Reza Sahaf's Avatar

Reza Sahaf

@rezasahaf

Bug Hunter

386
Followers 108
Following 6
Posts 01.07.2023
Joined
Posts Following

Latest posts by Reza Sahaf @rezasahaf

Preview
MonkeHacks #48 Codebase Redesign, Celebrations, Climbing

🐡 MonkeHacks #48
Codebase Redesign, Celebrations, Climbing

#bugbountytips #hacktheplanet #bugbounty monke.ie/p/monkehacks...

18.01.2025 14:28 πŸ‘ 3 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0
Enjoy the videos and music that you love, upload original content and share it all with friends, family and the world on YouTube.

SSRFs can be tough to make critical without cloud metadata, especially against a target like GitLab that strengthens its infra with every SSRF. Yet @joaxcar.bsky.social broke through with the first critical SSRF on GitLab since 2020. Enjoy our explanation from Sweden! πŸ‡ΈπŸ‡ͺ

08.01.2025 14:28 πŸ‘ 11 πŸ” 3 πŸ’¬ 0 πŸ“Œ 1

One of my favorite bugs from last year

08.01.2025 15:23 πŸ‘ 19 πŸ” 5 πŸ’¬ 0 πŸ“Œ 0
Post image

Here's what's in the latest issue of BBRE Newsletter πŸ”₯

02.01.2025 14:09 πŸ‘ 2 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0

Kids these days don't even know how much opportunity they have to learn hacking from actual pros.

I know there is a lot of content out there, so it can be hard to find the good stuff. But 10 years ago you had to be lucky to find at least something.

Anyway, watch this πŸ‘‡

31.12.2024 10:10 πŸ‘ 61 πŸ” 8 πŸ’¬ 2 πŸ“Œ 0
Flare-On 2024 Solutions and Commentary
Flare-On 2024 Solutions and Commentary YouTube video by BasteG0d69

My videos for Flare-On 2024 are live! Watch me reverse engineer all the challenges from start to end. πŸŽ‰πŸ₯³

+ Commentary video featuring SuperFashi, where we review the chals together.

* 45 hours of content
* 400+ GB of raw footage

Merry Christmas! Link: www.youtube.com/watch?v=vwW9...

25.12.2024 23:58 πŸ‘ 49 πŸ” 11 πŸ’¬ 0 πŸ“Œ 1
Post image

⚠️Challenge time again⚠️

It is based on a real-world situation. Use the HTML injection to leak the flag to an external domain β˜ƒοΈ

This time, send solutions in DM; we don't want to spoil the fun. I also might want to patch any obvious blunder I made creating it

joaxcar.com/xss/outer.ht...

18.12.2024 14:04 πŸ‘ 18 πŸ” 5 πŸ’¬ 2 πŸ“Œ 0
Preview
MonkeHacks #43 Year in Review, Technique Drop, Taking Care

🐡 MonkeHacks #43
Year in Review, Technique Drop, Taking Care

πŸ“In this issue, I drop a fun technique for bypassing redirect checks in certain situations. Enjoy :)

#bugbountytips #hacktheplanet #bugbounty monke.ie/p/monkehacks...

13.12.2024 14:47 πŸ‘ 6 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0
Post image

A small code-golf web challenge (free research from you, for me), how short can you make a "fetch content and execute it inline".

There is a CSP in a meta tag.
Goal: get the content from the file hack.js and have it inserted in the page. like in the image

joaxcar.com/xss/self.html

12.12.2024 13:00 πŸ‘ 36 πŸ” 7 πŸ’¬ 5 πŸ“Œ 3
Post image

Here's what's in the latest issue of BBRE Newsletter πŸ”₯

11.12.2024 09:19 πŸ‘ 2 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0

🫑 2024 YTD #BugBounty stats update:

πŸ“„ 7 issues Reported (4 Crit, 2 High, 1 Medium)
πŸ’° 4 issues Paid
βšͺ 1 Informational
πŸ”΄ 1 OOS

25.11.2024 14:54 πŸ‘ 2 πŸ” 1 πŸ’¬ 1 πŸ“Œ 1

Will try it, seems to be fun!

01.12.2024 15:54 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
PortSwigger Advent Calendar

Doing some @portswigger.net advent calendar this year as well. Join me on advent.j15.se

Its not affiliated with Portswigger but it will link you to one of their chapters each day (random for max excitement)

Its created 100% using Cursor so any bugs is AI’s fault

01.12.2024 14:11 πŸ‘ 5 πŸ” 3 πŸ’¬ 2 πŸ“Œ 0

Can I ask the reason why a RCE is a low/medium severity bug in this case? Attack complexity or scope is not core asset?

30.11.2024 15:20 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Back to the Basics - Web Fundamental to 100k a Year in Bug Bounty (Ep. 99)
Back to the Basics - Web Fundamental to 100k a Year in Bug Bounty (Ep. 99) YouTube video by Critical Thinking - Bug Bounty Podcast

This week we've got a rare episode that is also a bit more beginner friendly!

0xLupin (of Lupin and Holmes) and @rhynorater.bsky.social breakdown some of the hacker mentality that really caused some breakthrough in their hacker growth.

Check it out!
youtu.be/yxc2jVKE-jo

28.11.2024 15:06 πŸ‘ 31 πŸ” 9 πŸ’¬ 0 πŸ“Œ 0

Dope!

27.11.2024 16:43 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Post image

Alright, new platform so I'm going to start sharing some things that I'm excited about to keep the momentum flowing!

Rn, I think the 403 Bypasser Caido plugin from Bebiks is freaking amazing.

This is a tool to automate the bypassing of walled-off endpoints.

This plugin does 3 things right:

27.11.2024 15:01 πŸ‘ 37 πŸ” 8 πŸ’¬ 3 πŸ“Œ 0

Any bug bounty people around? I'm creating a starter pack of people to follow but it's pretty brief currently! Let me know if you'd like to be added: go.bsky.app/GD7hKPX

21.11.2024 15:23 πŸ‘ 95 πŸ” 30 πŸ’¬ 45 πŸ“Œ 2

🫑

26.11.2024 12:22 πŸ‘ 1 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0
Preview
Bug bounty hunters & content creators Join the conversation

The "bug bounty hunters and content creators" starter pack is now up to 60 users! Follow this to get instantly connected to the bug bounty community & let me know if I've missed you off!

go.bsky.app/GD7hKPX

23.11.2024 16:21 πŸ‘ 86 πŸ” 22 πŸ’¬ 18 πŸ“Œ 4

Trying to make a list of programs that have hosted a live event on hackerone
-epic games
-tiktok
-zoom
-salesforce
-uber
-PayPal
-DoD
-shopify
-airbnb
-yahoo
-Starbucks
-Amazon
Which did I miss #Bugbounty

25.11.2024 01:15 πŸ‘ 5 πŸ” 1 πŸ’¬ 2 πŸ“Œ 0

I really needed this list! Thanks

25.11.2024 01:36 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

Hello World!

24.11.2024 14:55 πŸ‘ 1 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0