@securitycipher.bsky.social
π Write-ups and Resources π related to Bug Bountyπ² #bugbounty #bugbountytips
XSS WAF Bypass: 3 Tricks to Beat Alert Blockers
https://medium.com/@cybersecplayground/xss-waf-bypass-3-tricks-to-beat-alert-blockers-b7552dcde45b?source=rss------bug_bounty-5
Hunting WordPress Vulnerabilities β A Bug Bounty
https://medium.com/@ksreemosmar/hunting-wordpress-vulnerabilities-a-bug-bounty-4324c6782f1f?source=rss------bug_bounty-5
How Breached Credentials Revealed an API Nobody Knew Existed
https://medium.com/@iski/how-breached-credentials-revealed-an-api-nobody-knew-existed-c28890df4fe1?source=rss------bug_bounty-5
HTTP Header Walkthrough
https://medium.com/@samstriker14/http-header-walkthrough-5be516b9a68a?source=rss------bug_bounty-5
I Found Real Credentials in Archived Data β And It Was on a Bug Bounty Program
https://nwhitedemon.medium.com/i-found-real-credentials-in-archived-data-and-it-was-on-a-bug-bounty-program-9a718e8801f6?source=rss------bug_bounty-5
Web Requests Cheat Sheet
https://medium.com/@samstriker14/web-requests-cheat-sheet-9a0a6b992962?source=rss------bug_bounty-5
Privacy Hardening Toolkit 2025: 25 Practical Steps to Lock Down Your Digital Life
https://medium.com/@verylazytech/privacy-hardening-toolkit-2025-25-practical-steps-to-lock-down-your-digital-life-b91a7d1911ad?source=rss------bug_bounty-5
My First Triaged Report Ever
https://medium.com/@Mo_serag/my-first-triaged-report-ever-4b6cd8f9e654?source=rss------bug_bounty-5
SSHStalker Botnet Operation
https://medium.com/@kanhukhanda764/sshstalker-botnet-operation-ae1a19660813?source=rss------bug_bounty-5
Arp-Scan for Pentesting: Network Scanning and Firewall Bypass
https://medium.com/@jpablo13/arp-scan-for-pentesting-network-scanning-and-firewall-bypass-7222f9e779f2?source=rss------bug_bounty-5
Breaking the Box: bypassing Node.js Filesystem Permissions via Symlinks (CVE-2025β55130)
https://xalgord.medium.com/breaking-the-box-bypassing-node-js-filesystem-permissions-via-symlinks-cve-2025-55130-0b9ad44920f9?source=rss------bug_bounty-5
SQL Injection Explained from Scratch (Beginner to Advanced)
https://medium.com/@anshkamra00/sql-injection-explained-from-scratch-beginner-to-advanced-22a3911de1b7?source=rss------bug_bounty-5
Deep Dive into SSRF Exploitation: Why Internal Networks Are No Longer Safe
https://medium.com/@r3dbrothers1/deep-dive-into-ssrf-exploitation-why-internal-networks-are-no-longer-safe-d6a5a11b9f27?source=rss------bug_bounty-5
IDOR to Content Spoofing: Hijacking Brand Trust via a Simple UUID Swap
https://medium.com/@Ahm3dX_/idor-to-content-spoofing-hijacking-brand-trust-via-a-simple-uuid-swap-f9c10d046c5e?source=rss------bug_bounty-5
Receiving a Generous $77,000 in Rewards from GitLab: A Testament to Their Visionary Security Ethos
https://medium.com/@justas_b_3/receiving-a-generous-77-000-in-rewards-from-gitlab-a-testament-to-their-visionary-security-ethos-af418ffdf8d4?source=rss------bug_bounty-5
Pentester Bytes: API Pentesting MethodologyβββLack of Resources and Rate Limiting
https://medium.com/@shivam_bathla/pentester-bytes-api-pentesting-methodology-lack-of-resources-and-rate-limiting-a7cbfd91ce1e?source=rss------bug_bounty-5
The βFreeβ Professional: How I Broke the Payment Logic of a Global Research Platform (IFERP)
https://abdo0x.medium.com/the-free-professional-how-i-broke-the-payment-logic-of-a-global-research-platform-iferp-9320d45f67f2?source=rss------bug_bounty-5
From Deep Recon to Account Takeover: How Burp Suite Uncovered a Hidden βLegacyβ Page
https://medium.com/@belalshohaip222/from-deep-recon-to-account-takeover-how-burp-suite-uncovered-a-hidden-legacy-page-c060d1de9b0c?source=rss------bug_bounty-5
Remove Yourself from Search Sites: 20 Tools Every Cybersecurity Pro Should Know
https://medium.com/@verylazytech/remove-yourself-from-search-sites-20-tools-every-cybersecurity-pro-should-know-e9a32f03c96c?source=rss------bug_bounty-5
Exploiting Stored HTML Injection via Broken Email Ownership Validation
https://medium.com/@anikets5213/exploiting-stored-html-injection-via-broken-email-ownership-validation-ba09d614d024?source=rss------bug_bounty-5
$1000 Bounty for Chaining 2 IDORβs & WAF Bypass to Expose Full Event Database
https://medium.com/@DarkyOS/1000-bounty-for-chaining-2-idors-waf-bypass-to-expose-full-event-database-602a577a71cf?source=rss------bug_bounty-5
The βOpen Windowβ in the SSO Fortress: How I Accessed Internal GraphQL Schemas Without Login (Andβ¦
https://zer0figure.medium.com/the-open-window-in-the-sso-fortress-how-i-accessed-internal-graphql-schemas-without-login-and-e9b82379659f?source=rss------bug_bounty-5
How I found an XSS in a Logbook System(Inline Code)
https://mohamedalgabry.medium.com/how-i-found-an-xss-in-a-logbook-system-inline-code-c0390857d2b2?source=rss------bug_bounty-5
I Wasnβt Looking at the Target β I Was Watching the Hackers First
https://infosecwriteups.com/i-wasnt-looking-at-the-target-i-was-watching-the-hackers-first-866b552efd0f?source=rss------bug_bounty-5
WebSocket Penetration Testing: How to Test for WebSocket Hijacking, IDOR, Injection & More
https://medium.com/@exploitersorigin/ws-strike-a-burp-suite-extension-for-websocket-penetration-testing-b2fe9676da07?source=rss------bug_bounty-5
TLS PSK/ALPN Callback Exceptions Bypass Error Handlers, Causing DoS and FD Leak
https://hackerone.com/reports/3473882
Mail stored HTML injection in subject text
https://hackerone.com/reports/3357036
The 5 Most Valuable Credential Types Hidden in Stealer Logs
https://medium.com/@alexandrevandammepro/the-5-most-valuable-credential-types-hidden-in-stealer-logs-b7c4d4548c5d?source=rss------bug_bounty-5
OWASP Top 10 for Agentic Applications (2026)
https://medium.com/@forte.social/owasp-top-10-for-agentic-applications-2026-620d61836cd2?source=rss------bug_bounty-5
Part 3: The Modern Recon Stack β The automation script
https://medium.com/@gopikrishna0295/part-3-the-modern-recon-stack-the-automation-script-6aacbba06916?source=rss------bug_bounty-5
