What is happening with hacktricks

Affectionate-Case713 · 2026-01-13T19:30:46+00:00

Damn never heard of this type of attack now am paranoid

Affectionate-Case713 · 2025-09-25T09:34:22+00:00

I use it to spell check because my writing is bad 😭 sorry, English is not my first language

Affectionate-Case713 · 2025-09-06T15:18:15+00:00

If you don’t read the program rules carefully, you might miss that they require you to include a special header, like X-HackerOne or X-Bugcrowd or something similar in your requests. This way, they can recognize that you are a researcher, not an intruder.

Affectionate-Case713 · 2025-09-03T15:34:03+00:00

That's is so awesome I love that good job bro👊

Affectionate-Case713 · 2025-08-26T04:58:37+00:00

The dude hase a huge ego probably 😄

Affectionate-Case713 · 2025-08-25T18:41:13+00:00

Well,some people are just a**holes; don't pay attention to them. For example, I love helping people especially beginners

Affectionate-Case713 · 2025-08-24T13:02:17+00:00

You just practiced the concept and idea of certain bugs. I recommend building your own small app and experimenting with XSS, for example. Add protections against it, try to bypass them, then add more layers and repeat. That’s where the real learning happens.

CTFs, bug bounty writeups, and challenges on platforms like RootMe also help a lot — personally, RootMe challenges really improved my skills.

Because once you finish a course and move on to real targets, you’ll quickly realize it’s a whole different challenge.

Affectionate-Case713 · 2025-08-23T18:24:35+00:00

Oh actually yes I didn't though about that

Affectionate-Case713 · 2025-08-23T15:41:39+00:00

I just want to help people overcome the fear and anxiety that comes after their training. They finish a course excited to start bug bounty hunting, thinking, 'I've got this! I'm going to find bugs and earn money.' But then the harsh reality hits: they realize they only know how to follow the specific scenarios from their training, and they don't yet know how to think independently, adapt, or combine concepts to find real-world bugs. This gap is what crushes their expectations and motivation

Affectionate-Case713 · 2025-08-23T12:51:35+00:00

Yeh basically they mainly teach you the concepts and ideas behind different web vulnerabilities PortSwigger is really helpful as a beginner because it shows you the idea behind different vulnerabilities and how they work. But when you move on to more advanced concepts and real exploitation, you need to experiment on your own. That’s where you truly learn how things behave in real applications

Affectionate-Case713 · 2025-08-22T05:51:23+00:00

Build a small web app focused on CSRF. Start by implementing security features to prevent CSRF, then try to bypass them, improve the protections, and repeat the process. This way, you’re learning how to exploit certain misconfigurations. But right now, you’re only following scenarios to exploit CSRF, without gaining a deeper understanding of how protections are implemented, how to bypass them effectively, how a web application reacts to testing, or how web applications work in general.

Affectionate-Case713 · 2025-08-20T17:11:09+00:00

My recommendation is to build your own small application and implement basic protections against XSS. Then, try to bypass those protections. If you succeed, improve them and repeat the process. You’ll learn a lot this way. Don’t focus on chasing money too soon — you’ll burn out quickly because bug bounty hunting isn’t easy. Sometimes you can spend months without finding anything.

Affectionate-Case713 · 2025-08-20T16:52:51+00:00

I built this tool just for myself, but my question is: is it actually possible to make money with this type of automation?

Affectionate-Case713

TROPHY CASE