GraphQL CSRF via the HEAD method #bugbounty #bugbountytips #bugbountyhunter

10/10 GraphQL SQL injection bug #bugbounty #bugbountytips #bugbountyhunter

Unexpected privilege escalation deletion bug #bugbounty #bugbountytips #bugbountyhunter

Unauthenticated → Low privileges → admin #bugbounty #bugbountytips #bugbountyhunter

Sometimes, one field is all you need for a bug #bugbounty #bugbountytips #bugbountyhunter

GraphQL isn’t just an API to deliver our payloads. Often, its implementations are what actually cause them. To see what bugs it can lead to, studied disclosed bug bounty reports. IDORs, privescs, DoS, CSRFs, SQLis - it's all there. Enjoy!

If your GraphQL testing stops at introspection and ID swapping, you’re missing out. SQLi, CSRF, caching bugs, race conditions, WebSocket bypasses - it’s all there. I studies 90 real reports to find what actually works.

Fuzzing vs broken access control bugs feat. Arthur Aires #bugbounty #bugbountytips #bugbountyhunter

This is why you should run bug bounty tools from a VPS feat. Arthur Aires #bugbounty #bugbountytips #bugbountyhunter

Managing your blind XSS payloads feat. Arthur Aires #bugbounty #bugbountytips #bugbountyhunter

Generating target-specific wordlists feat. Arthur Aires #bugbounty #bugbountytips #bugbountyhunter

Generating target-specific wordlists feat. Arthur Aires #bugbounty #bugbountytips #bugbountyhunter

Automation to get Hackerone program updates feat. Arthur Aires #bugbounty #bugbountytips #bugbountyhunter

In today’s episode, Arthur Aires shares his bug bounty methodology which starts with heavy fuzzing and automation to find the best assets for manual exploitation and escalation. Enjoy!🔥

In this video, Arthur Aires walks us through two real-world deserialization RCEs that include bypassing a class allowlist and then exfiltrating data via DNS. Techniques you'll want in your toolbox. Enjoy!

An ATO that doesn’t make sense feat. Jasmin “JR0ch17” Landry #bugbounty #bugbountytips #bugbountyhunter

Manipulating referer policy when DOM Purify is used feat. Jasmin “JR0ch17” Landry #bugbounty #bugbountytips #bugbountyhunter

SQLi still exists in 2025 feat. Jasmin “JR0ch17” Landry #bugbounty #bugbountytips #bugbountyhunter

Using match and replace rules for quickly applying polyglot payloads feat. Jasmin “JR0ch17” Landry #bugbounty #bugbountytips #bugbountyhunter

Second order injections feat. Jasmin “JR0ch17” Landry #bugbounty #bugbountytips #bugbountyhunter

In this episode, Jasmin “JR0ch17” Landry breaks down how he consistently lands highs and crits - from SSRFs to less common bugs like XXEs and SQLis. Enjoy🔥

Hunting for privilege escalations by modifying the JS feat. @renniepak.nl #bugbounty #bugbountytips #bugbountyhunter

$50k XSS in a web3 website feat. @renniepak.nl #bugbounty #bugbountytips #bugbountyhunter

The CSPBypass website feat. @renniepak.nl #bugbounty #bugbountytips #bugbountyhunter

The mysterious bug bounty methodology

Using javascript bookmarks to speed up bug hunting feat. @renniepak.nl #bugbounty #bugbountytips #bugbountyhunter

An XSS payload tattooed on the forearm feat. @renniepak.nl  #bugbounty #bugbountytips #bugbountyhunter

XSS is still the most common bug class that can be insanely profitable if you master it like my today's guest - Renniepak. In this interview, we talk XSS, CSP bypasses, access control, JS bookmarks, and more... Enjoy🔥

My favourite bug bounty moment of 2024 #bugbounty #bugbountytips #bugbountyhunter

Are client-side RCEs a big part of my hunting style? #bugbounty #bugbountytips #bugbountyhunter

I am discontinuing BBRE Premium in its membership form.

Hackbots for looking for privilege escalation bugs? #bugbounty #bugbountytips #bugbountyhunter

The biggest change I made in my bug bounty hunting in 2024 #bugbounty #bugbountytips #bugbountyhunter

My 2024 bug bounty recap. This episode goes over my most common findings, key lessons learned, changes in my bug bounty methodology, and, as always, a full breakdown of my earnings. Enjoy🔥

I decided to take a look at the 2024 and choose the best bug bounty writeups, blogposts and tools, as well as the most underrated reports of the year. Enjoy🔥

Found a handy new CSP bypass gadget on Snapchat: cspbypass.com#snapchat

Inside the FBI’s Secret Encrypted Phone Company ‘Anom’ - Joseph Cox by @josephfcox https://www.youtube.com/watch?v=uFyk5UOyNqI #BBRENewsletter87

If you want to hear cool BB stories about how I used these gadgets, check out the #DEFCON talk youtu.be/H-bhmSwnRdY

DoubleClickjacking: A new era of UI redressing? by @PaulosYibelo https://www.paulosyibelo.com/2024/12/doubleclickjacking-what.html #BBRENewsletter87

ReDoS - Regular Expression Denial of Service feat. @joaxcar.bsky.social #bugbounty #bugbountytips #bugbountyhunter

Server-Side Prototype Pollution gadget collection https://github.com/KTH-LangSec/server-side-prototype-pollution #BBRENewsletter87

20 DoS bugs in GitLab in one year feat. @joaxcar.bsky.social #bugbounty #bugbountytips #bugbountyhunter

Bypassing File Upload Restrictions To Exploit Client-Side Path Traversal by @doyensec https://blog.doyensec.com/2025/01/09/cspt-file-upload.html #BBRENewsletter87

A nice tip Match & Replace from Intigriti... 💎 Replace `Content-Type: application/json` with `Content-Type: application/xml` in requests and look for XML parsing errors in responses 🛠️ That will allow you to identify XML-processing endpoints 🧠

DOM clobbering is more useful than you think feat. @joaxcar.bsky.social #bugbounty #bugbountytips #bugbountyhunter

What was your favourite bug bounty writeup of 2024?

Signature Verification Bypass in Nuclei by @wiz_io https://www.wiz.io/blog/nuclei-signature-verification-bypass #BBRENewsletter87

Little known trick to bypass CSP feat. @joaxcar.bsky.social #bugbounty #bugbountytips #bugbountyhunter

SQL Injection Isn't Dead Smuggling Queries at the Protocol Level by @pspaul95 https://www.youtube.com/watch?v=Tfg1B8u1yvE #BBRENewsletter87

A severe browser bug found during a bus ride from work feat. @joaxcar.bsky.social #bugbounty #bugbountytips #bugbountyhunter