Aleks 🇭🇷🇭🇷 @696e746c6f6c
18 years old junior software developer & security vulnerability researcher. https://t.co/0L2NdBWSuB hackerone.com/696e746c6f6c Hrvatska, Zagreb Joined July 2023-
Tweets441
-
Followers1K
-
Following71
-
Likes218
.@avlidienbrunn blew our minds with his latest HTMX research including this tasty CSP bypass. <img src=x hx-on:htmx:load='alert(0)' /> Bypasses lack of unsafe-inline, but uses unsafe-eval.
Soon I will achieve 1000 rep easily in few weeks. TikTok bug bounty program on @Hacker0x01 is my program haha. So many reports to be paid out soon 10+ pending program review reports, 3 triaged (unpaid)
Recently I've been investigating weird API issue on TikTok which returns empty res just like HEAD req if harmless parameter is missing. Here's the story in my repo of why this happens and why you should continue reporting API vulns even if this happens: github.com/696e746c6f6c/-…
They wanted to close this report as Informative but arguing against staff team is the best decision you can make.
They wanted to close this report as Informative but arguing against staff team is the best decision you can make. https://t.co/USS6Ke9kWW
Not everyone can access this asset on TikTok @Hacker0x01 program I'm telling you the amount of security vulnerabilities there is on limited asset is insane :)
Fun fact: hackerone.com/tiktok added a new scope (seller-id.tokopedia.com) and it's same as seller.tiktok.com but the funny thing is they don't accpet many issues at TikTok Seller Products but they have added this :)
In this report I've managed to achieve a cool TikTok client-side vulnerability. It's really interesting, thanks to .innerHTML property not being sanitized at all and .forEach() method for calling func for each element in array.. It was connected with their source code @Hacker0x01
Cool bonus by TikTok team on @Hacker0x01 now it is $2,600 haha
Hey, does anyone have a contact for TikTok developers? I found some code bugs within TikTok's AMP during a code review.
Swear since I've picked this new PC yesterday (i9 14900KF RTX 4090), this PC is a sex. That's all I can say. Relationship between me and my new PC is insane. Without @Hacker0x01 this wouldn't be possible.
Swear since I've picked this new PC yesterday (i9 14900KF RTX 4090), this PC is a sex. That's all I can say. Relationship between me and my new PC is insane. Without @Hacker0x01 this wouldn't be possible.
Thanks to @Hacker0x01 and TikTok bug bounty program on HackerOne. I've managed to order the newest i9 CPU with GPU RTX 4090, two additional monitors & whole new setup. As well I bought this with my own money as a 17 years old highschool student :)
Again, I was awarded a $1,000 bounty on @Hacker0x01 by TikTok bug bounty program #TogetherWeHitHarder #bugbounty
Again, I was awarded a $1,000 bounty on @Hacker0x01 by TikTok bug bounty program #TogetherWeHitHarder #bugbounty https://t.co/SD6GsCqjHk
Yay, I was awarded a $1,000 bounty on @Hacker0x01! by TikTok bug bounty program hackerone.com/696e746c6f6c #TogetherWeHitHarder #bugbounty
HOLY MOLY I was awarded with another $1,000 by @tiktok_us on @Hacker0x01 #BugBounty #TogetherWeHitHarder
HOLY MOLY I was awarded with another $1,000 by @tiktok_us on @Hacker0x01 #BugBounty #TogetherWeHitHarder https://t.co/VjTDRCdlo7
Yay, I was awarded a $2,500 bounty on @Hacker0x01 by @tiktok_us hackerone.com/696e746c6f6c #TogetherWeHitHarder #BugBounty
KEN @ken0x01
0 Followers 321 FollowingNima @NW_nima
1 Followers 33 Following0utc4st @0utc4st___
2 Followers 118 FollowingAli Abbasov @aliabbasov01
161 Followers 576 Followingvengatesh @vengatno1
1 Followers 287 FollowingShardul Umap @Shardul_Umap
0 Followers 112 Following There are only two types of companies: those that have been hacked, and those that will be.nuy @0xnuy
6 Followers 137 Following Life stored in my PC. Hacking is my passion "1 | Bug Hunter | Senior CybersecurityMano|Eon @MANOEON
51 Followers 395 Following Self-Taught developer || Behind every successful 🌟Coder there an even more successful 🌟De-coder to understand that code© ||z3r0xk.dll 🇵🇸 @z3r01k
503 Followers 2K Following ودِدْتُ أنِّي نَجَوْتُ منها كَفَافًا، لا لي ولَا عَلَيَّBetilløGalvan(ß2G) @BetilloGalvan_
871 Followers 5K Following Developer|CyberSecurityResearcher|DC664🔫|🤠🥷zephyrus @8zephyr1
60 Followers 2K Followingkishor reddy @KishorreddyP12
2 Followers 30 FollowingBrajesh @Brajesh_1230
4 Followers 119 Followingsanga Mahesh @sangaMahesh118
3 Followers 380 FollowingRUOK194 @anonymo58548576
94 Followers 1K Followingcodinglightsoff @codinglightson
0 Followers 124 Following THIS IS A PERSONAL JOURNAL 📓 PENTESTING/CODINGRaduim @raduimofficial
21 Followers 95 Following Cybersecurity Assistant | Chief Security Officer (CSO) 🩶 | 0x0000000A ^; (COS CA PT SA) | 5 years of experience | More 🥰Fernando Figueroa @Fernand90766942
45 Followers 528 Followingcarlos lopez @Darko_skc
1 Followers 63 FollowingKausTubh PaTil @iamrealkaustubh
61 Followers 283 Following Security Researcher Full Time Bug Bounty hacker. (aka ghayalparinda) Being A Cybersecurity Expert was my only goal.1nG!ng @3O7Xnt2ZBzn8in0
1 Followers 63 FollowingOmegaNaffziger @ONaffziger93181
6 Followers 779 Following0xm @5_3
4 Followers 42 FollowingKhald Salhi @KhaldSalhi75897
10 Followers 185 Followingkrishna thakur @krishna27743317
9 Followers 396 Followingpolat123456 @polat1234564
15 Followers 54 FollowingAbdullah Hany @abdullahhanyn
5 Followers 165 Followinguser31fibcxw2 @user31fibcxw2
0 Followers 564 FollowingDalvik @dalvik333
30 Followers 134 Following朱学星 @zhuxuexing1
3 Followers 64 Followingaymen zerrouki @aymenazer1
83 Followers 635 Followingdoomerhunter @DoomerOutrun
2K Followers 936 Following Victor Poucheret | Hacker Co-founded @BZHunt and bootstrapped the company to 7 figures. Multiple LHE #1/Best-team (H1-407, FIC2021,FIC2022,FIC2023, leHack...)abdul aziz @aaypn99
11 Followers 425 Followingwargsec @wargsec
5 Followers 359 FollowingMeta @eagle_0408
52 Followers 1K Followingdoomerhunter @DoomerOutrun
2K Followers 936 Following Victor Poucheret | Hacker Co-founded @BZHunt and bootstrapped the company to 7 figures. Multiple LHE #1/Best-team (H1-407, FIC2021,FIC2022,FIC2023, leHack...)Matia @joyofcodedev
5K Followers 326 Following Web historian from 🇭🇷. ✍️ https://t.co/VcBmgMNMZ1 🪄 https://t.co/HowsJKxhOn ▶️ https://t.co/AoQ2wDV8qx 🔴 https://t.co/3BTiLVAG8H 💬 https://t.co/NGWHBdR8d1AmirMohammad Safari @AmirMSafari
3K Followers 250 Following Application security and automation fanatic. Passionate about all things tech and exploring new ways to stay secure.Sky Desperados @jusxing
2K Followers 502 Following یکم امنیت کامپیوتر بقیش اسکی رو ۲ حالت اب بسیار خوش گذران و چیل یاشو @voorivex
34K Followers 650 Following باگ هانتر، مدرس، مشاور امنیت دونپایه، دانش آموخته مهندسی لیزر و اپتیک، دوستدار شطرنج، حساب انگلیسی @yshahinzadeh0xJay @0SPwn
1K Followers 147 Following 17, Security Consultant, Contracted OffSec Web App Trainer @hackthebox_eu & BSIDES 2023 Speaker @BSidesCymruSergey Shekyan @sshekyan
527 Followers 407 Following Security at ByteDance (TikTok is ByteDance too!)Abdulrahman Makki | �.. @AMakki1337
11K Followers 204 Following Bug Hunter, HackerOne Saudi Arabia Ambassador 🇸🇦 - @BugBountySA 1st Place🥇 - @Hacker0x01 SA 1st Place🥇 - #BlackhatMEA Winner🏆 - #1337up0822 Winner🏆BSidesZagreb @bsideszagreb
283 Followers 272 Following BSidesZagreb is a free, non-profit, community-driven meetup for information security experts and enthusiasts to meet, share ideas and collaborate.Luka Matetic @LMatetic
14 Followers 34 FollowingNosa Shandy @LocalHost31337
2K Followers 1K Following another infosec guy | {insert your certification here}Mouhannad Al-Hmedi�.. @MouhannadlrX0
325 Followers 2K Following in love with diving deep and chains issues toghether to achive most impact possible , Former Competitive Programmer , CVE-2022-36178 (new account)Chris Evans @scarybeasts
26K Followers 199 Following CISO and Chief Hacking Officer at HackerOne. Past: Founded {vsftpd, Chrome security, Google Project Zero}; Tesla; Dropbox. Hacker / Researcher. beebjit.BrunoZero @BrunoModificato
1K Followers 383 Following CTFer for: @Water_Paddler( 💦) / Security auditor for @osec_io 🦦 my writeups: https://t.co/XurIhbWdj7 23yDeadeye @__deadeye___
20 Followers 111 FollowingCritical Thinking - B.. @ctbbpodcast
13K Followers 50 Following A 'by Hackers for Hackers' podcast focused on technical content ranging from bug bounty tips, to write-up explanations, to the latest exploitation techniques.ilhan mercan @ilhan_mercan
1K Followers 309 Following Principal Software Engineer @Hacker0x01 | Prev: Eng Lead @KPN, @yandexcom.Ariel Garcia @Arl_rose
5K Followers 3K Following Community Builder. Pentester. Bug bounty Hunter. Bug bounty village @ DEFCON. https://t.co/PojmVAcqXQ Tweets are my own and not the views of my employer.mrhavit @0xhavit
58 Followers 115 FollowingImran nissar @Imrannissar3
885 Followers 504 Following |Life of a bug hunter🕵️||we broke the build:||Harel @H4R3L
1K Followers 342 Following Bug Bounty hunter | CTF Player | 19/yo wannabe security researcherBorna 🇭🇷 @bornadraganicc
51 Followers 64 FollowingTikTokComms @TikTokComms
48K Followers 38 Following 📰 News and updates from TikTok's Communications Team. 💌 Send media inquiries to [email protected]. ☎️ Contact @TikTokSupport for technical support.George Hotz 🌑 @realGeorgeHotz
248K Followers 174 Following President @comma_ai. Founder @__tinygrad__Max Moroz @Dor3s
2K Followers 428 Following ByteDance / TikTok Security. Past: @GoogleChrome Security and https://t.co/Ni4fXsguyC. @BalalaikaCr3w (& LC↯BC) CTF team. Hopefully all tweets are mine.DreyAnd @dreyand_
880 Followers 748 FollowingJaren @The1Jaren
4K Followers 471 FollowingKahmi @kahmikazi
2K Followers 513 Following #%CEH% •Bachelor in Comp. Networking• ¥Pen Tester¥ [email protected] ~OCNO TOA S32 ~Chocapikk 🇨🇵 @Chocapikk_
1K Followers 736 Following Pentesting Enthusiast, Hunter/Moderator at @leak_ix, Student at @OteriaCS, x18 CVEs - https://t.co/Ezbt3w1g3v Views are my ownTikTok US @tiktok_us
2.2M Followers 15 FollowingYoussef (s3c) @s3c_krd
9K Followers 447 Following Muslim & Security researcher at hackerone & SRT member & Hackerone Ambassador #bugbounty #hacker #bugbounytipsRon Chan @ngalongc
18K Followers 457 FollowingMårten Mickos @martenmickos
32K Followers 173 Following On a mission to empower the world to build a safer internet. Believer in the freedom of speech..@avlidienbrunn blew our minds with his latest HTMX research including this tasty CSP bypass. <img src=x hx-on:htmx:load='alert(0)' /> Bypasses lack of unsafe-inline, but uses unsafe-eval.
JUST IN: 16 year old shoots ten people at a venue in 🇺🇸 Sanford, Florida.
Mad props to @rafabyte_'s debut security research on "Exploiting HTTP Parsers Inconsistencies" explaining how to bypass Nginx ACL Rules with Node.js, Flask and Spring Boot. Here's a 4 step guide based on his 5 months of research on how to exploit this.
PlayStation should be paid 100k$ at least for this bug instead of 12k$ what a joke ! hackerone.com/reports/2177925 #bugbountytips #CyberSecurity
DOMPurify 3.1.1 & 2.5.1 have been released. Both are security releases & should be upgraded to asap. Note: More releases might follow, the mitigated attack is novel. Eternal gratitude goes to @IcesFont for finding, reporting & helping with fixes 🙇 github.com/cure53/DOMPuri…
Hackers, good news: we’ve launched the ability to pause your payments and setting a minimum amount for a small group of hackers — and it’s looking good! We expect to make this available for the entire community in the second half of May.
Yay, I was awarded a $5,000 bounty on @Hacker0x01! hackerone.com/h4x0r_dz #TogetherWeHitHarder out-of-bounds write in Fortinet CVE-2024-21762 👀
This means the TikTok program on @Hacker0x01 will also come to an end?
Our response to the TikTok Ban Bill in the US: tiktok.com/@tiktok/video/…
Yay, I was awarded a $21,000 bounty on @Hacker0x01! Nice bug from months ago - chaining my own CVEs to get the full impact! hackerone.com/blaklis #TogetherWeHitHarder
George Hotz says that everyone should learn C and Assembly.
Starting last week, security researchers can report vulnerabilities and claim rewards for nearly all @amazon subdomains and top-level domains through their expanding public #bugbounty program! 💪🏼 Check out their program page for the latest details! bit.ly/4dbf9Zk
@696e746c6f6c @Bugcrowd @RolandHack6 Yeah 🥲 Well I accept anyway.
I earned $100 for my submission on @Bugcrowd bugcrowd.com/whiteknight_vlo #ItTakesACrowd @RolandHack6 🤣🤣
Biidznillah, I was awarded a $5,000 bounty on @Hacker0x01! a simple IDOR ❌ GET /api/v1/user/detail?type=1&user_id=123 ✅ GET /api/v1/user/detail?type=0&user_id=123 alwys try changing the value if u find parameters similar to that (type, role, scene, etc.) #bugbountytips
The first batch of #H165 winners are here! On behalf of the HackerOne and @salesforce teams, thank you for your hard work. 💪 1st Place: arneswinner 3rd Place: ngocdh Eliminator: matanber Exterminators: shubs, ziot, nahamsec, ryotak Most Valuable Hacker: arneswinner