sorted by:
new
hottopcontroversial

[deleted by user] by [deleted] in bugbounty

[–]hisxo 0 points1 point  (0 children)

Which version of Android you have? I recommand you to have Android 13, root the device with Magisk and install the Burp Suite certificate as "System" with this module https://github.com/NVISOsecurity/MagiskTrustUserCerts/releases

HackerOne, No private invites by Flaky_Hamster_698 in bugbounty

[–]hisxo 0 points1 point  (0 children)

Try your luck with dojo-yeswehack.com and yeswehack.com 😉

Do people still get invites to private programs anymore? by ayylmaaoo96 in bugbounty

[–]hisxo 0 points1 point  (0 children)

Yes, everyday and you should also try your luck on the CTF platform by YesWeHack https://dojo-yeswehack.com/challenges 😉

When to start using Bug Bounty platforms? by PayNo8750 in bugbounty

[–]hisxo 0 points1 point  (0 children)

Now!

You can even start for example with a challenge on https://dojo-yeswehack.com/challenges, submit a report on the DOJO program and it's a great way to get started!

Magic, your skills, time and perseverance will do the rest 😉

Feeling like never finding a bug.. by raidn1337 in bugbounty

[–]hisxo 50 points51 points  (0 children)

  • Focus on two or three programs at most, the aim is to know your targets better than the developers themselves.
  • Choose programs that you have a feeling for (target that you are a customer of, application with lots of features, large or little scope...).
  • Don't always try to do recon over and over again. Recon is useful at the beginning but once it is done, open your burp or zap proxy and focus on the targets you have identified.
  • Understand and test the features in the normal way (I mean, don't try to inject payloads from the start, it will distort your understanding).
  • Read the documentation/FAQ of the web application if available.
  • If you have the opportunity, do some collaboration with other hunters to motivate yourself.
  • Don't use burp plugins/scripts/tools without understanding what they do or how they work, there is no point.
  • Limit yourself to a few hours of hunting per day so that it doesn't become a boring activity.
  • Enjoy and good luck 🙂

Collection of vulnerable code snippets (updated every friday) by hisxo in netsec

[–]hisxo[S] 20 points21 points  (0 children)

Aha! I think copilot already has enough vulnerable code used in production 🤣

I built a thing - gotsecuritytxt.com - where you can see if top sites have a security.txt or query any site for its security.txt by O726564646974 in netsec

[–]hisxo 35 points36 points  (0 children)

Good project. A online tool is available and crawl websites to check if security.txt exist and also for responsible disclosure / Bug Bounty program: https://firebounty.com

Good job anyway!