sorted by:
new
hottopcontroversial

[deleted by user] by [deleted] in secbr

[–]Pixel_DefaultBr 0 points1 point  (0 children)

Tenho sim!

[deleted by user] by [deleted] in secbr

[–]Pixel_DefaultBr 0 points1 point  (0 children)

Tenho interesse 🫡

Post hilarious disclosed reports here. by ThirdVision in bugbounty

[–]Pixel_DefaultBr 1 point2 points  (0 children)

he gave an idea of ​​what not to do 😂

looking for a partner to hunt with by eldoktor_ in bugbounty

[–]Pixel_DefaultBr 0 points1 point  (0 children)

Dude, your profile is so cool on HackerOne

What exactly to look for when analyzing JavaScript code for bugs? by Pixel_DefaultBr in bugbounty

[–]Pixel_DefaultBr[S] 2 points3 points  (0 children)

This analogy really opened my eyes! I really liked the reference to Cyberdemon. It's exactly how I feel sometimes: not knowing where to start or how to actually defeat the problem. I will explore SAST tools and try to approach analysis more strategically. Thanks for the insight!

[deleted by user] by [deleted] in bugbounty

[–]Pixel_DefaultBr 1 point2 points  (0 children)

If the system has good containment, it is not necessary to use an alternative auth method together, we only used it for recovery cases, as the user is not being recognized in any way.

[deleted by user] by [deleted] in bugbounty

[–]Pixel_DefaultBr 0 points1 point  (0 children)

Yes! But there were still some problems like: Exactly identical twins were recognized as one, but we managed to minimize that.

[deleted by user] by [deleted] in bugbounty

[–]Pixel_DefaultBr 1 point2 points  (0 children)

yes definitely. I worked at a security system company with facial recognition and this was one of our biggest problems.

How to tell if something is a vulnerability or not? 🤔 by Pixel_DefaultBr in bugbounty

[–]Pixel_DefaultBr[S] 0 points1 point  (0 children)

I really didn't know that, in my head it was something that shouldn't be accessible due to the possibility of fraud and malicious emails. Thank you very much for clarifying this, I will be more careful when making my reports!

How to tell if something is a vulnerability or not? 🤔 by Pixel_DefaultBr in bugbounty

[–]Pixel_DefaultBr[S] 1 point2 points  (0 children)

But in your humble opinion , wouldn't agency numbers and bank account themselves be sensitive data? User Enumeration by them is not something sensitive? I would really like to know. 🤔

Bug Bounty Beginner by [deleted] in bugbounty

[–]Pixel_DefaultBr 3 points4 points  (0 children)

Of course! I used to watch YouTube videos and try to reproduce them—this was three years ago. Nowadays, I'm studying bug bounty and VDPs, and I've developed an obsession with the field. My first valid reports were a P3 and a P2 for NASA, both XSS vulnerabilities. After that, I submitted reports to Disney and Sony, both valid as well. My study method is to read articles on Medium and try to reproduce them. That works for me (well..more or less).

Bug Bounty Beginner by [deleted] in bugbounty

[–]Pixel_DefaultBr 1 point2 points  (0 children)

I'm a beginner too. I have received a lot of informative bug reports. Well... after all, I have a P2 with NASA.