D Day @ArchAngelDDay Twitter profile

Pinned Tweet

D Day

@ArchAngelDDay

1 year

My attempt at 100 #BugBounty tips #togetherwehitharder @Hacker0x01

D Day

@ArchAngelDDay

1 year

100 (very) short bug bounty rules:

72

632

2K

0

22

115

Last Seen Profiles

@minkusdomink

@finegan_727

@RolandoCar77183

@triangulate1999

@stw_pdg

@almondeyed_Mss

@Bicicletudos

@donadonadee_joh

@DaveLindell

@NecocheaTur

@marinos_0929

@wn000

@ABCCExOfficial

@nctzen_dream_ru

@svsn4j9h2r

@maitan_69

@AlethaSamu37972

@LaSueur_off

@pvxkjxkj

@BinorRaja

@kevinpiac

@k1k21

@WinnipegTrails

@Hijabbacol2883

@SJRsports

@gayonlyfans0

@KawaiFarm

@Zeretour1685891

@iClayBro883

@deifiori_

@BinorRaja

@ArtChaos69

@HANK63555740

@Razan_khaled1

@cukienaknikmati

@glyza1146200

D Day

@ArchAngelDDay

1 year

100 (very) short bug bounty rules:

72

632

2K

D Day

@ArchAngelDDay

5 years

My 55 year old mom just found her first bug on @Hacker0x01 . If she can do it, then so can you!

51

175

1K

D Day

@ArchAngelDDay

4 months

After almost 6 years in #bugbounty , I am VERY excited to announce that starting tomorrow, I will be doing Bug Bounty / Consulting FULL TIME! That's right, today is my last day at Elastic. I am super grateful for everything I accomplished while working at Elastic, but being

51

23

417

D Day

@ArchAngelDDay

9 months

Had an absolutely stellar time at @Hacker0x01 's #h1305 ! The @CapitalOne team was a real joy to work with, and Miami felt like just the perfect location. As this was my 16th LHE, I was beginning to think I would never make MVH, but having a positive attitude, grit, and

48

20

416

D Day

@ArchAngelDDay

3 months

Anything is possible if you just don't give up! (and meeting really cool friends helps alot too :) )

HackerOne

@Hacker0x01

3 months

Congratulations to @ArchAngelDDay for crossing the coveted $1M in bounties earned milestone on the HackerOne platform! 🙌 Archangel started bug hunting in 2018 and has worked hard to help organizations like @CapitalOne and @github protect their users and customers. Way to go!

15

12

231

27

14

312

D Day

@ArchAngelDDay

3 years

When doing #bugbounty hunting, I struggle a lot with decision paralysis around what to hack on and when to pivot targets. I wrote up what I've been doing to combat this difficulty. Hopefully it helps you as well! #togetherwehitharder

14

92

280

D Day

@ArchAngelDDay

3 years

I have been waiting a year & a half to announce that I've been working at @elastic and running our bug bounty program on @Hacker0x01 ! As of today, our program is PUBLIC, so I can finally talk about it! #bugbounty hunters, go find me some bugs!

Elastic - Bug Bounty Program | HackerOne

The Elastic Bug Bounty Program enlists the help of the hacker community at HackerOne to make Elastic more secure. HackerOne is the #1 hacker-powered security platform, helping organizations find and...

hackerone.com

8

44

243

D Day

@ArchAngelDDay

4 years

They key to my #bugbounty process is looking for "no"s. If the app says "No, you can't view that image", I look for a way to view the image. If the app says "No you can't modify that field", I look for a way to modify the field. Stop spamming xxs payloads and look for "no"s! :)

10

29

240

D Day

@ArchAngelDDay

2 years

My typical webapp #bugbounty testing routine 1. Account Takeovers 2. IDORs 3. Privilege Escalations 4. Stored XSS 5. Business Logic Errors What's yours? #togetherwehitharder

7

38

221

D Day

@ArchAngelDDay

4 years

When you award a #bugbounty to a researcher, you are not paying a penalty. You are purchasing a bug - It should be celebrated by both parties! :)

4

24

191

D Day

@ArchAngelDDay

3 years

Guess who just became the @Hacker0x01 90-day #1 USA hacker over night 😀 #bekind #togetherwehitharder

12

0

185

D Day

@ArchAngelDDay

1 year

I've submitted 1941 reports on @Hacker0x01 . Here's some stats you may find interesting. Of those 1941 reports - 300 Informative - 468 Duplicates - 184 self-close - 1 NA - 1048 bounties awarded - 121 Criticals - 392 Highs - 858 Mediums - 390 Lows #bugbounty

11

12

183

D Day

@ArchAngelDDay

4 years

Finally hit 10,000 rep on @Hacker0x01 ! Appropriately it's been exactly 2 years this month since I created my account after watching @NahamSec give a talk at BSides Portland. Thank you so much @Hacker0x01 for this opportunity! Here's to many more bugs! #togetherwehitharder

13

4

178

D Day

@ArchAngelDDay

4 years

Pay attention to your @Hacker0x01 rep log at . Whenever you see a Dupe report get +2 reputation, it means the original report was just Resolved. Then retest your report to see if you can still repro. I've made a non-trivial amount this way. #bugbountytips

9

21

167

D Day

@ArchAngelDDay

3 years

I've been on both the @hackerone program side and the #bugbounty hunter side of frustrating CVSS discussions, so I gave some thought into what I think is the root of many of the frustrations, and how they might be circumvented. Read my thoughts here:

14

42

165

D Day

@ArchAngelDDay

5 years

Wow! When I started doing #bugbounty a little under a year ago, I never thought I'd make it into the top 5 on the leaderboard! Thanks so much @Hacker0x01 for this incredible opportunity. It's been a wild ride :)

10

7

163

D Day

@ArchAngelDDay

2 years

Any other #bugbounty hunters cheap like me and still use Burpsuite Community Edition?

29

1

161

D Day

@ArchAngelDDay

2 years

Participating in #h1702 will be my TWELFTH @Hacker0x01 live hacking event! And in each event, I learn a lot. This even is no exception! For those not going, I'll list a few things / #bugbountytips I learned hacking during this event 🧵👇

6

29

160

D Day

@ArchAngelDDay

3 years

A while back I got an Account Takeover on a @Hacker0x01 vendor. You can read about it here: #bugbounty #togetherwehitharder

4

44

159

D Day

@ArchAngelDDay

1 year

Finally crossed 20,000 reputation on the @Hacker0x01 platform after nearly 5 years :-) Thank you so much for an amazing platform and the opportunity to help out so many organizations! #togetherwehitharder #BugBounty

17

5

154

D Day

@ArchAngelDDay

4 years

#bugbounty hunters who say they get motivated by the "Yay I earned X on @Hacker0x01 " posts - what do you find motivating about them? I totally get motivated by disclosed reports & write-ups, but random dollar amounts do nothing for me. Just want to understand your thinking.

16

6

149

D Day

@ArchAngelDDay

1 year

Ive been a #bugbounty hunter for 5 years, been to 13 LHEs, and am ranked 33rd on @Hacker0x01 s all-time leaderboard. I JUST NOW learned how to use @pdiscoveryio s HTTPX (it's awesome). Never get too proud to go back to the basics and LEARN like a beginner again. #bugbountytips

9

152

D Day

@ArchAngelDDay

4 years

If you have a good triage experience on @Hacker0x01 , make sure you give them a positive rating! They are probably dealing with an overload of bad ratings from bad bug hunters :) #togetherWeMakeTriagingBetter

7

10

151

D Day

@ArchAngelDDay

9 months

I did it :-) <3 Thank you all so much for your support!

D Day

@ArchAngelDDay

10 months

Despite my usual LHE collabing, I think I'm gonna try going solo at the next @Hacker0x01 LHE in Miami! Gunning for that MVH! Who thinks I can do it?! 🫡🫡🫡

10

0

88

34

2

151

D Day

@ArchAngelDDay

5 years

FINALLY after 1.5 years, got to the top 100 on the all-time @Hacker0x01 leaderboard. Gotta love #h1415 !!!!

4

2

148

D Day

@ArchAngelDDay

3 years

1 - Found an ATO that required knowing the victim's UUID 2 - Couldn't find a way to get the UUID 3 - Saw that @Yassineaboukir was also in the program 4 - Asked Yassine if he knew how to get the UUID 5 - He found a way to get the UUID 6 - Full ATO #togetherwehitharder #bugbounty

7

19

148

D Day

@ArchAngelDDay

5 years

When sitting down for a #bugbounty hunt, set yourself a hard "no-bug" timelimit. If you reach this timelimit without finding any bugs, take a break and step away for a few hours. I've avoided many burnouts this way. #bugbountytips

8

24

146

D Day

@ArchAngelDDay

5 years

Success in #bugbounty is 50% metagame. Learn what bugs programs pay more for. Learn when to file similar bugs as one High and when to file them as separate Lows/Meds. Learn how to build a relationship with the program. Learn when to take a break and go outside. #bugbountytips

1

19

141

D Day

@ArchAngelDDay

8 months

After over 5 years of #bugbounty I finally achieved one of the most difficult badges on @Hacker0x01 ! While I've filed almost 2000 reports, getting 500 reports closed as "Resolved" depends entirely on the programs fixing them _and_ marking the report as resolved Glad that day

11

2

142

D Day

@ArchAngelDDay

7 months

I just filed my 2000th report on @Hacker0x01 🫡🥳

9

0

139

D Day

@ArchAngelDDay

10 months

If an app locks you after X number of bad passwords, see if the attempt counter is case-sensitive on the uname. ie: user @domain .com User @domain .com uSer @domain .com usEr @domain .com If so, the lockout goes from X pwds to (2^n)*(X-1) where n is the number of chars in your uname.

2

21

135

D Day

@ArchAngelDDay

1 year

1/ Spend at least 30 minutes on a new target 2/ Look for “No”s 3/ Use Italics Tags in your inputs instead of XSS payloads 4/ Focus on SaaS apps that are multi-tenant 5/ Buy Burp Pro

1

7

127

D Day

@ArchAngelDDay

4 years

I once reported what I thought was an SSRF but ended up being my own browser making the request 🤣 What's been your biggest #bugbounty fail?

26

3

124

D Day

@ArchAngelDDay

4 years

On Jan 1, I set for myself a #bugbounty earnings goal. On July 1, I met that goal. On Sept 8, I earned 150% of that goal. Today, I DOUBLED my #bugbounty goal. Thank you @Hacker0x01 for your incredible platform and this journey so far! Here's to more bugs! #togetherwehitharder

7

3

124

D Day

@ArchAngelDDay

5 years

I think 99% of disappointment from doing #bugbounty is unmet expectation. The next time you file a report, try to just forget about it. Then if you get a bounty, you'll be pleasantly surprised, and if you don't, you won't be any worse off! #bugbountytips

6

13

123

D Day

@ArchAngelDDay

4 years

Finally surpassed 8,000 reputation on @Hacker0x01 ! #togetherwehitharder

9

0

115

D Day

@ArchAngelDDay

4 years

Make several @Hacker0x01 accounts that have similar usernames as prominent hackers ("mmwakelam", "try_2_hack", "doggyg", etc),wait for typo'd collaboration invites, and enjoy the free bugs! #shittyBugBountyTips

6

4

113

D Day

@ArchAngelDDay

10 months

A (good) #bugbounty profile is worth 10x any certification.

6

115

D Day

@ArchAngelDDay

5 months

100 #bugbounty thanks:

8

7

115

D Day

@ArchAngelDDay

4 months

Good start to July. BXSS is really fun.

5

0

112

D Day

@ArchAngelDDay

2 years

Fun lil #bugbounty trick. Go to your @Hacker0x01 reputation log (). Once there, look for any dupe reports that got +2 reputation. That means the original was marked as Resolved. See if you can still reproduce it. If so, it wasn't a dupe! #bugbountytips

2

11

112

D Day

@ArchAngelDDay

3 months

Currently ranked 2nd on @Hacker0x01 's #h1702 competition! Hoping I stay there or maybe even overtake @niemand_sec ;) However the event lands, it was incredible meeting so many people, finding so many fun bugs, and collabing with @stealthybugs , @MtnBer , and @Michael1026H1 !

9

1

113

D Day

@ArchAngelDDay

10 months

After >8 years of working in #infosec and more specicially #bugbounty , I can FINALLY (and proudly) say that I got my first 2 CVEs! CVE-2023-51379 CVE-2023-51380 Big thanks to the @GitHubSecurity team!

5

1

100

D Day

@ArchAngelDDay

4 years

I happen to be in a private #bugbounty program with exactly 1 other hacker. The hacker and I have decided to split every bounty 50/50. We love it. The program loves it. The PM loves it. This is truly the pinnacle of collaboration. #togetherwehitharder

1

98

D Day

@ArchAngelDDay

9 months

I love finding bugs in applications by just using the app as an every day user. You really do develop a sniffer/spidey-sense when you become a #bugbounty hunter

5

99

D Day

@ArchAngelDDay

5 years

Welp, it finally came to fruition. After over a year since starting my #bugbounty jouney, I finally spent my FIRST bounty dollar and bought a house! Thanks @Hacker0x01 for this incredible opportunity! That delayed gratification feels the bessssst! #togetherwehitharder

7

1

96

D Day

@ArchAngelDDay

4 years

I am officially only $2,511 away from my 2020 #bugbounty goal! Will I make it there before July?!? #togetherwehitharder

3

0

92

D Day

@ArchAngelDDay

4 years

Hey @Hacker0x01 got a minor feature request for ya - These "Getting Started" goals have been sitting in my hacker dashboard for a very long time, and they're wasting space at this point. Would be cool to have a continuation of these milestones as I keep progressing!

4

1

90

D Day

@ArchAngelDDay

2 years

The further I get in my #bugbounty journey, I find that I get less concerned about the bounties that I'm getting and more interested in whether or not I'm learning a cool/useful/relevant technology by participating in a particular program.

1

8

93

D Day

@ArchAngelDDay

10 months

#bugbounty is finding a $1,000 High in 20 minutes on one day, and then spending 3 hours and not even finding a Low the next day.

5

6

90

D Day

@ArchAngelDDay

1 year

#bugbounty is basically a videogame that you get paid to do. My mind can't be changed.

12

11

83

D Day

@ArchAngelDDay

19 days

Sat down to hack at 08:00. Didn't find anything good until 15:30. Some days are just like that! #bugbounty

7

1

92

D Day

@ArchAngelDDay

4 years

If you have ever received a #bugbounty then you have earned more bounties than 99.99% of the world population. While it's important to strive to learn and grow, it's also easy to compare yourself solely to those more successful than you. Just be better than yourself of yesterday.

1

8

88

D Day

@ArchAngelDDay

5 years

Been having success with #bugbounty for over a year now and JUST NOW got my very first SSRF. Because I suck at them! It's okay to suck at a bug type. Just keep trying and it may even take a year to find what you're looking for :)

3

0

87

D Day

@ArchAngelDDay

3 years

Had a great #bugbounty experience with Retina the other day. They showed a lot of sympathy and was diplomatic in their responses. Their language was genuine and I felt like I was talking to another hacker :) Which @Hacker0x01 triager have you had a great experience with lately?

13

3

86

D Day

@ArchAngelDDay

10 months

Despite my usual LHE collabing, I think I'm gonna try going solo at the next @Hacker0x01 LHE in Miami! Gunning for that MVH! Who thinks I can do it?! 🫡🫡🫡

10

0

88

D Day

@ArchAngelDDay

6 months

Had an amazing time in Singapore for @Hacker0x01 's #h165 event! Hats off to the talented @salesforce for hosting such a cool event at a cool location! Found some very cool bugs & hacked with some very cool hackers! ( @Michael1026H1 , @shm0ul , @MtnBer , @0xacb , and more)

3

1

87

D Day

@ArchAngelDDay

4 years

Decided to dedicate the month of November to hacking on one particularly tough #bugbounty program. It's a cold splash of reality realizing that I'm not as good as I thought I was. Still, every hour that you spend finding 0 bugs is an hour invested in getting better!

0

2

86

D Day

@ArchAngelDDay

4 years

I found 0 bugs tonight, but learned a lot about the app I was hacking on. Gotta play the long-game!

3

4

84

D Day

@ArchAngelDDay

4 years

On July 1 this year I hit my yearly #bugbounty goal. Today I hit 150% of my bounty goal! Will I double my #bugbounty goal by the end of the year??? #togetherwehitharder

7

0

82

D Day

@ArchAngelDDay

4 years

Hey #bugbounty hunters, what habit has had the biggest positive impact on your life? (bug bounty related, or otherwise)

14

5

82

D Day

@ArchAngelDDay

1 month

If you get invited to a Live Hacking Event (regardless of platform or customer), I believe you have a duty and moral obligation to try your damnedest. The hackers that see an invitation as a commitment are usually the ones who come out on the top of the leaderboard. #bugbounty

4

0

84

D Day

@ArchAngelDDay

4 years

Thought about doing some #bugbounty hacking, but then decided to shred instead 🏂🏔️ #togetherweshredgnarder

4

2

81

D Day

@ArchAngelDDay

8 months

For the #bugbounty hunters out there who don't feel very technically apt - my greatest tool in hacking has honestly been my creativity.

4

7

82

D Day

@ArchAngelDDay

7 months

It's incredible how much of my #bugbounty success has been because of how helpful and fun the bugbounty community has been. I am friends with some of the smartest people on earth!

0

2

80

D Day

@ArchAngelDDay

2 months

Once you get into a flow, you can't be stopped!

Bug Bounty Reports Explained

@gregxsunday

2 months

When @ArchAngelDDay said in my podcast something about submitting a bug every half an hour, I thought he just wasn't speaking literally because I didn't think it happens in bug bounty... It never happened to me... Until yesterday, when I submitted 8 reports in less than 3 hours

11

4

193

1

2

78

D Day

@ArchAngelDDay

1 year

6/ On a new target go straight to the User Management section 7/ See if inviting an existing user to your org exposes their name 8/ See if inviting an existing user removes them from their own org 9/ If the scope has a wildcard, use sub finder to find subdomains

2

76

D Day

@ArchAngelDDay

4 years

Hey @Hacker0x01 - what do I need to do to get my boy, Bluetooth_Headset a raise? Dude has got to be the most helpful triager I've worked with, and he deserves some beer money.

8

0

78

D Day

@ArchAngelDDay

11 months

Got 2 bounties from @GitHubSecurity today! Reading the docs & looking for "no"s works, my dudes.

1

3

79

D Day

@ArchAngelDDay

9 months

Still using @CaidoIO for #h1305 and I'm really loving it. 158 replay (repeater) tabs open and going strong. Things I like: - Seeing the request queue - filtering/scoping on Intercept - Darkmode by default - Being able to use the Automate tab to make modifications in my requests

6

0

78

D Day

@ArchAngelDDay

4 years

1000 bugs on @Hacker0x01 baby! #togetherwehitharder

3

0

75

D Day

@ArchAngelDDay

4 years

Being okay with looking like an idiot is by far the greatest professional skill I have developed

4

3

75

D Day

@ArchAngelDDay

11 months

I hear #bugbounty hunters all the time say that they don't bother doing retests on @Hacker0x01 because the $50 isn't worth the time. But it adds up!

6

1

75

D Day

@ArchAngelDDay

3 years

Any other #bugbounty hunters having a particularly slow month, or is it just me? 🤔🤔🤔

15

2

74

D Day

@ArchAngelDDay

4 years

I found a bug last week that granted access to a feature that is typically only available to paid accounts. I was told there was no security impact and to self-close. Today, I used that exploit to get access, and then found a bug in the feature itself. #togetherwehitharder .

5

3

71

D Day

@ArchAngelDDay

4 months

Sign on to hack at 08:02 Finish writing report at 08:21 😎 Gonna be a good day. Hack on, my hacking friends.

1

2

69

D Day

@ArchAngelDDay

5 years

Oops...she's 54 😬

5

0

70

D Day

@ArchAngelDDay

4 years

My greatest #bugbounty accomplishment was taking a weekend trip without thinking about bug bounty once.

1

0

68

D Day

@ArchAngelDDay

4 years

In May, I submitted 71 vulnerabilities to 8 programs on @Hacker0x01 . #TogetherWeHitHarder

6

1

70

D Day

@ArchAngelDDay

3 years

The creativity in #bugbounty hunting is not in coming up with clever payloads. It's in taking anomalous behavior and thinking of a way to turn it into a security issue.

1

6

68

D Day

@ArchAngelDDay

29 days

Prayers for my family - please & thank you Twitter fam!

11

0

70

D Day

@ArchAngelDDay

2 years

After working with my team on @Hacker0x01 's #H1702 , I am convinced that developers make for some of the best hackers. Watching @dee__see work is mindblowing

8

3

69

D Day

@ArchAngelDDay

1 month

Thanks @Hacker0x01 for another incredible event! Proud to place in the top 10 for the @amazon portion :)

2

0

70

D Day

@ArchAngelDDay

11 months

I was just awarded a #bounty 2 years after submission! 🥳🎉🪅 Never give up on your dreams 😂

4

2

66

D Day

@ArchAngelDDay

4 years

What an absolute honor to get interviewed by @Hacker0x01 at #h1415 in SF! When I started doing #bugbounty I would watch these interviews and just imagine what it would be like to be in their shoes. The community of hackers at H1 is truly top of the line!

HackerOne Hacker Interviews: Douglas (@the_arch_angel)

Douglas (@the_arch_angel) shares how he started hacking, how he found his job, and how it feels to attend a live hacking event. ▼ Keep up with us ▼◇ Twitter ...

www.youtube.com

2

6

64

D Day

@ArchAngelDDay

2 years

Moving into day 2 of @Hacker0x01 's #h1702 and I am HYPED! My team absolutely obliterated the second & third day target, and learned a lot of new methods along the way. RCE/XSS/SSRF/PrivEsc We've been on FIRE 🔥🔥🔥 Great hax with some great bois @dee__see @ajxchapman @rez0__ !

0

5

68

D Day

@ArchAngelDDay

2 years

Me: Had my best ever #bugbounty LHE at @Hacker0x01 's #h1512 Also me: Got back home, did some normal hacking, and got 3 Informatives in a row 🤣 Sometimes you win, sometimes you lose - What matters is that you keep going!

1

2

68

D Day

@ArchAngelDDay

9 months

Miami vibes #h1305

0

66

D Day

@ArchAngelDDay

21 days

Such a fun event, @Hacker0x01 ! I may be biased :)

HackerOne Live Hacking Event Recap: Miami w/ Capital One

null

www.youtube.com

3

2

66

D Day

@ArchAngelDDay

4 years

If you find yourself getting frustrated that @hackerone triagers keep asking you for more information - maybe you should give more information.

9

3

66

D Day

@ArchAngelDDay

1 month

A good #bugbounty hunter can twist most expected behaviors into a security story.

1

66

D Day

@ArchAngelDDay

2 months

Getting a bounty early in my career: "Nice! Time to enjoy this sunshine" Getting info'd early in my career: *Pissed off for a week* Getting a bounty now: "Nice! Time to enjoy this sunshine" Getting info'd now: "Oh well! Time to enjoy this sunshine" #bugbounty

2

1

63

D Day

@ArchAngelDDay

4 years

Sometimes the hard-fought $500 bounties are sweeter than the easy $2,000 bounties #togetherwehitharder

2

1

63

D Day

@ArchAngelDDay

5 months

Who is the most wholesome hacker you know?

37

2

60

D Day

@ArchAngelDDay

5 years

Looking for a bit of positivity - which @Hacker0x01 triagers have you had an awesome experience with? For me, nochnoidozor has always been a pleasure :)

35

3

62

D Day

@ArchAngelDDay

16 days

The #bugbounty community is absolutely one of the most entrepreneurial groups I've interacted with.

2

63

D Day

@ArchAngelDDay

11 months