César Pose<p>90% of code will be writen by AI, they say...<br>And Bug Bounty Hunters...<br>😅😅😅😅😅😅</p><p><a href="https://infosec.exchange/tags/ai" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ai</span></a> <a href="https://infosec.exchange/tags/aicoding" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>aicoding</span></a> <a href="https://infosec.exchange/tags/programming" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>programming</span></a> <a href="https://infosec.exchange/tags/bugbounty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bugbounty</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
helvede.net is one of the many independent Mastodon servers you can use to participate in the fediverse.
Velkommen til Helvede, fediversets hotteste instance! Vi er en queerfeministisk server, der shitposter i den 9. cirkel.
Welcome to Hell, We’re a DK-based queerfeminist server.
Read our server rules!
Administered by:
Server stats:
159active users
helvede.net: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.7
#bugbounty
0 posts · 0 participants · 0 posts today
The New Oil<p>A new security fund opens up to help protect the <a href="https://mastodon.thenewoil.org/tags/fediverse" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fediverse</span></a></p><p><a href="https://techcrunch.com/2025/04/02/a-new-security-fund-opens-up-to-help-protect-the-fediverse/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">techcrunch.com/2025/04/02/a-ne</span><span class="invisible">w-security-fund-opens-up-to-help-protect-the-fediverse/</span></a></p><p><a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://mastodon.thenewoil.org/tags/FOSS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FOSS</span></a> <a href="https://mastodon.thenewoil.org/tags/BugBounty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BugBounty</span></a></p>
Peter N. M. Hansteen<p>And following the result of the poll, here is the whole thing in the raw: <a href="https://nxdomain.no/~peter/bugbounty/20250401_ahmedraslanco@gmail.com_bugbounty_plz_drift@nuug.no.txt" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">nxdomain.no/~peter/bugbounty/2</span><span class="invisible">0250401_ahmedraslanco@gmail.com_bugbounty_plz_drift@nuug.no.txt</span></a> <a href="https://mastodon.social/tags/bugbounty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bugbounty</span></a> <a href="https://mastodon.social/tags/bugbunnies" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bugbunnies</span></a> <a href="https://mastodon.social/tags/scriptkiddies" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>scriptkiddies</span></a> <a href="https://mastodon.social/tags/scammers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>scammers</span></a> <a href="https://mastodon.social/tags/spammers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>spammers</span></a> <a href="https://mastodon.social/tags/scambunnies" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>scambunnies</span></a></p>
Peter N. M. Hansteen<p>A message just inboxed here with</p><p>"To: undisclosed-recipients: ;<br>Subject: Request to Join Your Private Bug Bounty Program"</p><p>Should I put the entire message on display somewhere and post the link to the fediverse?</p><p><a href="https://mastodon.social/tags/scriptkiddies" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>scriptkiddies</span></a> <a href="https://mastodon.social/tags/bugbunnies" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bugbunnies</span></a> <a href="https://mastodon.social/tags/bugbounty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bugbounty</span></a> <a href="https://mastodon.social/tags/scammers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>scammers</span></a> <a href="https://mastodon.social/tags/spammers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>spammers</span></a> <a href="https://mastodon.social/tags/scambunnies" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>scambunnies</span></a></p>
The New Oil<p><a href="https://mastodon.thenewoil.org/tags/OpenAI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenAI</span></a> now pays researchers $100,000 for critical vulnerabilities</p><p><a href="https://www.bleepingcomputer.com/news/security/openai-now-pays-researchers-100-000-for-critical-vulnerabilities/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/openai-now-pays-researchers-100-000-for-critical-vulnerabilities/</span></a></p><p><a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://mastodon.thenewoil.org/tags/BugBounty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BugBounty</span></a></p>
Konstantin :C_H:<p>With <a href="https://infosec.exchange/tags/CVE_2025_29927" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CVE_2025_29927</span></a>, Next.js has now suffered its second major vulnerability in just three months, following <a href="https://infosec.exchange/tags/CVE_2024_51479" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CVE_2024_51479</span></a>.</p><p>I originally built CVE Crowd with <a href="https://infosec.exchange/tags/NextJS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NextJS</span></a>.</p><p>However, as the application became more complex (especially with authentication), I decided to switch to a framework I was more familiar with.</p><p>Honestly, I’m feeling a bit relieved about that right now...</p><p><a href="https://infosec.exchange/tags/Pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Pentesting</span></a> <a href="https://infosec.exchange/tags/AppSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AppSec</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/BugBounty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BugBounty</span></a> <a href="https://infosec.exchange/tags/Hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Hacking</span></a> <a href="https://infosec.exchange/tags/CVE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CVE</span></a> <a href="https://infosec.exchange/tags/CVECrowd" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CVECrowd</span></a></p>
B'ad Samurai 🐐<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@cR0w" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>cR0w</span></a></span> If you're in a BB program like Hacker1, they are very quick to claim these. Often -1 to +1 day my tooling will.</p><p>If your org suffers this often, I do recommend including it within the scope of your BB program*</p><p>*First must start a BB program </p><p><a href="https://infosec.exchange/tags/dns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dns</span></a> <a href="https://infosec.exchange/tags/bugbounty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bugbounty</span></a></p>
The New Oil<p><a href="https://mastodon.thenewoil.org/tags/Google" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Google</span></a> paid $12 million in bug bounties last year to security researchers</p><p><a href="https://www.bleepingcomputer.com/news/security/google-paid-12-million-in-bug-bounties-last-year-to-security-researchers/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/google-paid-12-million-in-bug-bounties-last-year-to-security-researchers/</span></a></p><p><a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://mastodon.thenewoil.org/tags/BugBounty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BugBounty</span></a></p>
Konstantin :C_H:<p>I'm excited to share CVE Crowd's Top 5 Vulnerabilities from February 25!</p><p>These five stood out among the 352 CVEs actively discussed across the Fediverse.</p><p>For each CVE, I’ve included a standout post from the community.</p><p>Enjoy exploring! 👇</p><p><a href="https://infosec.exchange/tags/Pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Pentesting</span></a> <a href="https://infosec.exchange/tags/AppSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AppSec</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/BugBounty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BugBounty</span></a> <a href="https://infosec.exchange/tags/Hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Hacking</span></a> <a href="https://infosec.exchange/tags/CVE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CVE</span></a> <a href="https://infosec.exchange/tags/CveCrowd" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CveCrowd</span></a></p>
Max Maass :donor:<p>Update on the <a href="https://infosec.exchange/tags/BugBounty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BugBounty</span></a> project: a mixed bag so far. Two of the reports were accepted as low findings (fair enough), with a combined reward of 100€, which is nice. Others were closed as out of scope, admonishing me to read the scope document.</p><p>I always figured that the "no brute force" exclusions in bug bounty scopes means that I should not try to brute force passwords, but if I find a way to guess passwords in a way that is much more efficient than the regular login form, this would still qualify, as long as I didn’t actively exploit it. But it seems like some programs disagree. So, if I find a misconfiguration that opens an authentication server up to more efficient password guessing, I should... just sit on it since it is out of scope? I don't even necessarily want a bounty, I just want people to fix it, but apparently some of these just get closed by triage and not even forwarded to the affected companies…</p><p>Would be interested in hearing your experience with this kind of situation - how do you handle such scope issues, especially if you’re not really in it for the money and just want the companies to close easily fixed issues in their configs?</p>
Hush Line<p>Software teams, how do you receive vulnerability reports? You can use Hush Line, our free, open-source, anonymous reporting platform. It's easy to set up and end-to-end encrypted, so only you can read your messages.</p><p><a href="https://hushline.app" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">hushline.app</span><span class="invisible"></span></a></p><p><a href="https://mastodon.social/tags/software" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>software</span></a> <a href="https://mastodon.social/tags/developer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>developer</span></a> <a href="https://mastodon.social/tags/reporting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>reporting</span></a> <a href="https://mastodon.social/tags/vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vulnerability</span></a> <a href="https://mastodon.social/tags/bugbounty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bugbounty</span></a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a></p>
The New Oil<p><a href="https://mastodon.thenewoil.org/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Microsoft</span></a> raises rewards for <a href="https://mastodon.thenewoil.org/tags/Copilot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Copilot</span></a> <a href="https://mastodon.thenewoil.org/tags/AI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AI</span></a> <a href="https://mastodon.thenewoil.org/tags/BugBounty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BugBounty</span></a> program</p><p><a href="https://www.bleepingcomputer.com/news/microsoft/microsoft-raises-rewards-for-copilot-ai-bug-bounty-program/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/micr</span><span class="invisible">osoft/microsoft-raises-rewards-for-copilot-ai-bug-bounty-program/</span></a></p><p><a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a></p>
Mohammad E. Sepehr<p>A show-off bug hunter: <br>"No helmet? That’s a serious bug! Time for a fix!"</p><p><a href="https://mastodon.social/tags/comics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>comics</span></a> <a href="https://mastodon.social/tags/humor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>humor</span></a> <a href="https://mastodon.social/tags/funfact" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>funfact</span></a> <a href="https://mastodon.social/tags/bugbounty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bugbounty</span></a> <a href="https://mastodon.social/tags/bughunter" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bughunter</span></a> <a href="https://mastodon.social/tags/programming" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>programming</span></a> <a href="https://mastodon.social/tags/code" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>code</span></a> <a href="https://mastodon.social/tags/bug" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bug</span></a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a></p>
Konstantin :C_H:<p>🚨 Biggest update to CVE Crowd since launch! 🚨 </p><p>More than a year after its release, cvecrowd.com is getting its most significant update yet.</p><p>Here's a quick overview of what's new:<br>✅ Choosable timeframes (24h, 7d, 30d)<br>✅ Search functionality<br>✅ Custom feeds</p><p>Learn more below 🧵</p><p><a href="https://infosec.exchange/tags/Pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Pentesting</span></a> <a href="https://infosec.exchange/tags/AppSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AppSec</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/BugBounty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BugBounty</span></a> <a href="https://infosec.exchange/tags/Hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Hacking</span></a> <a href="https://infosec.exchange/tags/CVE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CVE</span></a> <a href="https://infosec.exchange/tags/CveCrowd" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CveCrowd</span></a></p>
Bálint Magyar<p>I've just published my first article on my security research; starting things off light with a fun little content injection. :)</p><p>(This also happens to be the debut of a basic site generator I whipped up in Lua — long live the <a href="https://mastodon.social/tags/IndieWeb" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IndieWeb</span></a>, long live static HTML!)</p><p><a href="https://bm.gy/qrinj" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">bm.gy/qrinj</span><span class="invisible"></span></a></p><p><a href="https://mastodon.social/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://mastodon.social/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersecurity</span></a> <a href="https://mastodon.social/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a> <a href="https://mastodon.social/tags/BugBounty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BugBounty</span></a> <a href="https://mastodon.social/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Vulnerability</span></a></p>
Gi7w0rm<p>Hey, we even have a <a href="https://infosec.exchange/tags/Bugbounty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Bugbounty</span></a> Program, we are so secure!<br>The Bugbounty program:</p>
mretka :neocat_comfy_happy: :heart_cyber:<p>Here's my <a href="https://infosec.exchange/tags/introduction" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>introduction</span></a> long overdue!</p><p>Hi! I'm a software engineer during the day and <a href="https://infosec.exchange/tags/music" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>music</span></a> <a href="https://infosec.exchange/tags/math" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>math</span></a> <a href="https://infosec.exchange/tags/planners" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>planners</span></a> <a href="https://infosec.exchange/tags/stationery" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>stationery</span></a> nerd during after hours :D</p><p>My interests:</p><p>- I play the guitar, now I'm moving to playing the bass guitar.<br>- <a href="https://infosec.exchange/tags/emacs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>emacs</span></a> and <a href="https://infosec.exchange/tags/orgmode" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>orgmode</span></a>. <a href="https://infosec.exchange/tags/lisp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>lisp</span></a> is growing on me.<br>- <a href="https://infosec.exchange/tags/machinelearning" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>machinelearning</span></a> and <a href="https://infosec.exchange/tags/jupyter" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>jupyter</span></a> in general<br>- <a href="https://infosec.exchange/tags/statistics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>statistics</span></a><br>- Mostly <a href="https://infosec.exchange/tags/manga" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>manga</span></a> nowadays and some <a href="https://infosec.exchange/tags/anime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>anime</span></a>. And then I started to learn Japanese as a result.<br>- <a href="https://infosec.exchange/tags/drawing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>drawing</span></a><br>- Recently got into <a href="https://infosec.exchange/tags/lockpicking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>lockpicking</span></a> and <a href="https://infosec.exchange/tags/locksport" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>locksport</span></a>. Tried my hand at <a href="https://infosec.exchange/tags/bugbounty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bugbounty</span></a> in the beginning of last year. <br>- <a href="https://infosec.exchange/tags/cooking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cooking</span></a> <br>- <a href="https://infosec.exchange/tags/fashion" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fashion</span></a><br>- <a href="https://infosec.exchange/tags/chess" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>chess</span></a> </p><p>I'm a big fan of <a href="https://infosec.exchange/tags/irc" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>irc</span></a> and <a href="https://infosec.exchange/tags/rss" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>rss</span></a> feeds as well. I like using Matrix too btw.</p>
Claudius Link<p>I should check what disclosure periods <a href="https://infosec.exchange/tags/BugBounty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BugBounty</span></a> organisations use.</p><p>Maybe <span class="h-card" translate="no"><a href="https://infosec.exchange/@k8em0" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>k8em0</span></a></span> would have some input 🙂</p><p><a href="https://infosec.exchange/@k8em0/110186072873805241" translate="no" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@k8em0/110186</span><span class="invisible">072873805241</span></a> contains some</p>
MSkwar<p>🎉 Just landed my first real-world RCE! Discovered a critical vuln in a web app’s file upload parsing via a white-box assessment. 🕵️♂️ Fuzzed directories, intercepted uploads, and demoed with “Hello World” to show the impact.</p><p>Takeaway? Insider access helps, but thinking like an attacker is the key! 🔒 <a href="https://mastodon.social/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersecurity</span></a> <a href="https://mastodon.social/tags/BugBounty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BugBounty</span></a></p>
Cassidy James :eos: :gg: :fh:<p>We didn’t have the best experience with bug bounties at elementary—the platform we were using turning into a cryptocoin rug pull notwithstanding.</p><p>That said, it’s been a while since I heard about bounty programs for open source projects. Maybe we were just inexperienced, or the platform we were using was not set up well. Has anyone seen successful examples?</p><p>Someone recently pointed out <a href="https://algora.io" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">algora.io</span><span class="invisible"></span></a>. Has anyone here used it?</p><p><a href="https://mastodon.blaede.family/tags/OpenSource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenSource</span></a> <a href="https://mastodon.blaede.family/tags/BugBounties" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BugBounties</span></a> <a href="https://mastodon.blaede.family/tags/BugBounty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BugBounty</span></a> <a href="https://mastodon.blaede.family/tags/FOSS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FOSS</span></a> <a href="https://mastodon.blaede.family/tags/funding" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>funding</span></a></p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload