Welcome to Disclosed.
Hey there! Lots of things happening right now between work, personal life, newsletter stuff, bug bounty industry.. let’s dive in.
In This Issue
How to Build an Android Lab for Mobile Hacking [📓 Blog]
by pwnii (@pwnwithlove)
This comprehensive guide outlines the configuration of an Android Bug Bounty lab, emphasizing the distinctions between using emulators and real devices for mobile app testing. It provides in‑depth installation and setup instructions for tools such as Burp Suite and Frida, with techniques for bypassing SSL pinning and root detection. The guide also highlights community tools like Medusa for automating mobile security tasks and offers practical tips for optimizing testing workflows.
Read more →
Reflections on the Joy of Hacking from Ads Dawson [🔗 Tweet]
by bugcrowd
Ads Dawson shares his transformational journey from network engineer to passionate hacker, showcasing the excitement behind offensive security.
See more →
"Hacking, hunting, and curiosity give me a kind of joy...that’s almost impossible to put into words." 💭
Sound familiar? Our own Hacker Advisory Board member Ads Dawson wrote a raw, honest piece on his journey from network engineer to a full-blown "addiction" to offensive
— #bugcrowd (#@Bugcrowd)
6:10 PM • Aug 25, 2025
Sleeper Agents: $118,500+ In Bounties via LLM Data Poisoning [📓 Blog]
by Justas_b
This piece investigates the exploitation potential of 'sleeper' agents using data poisoning in large language models (LLMs). It illustrates how malicious datasets can subtly influence AI behavior and explores examples, including a coding AI that suggests potentially harmful packages. Insights regarding the costs and methodologies of training these models are also provided, highlighting operational and regulatory hurdles for companies.
Read more →
Have something you want to Spotlight? Tell me.
Live Hacking Event by YesWeHack at Nullcon Berlin! [🔗 Tweet]
by YesWeHack
An upcoming exclusive hacking event at Nullcon Berlin allows participants to uncover a secret target and earn bounties for valid vulnerabilities.
See more →
Just 7 days until Berlin turns into a playground for hackers ⏳
At @nullcon, we're hosting an exclusive #LHE where:
🔍 A secret target will be revealed
💰 Valid vulns will turn into bounties
🏆 Hackers will battle for the top of the leaderboardMore 👉 yeswehack.com/page/yeswehack…
— #YesWeHack ⠵ (#@yeswehack)
12:28 PM • Aug 28, 2025
Virtual & In-Person H1 Event Alongside BSides Ahmedabad [🔗 Tweet]
by Akshansh Jaiswal
Announcing a virtual hacking competition and a raffle at BSides Ahmedabad, with networking opportunities at the HackerOne booth included.
🎉 @Hacker0x01 Brand Ambassadors are coming to @bsidesahmedabad!
We’ve got two exciting events lined up:
🔓 Virtual Hacking Competition (27 Aug – 8 Sept)
🎟 Secret Raffle for attendeesPlus, grab swags at the HackerOne booth & network with the community!
👉 Details and RSVP:
— #Akshansh Jaiswal (#@Akshanshjaiswl)
4:02 AM • Aug 26, 2025
Crowdfense Offers $350,000 RCE Bounty for NGINX [🔗 Tweet]
by Crowdfense
Crowdfense is offering a $350,000 reward for any working Remote Code Execution exploit targeting the latest stable version of NGINX.
See more →
We are offering $350,000 for a working Remote Code Execution (RCE) exploit affecting the latest stable release of NGINX.
Submit it via vrh.crowdfense.com
— #Crowdfense (#@crowdfense)
4:00 PM • Aug 28, 2025
SPIRITCYBER 2025 IoT Hackathon [🔗 Tweet]
by YesWeHack
The SPIRITCYBER 2025 IoT Hackathon invites hackers worldwide to test smart devices used in Singapore, with qualifiers from September 15 to October 15.
See more →
🚨 SPIRITCYBER 2025 IoT Hackathon is back: Hunters, this is your chance to prove your skills on a global stage.
@CSAsingapore & @yeswehack are challenging hackers worldwide to test #SmartDevices used across Singapore.
🧠 4-week online qualifiers (15 Sep – 15 Oct)
🏆 Top teams— #YesWeHack ⠵ (#@yeswehack)
4:17 AM • Aug 29, 2025
HackAICon: Ticket Info and Jailbreak Challenge [🔗 Tweet]
by André Baptista
Promoting HackAICon in Lisbon, this tweet invites participants to a CTF challenge involving jailbreaking, with tickets available for purchase or through competition.
See more →
HackAICon is just around the corner!
If you wanna join us in Lisbon and haven't got your ticket yet, grab one here: https://hackaicon..com
If you want to try to win a ticket, we are currently running a 5-level LLM CTF Challenge where your goal is to jailbreak your way into our
— #André Baptista (#@0xacb)
8:50 AM • Aug 28, 2025
HackenProof's Summer Challenge [🔗 Tweet]
by HackenProof
Participants can hunt real vulnerabilities from August 25 to September 25, 2025, in HackenProof's summer bug bounty challenge, with chances to win prizes.
See more →
Summer Security: Last Catch — HackenProof end-of-summer bug bounty challenge is live.
Hunt real targets, earn bounties, and collect “pearls” (event points & prizes).
Dates: Aug 25 – Sep 25, 2025
Check details below ⬇️
— #HackenProof (#@HackenProof)
4:52 PM • Aug 25, 2025
OpenAI Launches $25k Bio Bug Bounty Program for GPT‑5 [🔗 Tweet]
by Tibor Blaho
OpenAI has initiated a Bio Bug Bounty Program for GPT‑5, offering rewards for identifying prompts that can bypass moderation on safety questions.
See more →
OpenAI's GPT-5 Bio Bug Bounty Program starts today (August 25, 2025) - an application and invite-only challenge for vetted bio red-teamers to identify one universal jailbreaking prompt answering all ten bio/chem safety questions without prompting moderation, with rewards up to
— #Tibor Blaho (#@btibor91)
9:47 AM • Aug 25, 2025
New Partnership: Cantina + H1 for Blockchain Security [🔗 Tweet]
by Cantina 🪐
Cantina has partnered with Hacker0x01 to enhance security measures in the rapidly evolving blockchain sector.
See more →
As blockchain adoption accelerates across financial services and enterprises, security must evolve to meet the associated complexities.
That’s why we’re excited to announce a new partnership between Cantina and @Hacker0x01. Details below.
— #Cantina 🪐 (#@cantinaxyz)
2:00 PM • Aug 26, 2025
Zoomtopia: New Scope? [🔗 Tweet]
by Roy Davis
Zoom is hosting Zoomtopia on September 17–18, inviting researchers to explore and test new features, with registration currently open.
See more →
Attention @Zoom #bugbounty researchers! #Zoomtopia is coming up 9/17-18 and is free to register!
Think of it as your yearly treasure map to new Zoom features ripe for testing!
Register today!
— #Roy Davis (#@Hack_All_Things)
3:39 PM • Aug 24, 2025
Did I miss an important update? Tell me.
New ReDocs Plugin for Simplifying API Replay Sessions [📁 Tool]
by Caido
Introducing the 'ReDocs' plugin, which enables users to import API specifications to create replay sessions easily, enhancing the testing process for security researchers.
View the tool →
🚀New plugin in the Caido Store!
Introducing "ReDocs" by @amrelsagaei
Import your API specs and instantly generate Replay sessions from them.
Check out more details: github.com/amrelsagaei/Re…
— #Caido (#@CaidoIO)
12:00 PM • Aug 28, 2025
Enhancements in enumRust [📁 Tool]
by OFJAAAH
The latest updates to the enumRust tool have significantly improved its speed and functionality for reconnaissance tasks.
View the tool →
Updated enumRust, faster and with more functions!
github.com/KingOfBugbount…
#bugbounty #recon #crawler
— #👑 OFJAAAH 👑 (#@ofjaaah)
3:07 AM • Aug 24, 2025
Have a favorite tool? Tell me.
Microsoft PII Leakage Vulnerability with $7500 Bounty [🔗 Tweet]
by Faav
The author identified a vulnerability exposing Microsoft employee PII and over 700 million partner records, rewarding a $7500 bounty for the discovery. A detailed write‑up is linked for further study.
I found another vulnerability to leak Microsoft Employee PII ($7500 Bounty) and 700M+ Microsoft partner records. Here's the writeup: #BugBounty #bugbountytips
— #Faav (#@efaav)
12:40 AM • Aug 26, 2025
August CTF Challenge: Exploiting SSRF via Next.js Middleware [📓 Blog]
by Intrigriti
This post documents an August CTF challenge where an SSRF vulnerability was exploited via Next.js Middleware. It provides a detailed walkthrough of the discovery, highlighting tools like Wappalyzer and source code analysis methods. The author explains how to exploit SSRF by manipulating headers, leading to remote code execution. Key techniques include NoSQL injection and exploiting misconfigured Middleware functionalities.
CTF – Intigriti – 0825 – zhero_web_security [📓 Blog]
by Rachid A – zhero
This comprehensive breakdown of a CTF challenge exploits RCE on a Next.js application. Detailing the framework and rules, the post highlights a middleware that facilitates authorization manipulation. It elaborates on an SSRF vector using the Location header in Next.js, leading to a publicly accessible Jenkins instance discovery and subsequent RCE through crafted scripts, resulting in flag acquisition.
Technical Analysis of a Payment Bypass in Integration of Stripe [📓 Blog]
by Ananda Dhakal
Focusing on a payment bypass vulnerability in the Stripe integration for Prestashop, this post elucidates webhook handling mechanics. The author illustrates how an empty webhook secret allows attackers to manipulate payment statuses, backed by code examples and event structure analysis. Discussions on configuration and security measures emphasize the critical nature of this analysis.
How I Was Able to Takeover Any Report via UUID from Any Organization [📓 Blog]
by bob004x
Detailing an exploit within a cloud‑based subscription management platform, this post showcases how UUIDs can be leveraged for IDOR vulnerabilities. It provides a step-by-step account from UUID structure analysis to using an API endpoint for report transfer. The author shares techniques and a Python script for UUID generation, as well as final API request examples, delivering actionable insights into similar system exploitation.
From “Low‑Impact” RXSS to Credential Stealer: A JS‑in‑JS Walkthrough [📓 Blog]
by r3verii (Martino Spagnuolo)
This post encompasses the escalation of a low-impact reflected XSS (RXSS) to a credential‑stealing attack utilizing a JS‑in‑JS method. It explains server‑side variable manipulation and WAF bypassing through Unicode encoding, culminating in successful credential exfiltration. The reflection on vulnerability evaluation within the bug bounty context leads to impactful reports and bounties.
When CTF Meets Bug Bounty: A Critical UXSS in Opera Browser [📓 Blog]
by Renwa
This investigation reports a critical Unrestricted Cross‑Site Scripting (UXSS) vulnerability in Opera, stemming from a CTF challenge. It discusses parameter manipulation on the GX.games site and exploit leveraging of browser APIs to extract sensitive data, including open tab URLs. The report timeline underscores the severity and corresponding reward for revealing the flaw.
Did I miss an important update? Tell me.
How We Do AI‑Assisted Whitebox Review, New CSPT (Ep. 137) [🎥 Video]
by Critical Thinking – Bug Bounty Podcast
In this episode, Justin Gardner and Joseph Thacker discuss AI hacking assistants and their impact on whitebox reviews.
Watch video →
How Hackers Technically Get Anything for Free [🎥 Video]
by DeadOverflow
Exploring race conditions, this video illustrates how attackers can exploit checkout processes to receive products for free. The presenter demonstrates an exploit on a hypothetical e‑commerce platform and points to past vulnerabilities as case studies while discussing mitigation strategies.
Watch video →
Why Understanding SQL is Essential for Security Researchers [🎥 Video]
by @Tib3rius
The video introduces a simple “break and repair” method for manually detecting SQL injection vulnerabilities without relying on scanners or automated tools. It emphasizes learning to identify and verify injections through query manipulation and repairs, which helps build real-world pentesting and bug bounty skills.
Watch video →
Unlocking the Power of Regex for Recon and Data Analysis [🎥 Video]
by Ben Sadeghipour (nahamsec)
The video pitches regular expressions as an underrated recon superpower for hackers—useful for carving patterns out of huge dumps, filtering noisy tool output, and spotting creds, subdomains, and endpoints. It also walks through regex basics (character classes, quantifiers, anchors, escaping) and shows practical GitHub search patterns to surface domains, subdomains, and API paths that lead to real findings.
Watch video →
Regex is a powerful tool nobody talks about enough. Whether you’re hunting secrets, combing through massive data dumps, or using it for your recon game, it always delivers! Check out my video here: 👉🏼 youtu.be/SWP8o_W0U3M
— #Ben Sadeghipour (#@NahamSec)
1:00 PM • Aug 25, 2025
Did I miss something? Tell me.
Chaining Open Redirect and CSPT for Account Takeover [🔗 Blog]
by bugcrowd
This tweet promotes a blog post that illustrates how to leverage open redirect and CSPT vulnerabilities for comprehensive account takeover, showcasing vulnerability chaining techniques.
See more →
Learning Notes on Web Cache Deception Shared [🔗 Tweet]
by MRD7
The author shares a compilation of learning notes on web cache deception, inviting readers to explore their resources and insights.
See more →
Hello everyone, my blogs were not updated for quite some time. So, I'm sharing my notes which I took while learning about web cache deception. PS: These are not original notes. Many parts of this blogs are taken from other resources. So credit to them.
medium.com/@mrd17x/web-ca…
— #MRD7 (#@_mrd7_)
5:52 PM • Aug 26, 2025
Blind XSS via Clipboard Paste Handling: A Detailed Guide [📓 Blog]
by coffinxp
This post investigates Clipboard Paste XSS vulnerabilities, outlining exploitation methods and prevention strategies, supplemented with proof‑of‑concept examples. The discussion emphasizes the need for robust input sanitization during paste events.
Read more →
Exploring 11 postMessage Vulnerabilities in Bug Bounties [🔗 Tweet]
by ryuku
Announcing a new blog entry, this tweet focuses on 11 postMessage vulnerabilities uncovered during bug bounty engagements, providing valuable insights for ethical hackers.
See more →
Just published my first blog post "Hunting for postMessage Vulnerabilities"
blog.ryukudz.com/posts/postmess…It covers 11 postMessage vulnerabilities I discovered on bug bounty targets. enjoy ☕️
#BugBounty #bugbountytips #websecurity
— #ryuku (#@malekmesdour)
1:42 PM • Aug 24, 2025
XSS Execution Context Nuances for Beginners [🔗 Tweet]
by HackingHub
A beginner’s guide to XSS execution context nuances, emphasizing the critical distinctions in effective payload crafting.
See more →
Still confused about how XSS actually works?
It's not just about payloads. It’s about where and how they execute.
Here’s a quick beginner’s guide to XSS 👇
— #HackingHub (#@hackinghub_io)
5:02 PM • Aug 28, 2025
5 Ways to Identify Report‑Worthy CSRF Vulnerabilities [🔗 Tweet]
by HackingHub
Outlining five critical considerations for spotting impactful CSRF vulnerabilities, this tweet aims to improve the quality of bug reports submitted by researchers.
See more →
Not all CSRFs are created equal.
Understanding the difference is key to writing impactful bug reports.
Here are 5 ways to spot a CSRF worth reporting👇
— #HackingHub (#@hackinghub_io)
4:54 PM • Aug 24, 2025
Exploring Vulnerabilities in Referral Features [🔗 Blog]
by Whit Taylor (@un1tycyb3r)
This blog breaks down why referral reward systems are more dangerous than they look. From business logic flaws and race conditions to cookie injection and “referral hijacking,” these programs can expose serious vulnerabilities. Part 1 of their series explores common implementations and secure development practices to keep rewards from turning into risks.
See more →
Client‑Side JavaScript Instrumentation [📓 Blog]
by Dennis Goodlett
This blog post presents practical techniques for instrumenting client‑side JavaScript to enhance vulnerability discovery, discussing the importance of hooking JavaScript functions and capturing DOM sink input. It introduces the author’s own tool, Eval Villain, which automates parts of the process, helping researchers extract relevant code paths.
Read more →
Exploiting Log4Shell (Log4J) in 2025 [📓 Blog]
by Intigriti
This guide explores the Log4Shell vulnerability within Log4J, detailing advanced identification and exploitation techniques, payload injection methods, and tactics to evade security measures. Practical insights on exploiting Log4Shell, including nested JNDI lookups and payload obfuscation, are covered.
Read more →
Did I miss something? Tell me.
Leveraging HTTP Parameter Pollution for Privilege Escalation [🔗 Tweet]
by @HackingTeam777
The tweet presents a bug bounty tip on HTTP Parameter Pollution vulnerabilities, demonstrating the potential of duplicate parameters to bypass application logic and elevate privileges.
See more →
Bug Bounty Tip: HTTP Parameter Pollution (HPP)
Some apps mishandle duplicate parameters. You can bypass logic or elevate privileges by injecting multiple values:
GET /transfer?amount=100&admin=true&amount=1
⚠️ Always test:
•param=value1¶m=value2
•Encoded (%26,)— #ӉѦСҠіИԌ ҬЄѦӍ (#@HackingTeam777)
7:12 PM • Aug 28, 2025
Exploiting IDOR in API: Gaining Unauthorized Access [🔗 Tweet]
by Sayaan Alam (@ehsayaan)
Detailing an Insecure Direct Object Reference (IDOR) vulnerability, this message highlights how editing notes allowed unauthorized deletion due to permission oversight.
See more →
I recently encountered an IDOR :
DELETE /api/notes/:id → tried deleting someone else’s note → 403 Forbidden (expected)
PUT /api/notes/:id → tried editing the same note → success ✅, no authorization check
After editing, DELETE /api/notes/:id → succeeded, could now delete
— #Sayaan Alam (#@ehsayaan)
12:46 PM • Aug 29, 2025
Exploiting XSS Vulnerabilities with Hoisting Technique [🔗 Tweet]
by Gareth Heyes (@garethheyes)
Discussing the application of XSS Hoisting technique, this tweet highlights how exploiting XSS vulnerabilities can be achieved even through undefined variables.
See more →
Imagine you have a XSS vulnerability but you have a undefined variable before your injection. Is all hope lost? Not at all you can use a technique called XSS Hoisting to declare the variable and continue your exploit. Big thanks to @ycam_asafety for the XSS cheat sheet submission
— #Gareth Heyes \u2028 (#@garethheyes)
1:17 PM • Aug 28, 2025
Exploring Firebase Vulnerabilities: A Hacking Thread [🔗 Tweet]
by Intigriti
This tweet introduces a thread that dives into various methods for exploiting Firebase vulnerabilities, potentially beneficial for security researchers.
See more →
Hacking Firebase targets! 🤑
A thread! 🧵👇
— #Intigriti (#@intigriti)
10:20 AM • Aug 29, 2025
XSS Techniques for WAF Bypass in URL Context [🔗 Tweet]
by KNOXSS
Advanced XSS techniques for bypassing WAF protections in URL contexts are discussed in this tweet.
See more →
#XSS tricks to #Bypass #WAF in the URL Context
by @BRuteLogic=> HTMLi + Double Encoding + Embedded Bytes
JavaScript:"<Svg/OnLoad=alert%25%0A26lpar;1)>"
JavaScript:"\%0A74Svg/On%0ALoad=alert%25%0A26lpar;1%25%0A26rpar;>"
Lab x55.is/brutelogic/dom…
KNOXSS has similar ones! 😉
— #KNOXSS (#@KN0X55)
2:27 PM • Aug 28, 2025
Did I miss something? Tell me.
Because Disclosure Matters: This newsletter was produced with the assistance of AI. While I strive for accuracy and quality, not all content has been independently vetted or fact-checked. Please allow for a reasonable margin of error. The views expressed are my own and do not reflect those of my employer.