Hello everyone π
Almost 800 followers, wow π
Merry Christmas π
Bug Bounty Tip
SSRF: PDF iframe Injection
Cheers!
You can purchase the pre-sale edition of the book or download the preview edition at book.therceman.dev
Bug Bounty Tip
SSRF: PDF iframe Injection
Cheers!
Bug Bounty Tip
Parameter Manipulation:
Email Link Hijacking
Cheers!
You can purchase the pre-sale edition of the book or download the preview edition at book.therceman.dev
Bug Bounty Tip
Parameter Manipulation:
Email Link Hijacking
Cheers!
Help Jobert Abma to claim his account. Report fake one with the proof to this X post x.com/jobertabma/s...
Bug Bounty Tip
XSS Filter Bypass: mXSS
Cheers!
Bug Bounty Tip
XSS Filter Bypass: mXSS
Cheers!
My latest blog post is live! nastystereo.com/security/cro...
Read how to send a cross-site POST without including a Content-Type header (without CORS). It even works with navigator.sendBeacon
Thanks, good luck you too! π
Waiting for my first payout from them, itβs in pending state currently. Letβs see how it goesβ¦
Gumroad pays on time though, every thursday, but sadly only card payments acceptedβ¦
You can now download preview edition of my bug bounty book with 3 tips & tricks
book.therceman.dev
Cheers!
You can now download preview edition of my bug bounty book with 3 tips & tricks
book.therceman.dev
Cheers!
Bug Bounty Tip
XSS WAF Bypass by multi-char HTML entities
fj translates to fj
>⃒ translates to > + [?]
<⃒ translates to < + [?]
[?] - Unicode symbol
I believe this can be the place to share everything you like on your life journey π
Awesome! Congratulations π
Yup π
Thatβs EPIC! π
Programming adds more value to cybersecurity and bug bounty.
It helps with automation, the creation of high-quality POCs, the ability to understand and review source code, the setup of local testing environments, and more.
The "bug bounty hunters and content creators" starter pack is now up to 60 users! Follow this to get instantly connected to the bug bounty community & let me know if I've missed you off!
go.bsky.app/GD7hKPX
My bug bounty book is now available on Lemon Squeezy, offering more payment options for your convenience.
Cheers!
In case you missed it...the DEF CON video of my talk 'Splitting the Email Atom' is finally here! π Watch me demonstrate how to turn an email address into RCE on Joomla, bypass Zero Trust defences, and exploit parser discrepancies for misrouted emails. Donβt miss it:
youtu.be/JERBqoTllaE?...
Hi π
Bug Bounty Tip
You can hide your XSS payload inside SVG or Math element to bypass the XSS Sanitizer or WAF filter
Cheers!
Any bug bounty people around? I'm creating a starter pack of people to follow but it's pretty brief currently! Let me know if you'd like to be added: go.bsky.app/GD7hKPX
π
Book: Bug Bounty Tips and Tricks Vol.1
Edition: Pre-Sale
Tricks: 18 Tips and Tricks
Price: $13.37 (33% OFF)
π book.therceman.dev
Haha, every gov website has its own server PC under the table π
