Swipe through the first post to learn how to extract endpoints from mobile apps to test for BAC flaws!
#BugBounty #HackWithIntigriti #BugQuest
0
0
0
0
#BugQuest
Latest posts tagged with #BugQuest on Bluesky
Trending
Posts tagged #BugQuest
Day 15 of #BugQuest! π€
You've almost made it! Discovery week ends today! And we're exploring mobile app analysis, one of the most underrated methods for endpoint discovery.
Mobile apps often communicate with completely different APIs than their web variants.
0
0
1
0
Even when introspection is disabled, GraphQL's auto-complete error messages will suggest correct field names when you send typos.
Swipe through to learn how to extract complete API schemas from GraphQL endpoints!
#BugBounty #HackWithIntigriti #BugQuest
0
0
0
0
Day 14 of #BugQuest! π€
We're almost wrapping up the discovery section with GraphQL APIs, one of the most powerful methods for discovering unreferenced endpoints (in GraphQL, itβs more about discovering queries and mutations).
0
0
1
0
These external sources can reveal endpoints that haven't been referenced before in your target, but do exist and work in production.
Swipe through to learn where to search and what to look for!
#BugBounty #HackWithIntigriti #BugQuest
0
1
0
0
Today marks day 13 of BugQuest! We're almost 2 full weeks into #BugQuest! π€
We've covered discovering endpoints through active sources. Today, we're going to explore a passive method to enumerate more app routes and API endpoints.
0
0
1
0
When you suspect undocumented endpoints to be present, it's always recommended to further enumerate your target for more endpoints & routes.
Swipe through today's post to learn where to find (& learn to utilize) API docs!
#BugBounty #HackWithIntigriti #BugQuest
0
0
0
0
Day 12 of #BugQuest! π€
Today's topic is one of the easiest ways to find endpoints, and it's via public documentation.
Developers create docs to help integrate with their APIs, but they often accidentally expose more than intended.
0
0
1
0
Tools like LinkFinder and JSParser automate this process, but understanding what to look for can help you spot patterns that automated tools might miss.
Swipe through to see how JS files can include endpoints and how to extract them!
#BugBounty #HackWithIntigriti #BugQuest
1
0
0
0
Day 11 of #BugQuest! π€
Today we're diving into one of the most effective discovery methods: JavaScript file analysis.
Modern web applications are packed with JavaScript code that reference API endpoints, application routes, and input parameters.
0
0
1
0
Swipe through to learn how to fuzz effectively and build wordlists that actually work!
#BugBounty #HackWithIntigriti #BugQuest
0
0
0
0
Day 10 of #BugQuest! π€
We've covered content discovery through commonly exposed configuration files. Now it's time to scale up with automated content discovery and endpoint fuzzing.
Tools like Ffuf, Feroxbuster, and Dirsearch can help you enumerate thousands of potential endpoints.
0
0
1
0
Swipe through to see a few examples of config files to check and what they can reveal!
#BugBounty #HackWithIntigriti #BugQuest
0
0
0
0
Day 9 of #BugQuest! π€
Yesterday, we listed an overview of the primary ways to discover endpoints.
Today, we're diving deep into one of the easiest and most overlooked methods: common configuration files.
1
0
1
0
From common paths and API docs to JavaScript files and mobile apps, there are multiple ways to uncover hidden endpoints that may lack proper authorization checks.
Swipe through to see the main discovery techniques! π
#BugBounty #HackWithIntigriti #BugQuest
1
0
0
0
Day 8 of #BugQuest! π€
This week is all about finding the endpoints and resources you need to test for BAC vulnerabilities.
Today, we're covering where to start your reconnaissance. BAC bugs can appear anywhere in an application, so thorough endpoint discovery is crucial.
0
0
1
0
We'll show you how to find hidden endpoints, enumerate APIs, and uncover the resources you need to test for BAC bugs. This is also where the real fun begins! πͺ
#BugBounty #HackWithIntigriti #BugQuest
1
0
0
0
Day 7 of #BugQuest! π€
Theory part is almost over (we promise!)! We've covered what BAC is, how authentication and authorization work, and what counts as a valid finding.
Today, weβre covering where you can spot BAC vulnerabilities. BACs can appear almost everywhere within an application or API.
1
0
1
0
Understanding the CIA triad (Confidentiality, Integrity, Availability) is what separates accepted reports from informative and non-applicable ones.
Swipe through to learn what programs accept and what findings are likely to get rejected as informative.
#BugBounty #HackWithIntigriti #BugQuest
1
0
0
0
Day 6 of #BugQuest! π€
We're almost wrapping up theory week with a crucial topic: What actually counts as a valid BAC vulnerability in bug bounty?
Not every authorization issue is impactful. Programs may reject findings that don't demonstrate real risk.
0
0
1
0
Tomorrow, we'll move into some more practical examples to help identify impactful BACs. The exploitation phase starts next week. πͺ
#BugBounty #HackWithIntigriti #BugQuest
0
0
0
0
Day 5 of #BugQuest! π€
We're almost wrapping up the theory section with one more crucial topic: authorization models. π
Applications use different models to decide who can access what. Understanding RBAC, ABAC, DAC, and MAC helps you identify which type of authorization check is missing or broken.
0
0
1
0
Swipe through to learn how most targets are designed to check if you're allowed to access that admin panel, view another user's profile, or use premium features! π
#BugBounty #HackWithIntigriti #BugQuest
0
0
0
0
Day 4 of #BugQuest! π€
We're still covering the fundamentals, but stick with us as this is the most important phase for beginners. π
0
0
1
0
Tomorrow, we'll dive into the different authorization-level checks, and why mixing these concepts (as a developer) leads to vulnerabilities. π
#BugBounty #HackWithIntigriti #BugQuest
0
0
0
0
Day 3 of #BugQuest! π€
We've covered what broken access controls are and the differences between authentication and authorization.
Today, we're exploring authentication methods, the most common ways applications verify who you are.
0
0
1
0
Stick with us while weβre covering the fundamentals of BAC. We promise this will help you identify missing or weak authorization checks throughout the rest of the month.
And be sure to come back tomorrow for Day 3! πͺ
#BugBounty #HackWithIntigriti #BugQuest
0
0
0
0
Day 2 of #BugQuest is here! π€
Yesterday, we covered what Broken Access Control is and why it remain the most common vulnerability type on the OWASP Top 10 2025 list.
Today's topic covers a common misconception between authentication vs authorization.
1
0
1
0
Are you still searching for your first valid vulnerability? Q2 is just around the corner! It's time to lock in! π«‘
Join us in #BugQuest! Starting today, we'll share bug bounty tips, techniques, and resources that anyone can use to find Broken Access Control (BAC) vulnerabilities...
3
0
1
0
New #BugQuest series is coming up! π€
For the entire month of March, we'll be diving deep into Broken Access Control (BAC) vulnerabilities and exploring:
> How to find new, vulnerable endpoints (at scale)
> Exploiting BACs (simple to advanced)
> Tools & other useful automation tricks
3
0
1
0