YesWeHack ⠵ @yeswehack Twitter profile

Pinned Tweet

YesWeHack ⠵

12 days

At #RomHack2024 , we held Italy's first-ever #LHE with beloved sweet-packaged food brand #Ferrero ! 🍫 Fuelled by tasty chocolates, participants excelled at this thrilling hacking challenge, making it a day to remember. See for yourself 👇 #YesWeRHackers @cybersaiyanIT

3

9

29

Last Seen Profiles

@marinos_0929

@PixelBirds_Net

@nctzen_dream_ru

@moremiraku

@leboff1998

@overcompensade

@knucklebone_gam

@mm7625741959277

@horny_adult_18X

@pvxkjxkj

@DefenAltoMaule

@ismaelrondaa

@BinorRaja

@kevinpiac

@OneAcreFund

@Savas95875877

@wn000

@EMerfalen

@WillSch47690393

@A1987a1a2

@BreMe0ws

@Zeretour1685891

@Qui2bgEPTVSza1u

@mocodogwan10

@stwmaniax

@HANK63555740

@bokeplokalmalam

@couplecouple281

@angham_voice

@s_als93607

@GuldanMR

@zwjt047

@KellerRiley14

@galery_basah10

@riley_s1

@miyucat0203

YesWeHack ⠵

@yeswehack

2 years

Tips&Tricks🕵️ #BugBountyTip ! did you know..? 📂Httpx can do directory fuzzing on all domains with one simple argument!🧐 #YesWeRHackers #BugBountyTips

14

148

523

YesWeHack ⠵

@yeswehack

2 years

Vulnerable code snippets time⏳ Level: Easy🪲 Found the issue? Explain how in the comments!👇

30

76

446

YesWeHack ⠵

@yeswehack

2 years

Tips&Tricks🕵️ #BugBountyTip ! We all love the SQL injection payload: ➡️0'XOR(if(now()=sysdate(),sleep(10),0))XOR'Z We have added some adjustments to the payload that may bypass some WAFs & to help you with the hunt!❤️‍🔥 #YesWeRHackers #BugBountyTips

10

121

353

YesWeHack ⠵

@yeswehack

2 years

Vulnerable code snippets time ⏳ Level: Easy 🪲 Found the issue? Explain how in the comments! 👇 #BugBounty #YesWeRHackers

35

65

334

YesWeHack ⠵

@yeswehack

2 years

Vulnerable code snippets time⏳ Level: Easy🪲 #BugBounty #YesWeRHackers Found the issue? Explain how in the comments!👇

19

49

308

YesWeHack ⠵

@yeswehack

1 year

Bypassing modern WAFs can be tricky. First, we can use a tool like Wafw00f to find out the WAF used by the application. Then we can use this information to obfuscate or encode our payloads to bypass the firewall🔥🧗 Read more advanced techniques here :

3

78

296

YesWeHack ⠵

@yeswehack

2 years

Vulnerable code snippets time⏳ Level: Easy🪲 #BugBounty #YesWeRHackers Found the issue? Explain how in the comments!👇

24

50

281

YesWeHack ⠵

@yeswehack

2 years

🚨 Attention hackers and bug hunters! We just published an in-depth article on detecting and exploiting prototype pollution #vulnerabilities in JavaScript, written by @BitK_ & @sakiirsecurity . Check it out to stay ahead of the game & sharpen your skills 👇

YesWeHack - Global Bug Bounty & Vulnerability Management Platform

YesWeHack is a global Bug Bounty & Vulnerability Management Platform. With a worldwide presence, YesWeHack connects organisations to tens of thousands of bug hunters. The aim is to uncover and patch...

www.yeswehack.com

4

115

281

YesWeHack ⠵

@yeswehack

1 year

Dalfox 🦊 is an advanced XSS scanner and parameter analyser that also offers the ability to collect XSS payloads from other sources remotely, such as PortSwigger's XSS cheat sheet! 👇 Dalfox : #YesWeRHackers #bugbountytips

1

72

262

YesWeHack ⠵

@yeswehack

2 years

Vulnerable code snippets time ⏳ Level: Easy 🪲 #BugBounty #YesWeRHackers Found the issue? Explain how in the comments! 👇

17

32

257

YesWeHack ⠵

@yeswehack

2 years

Tips&Tools!🕵️ We compared some fuzzer tools!😼👇 Dirsearch, FFuF, Feroxbuster, GoBuster » Speed💨 » Accuracy🎯 » Features⚙️ Which one is your favorite? ⚔ #YesWeRHackers #BugBountytip #BugBountytips

22

69

252

YesWeHack ⠵

@yeswehack

2 years

Vulnerable code snippets time⏳ Level: Medium🐝 #BugBounty #YesWeRHackers Found the issue? Explain how in the comments!👇

17

39

231

YesWeHack ⠵

@yeswehack

2 years

Tips&Tricks🕵️ #BugBountyTip ! did you know..? 📂Create a custom wordlist from crawled/wayback URLs!😮 #YesWeRHackers #BugBountyTips

9

60

219

YesWeHack ⠵

@yeswehack

2 years

Vulnerable code snippets time⏳ Level: Easy🪲 #BugBounty #YesWeRHackers Found the issue? Explain how in the comments!👇

9

30

214

YesWeHack ⠵

@yeswehack

2 years

Vulnerable code snippets time!💀 Level: Easy 🪲 ~ [#]vulnerable..? Try it out at Github: #BugBounty #YesWeRHackers Found the bug? Explain how in the comments! 👇

12

31

211

YesWeHack ⠵

@yeswehack

10 months

Did you know that Shodan has a special search engine just for exploits? A handy tool to use when you need an exploit for a vulnerability you have discovered 👾 #bugbountytips #bugbounty

4

58

205

YesWeHack ⠵

@yeswehack

2 years

Vulnerable code snippets time⏳ Level: Easy🪲 #BugBounty #YesWeRHackers Found the issue? Explain how in the comments!👇

22

28

193

YesWeHack ⠵

@yeswehack

2 years

Vulnerable code snippets time ⏳ Level: Easy 🪲 #BugBounty #YesWeRHackers Found the issue? Explain how in the comments! 👇

13

26

191

YesWeHack ⠵

@yeswehack

2 years

Tips&Tricks🕵️ #BugBountyTip ! Let us help you to enhance your SQL injection skills! 💉 Do you already know them? Share your tips just below this tweet and help the community! 👇 #YesWeRHackers #BugBountyTips

2

54

167

YesWeHack ⠵

@yeswehack

4 years

SSTI, LFI, SQL injections or XSS cheatsheets right inside your browser? Yes ! and many more. Hack-Tools browser extension by Ludovic COULON & Riadh BOUCHAHOUA is nice, give it a try.

GitHub - LasCC/HackTools: The all-in-one browser extension for offensive security professionals 🛠

The all-in-one browser extension for offensive security professionals 🛠 - LasCC/HackTools

github.com

0

62

166

YesWeHack ⠵

@yeswehack

2 years

Tips&Exploit 🕵️ Time for a #BugBountyTip ! Did you know that Metasploit offers a JavaScript keylogger module?💀 Use it as a proof of concept (POC) & improve your XSS exploitation!💻 #YesWeRHackers #BugBountyTips

1

50

162

YesWeHack ⠵

@yeswehack

9 months

🔧 #BugBountyToolkit : Supercharge your Burp Suite with these must-have extensions:

3

41

158

YesWeHack ⠵

@yeswehack

4 years

Hunters, we want to help you! Check this new article on our blog to know how you can improve your hunting process!💉 #BugBounty #bugbountytips PimpMyBurp #1 – PwnFox + Autorize: The perfect combo to find IDOR ➡️

1

67

149

YesWeHack ⠵

@yeswehack

9 months

To all our bug bounty hunters: this is a way to improve your daily automation with @Burp_Suite by combining passive and active scanning to detect potential vulnerabilities in your target 🕵️💻 Find out more here : #YesWeRHackers #bugbounty #bugbountytips

Smart Automation with Burp Suite

How various active and passive scanning tools and extensions can automate and streamline your Burp Suite workflow – saving you time in the process.

www.yeswehack.com

2

55

149

YesWeHack ⠵

@yeswehack

2 years

Vulnerable code snippets time ⏳ Level: Medium 🐝 { Hint } Do you really need all the chars or just one?🤔 #BugBounty #YesWeRHackers Found the issue? Explain how in the comments! 👇

8

36

135

YesWeHack ⠵

@yeswehack

3 years

🧐 When it comes to subdomains recon, @Six2dez1 is really a professional in this area! ➡ Read his new article about Subdomains Tools Review: a full and detailed comparison of subdomain enumeration tools 👇 #BugBounty #YesWeRHackers

YesWeHack - Global Bug Bounty & Vulnerability Management Platform

YesWeHack is a global Bug Bounty & Vulnerability Management Platform. With a worldwide presence, YesWeHack connects organisations to tens of thousands of bug hunters. The aim is to uncover and patch...

www.yeswehack.com

6

71

136

YesWeHack ⠵

@yeswehack

1 year

Level up your #BugBounty toolbox 🧰 Create combinations of URL paths with mkpath from @trick3st that you can use to find hidden directories and files! With the command below, we create endpoints that will be used to find administrator logins 👇 🔗 Download mkpath here:

1

39

131

YesWeHack ⠵

@yeswehack

6 months

⚔ Bypassing WAFs is not that easy - so join the workshop led by @Brumens2 at #Nahamcon to know more! On May 24, 12PM PST, dive into walk-throughs labs for each bypass scenario & explore the various solutions. Did we mention attendance is free? More info:

0

24

134

YesWeHack ⠵

@yeswehack

4 years

🤔 What to do when faced with GraphQL? Learn more about leveraging GraphQL to take advantage in your Bug Bounty exploration! Mutation & Introspection will no longer hold any secrets for you 🧐 #BugBounty #YesWeRHackers

YesWeHack - Global Bug Bounty & Vulnerability Management Platform

YesWeHack is a global Bug Bounty & Vulnerability Management Platform. With a worldwide presence, YesWeHack connects organisations to tens of thousands of bug hunters. The aim is to uncover and patch...

www.yeswehack.com

1

61

122

YesWeHack ⠵

@yeswehack

1 year

Two great articles on how to attack file upload functions. The articles will teach you effective techniques that are good to know when looking for file upload vulnerabilities! 🏹 1) 2) #YesWeRHackers #BugBounty

2

42

128

YesWeHack ⠵

@yeswehack

2 years

YesWeHack present #Firefly A new #opensource tool designed to perform black-box fuzzing on web applications. The tool offer built-in techniques that analyze the target behaviours🕵️‍♂️ ~ Bring light into darkness Check it out: #YesWeRHackers #bugbountytips

YesWeHack - Global Bug Bounty & Vulnerability Management Platform

YesWeHack is a global Bug Bounty & Vulnerability Management Platform. With a worldwide presence, YesWeHack connects organisations to tens of thousands of bug hunters. The aim is to uncover and patch...

www.yeswehack.com

0

44

125

YesWeHack ⠵

@yeswehack

4 years

🔥 There is a warm place 🔥, a meta search engine, that reference every possible Bug Bounty and VDP program out there! FIREBOUNTY allows you to search, filter, and sort Fresh Bounties. This should be your home page, seriously ;) #BugbountyTips #bugbounty

1

41

125

YesWeHack ⠵

@yeswehack

5 years

IT'S OFFICIAL ! We are launching today @yeswehack EDU, the world's first #BugBounty educational platform !

1

56

121

YesWeHack ⠵

@yeswehack

2 years

#⃣1⃣1⃣ Vulnerable code snippets time ⏳ Level: Easy 🪲 You'll find the code directly on our GitHub: Go & play with it!💀 #BugBounty #YesWeRHackers Found the issue? Explain how in the comments! 👇

6

20

118

YesWeHack ⠵

@yeswehack

2 years

Hunters, mark your calendars! On March 9-10, @yeswehack will host a Live #BugBounty at #NullconDE2023 , open to all attendees! The target company and scope will be revealed on-site, but we can already tell that it'll be 2 days of fun & pwn, with juicy rewards and sweet swags 🚀

7

20

119

YesWeHack ⠵

@yeswehack

1 year

We have upgraded our encoder script, new encoders and decoders have been added. We've also made it easier to add your own custom encoders/decoders to the script! 👀 Give it a try : #YesWeRHackers #BugBounty

1

27

113

YesWeHack ⠵

@yeswehack

4 years

Hackers, if you could give just one single good advice to help someone get into the Bug Bounty game, what would it be? (Don't be shy, no tweet will be triaged as "duplicate"). 👇

38

12

111

YesWeHack ⠵

@yeswehack

3 years

👀Do you like Blind XSS? Learn how to setup your own self-hosted XSS Hunter with the PwnMachine! 💡 Full article here 👇 #BugBounty #YesWeRHackers

YesWeHack - Global Bug Bounty & Vulnerability Management Platform

YesWeHack is a global Bug Bounty & Vulnerability Management Platform. With a worldwide presence, YesWeHack connects organisations to tens of thousands of bug hunters. The aim is to uncover and patch...

www.yeswehack.com

1

49

109

YesWeHack ⠵

@yeswehack

1 year

Recon against wildcard domains 🕵️ Dealing with a program that contains many subdomains can be a complicated and confusing task! 🧵 We'll try to guide you through this thread below 👇

2

37

112

YesWeHack ⠵

@yeswehack

3 years

🥁 We're thrilled to announce that we've raised €16M in our Series B funding! So today, we want to thank you, hunters, for making up our community. We wouldn’t be here without you! #HackThePlanet #YesWeRHackers Full announcement:

13

27

113

YesWeHack ⠵

@yeswehack

2 years

Vulnerable code snippets time⏳ Level: Medium🐝 ➡️This is an underestimated vulnerability if you manage to exploit it correctly!🤯 Let us know which vulnerability you thought it was after a quick look!😼 #BugBounty #YesWeRHackers Found the issue? Explain how in the comments!👇

15

18

110

YesWeHack ⠵

@yeswehack

3 months

Don't forget to take advantage of Burp Suite's extension: XSS Cheatsheet, which gives you tonnes of Cross Site Scripting (XSS) payloads to search through, right from within Burp Suite! ➡️ #YesWeRHackers #BugBountyTips

0

18

109

YesWeHack ⠵

@yeswehack

3 years

💡 To complete the first part of our article, here is now part 2 of our series on "File Upload" attacks. The full blogpost can be read here 👇 #BugBounty #YesWeRHackers

YesWeHack - Global Bug Bounty & Vulnerability Management Platform

YesWeHack is a global Bug Bounty & Vulnerability Management Platform. With a worldwide presence, YesWeHack connects organisations to tens of thousands of bug hunters. The aim is to uncover and patch...

www.yeswehack.com

4

56

104

YesWeHack ⠵

@yeswehack

4 years

🕵️ VDP Finder 🕵️ stands everyday in your browser and handily informs you if the website you're viewing has a VDP or Bug Bounty Program active! GitHub: Chrome: Firefox #BugbountyTips #bugbounty

3

26

104

YesWeHack ⠵

@yeswehack

1 year

This PHP (v7.2) code is vulnerable to a local file inclusion (LFI). The catch is that at the end of your input a static php extension is added that prevents you from reading e.g. /etc/passwd. It is possible to achieve an RCE with just a single payload, but how? 👀 Practice your

3

29

102

YesWeHack ⠵

@yeswehack

4 years

⚙ PimpMyBurp #3 – AutoRepeater: add automation to your beautiful hunter life, a new article published on our blog! #BugBounty #YesWeRHackers

YesWeHack - Global Bug Bounty & Vulnerability Management Platform

YesWeHack is a global Bug Bounty & Vulnerability Management Platform. With a worldwide presence, YesWeHack connects organisations to tens of thousands of bug hunters. The aim is to uncover and patch...

www.yeswehack.com

0

50

104

YesWeHack ⠵

@yeswehack

5 years

"CopyPasta is so past" > Check the New @yeswehack Extension for @Burp_Suite 🎯 #API #Scope #BugBounty #BugBountyTips

1

53

101

YesWeHack ⠵

@yeswehack

6 years

··· Breaking News ··· @YesWeHack raises €4 million and plans to disrupt Europe’s cybersecurity market ! 🇪🇺 #bugbounty #vulnerability #DevSecOps #infosec #DigitalTransformation

14

41

101

YesWeHack ⠵

@yeswehack

4 years

We're happy to announce we're sponsoring HackerConf Virtual Cyber Security Conference. On 22 of may, 2020. HackerConf is geared toward (but not limited to) the turkish hacker community. Konferansta görüşmek üzere!

1

36

99

YesWeHack ⠵

@yeswehack

5 months

💥 @YesWeHack 's biggest reward ever! We are thrilled to announce the successful completion of our Series C financing round – which raised an impressive €26 million! A heartfelt thank you to our new investors - @WendelGroup , Adelie, and @SeventureP - as well as our longstanding

9

16

102

YesWeHack ⠵

@yeswehack

7 months

💡 #Cybersecurity student and bug hunter: discover the story of @pwnwithlove ! Pwnwithlove starting her journey at our #LiveHackingEvent during @_leHACK_ 2023. Despite not uncovering any bugs on that occasion, she persisted, leveraging the opportunity to connect with the

3

12

101

YesWeHack ⠵

@yeswehack

1 year

Ffuf is a great fuzzer with many great features, one cool feature is the "dirsearch mode" (-D). This allows you to have a wordlist containing extension tags (%EXT%). When Ffuf starts, it will insert all the specified extensions provided by the (-e) option in all tags!👀

1

19

98

YesWeHack ⠵

@yeswehack

3 years

😎 We just published a new article in our RampUp series! Learn how to bypass jailbreak detection, setup a proxy and bypass SSL pinning. ➡ Getting Started with iOS Penetration Testing (Part 1) 👇 #BugBounty #YesWeRHackers

YesWeHack - Global Bug Bounty & Vulnerability Management Platform

YesWeHack is a global Bug Bounty & Vulnerability Management Platform. With a worldwide presence, YesWeHack connects organisations to tens of thousands of bug hunters. The aim is to uncover and patch...

www.yeswehack.com

0

49

97

YesWeHack ⠵

@yeswehack

9 months

🤩 Hunters and CTF enthusiasts... we've got great news for you! A new evolution of Dojo is here! More robust challenges with back-end language support, advanced filtering, and a bunch of new features for the entire Dojo platform - we present Dojo v2 to you! All your educational

3

24

97

YesWeHack ⠵

@yeswehack

4 years

We're a proud sponsor of #NahamCon2020 , a two-day virtual hacking conference organized by @_johnhammond , @NahamSec , @stokfredrik & @thecybermentor ! Such a great line of speakers including a talk by our technical ambassador @BitK_ ! Don't miss it ⬇️

0

24

96

YesWeHack ⠵

@yeswehack

3 months

Automate what you can! 🤖 In Bug Bounty, automation is a crucial skill and will help you rapidly discover leads for potential vulnerabilities. Learn how you can automate your tasks using Burp Suite 👇 #YesWeRHackers #BugBountyTips

Smart Automation with Burp Suite

How various active and passive scanning tools and extensions can automate and streamline your Burp Suite workflow – saving you time in the process.

www.yeswehack.com

0

32

97

YesWeHack ⠵

@yeswehack

1 month

Want to learn how to improve your #BugBounty hunting skills? Grab a coffee and settle in – this is the place to be👇 #YesWeRHackers #BugBountyTips

2

24

96

YesWeHack ⠵

@yeswehack

5 years

#BugBountyQuiz > Given the #JS code below: How would you bypass the WAF? · Stay Tuned for the solution Next Wednesday ! #SharingIsCaring #XSS #BugBountyTips

6

31

94

YesWeHack ⠵

@yeswehack

7 months

🌟 Hack Me I’m Famous #2 : HERE WE GO! For #HMIF2 , we're honoured to partner with legendary luxury house @LouisVuitton . Around 40 of Europe's top hackers have been invited to take part in a tailor-made, two-day Live #BugBounty event and stand to earn rewards of up to €6,000!

8

19

95

YesWeHack ⠵

@yeswehack

3 years

👋 A new article on "File Upload" attacks is available on our blog! This blog post will be in two parts. This first one is an introduction to the vulnerabilities that appear on file upload forms. Read it here 👇 #BugBounty #YesWeRHackers

YesWeHack - Global Bug Bounty & Vulnerability Management Platform

YesWeHack is a global Bug Bounty & Vulnerability Management Platform. With a worldwide presence, YesWeHack connects organisations to tens of thousands of bug hunters. The aim is to uncover and patch...

www.yeswehack.com

3

42

92

YesWeHack ⠵

@yeswehack

2 years

Vulnerable code snippets time ⏳ Level: Hard 🐞 (code analysis) Would you like to update "your" password? 🫵🔐 Github: #BugBounty #YesWeRHackers Found the issue? Explain how in the comments!

8

19

92

YesWeHack ⠵

@yeswehack

1 year

🫵You need a bunch of wordlists in your toolbox! We've collected four great resources that provide good coverage for a wider range of use cases! OneListForAll : SecLists : Assetnote Wordlists : Trickest :

Assetnote Wordlists

Wordlists that are up to date and effective against the most popular technologies on the internet.

wordlists.assetnote.io

1

28

93

YesWeHack ⠵

@yeswehack

3 years

😎 BIG thanks to our special guest Nicolas Grégoire, aka @Agarri_FR for his article in our PimpMyBurp series! In this article, discover how to take advantage of the Intruder tool! 🔥 #BugBounty #YesWeRHackers Full article here 👇

YesWeHack - Global Bug Bounty & Vulnerability Management Platform

YesWeHack is a global Bug Bounty & Vulnerability Management Platform. With a worldwide presence, YesWeHack connects organisations to tens of thousands of bug hunters. The aim is to uncover and patch...

www.yeswehack.com

1

37

92

YesWeHack ⠵

@yeswehack

2 years

🧐 Time to step up your S3 testing with our blog: Abusing S3 Bucket Permissions It contains many good techniques for attacking S3 buckets, which will be a good skill to have in your #BugBounty field! 👇 #YesWeRHackers #BugBountyTips

YesWeHack - Global Bug Bounty & Vulnerability Management Platform

YesWeHack is a global Bug Bounty & Vulnerability Management Platform. With a worldwide presence, YesWeHack connects organisations to tens of thousands of bug hunters. The aim is to uncover and patch...

www.yeswehack.com

0

49

92

YesWeHack ⠵

@yeswehack

6 months

🤩 Experience our #LiveHackingEvent with @LouisVuitton ! Held at their Paris HQ, #HMIF2 was an outstanding 30-hour journey for everyone involved. Thanks to the #LV_NEO team, participating hunters & all partners for making it a success! Here’s how it went 👇 #LHE #BugBounty

5

19

90

YesWeHack ⠵

@yeswehack

6 months

🔓 Abusing AWS S3 Bucket Permissions 👇 AWS S3 buckets are popular targets for hackers due to potential misconfigurations and improper access control. Let's dive into the techniques attackers use to identify and exploit vulnerable S3 buckets! 1️⃣ Bucket Recon: Spot S3 buckets

1

34

89

YesWeHack ⠵

@yeswehack

9 months

🥁 New hunting opportunity alert! @oppo , the global manufacturer of smartphones, smart watches and other consumer devices, has launched a public #BugBounty Program. Bounties of up to $4,440 are up for grabs. Check out the new program here: Happy hunting!

2

17

90

YesWeHack ⠵

@yeswehack

2 years

🏆 It is time to reveal the top three hunters of Open My Heart - our Live #BugBounty with @LazadaSG at #HITB2022SIN ! 🥇 @DoomerOutrun 🥈 @assetnote 🥉 @_naaash_ Huge congrats and thank you to all the hunters who attended this live hacking event! You rock! #YesWeRHackers

7

10

87

YesWeHack ⠵

@yeswehack

3 years

👀 A guide to learning blockchain/smart contract hacking, turn a LFI into an RCE and how to setup your own burp collaborator... and much more! Here's our #HACKPACK12 , perfect to start this new year! #BugBounty #YesWeRHackers 👇

#HACKPACK12 - 🛠 Swiss Army knife for Bug Hunter

➡ Every month @yeswehack brings you a list of interesting tools/articles/tips about the world of Bug Bounty, feel free to send us your bests tips and recommendation! You should take a look at the ones listed just below 👇 #YesWeRHackers

0

45

86

YesWeHack ⠵

@yeswehack

7 months

Time’s up for #HMIF2 , our prestigious Live #BugBounty with luxury brand @LouisVuitton ! Well done to all participants for another impressive bug haul – especially to our award winners: 🧥 Shellcode Stylist (1st place): @_godiego__ 🧵 Exploit Tailor (2nd place): @djurado9 🎀

8

17

86

YesWeHack ⠵

@yeswehack

5 years

#BugBountyQuiz > Here is a simple #Python fileviewer: can you steal the admin token ? > · Stay Tuned for the solution Next Friday ! #SharingIsCaring #BugBountyTips

3

34

85

YesWeHack ⠵

@yeswehack

3 years

📣 It’s a wrap for #HMIF , the first live #BugBounty dedicated to French scale-ups and unicorns! Congrats to all hunters for reporting 109 bugs and special kudos to @smaury92 , @amellb , @myst404_ , @_zulln , @Kuromatae666 , @Blaklis_ , @n1nj4sec , @Brumens2 , Hansluz 👏🏼 #YesWeRHackers

3

28

83

YesWeHack ⠵

@yeswehack

3 months

New to Bug Bounty hunting? We’ve got you covered! 🤩 Check out these top 5 tips to accelerate your progress 👇 #YesWeRHackers #bugbountytips

2

20

82

YesWeHack ⠵

@yeswehack

2 years

Vulnerable Code Snippet 💀 It's time to analyse some C code! You can find more vulnerable code snippets on our Github - #YesWeRHackers #BugBounty #YWHSnippet Found the bug? Explain how in the comments! 👇

12

7

82

YesWeHack ⠵

@yeswehack

2 years

Time for a #BugBountyTip ! 🕵️‍♂️ Take your collection of responses and chain it with the html2dic CLI tool. The tool extracts all words from an HTML page and generates a wordlist of all the words found 🔎 Use the newly created wordlist to fuzz your target! #YesWeRHackers

6

24

84

YesWeHack ⠵

@yeswehack

5 years

[ #gitGraber : A tool to monitor GitHub in real-time to find sensitive data ] Guest Post: @adrien_jeanneau & @R_Marot , a team of seasoned hunters, talk about the genesis and motivations behind the #gitGraber community project. #WeRhackers #contribute

1

37

82

YesWeHack ⠵

@yeswehack

2 years

Tips&Tricks🕵️ Do you love PHP? We love it too! 🧐 A method of detecting PHP backend filters that are likely to be used!👇 #YesWeRHackers #BugBountyTips #BugBountyTip

0

25

82

YesWeHack ⠵

@yeswehack

3 years

💡 More and more Bug Bounty programs are using desktop applications that run on the Electron framework. So here's a new article to give you some ideas on how to hunt for this type of technology! #BugBounty #YesWeRHackers ➡ Full article here:

0

38

81

YesWeHack ⠵

@yeswehack

3 years

🤝 @nehatarick wrote an article on how to setup an Android environment with Genymotion, Frida & Burp Suite! #BugBounty #YesWeRHackers You can read the full article juste here 👇

2

29

80

YesWeHack ⠵

@yeswehack

1 year

🚀 New feature alert! Introducing reward cards - a bolder, brighter way to share your successes. Stand tall, Hacker Heroes, it's time to glow 😎 #YesWeRHackers #BugBounty

6

11

81

YesWeHack ⠵

@yeswehack

2 months

💡Create SSTI payloads despite being limited? Our latest research by @Brumens2 reveals unique ways of creating powerful payloads for popular template engines and achieve RCE with limited resources! #YesWeRHackers #bugbounty

Limitations are just an illusion - advanced server-side template exploitation with RCE everywhere

Some novel techniques for exploiting server-side template injections (SSTIs) with complex payloads that leverage default methods and syntax from various template engines. No quotation marks or extra...

www.yeswehack.com

0

23

80

YesWeHack ⠵

@yeswehack

2 years

Vulnerable Code Snippet 💀 Level: Easy 🪲 Does it only work once?! For all #BugBounty hunters, it is available on Github for hands-on testing! 👉 #YesWeRHackers Found the issue? Explain how in the comments! 👇

7

16

75

YesWeHack ⠵

@yeswehack

2 years

⌚ It has been 8 hours, and our hunters have already reported 70 vulnerabilities! ASSETNOTE is in the first position, followed by DOOMER and NAAASH 💪 We will continue the competition tomorrow. Stop by and say hello! We are located at booth 2 at #HITB2022SIN 👋 #YesWeRHackers

5

11

78

YesWeHack ⠵

@yeswehack

11 months

☃ Excitement is building as a surprise is on the way! Only a couple of days until the reveal… In the meantime, discover some of the YesWeHack swag waiting to be won! Which one is your favourite? 🤔 The fun is about to unfold, and we can't wait to share it with you. And don’t

39

16

79

YesWeHack ⠵

@yeswehack

2 years

Vulnerable code snippets time ⏳ Level: Easy 🪲 Simple bug with high severity! Try it on our Github: #BugBounty #YesWeRHackers Found the issue? Explain how in the comments! 👇

7

10

77

YesWeHack ⠵

@yeswehack

4 months

See you tomorrow at #leHACK2024 ! 🤘

3

4

75

YesWeHack ⠵

@yeswehack

3 years

📣 Would you like to attend the Infosec WriteUps'Conference 2022 organized by @InfoSecComm on February 26-27? RT + follow for a chance to win a ticket to the conference! 👇 ➡ More details: #BugBounty #YesWeRHackers

13

64

71

YesWeHack ⠵

@yeswehack

2 years

Vulnerable code snippets time ⏳ Level: Easy 🪲 This code snippet could make someone late for the weekend!🤯 #BugBounty #YesWeRHackers Found the issue? Explain how in the comments! 👇

8

14

74

YesWeHack ⠵

@yeswehack

1 year

Have you encountered an #SSRF vulnerability but find it difficult to exploit? Don't forget that localhost can be written in more than one way. Think outside the box!👀 #bugbountytips

1

15

75

YesWeHack ⠵

@yeswehack

1 year

🥁 Drumroll, please... 🥁 Today, we are really proud to introduce YesWeHack’s new brand identity! And not only have we given our logo and identity a fresh look, but we’ve also revamped our website. Why not take a peek? Visit to see the changes!

8

21

76

YesWeHack ⠵

@yeswehack

1 year

The new BCheck feature in Burp Suite gives a great advantage to Burp's vulnerability scanner! 🗡️ We have developed a few BChecks and written a blog to give you an idea of how you can use BChecks to improve your vulnerability scanning! 🕵️ #YesWeRHackers

1

33

73

YesWeHack ⠵

@yeswehack

2 years

🔐 Want to start working on smart contracts as part of a Bug Bounty program? Check out this new article by @AshiqAmien We asked Ashiq to detail his step-by-step approach to identifying vulnerabilities 👇 #BugBounty #YesWeRHackers

YesWeHack - Global Bug Bounty & Vulnerability Management Platform

YesWeHack is a global Bug Bounty & Vulnerability Management Platform. With a worldwide presence, YesWeHack connects organisations to tens of thousands of bug hunters. The aim is to uncover and patch...

www.yeswehack.com

4

40

73

YesWeHack ⠵

@yeswehack

2 years

Vulnerable code snippets time ⏳ Level: Medium 🐝 ~ Uploading files and sharing them, what could possibly go wrong? Try it out at our Github (new folder)! 🙀 #BugBounty #YesWeRHackers Found the issue? Explain how in the comments! 👇

9

21

72

YesWeHack ⠵

@yeswehack

1 year

Detect and exploit Server Side Template Injection (SSTI) vulnerabilities! Pay attention when an input is returned in the application's response. In that case, try payloads that are related to a template engine's syntax 👀 An SSTI has a serious impact and often leads to an RCE🫨

0

17

72

YesWeHack ⠵

@yeswehack

3 months

When using Burp, do you find it time-consuming to scan a wide range of requests that you’ve just collected? ⏳ Don't worry, the Burp extension BCheck Helper provides a list of various pre-written BChecks to speed things up! 👇 #YesWeRHackers

0

11

72

YesWeHack ⠵

@yeswehack

2 years

You can now join us on Mastodon 👇 ➡️ yeswehack @infosec .exchange #BugBounty #YesWeRHackers

4

9

65

YesWeHack ⠵

@yeswehack

8 months

🔍 #BugBounty Deep Dive: Parameter Discovery is your secret weapon to uncovering hidden attack surfaces. Master these tools & techniques: 1️⃣ Arjun: Automate the hunt for hidden params with Arjun's extensive wordlist. Command: arjun -u https://example[.]com - tweak with -m POST

1

23

69

YesWeHack ⠵

@yeswehack

6 years

Lucas aka @BitK_ : high level bug hunter and the brand new @YesWeHack Tech Ambassador ! #bugbounty #bugbountytip #CTF #DevSecOps

2

24

68

YesWeHack ⠵

@yeswehack

29 days

🍕😎 Here in Rome and all set for our Live Hacking Event at #RomHack2024 tomorrow! Think you can guess tomorrow's scope? Drop your predictions below—who knows, maybe we’ll send a surprise to the lucky psychic 🎁 Place your bets, hackers!

10

3

71

YesWeHack ⠵

@yeswehack

28 days

What a day at #RomHack2024 , running Italy’s first #LHE with #Ferrero ! After a delicious bug hunt, here are the final results:🥇 @cosad3s , @Elweth_ , @_Ali4s , @Liodeus1 🥈 @XelBounty 🥉 @drak3hft7 , @seeu_inspace , Al7eX, @leo__rac ! Congrats and thank you #Ferrero & @cybersaiyanIT

1

14

71