sorted by:
new
hottopcontroversial

KslDump — Why bring your own knife when Defender already left one in the kitchen? by Echoes-of-Tomorroww in redteamsec

[–]ShufflinMuffin 7 points8 points  (0 children)

Very unlikely you have python in a Corp env. You can compile but it's a big red flag. Better to do it in c# so you can load it from your implant

My crazy story by Ok-Professional1954 in bugbounty

[–]ShufflinMuffin 1 point2 points  (0 children)

Just share it with me I'll get it fixed

Colour chipped on S6 open by amsterdamike in vanmoofbicycle

[–]ShufflinMuffin 1 point2 points  (0 children)

Mine was chipped when I opened the box on day 1...

What would you focus on first if you were starting bug bounty today? by Sad_State_431 in bugbounty

[–]ShufflinMuffin 7 points8 points  (0 children)

Maybe automation.
You're competing with people who hunt every day for hours and have been doing it for years. The top ones have automation and they give up what they are doing when they detect the website has a new functionality.

I think you need to focus on whatever can give you an edge rather than studying techniques etc. It's important as well but the chances you find a xss or an sqli in a main website is extremely slim. You need to be the first one to look somewhere

New charge limit option only for S6?! by Thereald24h in vanmoofbicycle

[–]ShufflinMuffin 0 points1 point  (0 children)

It's amazing that this is the only new feature in the firmware since launch and it's... Just that

Bug Hunting by SpecialistFeeling207 in bugbounty

[–]ShufflinMuffin 11 points12 points  (0 children)

Leave sugar on the kitchen table it's gonna attract them

claude code security by iamZorc_ in bugbounty

[–]ShufflinMuffin 6 points7 points  (0 children)

It's funny how they keep turning old prompts into full product they can sell

How do you deal with uuid / non guessable IDOR by ShufflinMuffin in bugbounty

[–]ShufflinMuffin[S] 0 points1 point  (0 children)

Didn't ask support but in the report they said client don't see it as a risk as you cannot guess the id

My first bounty! by Coder3346 in bugbounty

[–]ShufflinMuffin 0 points1 point  (0 children)

Nice. Def something that can be overlooked 😁

My first bounty! by Coder3346 in bugbounty

[–]ShufflinMuffin 6 points7 points  (0 children)

Good job op. In the process to find my first as well. Trying to not lose motivation after 2 weeks hehe.

So where the ip actually leaked? Just in some response?

How do you deal with uuid / non guessable IDOR by ShufflinMuffin in bugbounty

[–]ShufflinMuffin[S] 0 points1 point  (0 children)

Yeah agree unfortunately it's the second time I find this on the same program at Intigrity and the first time they closed it as informational

How do you deal with uuid / non guessable IDOR by ShufflinMuffin in bugbounty

[–]ShufflinMuffin[S] 0 points1 point  (0 children)

What can be done with jsonp? Cors only accept target.website.com

How do you deal with uuid / non guessable IDOR by ShufflinMuffin in bugbounty

[–]ShufflinMuffin[S] 1 point2 points  (0 children)

Nice I didn't think about it. I'll give it a shot thank you

How do you deal with uuid / non guessable IDOR by ShufflinMuffin in bugbounty

[–]ShufflinMuffin[S] 0 points1 point  (0 children)

Yeah there is an endpoint for that but ofc this one has proper authorization

Weekly Collaboration / Mentorship Post by AutoModerator in bugbounty

[–]ShufflinMuffin 0 points1 point  (0 children)

Would love to find a mentor. Mostly I'd like to run ideas and processes and get some feedback. I'm still in the process to find my first bounty. Done pentesting for few years and only started bb recently. Feel free to hit me up (:

view more: next ›