerTips" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HackerTips</span></a></p><p>⚠️Disclaimer<br>This content is for educational and ethical purposes only. Do not attempt to exploit vulnerabilities without proper authorization. Always follow legal and ethical guidelines when testing or learning about cybersecurity.</p>
Blue Headline - Tech News<p>🚨 AI tool solves cyber tasks 3,600× faster than humans.<br>It’s called CAI—and it’s open-source, autonomous, and already winning real CTFs.</p><p>The best part? Even non-professionals using CAI have reported confirmed bugs to major bug bounty platforms.</p><p>Could this reshape who gets to participate in cybersecurity?</p><p>Read more: <a href="https://blueheadline.com/cybersecurity/cai-ai-hacker-tool-faster/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blueheadline.com/cybersecurity</span><span class="invisible">/cai-ai-hacker-tool-faster/</span></a></p><p><a href="https://mastodon.social/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersecurity</span></a> <a href="https://mastodon.social/tags/Technology" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Technology</span></a> <a href="https://mastodon.social/tags/AI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AI</span></a> <a href="https://mastodon.social/tags/OpenSource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenSource</span></a> <a href="https://mastodon.social/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Infosec</span></a> <a href="https://mastodon.social/tags/BugBounty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BugBounty</span></a> <a href="https://mastodon.social/tags/BlueHeadline" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BlueHeadline</span></a> <a href="https://mastodon.social/tags/EthicalHacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>EthicalHacking</span></a> <a href="https://mastodon.social/tags/CTF" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CTF</span></a> <a href="https://mastodon.social/tags/AItools" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AItools</span></a></p>
Daniel Šnor<p><span class="h-card" translate="no"><a href="https://zpravobot.news/@zpravobot" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>zpravobot</span></a></span> </p><p>Druhou prosbou je, zda byste mohli udělat <a href="https://mastodon.social/tags/bugbounty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bugbounty</span></a> a ověřili u všech zprávobotíků, které sledujete, že skutečně běží (postují), i když třeba nepříliš často, a nareportovali mi, pokud najdete nějaký problematický/nefunkční? I když se snažím, nemám šanci vše uhlídat a tohle by hodně pomohlo. Díky i za to.</p><p>2/2</p><p><a href="https://mastodon.social/tags/zpravobot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>zpravobot</span></a></p>
Laurent Cheylus<p>The Nivenly Foundation announced the launch of a new Security Fund that will pay those who responsibly disclose Security Vulnerabilities that affect Fediverse Apps and Services: Mastodon, Forgejo, PeerTube, Pixelfed... <a href="https://bsd.network/tags/BugBounty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BugBounty</span></a> <a href="https://nivenly.org/blog/2025/04/01/nivenly-fediverse-security-fund/" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">nivenly.org/blog/2025/04/01/ni</span><span class="invisible">venly-fediverse-security-fund/</span></a></p>
cyb_detective<p>URLFINDER</p><p><a href="https://infosec.exchange/tags/go" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>go</span></a> URL discovery tool:<br>- different sources (alienvault,commoncrawl etc)<br>- filter by extensions/regex<br>- very fast (122000+ URLs in 30 sec):<br><a href="https://github.com/projectdiscovery/urlfinder" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/projectdiscovery/ur</span><span class="invisible">lfinder</span></a></p><p>Creator x.com/pdnuclei </p><p><a href="https://infosec.exchange/tags/osint" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>osint</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/bugbounty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bugbounty</span></a></p>
Anonymous 🐈️🐾☕🍵🏴🇵🇸 :af:<p>EncryptHub, a notorious threat actor linked to breaches at 618 organizations, is believed to have reported two Windows zero-day vulnerabilities to Microsoft, revealing a conflicted figure straddling the line between cybercrime and security research. <a href="https://kolektiva.social/tags/bugbounty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bugbounty</span></a> <a href="https://kolektiva.social/tags/CyberAlerts" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberAlerts</span></a> <a href="https://www.bleepingcomputer.com/news/security/encrypthubs-dual-life-cybercriminal-vs-windows-bug-bounty-researcher/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/encrypthubs-dual-life-cybercriminal-vs-windows-bug-bounty-researcher/</span></a></p>
Anonymous 🐈️🐾☕🍵🏴🇵🇸 :af:<p>Automate JavaScript (JS) Extraction for Bug Bounty Recon<br><a href="https://cyberw1ng.medium.com/automate-javascript-js-extraction-for-bug-bounty-recon-6faab744d22e?source=rss------bug_bounty-5" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cyberw1ng.medium.com/automate-</span><span class="invisible">javascript-js-extraction-for-bug-bounty-recon-6faab744d22e?source=rss------bug_bounty-5</span></a></p><p><a href="https://kolektiva.social/tags/bugbounty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bugbounty</span></a> <a href="https://kolektiva.social/tags/bugbountytips" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bugbountytips</span></a> <a href="https://kolektiva.social/tags/bugbountytip" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bugbountytip</span></a></p>
Bug Bounty Shorts<p>Learn the ultimate strategy for beginners in bug bounty hunting, focusing on reconnaissance and industry-standard penetration testing approaches. This guide will help you understand steps like Pre-engagement interaction, Intelligence gathering, Threat Modeling, Vulnerability Analysis, Exploitation, and post-exploitation. By following this strategy, you can build confidence, train your mind to spot misconfigurations, and increase chances of a payout. <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/BugBounty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BugBounty</span></a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersecurity</span></a></p><p><a href="https://medium.com/@richard_wachara/a-beginners-guide-to-bug-bounties-f710b10ae188?source=rss------bugbounty-5" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">medium.com/@richard_wachara/a-</span><span class="invisible">beginners-guide-to-bug-bounties-f710b10ae188?source=rss------bugbounty-5</span></a></p>
The DefendOps Diaries<p>Imagine a hacker who not only exploited zero-days to breach over 600 organizations but also played the hero by patching vulnerabilities for Microsoft. How does one person walk the line between cybercrime and cybersecurity?</p><p><a href="https://thedefendopsdiaries.com/decrypting-encrypthub-a-cybersecurity-enigma/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">thedefendopsdiaries.com/decryp</span><span class="invisible">ting-encrypthub-a-cybersecurity-enigma/</span></a></p><p><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a><br><a href="https://infosec.exchange/tags/encrypthub" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>encrypthub</span></a><br><a href="https://infosec.exchange/tags/bugbounty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bugbounty</span></a><br><a href="https://infosec.exchange/tags/ethicalhacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ethicalhacking</span></a><br><a href="https://infosec.exchange/tags/cybercrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybercrime</span></a></p>
jomo<p>There is now a (limited) bug bounty for several Fediverse projects.</p><p>$250 for HIGH<br>$500 for CRITICAL</p><p><a href="https://nivenly.org/blog/2025/04/01/nivenly-fediverse-security-fund/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">nivenly.org/blog/2025/04/01/ni</span><span class="invisible">venly-fediverse-security-fund/</span></a></p><p><a href="https://mstdn.io/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://mstdn.io/tags/bugbounty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bugbounty</span></a> <a href="https://mstdn.io/tags/fediverse" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fediverse</span></a></p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload