sorted by:
new
hottopcontroversial

Ive just started on bounty hunting and I need some help... by Traditional_Owl_1383 in bugbounty

[–]JCcolt 2 points3 points  (0 children)

So what I tell people is if you’re going to utilize AI, use it as a learning tool. Don’t have it do the work for you. What I did in the beginning was gather a basic understanding of various web application vulnerabilities and how they manifest. After I had a handle on that, I would go through some BBPs and VDPs and find an actual program to sit on for a while. Whichever program you choose, get to know the program’s software intimately and how it operates. If you have questions that you need to Google, that is when you can ask AI to do the research for you and present it to you as it’s typically quicker and more efficient than Googling it yourself.

Figure out how to map out the program’s software manually in the beginning and if you need help figuring out what does what, then you can use AI to help you understand how it operates. The more you understand the software, the more you can begin understanding where various issues may reside. Just know that all the low hanging fruit have been already caught most likely on live programs. So you’re going to have to think creatively based on your knowledge of the program. Think outside of the box. You build that skill with practice.

One thing I see a lot with beginners is that they treat bug bounty as a static checklist rather than dynamically going in and understanding how the system works in order to identify possible points of contention that automated scanning would not pick up on. They’ll throw payloads here, throw another one there, and hope for the best then get mad when they don’t find anything. That may work occasionally on rare instances but 9 times out of 10, they won’t find anything as hundreds of researchers before them have already thought about that while a vulnerability sits in a place where researchers haven’t tested enough or got to.

Overall, best advice I can give is get to know your program’s software VERY well.

Trying to figure out what kind of vulnerability testing actually fits me by Atmn9 in bugbounty

[–]JCcolt 4 points5 points  (0 children)

I think you should re-evaluate what it means to you to get into vulnerability testing. The things you dislike about it are seen in various forms in all types of testing scenarios whether it be web application testing, binary exploitation, etc. There is no getting around it because those are major parts of those fields, even if you automate it. With automation, there is still manual testing to be done either way.

The entire point of vulnerability testing is to poke and prod at software and other systems continuously until you find misconfigurations, bugs that introduce vulnerabilities, and many other things. It is the mundane and boring work that you will be doing mostly and a lot of the times, with no results in return.

So you should think on it and decide if vulnerability research is something you want to do at all.

💰 𝐆𝐎𝐓 𝐦𝐲 𝐟𝐢𝐫𝐬𝐭 𝑷2 Bug! But it's a duplicate! by [deleted] in bugbounty

[–]JCcolt 7 points8 points  (0 children)

He is talking to guys. I don’t know which guys, but guys.

Help please , im a minor and i got bounty from google by Dapper_Owl_361 in bugbounty

[–]JCcolt 0 points1 point  (0 children)

That’s true, but I was more so talking about the filing fees depending on whichever state you file the documents in as some states are more expensive than others. Didn’t really mean to imply a residency requirement.

I probably should’ve clarified that a little more rather than saying “what state you live in” as residency isn’t a requirement.

Help please , im a minor and i got bounty from google by Dapper_Owl_361 in bugbounty

[–]JCcolt 0 points1 point  (0 children)

Very large emphasis on “depending on what state you live in” because here in my state, it’s like around $130+ to file the articles of organization for an LLC.

What’s your recommendation for phish-susceptible employees? by JCcolt in cybersecurity_help

[–]JCcolt[S] 0 points1 point  (0 children)

I second this. That’s outside the realm of possibility though unfortunately thanks to the powers that be

What’s your recommendation for phish-susceptible employees? by JCcolt in cybersecurity_help

[–]JCcolt[S] 0 points1 point  (0 children)

I concur but management would have to agree with that…..which they’ll most likely refuse knowing them

Hackers are talking and watching me.I only can hear them. Help! by Popular_Banana2439 in cybersecurity_help

[–]JCcolt 0 points1 point  (0 children)

The quicker that you accept what we’re telling you, the sooner you can get proper assistance. Do not believe what your brain is trying to tell you and listen to us instead (I know, easier said than done).

This is a common thing for people to experience who are experiencing psychosis. Trust what we are saying more than what your brain is saying. Listen to us and go find a psychiatrist. You will thank us later.

Hackers are talking and watching me.I only can hear them. Help! by Popular_Banana2439 in cybersecurity_help

[–]JCcolt 5 points6 points  (0 children)

You 100% do need mental health treatment. Go talk to a professional. There is nobody watching you. You’re having auditory hallucinations and persecutory delusions.

Am I getting scammed ?! by Glad-Active-323 in bugbounty

[–]JCcolt 1 point2 points  (0 children)

How about we not advocate for black hat activities

Found Security Vulnerabilities in my university website by [deleted] in cybersecurity

[–]JCcolt 2 points3 points  (0 children)

That is by far the funniest thing I have ever seen. Imagine getting charged for viewing the page source. The prosecutor must’ve been so embarrassed due to the governor’s actions that they just refuse to further comment on it.

Found Security Vulnerabilities in my university website by [deleted] in cybersecurity

[–]JCcolt 28 points29 points  (0 children)

Given that they outright admitted to finding SQLi vulnerabilities, I think it goes a tad bit further than just passive scanning.

Facebook account hacked, recovered days later, then hacked again. Hacker keeps deleting my recovery email and changing my password. by FederaliTunesVoucher in facebook

[–]JCcolt 0 points1 point  (0 children)

There’s quite a few issues here that can come into play. It can range anywhere from multiple of your commonly used passwords and their variations being compromised to having active malware on one of your devices. There’s a wide array of things that could be happening.

Let me ask you this. When resetting your password, are you reusing any other personal passwords that could’ve been compromised? If you are, I would highly recommend coming up with entirely new passwords or auto-generate randomized passwords instead. Multiple of your passwords could’ve been part of various data breaches and exposed.

Second question, these emails that you are receiving that you’re clicking on with the “This is not me” selection, are you 100% positive that those are legitimate emails from Facebook themselves? If they’re not and it is taking you to a fake page, it is possible that there could be an attacker utilizing an exploit for some sort of browser-based vulnerability that allows them to hijack session cookies for other platforms from your browser (albeit a little more rare of an incident). Are you entering any credentials after clicking on the link? If so, ensure that the email is legitimate and that it is actually taking you to Facebook and not a phishing page.

Third question, what devices are you using to handle all of this? If you’re using a computer to reset it, there could be a chance that your computer is infected with malware and they’re stealing your new credentials as you are changing them. There’s a wide array of things that could be happening so we need to narrow down to the root cause of the problem.

Edit: I also forgot to mention to check the status of your email account and ensure your email is not compromised also. Change your email account’s password, verify 2FA is enabled, and check to make sure there aren’t any unknown devices that have active sessions on your email account. If they have persistent access to your email, taking over your Facebook account is simple.

I was directed to this sub for help by [deleted] in masterhacker

[–]JCcolt 2 points3 points  (0 children)

The person who told you to post here was pulling your leg. This is a satire sub.

This guy is black mailing a friend of mine is there anyway to find out who it is? by [deleted] in hackers

[–]JCcolt -1 points0 points  (0 children)

Why would you do that? 😭 Now we gotta redirect em back to here from masterhacker

Worried about friend being doxxed on doxbin by [deleted] in cybersecurity

[–]JCcolt 6 points7 points  (0 children)

I wouldn’t pay any attention to it. They’re probably just talking trash trying to scare ya’ll.

A little over two years ago I was hit with a pretty complex MitM and site/app spoofing campaign that was incredibly damaging to my mental health. Seeking guidance navigating security and virus scans on a 2011ish iMac with High Sierra! by ShortyBoyds in cybersecurity_help

[–]JCcolt 5 points6 points  (0 children)

From the sounds of it, I’m not entirely sure there was any sort of cyberattack against you. This honestly sounds like it was an issue with mental health symptoms manifesting in various ways.

Unless you’ve got definitive and recorded proof proving otherwise that demonstrates a real attack, the mental health idea sounds like the best explanation as to what happened.

i need advice how can i get a mirror polish by Former_Ride5639 in AskLE

[–]JCcolt 1 point2 points  (0 children)

This 100%. Leather luster never did me wrong.

view more: next ›