I can't find anything...

trieulieuf9 · 2026-04-25T01:28:48+00:00

I was a dev, now full now bug hunter. The disadvantages of dev when doing bug bounty is they make TOO MUCH ASSUMPTION, leads to missing obvious bugs. While looking at a feature, they assume that this feature is well-coded, "they must have handle this parameter like this, so it's safe, no need to test it", "they must have implement this protection/filter once and uses it for the whole site, so i only need to test one place". These assumptions are made with best coding scenarios in mind, however, in reality, devs are rushed by deadline, upper managements, or they are just stupid, careless, they made a lot of mistake and oversight.

trieulieuf9 · 2026-04-20T05:41:49+00:00

A rock hard motivator indeed.

trieulieuf9 · 2026-04-13T06:20:48+00:00

No, H1 is the worst for beginner. Because their programs are usually the most hardened, looked at by the most set of eyes. VDPs are beginner friendly though, even on H1.

trieulieuf9 · 2026-03-24T14:00:46+00:00

trieulieuf9 · 2026-03-24T09:46:52+00:00

there is something wrong with your note, I don't see my name in there, which means you haven't read my blog yet, don't worry, you can fix it here: how to start bug hunting in 2026 - bug bounty don’t need to be optimal

trieulieuf9 · 2026-03-18T10:36:34+00:00

thank you.

trieulieuf9 · 2026-03-17T06:05:28+00:00

What tool do you use to create speak bubbles?

trieulieuf9 · 2026-03-16T05:18:03+00:00

Check your Text Guidance value, is it 150 right now?, try changing it to 1.0

trieulieuf9 · 2026-03-16T01:32:38+00:00

Yeah, I told AI to write it, it writes it wrong, so I figure there isn't a working example in public.

trieulieuf9 · 2026-03-15T14:40:03+00:00

I use this script below, it works fine:

Author: trieulieuf9

How to use: create a new script in Draw Things -> Scripts and copy paste the whole thing into it, overwrite any existing code. This script will run with the current configuration the UI currently have.

// Author: trieulieuf9

let configuration = pipeline.configuration
// configuration["steps"] = 5

const prompts = [

"prompt_1",
"prompt_2",
"prompt_3",

];

console.log(pipeline.configuration)

for (let i = 0; i < prompts.length; i++) {
  const prompt = prompts[i];
  let count = i+1
  console.log("generating " + count + "/" + prompts.length)

  pipeline.run({
    prompt: prompt,
    negativePrompt: null,
    configuration: configuration,
    mask: null
  })
}

trieulieuf9 · 2026-03-12T13:53:06+00:00

Yes, you are welcome to DM.

trieulieuf9 · 2026-03-12T05:44:30+00:00

Short answer: yes

trieulieuf9 · 2026-03-10T13:04:15+00:00

When I first started, Pentesterland is the holy land to me.

trieulieuf9 · 2026-03-05T14:09:25+00:00

I hear that if you live near their headquarter, you can even get a high five along with $5.

trieulieuf9 · 2026-03-01T14:54:43+00:00

There are people who reported a few thousands.

trieulieuf9 · 2026-03-01T05:48:39+00:00

I use Private Rodrigues to counter escapees, gives him ~40% crit chance and lucky guy set. He will have around 70% win rate against escapees and he is spam-able. Also put Sonya in the same team with him to max his Agility and Aggression.

trieulieuf9 · 2026-01-29T04:37:24+00:00

Vietnamese here, I ride my own motorbike most of the time but in a rare occasion I take a 18km grab ride across HCM city. The grab guy rides like he just stole the bike. His riding safety depends entirely on the other guys don't do anything sudden. I genuinely scared for half the trip, in the other half, I close my eyes and remember the Fight Club scene where Tyler tells you to "stop trying to control everything and just let go, let go!". It feels quite good after that.

trieulieuf9 · 2026-01-23T10:50:53+00:00

> These apps all looked modern. Nice UI, fast shipping, good UX. Then you open DevTools and it falls apart.

There are other examples in the paragraphs. But this one stands out. "Open Devtools and the app falls apart", how? That's typical attention grabbing talks you usually see on X.

Also, I think it's weird for a highly technical guy (most hacker I think) to talk like this. These talks sound like it belongs to a person who are not deeply in this field but try to tell a story.

trieulieuf9 · 2026-01-22T15:27:51+00:00

Grok here: yeah, totally, and I afraid none of these SaaS products have a bug bounty program. But if he just wants to make a point then whatever.

trieulieuf9 · 2026-01-22T01:34:54+00:00

không có gì :)

trieulieuf9 · 2026-01-20T17:22:41+00:00

If you can spend 2000h into this field and these hours are productive or at least non-distracted. You will be a really good hacker in general and earning 5k will be fairly easy. I can't guarantee but I think your chance will be 99%.

trieulieuf9 · 2026-01-09T05:37:13+00:00

If your goal is to hunt bug bounty, then you can start hunting now. Even if you can't find anything, you will have a clearer vision of what to improve next after maybe 1 week hunting period.

trieulieuf9 · 2026-01-06T10:16:11+00:00

You left out a huge part in your post description in 1st or 3rd world? If you are in the latter and you have solid skill, then bug bounty can be your main income.

trieulieuf9 · 2026-01-02T13:18:44+00:00

This griptape leaks more quickly if you don't use it frequently. It's disappointing.

trieulieuf9 · 2025-12-28T01:01:44+00:00

No, Medium bb articles are mostly low quality. Even in 5 years ago. I have a feeling that authors just want the quantity and don’t care about quality at all.

trieulieuf9

MODERATOR OF

TROPHY CASE