Disclosed. May 18 2025: From Dubai to DEFCON. SSRF, RCE, and Upgrades to Naabu and More

Celebrating the HackerOne Ambassador World Cup Champions
🔗 Tweet by HackerOne

This tweet announces the winners of the Ambassador World Cup, applauding the contributions of security researchers and underscoring the significance of crowdsourced security.
Read the full tweet →

Insights from Google LHE Winners Roundtable Discussion 
🔗 Tweet by Critical Thinking - Bug Bounty Podcast

This tweet reveals a new episode featuring discussions with bug bounty winners and insights from the recent Google LHE event.
Read the full tweet →

Countdown to Hack Space Con
🔗 Tweet by HackSpaceCon

This tweet invites registrations for the upcoming Hack Space Con, emphasizing innovation and projects in the cybersecurity realm.
Read the full tweet →

Amazon's In-Person Challenge Yields 45 Critical Bugs 
🔗 Tweet by HackerOne

Amazon's first in-person challenge, hosted on HackerOne, discovered 45 valid critical or high-severity issues in nine days, showcasing collaborative security effectiveness.
Read the full tweet →

Have something you want to Spotlight? Tell me.

NahamCon2025 Introduces AI-Focused Tracks for Hacking 
🔗 Tweet by Nahamsec

NahamCon2025 will feature two days dedicated to specialized tracks, with Day 1 focusing on Hacking AI and Day 2 on the main signature track, featuring noted speakers.
Read the full thread →

Highlights from Nepal's First Open Bug Bounty Event
🔗 Tweet by Ananda Dhakal

This tweet summarizes a bug bounty event in Nepal, showcasing collaboration among hackers and participant interviews, emphasizing community involvement and sponsorship.
Read more →

CFP for Bug Bounty Village at DEF CON is Now Closed 
🔗 Tweet by Bug Bounty Village

The call for papers for the Bug Bounty Village at DEFCON is closing soon, inviting submissions for talks and workshops on hacking and vulnerability research.
Read the full tweet →

New Bug Bounty to Test Anti-Jailbreaking System 
🔗 Tweet by Anthropic

A bug bounty initiative has launched to evaluate an updated anti-jailbreaking system, running through Sunday in collaboration with Hacker0x01.
Read the full tweet →

Did I miss an important update? Tell me.

PentestPad/subzy: Subdomain Takeover Vulnerability Checker
📁 Tool by PentestPad

This GitHub repository introduces Subzy, a subdomain takeover vulnerability checker that identifies potential vulnerabilities via response fingerprint matching. It includes installation instructions for Golang users and provides effective usage examples. Key command options allow users to customize scans to their requirements, improving vulnerability discovery efficiency.
View the tool →

xnl-h4ck3r/knoxnl: Python Wrapper for KNOXSS API
📁 Tool by xnl-h4ck3r

The knoxnl project offers a Python wrapper for the KNOXSS API, aimed at XSS vulnerability testing. It features installation instructions, command usage options, and examples showcasing vulnerability scanning techniques. Notable features include customizable output, support for both GET and POST requests, and Discord notification integration. Documentation highlights API usage protocols and specific flags for optimal performance.
View the tool →

Effortlessly Split IP Ranges with mapcidr Tool 
🔗 Tweet by ProjectDiscovery

This tweet showcases the mapcidr tool, which quickly segments large IP address ranges into /24 subnets, facilitating easier network management for security assessments.
View the tool →

reconFTW v3.1.0 Released with Exciting New Features
🔗 Tweet by Six2dez

The latest reconFTW version enhances reconnaissance for bug bounty hunters with improved analysis tools, a new AI-based subwizard, and Arcanu tool integration.
View the tool →

CaidoIO Releases Major Update with WebSocket Interception
🔗 Tweet by Caido

The latest CaidoIO update integrates features like WebSocket interception and guest mode, enhancing the tool's security testing capabilities.
View the tool →

SecShiv/OneDorkForAll 
📁 Tool by SecShiv

The 'OneDorkForAll' repository hosts a vast collection of over 1 million Google dorks, useful for penetration testing and vulnerability discovery. Recently updated, it includes dorks associated with dark web searches and various patterns to assist security research, while cautioning against potential misuse.
View the tool →

Naabu Now Supports UDP Port Scanning for Recon
🔗 Tweet by ProjectDiscovery

This tweet announces Naabu's new support for UDP port scanning, providing commands to bolster users' reconnaissance efforts.
View the tool →

Have a favorite tool? Tell me.

Shopify | Report #2885269 - Privilege Escalation via Partners Invitation Process 
📝 Writeup by mr_asg

This report documents a vulnerability allowing unauthorized users to escalate privileges in Shopify's Partner invitation process without email verification. It details reproduction steps, a Proof of Concept video, and recommendations for reinforcing security through email verification and multi-factor authentication.
Read more →

💵 The $2500 Bug: Remote Code Execution via Supply Chain Attack 
📝 Writeup by Naveen Kumawat

This blog recounts an RCE attack linked to a compromised GitHub account. The author outlines how to identify vulnerable repositories and execute attacks, detailing mitigation strategies following responsible disclosure.
Read more →

$10,000 Bounty: HackerOne Report Comments Leak via “Export as .zip” 
📝 Writeup by Monika Sharma

This blog highlights a critical vulnerability in HackerOne's 'Export as .zip' feature that inadvertently exposed private comments. The author details the discovery process, proof of concept, and advice for locating similar bugs by assessing data visibility across interfaces.
Read more →

$25,000 SSRF in HackerOne’s Analytics Reports 
📝 Writeup by Monika Sharma

The article discusses an SSRF vulnerability in HackerOne’s PDF generation that exposed sensitive AWS metadata. It includes code snippets illustrating the exploitation process that resulted in a $25,000 bounty.
Read more →

$3,750 Bounty: Account Creation with Invalid Email Addresses 
📝 Writeup by Monika Sharma

This write-up examines a vulnerability in HackerOne’s account creation process that allowed sign-ups with invalid email formats. The findings underscore the need for rigorous format validation to prevent injection attacks and data integrity issues.
Read more →

Did I miss an important update? Tell me.

Intigriti May XSS Challenge (0525) 
📝 Writeup by Intigriti

This blog details the Intigriti XSS Challenge, highlighting vulnerabilities like regex bypass and DOM clobbering, including payload crafting for validation bypass and script injection.
Read more →

2fa, OTP Bypass Checklists 2025 
📝 Writeup by Mohaned Alkhlot

This blog collates various techniques for bypassing 2FA and OTP mechanisms, providing insights into attack vectors and practical examples for ethical hackers looking to enhance their methodologies.
Read more →

A Guide to Path Traversal and Arbitrary File Read Attacks 
📝 Writeup by YesWeHack

This guide explains path traversal and arbitrary file-read vulnerabilities, alongside detection methods, encoding tricks for bypassing defenses, and chaining exploits for greater impact.
Read more →

Uncover Hidden URLs with Archived JavaScript Files 
📝 Writeup by Jsmon.sh

This blog reveals a method for extracting hidden URLs from archived JavaScript files, outlining a process that can unveil forgotten APIs and services for bug bounty reconnaissance
Read more →

Automated Techniques for Detecting Misconfigured AWS S3 Buckets 
🔗 Tweet by Intigriti

This tweet discusses automation techniques for identifying misconfigured AWS S3 buckets, addressing prevalent security issues in cloud environments.
Read more →

Mastering Rate Limit Bypass Techniques 
📝 Writeup by coffinxp

Nikhil Shrivastava shares his successful journey in bug bounty hunting, offering advice on strategic vulnerability selection and the role of learning and persistence in achieving success.
Read more →

Master CRLF Injection 
📝 Writeup by coffinxp

This post explores CRLF Injection vulnerabilities and their potential to alter HTTP header behaviors, emphasizing recognition and mitigation for modern web applications.
Read more →

Did I miss something? Tell me.

The Mindset for Finding Highs and Crits in Bug Bounty 
🎥 Video by Bug Bounty Reports Explained

In this talk, bug bounty hunter JR0ch17 discusses insights from their journey, underlining the hacker mindset developed through experiences like OSCP training. They emphasize report impact, critical bug strategies, and the balance between life and bug hunting.
Watch video →

Reflections on a Decade in Bug Bounties 
🎥 Video by Bug Bounty DEFCON

This presentation reviews key lessons learned in bug bounties from both triager and researcher perspectives, sharing practical advice for honing bug hunting skills and community engagement
Watch video →

This Tiny Chrome Behavior Leads to an Account Takeover 
🎥 Video by NahamSec

This video discusses a critical vulnerability in browser behavior that may lead to account takeovers, demonstrating an exploit setup and highlighting key concepts around referral policies.
Watch video →

Explaining XSS Through a Viral Breakdown Video 
🔗 Tweet by Aditya Soni

This tweet shares a video that simplifies XSS mechanics, making it easier for researchers to understand the vulnerability.
View the Tweet →

Did I miss something? Tell me.

Testing IDORs: Beyond Incrementing IDs 
🔗 Tweet by RogueSMG

This tweet emphasizes the necessity of employing various HTTP methods when testing for Insecure Direct Object References (IDORs), as primary method authentication may not be enforced.
Read the full tweet →

Upcoming Bugcrowd 101 Talk at BSides Amman 
🔗 Tweet by Godfather Orwa 🇯🇴

Join us for a 'Bugcrowd 101' talk at BSides Amman, focusing on bug bounty platform insights, critical bug demonstrations, and system setups for both novice and expert hunters.
Read the full tweet →

Unlocking Secrets in Deleted Git Files for Profit 
🔗 Tweet by Critical Thinking - Bug Bounty Podcast

Discover how Sharon Brizinov successfully earned $64,000 by retrieving secrets from deleted Git files, underlining that removed files can still be accessible through git rm.
Read the full tweet →

Exploring $3,000 Instagram IDOR Vulnerability Write-Up 
🔗 Tweet by Dark Web Informer - Cyber Threat Intelligence

The tweet highlights a $3,000 bounty awarded for an IDOR vulnerability in Instagram, along with a link to a comprehensive write-up of the findings.
Read the full tweet →

Did I miss something? Tell me.

Because Disclosure Matters: This newsletter was produced with the assistance of AI. While I strive for accuracy and quality, not all content has been independently vetted or fact-checked. Please allow for a reasonable margin of error. The views expressed are my own and do not reflect those of my employer.