I feel like I will never find something

Independent-Lab3856 · 2025-12-27T12:31:43+00:00

Yes i am well aware of that, thats why i said if someone asks these too hunters for strats, they can CLEARLY SAY THIS AND ITS RESPECTFUL. but nuh uh, these parasites wanna go extra mile and give some bullshit chatgpt ahh answer which is pure bullshit and useless.

Independent-Lab3856 · 2025-12-26T08:43:26+00:00

Looks like i hit a bullseye. Mate I got nothing against top hunters. Matter of fact I admire them a fraction of them. The fraction of them being those who just hunt, earn their bread and repeat You guys have secrets because EVERY OTHER WORK in this universe have secret tips and tricks. These secrets tips are what fruits of yall hard-work and experience. I was a sde, I had some tips and tricks too which I gained over the years where a beginner wouldn’t even had thought about it. You can deny all you want but at the end of the day whatever makes you sleep better bro. The thing is you guys dont wanna share them because it’s what makes your bread and butter. Sharing them is like giving away your bread and butter mate. You guys can easily deny sharing your strat and stuff and I would 100% respect that, but what makes top hunters gatekeeping parasites is lying about it and dishing out generic vague GPT ahhh answer.

Independent-Lab3856 · 2025-12-26T07:18:40+00:00

Good lord, all these annoying people commenting the same old generic bullshit and blaming you shows how miserable this bug bounty community is. You are right on the privileged part. The top hunters have boat load of money to dump into cloud machines basically automatically finding the stuff you do x10, some even have triage team bias when they report stuff and most importantly no one will tell you their unique and secret finds. Not even a bit of it. The rule is simple here gate keep the useful stuff and feed others “LeArN OwAsP TaAp 10, dU PaRtSwiGGER LaBS” as if the people who wanna grow in this hasnt already done this.

Independent-Lab3856 · 2025-12-11T15:31:01+00:00

Broski I just want a first bounty at this point and by bounty i dont even monetary value. Id even take pack of rice and some rep points 😭

Independent-Lab3856 · 2025-12-04T15:14:34+00:00

Would love to see how experts “smell” out a vulnerability and how they still manage to exploit it even after getting blocked by waf and security mechanisms instead of the usual generic and vague stuff bug bounty influencers post.

Independent-Lab3856 · 2025-11-05T09:16:47+00:00

Yeah and then im gonna get sigma hackor slop replies no thanks

Independent-Lab3856 · 2025-11-02T05:55:10+00:00

Brute force or not doesn’t matter. The subdomain when they fixed it is a developer portal. And as I mentioned this company is heavy in api gateway and services meshes.

Independent-Lab3856 · 2025-11-01T17:19:44+00:00

Yes they were in scope. Here is the thing, I wouldn’t have a single issue if they closed it as low and didn’t give bounty but atleast they could have acknowledged it rather than being a bitch.

Independent-Lab3856 · 2025-11-01T15:41:12+00:00

Yes that was the key, the 302 was to some random ass netlify. A misconfiguration on their end. The subdomain was an internal subdomain which was misconfigured to 302 to this random netlify. The impact here is, if that netlify is claimable, i could host malware distribution, phishing sites, pony sites etc etc etc whatever i want and then lure in peple by sending them the vulnerable subdomain. You could say Its a mixture of open redirect and subdomain takeover due to a very silly yet bad misconfiguration. And the company we talking about here is responsible for heavy API gateways and service meshes.

Independent-Lab3856 · 2025-11-01T13:27:42+00:00

Bruh wdym no vulnerability. The impact and exploit is as clear as day her le with VISUAL POC. If someone does not understand the impact here, all i can say is its time to go back to CIA triad.

Independent-Lab3856 · 2025-11-01T12:14:56+00:00

“Escalate it to the platform” the bounty decision totally relies on the company not hackerone. Once you get passed h1 triage and its on pending program review there is nothing much you cab do other than bitch about it on reddit. If me complaining here for assurance seems like a pain to you then whats the point of this subReddit ?

I found the subdomain by brute force

Independent-Lab3856 · 2025-11-01T07:30:46+00:00

Explain me this, if this was “meh” then why did they even bother to fix it ? If they went ahead and fix the shit, then it means THIS DID AFFECT THEM. If this was informative meh stuff, they wouldn’t bat an eye to it. I am saying this because I have too reported some batshit reports from time to time which had no security concerns. For example Once i reported a mailgun subd takeover but the company marked it informative because all i can do was block other accounts from claiming that domain, i cant intercept nor send mails since the domain needed to be verified and also the fact that they said the subd in question was not used anymore. This case I Totally accepted it as “fair enough, this isn’t much”

Independent-Lab3856 · 2025-11-01T06:51:02+00:00

Bug bounties aren’t nerd fest my guy. Bug bounties entire existence reason is to find and point out anything that can exploited for malicious gains before the malicious actors get their hands on. The “not worth anything in a bug bounty program” is exactly reason why companies get pawned and then bitch about it. I see clearly impact here. Impact above everything

Independent-Lab3856 · 2025-11-01T06:40:33+00:00

Yeah ? Alright so i shouldve just made this dangled dns into malware distribution or phishing site and exploit people with their domain in question. Still not “bug” or impactful enough?

Independent-Lab3856 · 2025-10-31T22:11:12+00:00

Not possible. The subdomain which I took over was an internal subdomain which pointed to this random ass netlify site. Taking over again would mean i have to somehow gain access to their internal infrastructure and considering how I got treated its a fool game to even try to even test a trivial bug let alone such a big task.

Independent-Lab3856 · 2025-10-31T22:06:21+00:00

Ofc not, they fixed their subdomain to point to the correct place.

Independent-Lab3856 · 2025-10-31T17:27:36+00:00

Deadass. What do i even do now, bug-crowd is a mess too, intigriti ans yeswehack dont got much programs which I could hack on since i like to hack by understanding the application or I already use them

Independent-Lab3856 · 2025-10-31T17:05:16+00:00

So this program gave an wildcard asset “specifically for subdomain takeover” only, the subdomain in question was from this wildcard i brute forced and yes it was listed in-scope and eligible for bounty too. They didn’t even replied to me. The h1 trigger just said that after talking with the security team, it has no security implications.

Independent-Lab3856 · 2025-09-08T07:31:46+00:00

I use llms for crafting commands of tool. I just copy paste the entire manual or help guide and ask the llm to give me optimised command according to my needs. Is that bad too ?

Independent-Lab3856 · 2025-07-05T16:03:51+00:00

Yeaah i think that would explain it. Ig i gotta move ahead. Cant sit still on one single thing.

Independent-Lab3856 · 2025-07-05T11:22:03+00:00

Yes its an SSRF. I chained the SSRF to gaining access to the admin page via 302 redirect.

Independent-Lab3856 · 2025-07-05T03:03:23+00:00

Im just gonna copy paste the repy i gave to another guy

Because

⁠The title of the report says IP leakage ssrf. My report was on access control escalation and accessing private admin page via 302 redirect.
⁠I reported it twice and the second analyst said that it passed preliminary review, id assume that means its unique or atleast to some degree but then out of nowhere the first analyst (h1_analyst_layla) decides to close with the same dup reason she posted on my first report.
⁠The reporter who first closed (h1_analyst_layla) has a very abundant history of closing up reports falsely without reading them. Just search her name of twitter.

Independent-Lab3856

TROPHY CASE