p0wn @11bx1337
. Joined January 2020-
Tweets79
-
Followers29
-
Following537
-
Likes959
The damage of VDP programs and their Incentivization is far greater than giving some hunters "points" for farming none-bugs that they can later boast on their CV's, I believe it might actually ruin Bug Bounty platforms in the near future, Let's explore the facts 📜 So VDP's, as…
After more than a month of hard work, PPSSPP is running natively on PlayStation Portal. Yes, we hacked it. With help from xyz and @ZetaTwo
"I wasn't going to report it, I thought it was your laboratory but after my first analysis this seems real" We've just disclosed a surprisingly simple directory traversal that @0xd0m7 found in our website for $5,000! hackerone.com/reports/2424815
Bug: Cross Site Request Bypass File Smuggling Response Forgery to Blind Redirect 😂
Bug: Cross Site Request Bypass File Smuggling Response Forgery to Blind Redirect 😂
The xz backdoor was initially caught by a software engineer at Microsoft. He noticed 500ms lag and thought something was suspicious. This is the Silver Back Gorilla of nerds. The internet final boss.
This Dojo is a cool way to teach/learn about vulnerabilities. 🔥 It reveals the source code, demonstrates how servers parse the information in the backend, offers some hints, and if needed... the final solution. Amazing work @yeswehack ! 🤟🏻 🧵1/2 #BugBounty #BugBountyTips
Wtf 🤣🤣
Alguém aí pediu um CTF, esse vai ser o primeiro campeonato oficial da Crowsec. Valendo R$ 5k pro primeiro lugar! Temos um planejamento de CTFs até 2029, e criamos até uma história pra cada etapa/fase do CTF.
Caraca, essa realmente doeu. R.I.P. Akira Toriyama 😢
Caraca, essa realmente doeu. R.I.P. Akira Toriyama 😢
I hate when a top-tier bug bounty hunter mentions on some podcast what he/she prefers checking sensitive areas of the application without mentioning where. A lot of beginners need help figuring out how to start and where to look for common issues. Here is my list of critical…
Esse vai ser foda 🥵🔥
Nowadays people come to #hacking because of #BugBounty with little understanding of computers.
Bug bounty clownery. A lot of so-called "bug bounty hunters" seem to actually have no idea what they are doing. They are just repeating stuff they have seen in others' reports without actually understanding why, how, where and what is vulnerable, and how to remediate the issue.
Bug bounty clownery. A lot of so-called "bug bounty hunters" seem to actually have no idea what they are doing. They are just repeating stuff they have seen in others' reports without actually understanding why, how, where and what is vulnerable, and how to remediate the issue.
Season 2 of FBI vs Lockbit ransomware group is scheduled to premier in roughly 1 hour. Lockbit has restored their servers (new Tor domains) and is planning on making a statement to the FBI regarding last weeks takedown. Stay tuned for the next episode of Dragon Ball Z
I wrote a new writeup about chaining Out-of-Scope XSS on a single target. 7odamoo.medium.com/how-i-got-5-00…
Want to make big $$$ bypassing WAF for injections such as SQLi, RCE, XSS? Learn the technology you are injecting into. Read the docs or RFC. Understand what the code / query / template is doing. WAF bypass is not hard but it requires more effort than copy/paste payloads.
H.K.H @Cybermageddon
3K Followers 3K Following CISO | Telecom Security Specialist | Cybersecurity Architect | Researcher | Husband | Indie Author 📚 My Book on Amazon: https://t.co/YWLQW7eVnpG0D @CrypticEg0d
103 Followers 923 FollowingAnarchy against the m.. @gba_arthur
138 Followers 953 Following SING ME A LULLABY, MY SWEET TEMPTATION G*59Matheus @sethrlk
81 Followers 988 Followingfzin @allstarsarelyin
452 Followers 3K Followingleoncio @chriskavashaki
182 Followers 2K Following contact Telegram @ChristianLeoleo git https://t.co/coNx5vw5u2xandsz @xandsz__
1K Followers 528 Following Bug Hunter | Hacking ! 🇧🇷 https://t.co/AVdQJgXDUh https://t.co/zlJ0CT8yrq https://t.co/4tROLFkg9A https://t.co/pv1n69PViuDados Táticos 📊 @dadostaticos
182 Followers 106 Following Perfil dedicado a trazer dados, estatísticas e análises de futebol, afim de tentar entender um pouco do esporte mais amado do Brasil! ⚽Blancore @iBlancore
28 Followers 585 FollowingGui sendo do job @thelasalvia
19 Followers 77 FollowingThauan @thau0x01
2K Followers 1K Following best hacker on my street (I live on a farm with no neighbors).Ujjwal @Sam117Wit
157 Followers 2K Following No game No life Left twitter in 2019 but I am back #samlegitArtur Janc @arturjanc
2K Followers 359 Following Making the web platform more secure and private, and managing part of @Google's Information Security Engineering team in my spare time.Jordy Zomer @pwningsystems
2K Followers 219 Following Security Engineer @ Google, likes fuzzing, static analysis and VR. The opinions stated here are my own, not those of my company.Michiel Prins @michielprins
9K Followers 961 Following Hacker. Empowering the world to build a safer internet. Co-founder @Hacker0x01.Mustafa Can İPEKÇİ @mcipekci
7K Followers 356 Following I'm an engineer from Turkey, who is interested with biotechnology, computer science and digital gaming. Proud father of three little devils. A.K.A nukedxChris Thompson @retBandit
6K Followers 650 Following Global Head of Red team @ IBM X-Force. MITRE CTID, CREST, Blackhat Review Board. inveni et usurpaBlack Hat @BlackHatEvents
403K Followers 2K Following The World's Premier Technical Cybersecurity Conference SeriesMartin Kleppe @aemkei
10K Followers 443 Following Mapper. Reducer. https://t.co/P01fQFzxsF and https://t.co/i2eJi6XDjs creator. @Ubilabs co-founder and @GMapsPlatform GDE. Ex @HHjs and @JSUnconf organizer.Supr4s @LdrTom
1K Followers 652 Following Open-source enthusiasts, System administrator and Bug Bounty Hunter on @Hacker0x01 @yeswehack (Top 20)Niv Levy 🇮🇱 @restr1ct3d
5K Followers 3K Following Penetration Testing Engineer / Offensive Security Certified Professional / Bug Bounty HunterWalid Hossain @walidhossain010
3K Followers 437 Following Web app tester || Everything is vulnerable! https://t.co/pReiIkBgEO for pentest: Dm meJobert Abma @jobertabma
42K Followers 752 Following I tweet about security and my experience as a hacker. Co-founder of HackerOne (@Hacker0x01).FofaBot @fofabot
6K Followers 167 Following Cybersecurity Search Engine Contact Email: [email protected] Telegram: https://t.co/E5EcKr5KylCalle Svensson @ZetaTwo
6K Followers 735 Following Security Engineer @ Google. MSc in eng. physics & CompSci, dev & gamer. ❤️ music & long distance running. Wanna do a PhD sometime. Same U/N on all other sitesMalwar3Ninja | Threat.. @Malwar3Ninja
3K Followers 3K Following Malware Hunter | ⚡🆓Threat Intelligence: https://t.co/QOE128pOFN | Member @CuratedIntel | Cyber Defense | DFIR | Views are personal | Retweet≠endorsement | 🍺🥃H.K.H @Cybermageddon
3K Followers 3K Following CISO | Telecom Security Specialist | Cybersecurity Architect | Researcher | Husband | Indie Author 📚 My Book on Amazon: https://t.co/YWLQW7eVnpZero Day Engineering @zerodaytraining
6K Followers 1 Following Vulnerability Research & Courses • https://t.co/WDjQQrzTtRShreyas Chavhan @shreyas_chavhan
2K Followers 288 Following Hacker | Secured Microsoft, OpenSea & more | Slaying Bugs Full Time with My Nichirin Sword (aka Burp) since Aug 2023 | Analytical Psychology Enthusiast - Ni DomMuthu D @_anonysm
1K Followers 286 Following Bug Bounty Hunter | Providing Penetration Testing Services | Investor | Book enthusiast | Lifetime LearnerHenry N. Caga @hncaga
313 Followers 202 Following IT Security Researcher | Infosec Engineer | Pentester | Software Developer | Bug Bounty Hunter | CEH, ECSA, LPT (MASTER), eCPTXJonathan Bouman @JonathanBouman
5K Followers 466 Following Medical Doctor (GP) & Security ResearcherTrend Micro @TrendMicro
115K Followers 4K Following We're a global leader in cybersecurity that helps make the world safe for exchanging digital information.The Dustin Childs @dustin_childs
2K Followers 341 Following Just a simple information security gnome trying to make his way through the universe. Part-time patch wrangler. Tweets are just my opinion and such.Brian Gorenc @MaliciousInput
3K Followers 428 Following Leader of the Zero Day Initiative. Pwn2Own organizer and adjudicator. Trafficker of export-controlled intrusion software. Bug Hunter.bbbig @bbbig12
397 Followers 84 Following Vulnerability Researcher @theori_io. CTF Player (Team GYG, TheDuck). SoftSec Lab in KAIST.REverse_Tactics @Reverse_Tactics
335 Followers 2 Following Software reverse engineering & vulnerability discovery company.starlabs @starlabs_sg
7K Followers 16 Following A Singapore company that discovers vulnerabilities to help customers mitigate the risks against the ever-evolving threat of cyber attacks.Synacktiv @Synacktiv
17K Followers 277 Following Offensive security company. Dojo of many ninjas. Red teaming, reverse engineering, vuln research, dev of security tools and incident response.CanSecWest @CanSecWest
1K Followers 0 FollowingManfred Paul @_manfp
5K Followers 279 Following Maths and cyber and stuff. Playing CTFs with @redrocket_ctf (and @Sauercl0ud). Pwn2Own Vancouver 2020..=2022, 2024. @[email protected]Ransomware News @RansomwareNews
25K Followers 0 Following This Twitter Bot gets updates from ransomware groups Feed maintained by @joshhighetFelipe Warrener-Igles.. @fwrnr
2K Followers 259 Following flexing on computers, every bone and muscle. Prev. Vulnerability Research @withsecure / @pwc_ukOSINT Industries @OSINTindustries
8K Followers 1 Following OSINT-powered tools for email and phone number investigations. Telegram: https://t.co/wzX59rY4LS Linkedin: https://t.co/ivbM2gkKnqGoogle hall of fame! Happy to secure google. Collab with my friend Aravinthan SP! Bug: injection on acquisition
I don't know why some people are surprised ‼️ These bugs are everywhere, Like public API keys 💣 If I use your public keys to send hundreds of requests to api.foobar, com you will lose a lot of $$$$
So apparently if someone knows / guesses the name of your S3 bucket - even if it's private (!) - they can just bankrupt you by sending infinite PUT requests and there is nothing you can do about it. > requests get rejected > but AWS still counts it as a write operation against…
alguém quer fazer essa blusa comigo para tomarmos o processo junto e não ficar pesado para ninguém. bom dia.
Yay, I was awarded a $2,000 bounty on @Hacker0x01! hackerone.com/divyansh2401 #TogetherWeHitHarder #bugbounty #bugbountytips #bugbountytip 1. Bypassed email verification with IP-Rotator Extension. 2. Created an account with [email protected]. 3. Auto Joined their organization.
Ad populum. Uma falácia comum para convencer otários de q vc tá certo. "Ser pobre" é literalmente a característica mais comum entre quase todo grupo de pessoas que já existiu na face da terra. "Característica comum entre teus seguidores e nazistas: ser pobre"
Característica comum em fã de bilionário: Ser pobre
Notes eLearnSecurity Certification eJPT: lnkd.in/epAG2R39 eCPPT: lnkd.in/dRCVbvMT eMAPT: lnkd.in/dgamWrJd eWPT: lnkd.in/d5g4w22n eWPTX: lnkd.in/dhEvuNuW eCXD: lnkd.in/dwN_q6y4 eCPTXv2: lnkd.in/dEiVaZBG
Internet Bug Bounty disclosed a bug submitted by parantheses: hackerone.com/reports/2401359 - Bounty: $2,580 #hackerone #bugbounty
Recently I've been investigating weird API issue on TikTok which returns empty res just like HEAD req if harmless parameter is missing. Here's the story in my repo of why this happens and why you should continue reporting API vulns even if this happens: github.com/696e746c6f6c/-…
(Filter+Cloudflare bypassed) Stored XSS leads account takeover Payload: xyz';"/></textarea><Img Src=OnXSS OnError=prompt(document.cookie)> Tips: Always play with reflecting value's tags. #bugbountytip #bugbounty Assist Cred. @KN0X55
Sharing My Study Methodology as a Bug Bounty Hunter. I promised a friend of mine that I'll share my study methodology with them - thought if I'm gonna share it with them, why not make it public 🤷🏻♂️. Link 🔗: shreyaschavhan.notion.site/My-Study-Metho… #BugBounty #BugBountytips #study
There may be services where geoserver vulnerabilities are still not updated, so you can search /geoserver/ows with gau or wayback and try your luck. ~ waybackurl domain[.]com | grep '/geoserver/ows/' github.com/win3zz/CVE-202… #bugbountytip #bugbounty
SQLi time based from WaybackURLs Part 1 waybackurls testphp.vulnweb.com | grep -E '\bhttps?://\S+?=\S+' | grep -E '\.php|\.asp' | sort -u | sed 's/\(=[^&]*\)/=/g' | tee urls.txt | sort -u -o urls.txt #bugbountytips #bugbounty
If you see android:exported="true" in AndroidManifest.xml in Android pentests, you should definitely try the intent injection method, this may give you ssrf, exfiltration sensitive data, rce. 🥰🌹🥳 #BugBounty #BugBountytips
Not everyone can access this asset on TikTok @Hacker0x01 program I'm telling you the amount of security vulnerabilities there is on limited asset is insane :)
LOL
why there is an RCE on Microsoft? #infosec code.microsoft.com/pages/systemca…
Tô escrevendo uns slides para falar sobre cibersegurança para uns queridos de um curso técnico de informática E achei uma boa ideia compartilhar aq também figura com um panorama das especialidades de sec Largamente inspirado (no mínimo) no livro Building a Career in…