Acumen_cyber_security

Acumen_cyber_security we can provide cyber_security related help and service's We are cyber Security helpers

𝐓𝐡𝐫𝐞𝐞 𝐓𝐢𝐩𝐬 𝐟𝐨𝐫 𝐁𝐮𝐠 𝐁𝐨𝐮𝐧𝐭𝐲 𝐑𝐞𝐩𝐨𝐫𝐭𝐬 👇 If you struggle getting your bugbounty vulns accepted (quick reject/duplicate or N/A...
21/08/2025

𝐓𝐡𝐫𝐞𝐞 𝐓𝐢𝐩𝐬 𝐟𝐨𝐫 𝐁𝐮𝐠 𝐁𝐨𝐮𝐧𝐭𝐲 𝐑𝐞𝐩𝐨𝐫𝐭𝐬 👇

If you struggle getting your bugbounty vulns accepted (quick reject/duplicate or N/A)

-> it might be that the triager doesn't want to deal with your report

𝐈𝐧 𝐟𝐚𝐜𝐭 𝐭𝐡𝐞𝐲 𝐝𝐨𝐧'𝐭 𝐰𝐚𝐧𝐭 𝐭𝐨 𝐝𝐞𝐚𝐥 𝐰𝐢𝐭𝐡 𝐏𝐎𝐎𝐑𝐋𝐘 𝐖𝐑𝐈𝐓𝐓𝐄𝐍 𝐫𝐞𝐩𝐨𝐫𝐭𝐬

As a triager myself who did this job for 3+ years and reviewed over 2500 reports, here are 3 tips I have for everyone who plans to submit a report

-----

1. 𝐅𝐨𝐫𝐦𝐚𝐭/𝐁𝐞𝐚𝐮𝐭𝐢𝐟𝐲
• If you report includes code snippets -> use indentation
• If your report has JSON/XML snippets -> use a beautifying tool
• Verbose HTTP headers? -> remove the irrelevant ones

2. 𝐒𝐞𝐧𝐬𝐢𝐭𝐢𝐯𝐞 𝐃𝐚𝐭𝐚
• Remove passwords/tokens/JWTs/API keys
• If they are relevant-> obfuscate them
• Last thing that you is to create one more security hole

3. 𝐇𝐢𝐠𝐡𝐥𝐢𝐠𝐡𝐭 𝐭𝐡𝐞 𝐈𝐬𝐬𝐮𝐞
• When you work onreport -> it's where the problem is
• You submit a picture/video and you say "see the attached"
• But for someone who just read -> is not where to look
• Highlight with circles/squares/arrows what exactly you want to point out

🕵️each time i get into API Hacking i enjoy it more :)i found secret API Key stored in insecure way then i was able to in...
07/11/2024

🕵️each time i get into API Hacking i enjoy it more :)
i found secret API Key stored in insecure way then i was able to interact with API and send unauthorized requests
which i enjoyed the Manually hunting & reported it
also i made sure API Key is Valid 😉

An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition ...
15/10/2024

An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary files on the Expedition system.

CVSS 4.0 Severity and Vector Strings:

CNA : Palo Alto Networks , Inc.

CVSS-B : Base Score 9.2 CRITICAL 💀

Vector : CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:H/SI:N/SA:N/AU:N/R:U/V:C/RE:H/U:Amber

Stored Xss via BASF Vulnerability disclosure program Description:In a web application, there's a comment section where u...
09/10/2024

Stored Xss via BASF Vulnerability disclosure program

Description:
In a web application, there's a comment section where users can leave feedback. The application fails to properly sanitize user input before displaying it to other users.
Exploitation:
An attacker submits a comment containing a malicious script as part of the feedback. The script steals the session cookie of any user who views the comment.
Indicators:
The attacker doesn't directly observe the stolen session cookies but receives notifications whenever a new cookie is captured, confirming the successful ex*****on of the script.
Impact:
Session hijacking: The attacker can impersonate legitimate users and perform actions on their behalf, such as making unauthorized transactions or modifying account settings.

Address

Chennai
Chennai
600001

Telephone

+917550303998

Website

Alerts

Be the first to know and let us send you an email when Acumen_cyber_security posts news and promotions. Your email address will not be used for any other purpose, and you can unsubscribe at any time.

Contact The Business

Send a message to Acumen_cyber_security:

Shortcuts

Share