Biscuit's Bug Bounty Playbook

CtrlK

👋Introduction to Biscuit's Bug Bounty Playbook
Mains
🟧Learn to Use Burp Suite
Learn Android Bug Bounty
- 🎥Video Tutorials
❤️YouTube Channels
📰Bug Bounty Reports
📚Blogs & Writeups
🏹GitHub Repository
👨‍👨‍👧Conference Talks
🖨️Automated Scanners
⚙️Intentionally Vulnerable Apps
🎱Learn Drozer For Android Pentesting
🪀Learn Frida For Android Pentesting
🏈Bypassing Security Protections in APKs via Objection and Frida
🪁Security Tools For Android Pentesting
😼PIDCAT for Android Bug Bounty Logging
🎹CLI Commands & Shortcuts
My Android Bug Bounty Lab Setup
Learn Thick Client Pentesting
- 🟥Introduction Videos
📑Introduction Articles
✅Pentesting Checklist
📚Bug Bounty Writeups
🐞Thick Client Vulnerabilities
- DLL Hijacking Basics
🥼Intentionally vulnerable labs
🛠️Tools for Thick Client Pentesting
🏠Bug Bounty Programs with Thick Client Scope
💵Paid Udemy Course
Bug Bounty Reports & Articles
4️Forced Browsing
5️RCE
6️OSINT
Bug Bounty Platforms
Exploiting Technologies

Powered by GitBook

On this page

Bug Bounty Reports & Articles
7️⃣Broken Access Control & Broken Authentication

⚙️2FA Functionality

Glassdoor disclosed on HackerOne: 2FA bypass by sending blank codeHackerOne

Nextcloud disclosed on HackerOne: Two-factor authentication...HackerOne

GitLab disclosed on HackerOne: Ability to bypass email verification...HackerOne

Glassdoor disclosed on HackerOne: 2FA bypass by sending blank codeHackerOne

Shopify disclosed on HackerOne: Email Confirmation Bypass in...HackerOne

The $12,000 2FA Bypass — So Simple, Yet So Critical!Medium

Bypassing 2FA in a Public Bug Bounty Program: A $6000 Journey | by Mohsin khan - Freediumfreedium.cfd

HackerOne disclosed on HackerOne: Changing the 2FA secret key and...HackerOne

Nextcloud disclosed on HackerOne: Two-factor authentication...HackerOne

Khan Academy disclosed on HackerOne: Email Verification Bypass...HackerOne

Simple logic flaw lead to P3 bug in public BBPMedium

PreviousPassword Reset Functionality NextOauth Functionality

Last updated 7 days ago