#bugbountytips
LightNews LightNews
monke.ie
🐵 MonkeHacks #83
H1-3120, Office, Illusions

#bugbountytips #hacktheplanet #BugBounty monke.ie/p/monkehacks...
MonkeHacks #83
H1-3120, Office, Illusions
monke.ie
November 10, 2025 at 4:10 PM
monke.ie
🐵 MonkeHacks #82
Mudge, Mini-Scripts, Fighting the Current

#bugbountytips #hacktheplanet #BugBounty monke.ie/p/monkehacks...
MonkeHacks #82
Mudge, Mini-Scripts, Fighting the Current
monke.ie
October 31, 2025 at 11:50 AM
monke.ie
🐵 MonkeHacks #81
Schedule, Adjusting, Amsterdam

#bugbountytips #hacktheplanet #BugBounty monke.ie/p/monkehacks...
MonkeHacks #81
Schedule, Adjusting, Amsterdam
monke.ie
October 23, 2025 at 8:06 PM
haxshadow.bsky.social
How to Pentest & Bug Hunt a WordPress Website from Recon to Report — Live Walkthrough
visit: www.youtube.com/live/UVb3j8W...

#CyberSecurity #BugBounty #bughunting #bugbountytips #mariners #sakural
How to Pentest & Bug Hunt a WordPress Website from Recon to Report — Live Walkthrough
YouTube video by Haxshadow
www.youtube.com
October 23, 2025 at 3:03 PM
marduk-james.bsky.social
Using #owasp tool Amass 5.0.0 for recon. Hope this helps!

#bugbountytips #bugbounty #CyberSecurity #resonnaissance #EthicalHacking

medium.com/@marduk.i.am...
Amass 5.0.0 Usage for Recon
OWASP Tool
medium.com
October 21, 2025 at 11:49 AM
monke.ie
🐵 MonkeHacks #80
Cats, CTBB, H1 LHE

#bugbountytips #hacktheplanet #BugBounty monke.ie/p/monkehacks...
MonkeHacks #80
Cats, CTBB, H1 LHE
monke.ie
October 16, 2025 at 2:56 PM
faav.net
Part II: I found a bypass to Microsoft's fix using a Timing Attack to leak the Microsoft Event Registration database again! Here's the writeup: blog.faav.top/microsoft-ev... #BugBounty #bugbountytips
October 14, 2025 at 4:26 AM
faav.net
I found another vulnerability to leak the Microsoft Events Registration and Waitlist databases, this could've leaked tons of PII. Here's the writeup: blog.faav.top/microsoft-ev... #BugBounty #bugbountytips

After this, I found a bypass to Microsoft’s fix and will be releasing Part II in a few days.
Microsoft Events Leak, Part I: Leaking Event Registration and Waitlist Databases
How I was able to leak the Microsoft Event Registration and Waitlist Databases to leak tons of PII.
blog.faav.top
October 8, 2025 at 9:07 PM
haxshadow.bsky.social
I’m showing you how to use Penligentai, an AI-powered tool that automates bug bounty hunting and website penetration testing.
poc: youtu.be/z0P1Io1wSog?...

#DWTS34 #blacksky #silksong #bugbountyhunting #bugbountytips
How to Automate Bug Bounty & Website Pentesting with AI (Penligent.ai)
YouTube video by Haxshadow
youtu.be
October 8, 2025 at 10:02 AM
marduk-james.bsky.social
Latest #Portswigger SQL lab write-up.

#BugBounty #bugbountytips #SQL #SQLI #injection #informationsecurity #PortswiggerLabs

medium.com/@marduk.i.am...
Visible Error-Based SQL Injection
A Portswigger Lab
medium.com
October 7, 2025 at 5:14 PM
monke.ie
🐵 MonkeHacks #79
HackAIcon, Mexico Bugswat, No Cat (Yet)

#bugbountytips #hacktheplanet #BugBounty monke.ie/p/monkehacks...
MonkeHacks #79
HackAIcon, Mexico Bugswat, No Cat (Yet)
monke.ie
October 6, 2025 at 12:23 AM
marduk-james.bsky.social
Latest #Portswigger lab write-up.

#BugBounty #bugbountytips #SQL #SQLI #injection #informationsecurity #PortswiggerLabs

medium.com/@marduk.i.am...
Blind SQL Injection with Conditional Errors
A Portswigger Lab
medium.com
October 5, 2025 at 7:29 AM
stealthcopter.bsky.social
REGEXSS: How .* Turned Into over $6k in Bounties

Overly-greedy regex replacements can break HTML sanitisation & lead to XSS. Includes a live demo you can try exploiting it yourself!

sec.stealthcopter.com/regexss

#BugBounty #BugBountyTips #XSS #AppSec
Stealthcopter
Overly-greedy regex replacements can break HTML sanitisation and lead to XSS. I’ve already pulled in over $6k from this bug class, and there are plenty mo
sec.stealthcopter.com
September 24, 2025 at 7:50 AM
monke.ie
🐵 MonkeHacks #78
Hobbies, Startup, Conveniences

#bugbountytips #hacktheplanet #BugBounty monke.ie/p/monkehacks...
MonkeHacks #78
Hobbies, Startup, Conveniences
monke.ie
September 23, 2025 at 5:18 PM
monke.ie
🐵 MonkeHacks #77
Rhythm, Guitar, Friends

#bugbountytips #hacktheplanet #BugBounty monke.ie/p/monkehacks...
MonkeHacks #77
Rhythm, Guitar, Friends
monke.ie
September 15, 2025 at 5:49 PM
stealthcopter.bsky.social
Last week I found two regex bugs using regex → unauth XSS → 2× $2k = $4k in bounties 🥳 If you’ve been putting it off, learn regex. Seriously.

/regex\+xss/\$4k/

#BugBounty #BugBountyTips
September 11, 2025 at 7:49 AM
monke.ie
🐵 MonkeHacks #76
Travels, Friends and the Lunar Eclipse

#bugbountytips #hacktheplanet #BugBounty monke.ie/p/monkehacks...
MonkeHacks #76
Travels, Friends and the Lunar Eclipse
monke.ie
September 8, 2025 at 4:29 AM
haxshadow.bsky.social
We often do API key testing or API key hunting. But we don't know whether the API key is valid or not, you can use this tool. You can check whether the api key is active or not.
Testing Tool visits Now securitytoolkits.com/tools/api-ke...

#apikey #bugbounty #cybersecurity #bugbountytips #apiktest
September 6, 2025 at 6:07 AM
twuai.bsky.social
How to Exploit CVE-2025-29927 in Next.js Middleware | Step-by-Step Tutorial Docker Lab Setup twuai.com/search/Fv1QS...
#cve #vulnerability #auth #bypassing #docker #nextjs #exploiting #infosec #bugbounty #bugbountytips #bughunter #hacking101
How to Exploit CVE-2025-29927 in Next.js Middleware | Step-by-Step Tutorial Docker Lab Setup
In today's video, I demonstrate how to exploit the critical Next.js vulnerability (CVE-2025-29927) in its middleware, showing you how an attacker can bypass authorization and compromise security. I'll...
twuai.com
September 2, 2025 at 4:40 PM
haxshadow.bsky.social
Live Bug Bounty: How to Find & Exploit CVEs Full Tutorial 2025.
How to find CVEs in real targets Step-by-step exploit demonstration Pro tips for bug bounty recon & exploitation My live workflow used on real platforms
#privacy #RasheeRice #bugbountytips
youtu.be/skdjzsl8Y5Q?...
Live Bug Bounty: How to Find & Exploit CVEs Full Tutorial 2025
YouTube video by Haxshadow
youtu.be
August 27, 2025 at 5:20 PM
security-tips.bsky.social
✅𝗠𝗮𝘀𝘁𝗲𝗿𝗶𝗻𝗴 𝗖𝗨𝗥𝗟 𝗳𝗼𝗿 𝗛𝗮𝗰𝗸𝗶𝗻𝗴✅
𝗗𝗼𝘄𝗻𝗹𝗼𝗮𝗱: https://PX6GZP.short.gy/sOFbWj
#CyberSecurity #InfoSec #BugBounty #BugBountyTips #BugBountyHunter #Hacking #Cyber #Privacy
August 26, 2025 at 4:47 PM
security-tips.bsky.social
✅𝗨𝘃𝗴𝗽𝘁𝘅.𝗝𝗮𝗶𝗹𝗯𝗿𝗲𝗮𝗸 𝗚𝘂𝗶𝗱𝗲✅
https://PX6GZP.short.gy/mE6PK4https://PX6GZP.short.gy/nzWuLL
#CyberSecurity #InfoSec #BugBounty #BugBountyTips #BugBountyHunter #Hacking #Cyber #Privacy
August 26, 2025 at 3:25 PM
security-tips.bsky.social
✅𝗟𝗶𝗻𝘂𝘅 𝗧𝗵𝗲 𝗨𝗹𝘁𝗶𝗺𝗮𝘁𝗲 𝗚𝘂𝗶𝗱𝗲✅
https://PX6GZP.short.gy/mE6PK4
#CyberSecurity #InfoSec #BugBounty #BugBountyTips #BugBountyHunter #Hacking #Cyber #Privacy
August 26, 2025 at 12:51 PM
security-tips.bsky.social
✅𝗔𝗿𝘁𝗶𝗰𝗹𝗲 𝗶𝗻𝘁𝗿𝗼𝗱𝘂𝗰𝗶𝗻𝗴 𝗮𝗻𝗱 𝗲𝘅𝗽𝗹𝗼𝗶𝘁𝗶𝗻𝗴 𝟰 𝗯𝘂𝗴𝘀✅
🔥Download: https://PX6GZP.short.gy/Yldcuo
#CyberSecurity #InfoSec #BugBounty #BugBountyTips #BugBountyHunter #Hacking #Cyber #Privacy
August 26, 2025 at 9:34 AM
faav.net
I found another vulnerability to leak Microsoft Employee PII ($7500 Bounty) and 700M+ Microsoft partner records. Here's the writeup: blog.faav.top/microsoft-pa... #BugBounty #bugbountytips
Microsoft Partner Leak: Leaking Microsoft Employee PII and 700M+ Partner Records
How I hacked the Microsoft Device Pricing Program to leak Microsoft Employee PII and 700M+ Microsoft partner records.
blog.faav.top
August 26, 2025 at 12:46 AM