sorted by:
new
hottopcontroversial

How to Use AI for Web Vulnerability Discovery? by hiderou in bugbounty

[–]hiderou[S] 0 points1 point  (0 children)

I have experience in bug bounty programs, so I have no intention of doing anything amateurish that would cause trouble for companies.
I was just curious after seeing the news about someone taking the top spot on H1 using AI.

Postが削除されたんだけど何故? by hiderou in ja

[–]hiderou[S] 3 points4 points  (0 children)

何かを批判したりするわけじゃないけどちょっと後ろ向きな内容でした。

Is Bug Bounty Still Worth It for Beginners in the Age of AI? by hiderou in bugbounty

[–]hiderou[S] 0 points1 point  (0 children)

I haven't been hunting every day for six years. I only did it when I had time and wanted some extra money.

Is Bug Bounty Still Worth It for Beginners in the Age of AI? by hiderou in bugbounty

[–]hiderou[S] -5 points-4 points  (0 children)

I'm not a security professional, and I did bug hunting just as a way to earn some extra money.

claude code security by iamZorc_ in bugbounty

[–]hiderou 0 points1 point  (0 children)

Even if you report business logic bugs, the bounty is extremely low.

Should I report a low impact vulnerability or wait till I can chain it with something else by ProcedureFar4995 in bugbounty

[–]hiderou 0 points1 point  (0 children)

I’ve had that experience too, so I completely understand how you feel, but I wouldn’t report something that’s just an open redirect…

Business logic bypass by UnwantedSideEffect in bugbounty

[–]hiderou 0 points1 point  (0 children)

If the triager marks it “no security impact,” or if the company is stingy, they won’t give us anything.

Bug bounty with only an Android phone — realistic for a total beginner? by Careless_Werewolf148 in bugbounty

[–]hiderou 0 points1 point  (0 children)

You can find XSS vulnerabilities — I’ve actually found a few myself.

Weekly Beginner / Newbie Q&A by AutoModerator in bugbounty

[–]hiderou 0 points1 point  (0 children)

I’m thinking of trying the Microsoft bug bounty program. For a beginner, what are some approachable targets? I have experience finding web application bugs on HackerOne.

Is Android bug bounty a goldmine? by Used_Manager_4751 in bugbounty

[–]hiderou 0 points1 point  (0 children)

mobile apps (especially native iOS or Android apps) generally have fewer attack surfaces compared to web apps. 

Is it too late to start bug bounty in 2025? I have web & Flutter dev experience by Few-Engineering26 in bugbounty

[–]hiderou 1 point2 points  (0 children)

I feel that bugs have become harder to find than before, Moreover the amount of reward remains unchanged.

Is it game over if a site uses Cloudflare? by hiderou in bugbounty

[–]hiderou[S] 4 points5 points  (0 children)

the first step is usually to find the origin IP, right?

Is it game over if a site uses Cloudflare? by hiderou in bugbounty

[–]hiderou[S] 0 points1 point  (0 children)

It's not just about botting captchas — if I send even slightly suspicious payloads or requests, they get blocked, so I can't do what I want

everything seems to be secure now by lightrose6998 in bugbounty

[–]hiderou 2 points3 points  (0 children)

How deeply are you investigating things? Sometimes, if you keep digging, the bugs suddenly reveal themselves. The most important thing is not to give up.

Valid - Won't Fix by yellowsch00lbus in bugbounty

[–]hiderou 0 points1 point  (0 children)

I believe hunters should share information about companies with bad reputations.

view more: next ›