@[email protected] @BugBountyWeekly
Weekly #BugBounty realated news and tips - Curated by @TechbrunchFR The Internet Joined March 2016-
Tweets1K
-
Followers4K
-
Following300
-
Likes505
Finally my talk from @x33fcon is online! 🔥 I try my best to explain what websites could do to protect the users against reverse proxy phishing attacks like Evilginx.🪝🐟 There is also a bonus live demo at the end with some Evilginx Pro secret sauce! 💡 youtube.com/watch?v=C-Fh4s…
I decided to make a homage-post to @homakov and @Nirgoldshlager about different OAuth-token leakage methods I've been researching – ten years after their blog posts that inspired me to start hunt for bugs ♥️ thank you. labs.detectify.com/2022/07/06/acc…
@zeyu2001 I used <object> with fonts to leak it with even stricter CSP. My tweet also has a reference to a research paper in the first reply :) These leaks are also useful for port scanner in an environment with javascript disabled
@zeyu2001 I used <object> with fonts to leak it with even stricter CSP. My tweet also has a reference to a research paper in the first reply :) These leaks are also useful for port scanner in an environment with javascript disabled
☢️ClickOnce + AppDomain Manager Injection (aka signed EXE + DLL sideloading) is the new Initial Access Hotness❤️ Check out @zyn3rgy and @0xthirteen insights on weaponising them: posts.specterops.io/less-smartscre… Pssst. there's a training & framework already scratching that surface too🥳
I wish the SEC had filed their exhibits in the binance lawsuit, which include internal chatlogs, before I published my article (newsletter.mollywhite.net/p/sec-v-binanc…) because these are great reading 🍿 Instead I will do a thread 🧵
[In a movie trailer voiceover voice] This summer, Burp Scanner is going to get a whole lot more customizable …
Help us fuel #sqlmap's journey! Passionate about #websecurity? Support our open-source project & make the digital world safer. Check our GitHub Sponsors page for donation options & unique benefits: github.com/sponsors/sqlma… 💙🔒 #cybersecurity #opensource
🔥 Big update! Nanodump now supports the PPLMedic exploit! meaning you can dump LSASS on an up-to-date system with PPL enabled 😃 github.com/fortra/nanodump
Continuing the #BingBang thread, many have asked how we found the vulnerable Bing Trivia endpoint. Let me share our unique Azure Active Directory cloud reconnaissance technique to find misconfigured authentication prompts🧵
In some cases, employees advised customers who were "very closely associated with illicit activity" that they need to be "careful with [their] flow of funds, especially from darknet like hydra", and to create new accounts. "offboarding = bad in cz's eyes"
New cloud security research! We found a method to bypass CloudTrail logging for both read AND write API actions in AWS Service Catalog! In addition, we also reported an issue with a lack of CloudTrail logging in AWS Control Tower. securitylabs.datadoghq.com/articles/bypas…
Just submitted my talk proposal to Black Hat USA!🤞 Psyched to share some wild techniques that should burn for a long time after! #BHUSA
If you have shell access on an EC2 and want to extract creds, instead of remembering how to get them from the 169.254.169.254 path, recent versions of the AWS CLI allow you to use `aws configure export-credentials --format env`.
Does anyone has a script to correlate DNS and Portscan results ? Something like github.com/pry0cc/tew but that uses dnsx and naabu ? #bugbounty
📝 New blog post! Let's talk about NTLM authentication coercion methods using Impacket. Somedays ago, we updated mssqlclient[.]py with many new commands. Among them, the xp_dirtree option was added. MSSQL and xp_dirtree, you know the rest 😉. 0xdeaddood.rocks/2023/02/28/rel…
📣 We’re excited to announce the launch of Porchetta 2.0! We migrated from Gitlab to Gitea. If you’re an existing subscriber you can access the private tools and updates at git.porchetta.industries. Use your subscription email and perform a password reset to gain access.
After almost 2 years of working on NimPlant as a personal side project, I’m proud to release it to the public! NimPlant is a light-weight, first-stage C2 implant written in Nim, with a supporting Python server and Next.JS web GUI. Available here now! 👇 github.com/chvancooten/Ni…
"Fog of War: How the Ukraine conflict Transformed the Cyber Threat Landscape" TAG's biggest ever report. Along with @Mandiant and others from @Google we outline insights into changes in the cyber threat landscape triggered by the war. blog.google/threat-analysi… 1/7
Recently, a vulnerability was reported to our bug bounty program, in the way some of our code interprets IPv4 addresses mapped into IPv6 addresses. Read about how Cloudflare addressed this vulnerability and what will prevent similar exploits in the future. cfl.re/3DyPBoq

Intigriti @intigriti
195K Followers 657 Following Bug bounty & VDP platform trusted by the world’s largest organisations! 🌍
JS0N Haddix @Jhaddix
167K Followers 7K Following CEO, CISO, Trainer, Hacker, and Speaker. Cybersecurity + Hacking + AI + Sec Leadership @arcanuminfosec
bugcrowd @Bugcrowd
188K Followers 6K Following The leading provider of crowdsourced cybersecurity solutions purpose-built to secure the digitally connected world...Unleash Ingenuity™
Md Ismail Šojal �... @0x0SojalSec
31K Followers 5K Following Cyber_Security_Re-searcher || 0SINT || Malware Analysis II Pwn || Ai Re-searcher || Project @AIStrikeSec || 0ld Accounts Suspended @0xSojalSec ||
Het Mehta @hetmehtaa
36K Followers 1K Following Security Analyst | Content Creator | I Spread Cybersecurity News & Talk about AI, Cloud, Tech, Tools & Recent Updates
Iman Gurung @ImanGurung13
8K Followers 441 Following Computer Engineer, Ethical Hacker, Tatoo Lover, Blind xss king
YesWeHack ⠵ @yeswehack
39K Followers 3K Following Global Bug Bounty & Vulnerability Management Platform 🎯 https://t.co/57gODBq2WZ 👾 https://t.co/ICc6RyhJTp 💡 https://t.co/KNYxhkKuzt
Paul Seekamp @nullenc0de
17K Followers 609 Following I spend a significant amount of time reading security stuff. Co-Founder/Partner @CoastlineCyber https://t.co/ZQT5L8q2RO
HackerOne @Hacker0x01
326K Followers 3K Following The only official HackerOne Twitter account. A global leader in offensive security solutions. #HackForGood #togetherwehitharder
Gwyn Myrtice @GMyrtice79810
0 Followers 316 Following
LnTFSOnkine @TfsLn45587
0 Followers 131 Following
parbarosa @parbarosa310678
1 Followers 84 Following
EvilGeniuses @EvilGeniuses24
8 Followers 328 Following
Klaus Gleißner @TheSagex86
38 Followers 848 Following
mahmoud jamal @mahmoudjam56372
1 Followers 226 Following
Mamad zamaani @MamadZamaani
4 Followers 197 Following Interested in security, adventure, travel, and games 💻🌎🎮
Purushothaman .D @Purushotha91161
0 Followers 86 Following
Arif_Hun13r @NHun13r
3 Followers 142 Following
آدَم الفَقِ... @elfaqii
0 Followers 119 Following فأقم وجهك للدين القيم من قبل ان ياتي يوم لا مرد له من الله ▼ 🇵🇸
noobs-sec @NoobsSec
4 Followers 130 Following
Frozt Nova @FroztNova127
565 Followers 1K Following Bug hunter https://t.co/nKsZi9MB64 https://t.co/lyDCJaFahc https://t.co/Zaj4aNwLtf
ge ten @geten359678
1 Followers 90 Following
Netclouts 🇳🇬 @netclouts
31 Followers 351 Following CEO at Netclouts | Cybersecurity Researcher | Malware Analyst & Exploit Developer | WebApp Penetration Tester
Mirghani_x🇸🇩�... @Hydro_911
4 Followers 246 Following Just a guy who try to get a better life . ejpt v1 ⏳ #KeepEyesOnSudan #FreePalestine
Nay Linn Oo @NayLinnOo211289
1 Followers 129 Following
sec sec @Snipe3r_dz
0 Followers 76 Following
islam. hasan @Spartac55
7 Followers 701 Following
Khloe Bailey @bailey_khl34745
36 Followers 1K Following
betmen rdpx @jekbr0w
8 Followers 131 Following
Nightvale @Nightval7
2 Followers 215 Following
T SRAVAN KUMAR @KUMAr87731
0 Followers 17 Following
James Bond @0xjamesbond1337
1 Followers 45 Following
John Kill @john86024
14 Followers 579 Following
Deyonna Krystelle @BriannonPj83277
1 Followers 98 Following Recruiting we bshell engineers to penetrate websites, with a monthly salary of up to $100,000. If interested, please contact https://t.co/pRSCVXDU27
Ali Hassan @imalihassan03
54 Followers 1K Following 23 CA to be Trying to be an artist https://t.co/O1x65I7LF4
Gtb Bubble @BubbleGtb30617
0 Followers 88 Following
DomainXHunt @DomainHunt1
2K Followers 8K Following 🔥 Premium Domains for Sale! 🌐 https://t.co/gHi1KHPeuq | ⚡ https://t.co/DF2XpI6twj | 😎 https://t.co/o11xi5vGFG | ✈️ https://t.co/RvJBHhQE5w| 🏨 No1Stay 📩 [email protected]
swwe r @rswwe4
1 Followers 26 Following
Rohan Kumar Mandal @mandalrohan798
13 Followers 1K Following
Fares Nader @frsndr1
8 Followers 342 Following
scriptsrc @ho153280
0 Followers 35 Following
Mohamed Ahmed @Mohamedahmed_76
1 Followers 153 Following
MSE @DigitalMistica
349 Followers 4K Following 🌐 I made this account to warn others and share my experience with a potential Trojan that auto-downloaded from the TikTok Seller website. 🆘
xu @xxvvthjb6h6
18 Followers 185 Following
elhacker @Bed0xploit
1 Followers 123 Following
Raza Abbas @RazaJafy5
0 Followers 40 Following
Mohamed Elgendy @MoElgende
0 Followers 61 Following
Toqa Ezzatly @TEzzatly
2 Followers 121 Following
Pablo @pabloTaddei26
244 Followers 3K Following Soy Desarrollador de software desde hace unos 10 años. Pero desde hace 4 años estoy en el mundo de la ciberseguridad (Pentesting, ethical hacking).
Intigriti @intigriti
195K Followers 657 Following Bug bounty & VDP platform trusted by the world’s largest organisations! 🌍
Ben Sadeghipour @NahamSec
235K Followers 1K Following Cofounder @hackinghub_io | Advisor @CaidoIO. I hack companies and make content about it. #NahamCon organizer. ex @hacker0x01🇮🇷
Sam Curry @samwcyo
98K Followers 1K Following
bugcrowd @Bugcrowd
188K Followers 6K Following The leading provider of crowdsourced cybersecurity solutions purpose-built to secure the digitally connected world...Unleash Ingenuity™
payloadartist @payloadartist
43K Followers 284 Following Yapping about AI, AppSec, Hacking, & Cybersecurity • Helped secure organizations like Google • Opinions are my cat's • Part-time shitposter
zseano @zseano
79K Followers 703 Following
Julien | MrTuxracer �... @MrTuxracer
37K Followers 444 Following Freelancer @rcesecurity | #BugBounty | @Hacker0x01 H1-Elite | $1,500,000 Overall Bounties | Mobile Hacker | https://t.co/pcWduPOt0n
shubs @infosec_au
56K Followers 2K Following Co-founder, security researcher. Building an attack surface management platform, @assetnote
James Kettle @albinowax
80K Followers 94 Following Director of Research at @PortSwigger aka @Burp_Suite. Find my research, tools & contact details at https://t.co/vP6UbGmvl3
Yassine Aboukir 🐐 @Yassineaboukir
31K Followers 373 Following HackerOne Top 50, Elite, Pentest Lead, Ambassador, MVH Title and (former) Hacker Advisory Board • Digital Nomad • (Un)pro Athlete
Gareth Heyes \u2028 @garethheyes
37K Followers 1K Following JavaScript for hackers: Learn to think like a hacker. https://t.co/e0aNEbEDk5
Jobert Abma @jobertabma
43K Followers 718 Following I tweet about security and my experience as a hacker. Co-founder of HackerOne (@Hacker0x01).
PortSwigger Research @PortSwiggerRes
112K Followers 7 Following Web security research from the team at @PortSwigger
Harsh Jaiswal @rootxharsh
22K Followers 1K Following Building @hacktronai | researching at @httpvoid0x2f | auditing at @cure53berlin | prev @zomato @vimeo @pdiscoveryio
ProjectDiscovery @pdiscoveryio
38K Followers 132 Following Detect real, exploitable vulnerabilities. Harness the power of Nuclei for fast and accurate findings without false positives.
YesWeHack ⠵ @yeswehack
39K Followers 3K Following Global Bug Bounty & Vulnerability Management Platform 🎯 https://t.co/57gODBq2WZ 👾 https://t.co/ICc6RyhJTp 💡 https://t.co/KNYxhkKuzt
HackerOne @Hacker0x01
326K Followers 3K Following The only official HackerOne Twitter account. A global leader in offensive security solutions. #HackForGood #togetherwehitharder
Alex Plaskett @alexjplaskett
12K Followers 572 Following Security Researcher | Pwn2Own 2018, 2021, 2022, 2024 | Posts about 0day, OS, mobile and embedded security.
morisson @morisson
1K Followers 582 Following Breaker of bits. @BSidesLisbon founder and organiser. Mastodon: @[email protected] DISCLAIMER: Tweets are no one’s opinion, probably not even mine.
Antoine Chr @antoinechstr
42 Followers 250 Following Building https://t.co/rBm1SaleKe an AI Airbnb checker. Telling the story of the Fox, my AI companion with a mini-series: The Nomad Code #buildinpublic #nomads
Jack Halon @jack_halon
5K Followers 400 Following Red Team and Offensive R&D at @CrowdStrike | Powered by ☕🍻🍩
Molly White @molly0xFFF
124K Followers 2K Following crypto & tech industry researcher & critic at https://t.co/hb1tT2Q3bJ & @web3isgreat • software engineer • wikipedian support my work: https://t.co/FPG3uvikH0
Yossi Sassi @Yossi_Sassi
10K Followers 6K Following H@כk3r | 1nTh35h3ll; The Hacktive Directory guy; Pow3r5h3ll dude; Look | Think | Do; Co-founder #OrphanedLand, #OrientalRockOrchestra, #10Root
Victor Grenu @zoph
3K Followers 595 Following Cloud Consultant @zoph_io (former @microsoft, @google) — 💸 chasing idle AWS assets @unusd_cloud — Find me on 🦋 https://t.co/PC9C2G9OqP
ẗäüẗöl̈ög̈y... @tautology0
3K Followers 474 Following vi is the best text editor. FACT! @tautology0 @[email protected] @tautology.uk
Dan Olson @FoldableHuman
162K Followers 291 Following Albertan documentarian behind In Search of a Flat Earth, Line Goes Up, and The Future is a Dead Mall Not actually a duck [email protected]
AWS Security @AWSSecurityInfo
62K Followers 156 Following The official Twitter profile for AWS Security. Infrastructure and services to elevate your security in the cloud
matrosh @matro7sh_
128 Followers 0 Following Smersh is a pentest oriented collaborative tool used to track the progress of your company's missions.
frycos @frycos
4K Followers 518 Following Private account! Red teamer @codewhitesec. @[email protected] @frycos.bsky.social
AWS Security Advisori... @AWSSecAdv
723 Followers 1 Following Not an official AWS account! I tweet security advisories from AWS Latest Bulletins RSS feed.
Hash Miser @H_Miser
9K Followers 1K Following Internet janitor, #CERT #BlueTeam and Whisk(e)y enthusiast "Everything you do is useless ! Enjoy 🍻" [email protected] https://t.co/pBOfukJZJi
Charlie Bromberg « ... @_nwodtuhs
15K Followers 652 Following Trying to hack the way we hack things 🏴☠️
Youssef Sammouda (sam... @samm0uda
37K Followers 531 Following Hacker, bug bounty hunter, guy behind https://t.co/TBAtP71Cop. 1st in Meta bug bounty program for the last 6 years. YES Team Member
Martin Doyhenard @tincho_508
3K Followers 227 Following Security Researcher at PortSwigger. Speaker at BlackHat, DEF CON, RSA, Hack In The Box, Troopers, EkoParty
Kim Zetter @KimZetter
93K Followers 3K Following Journalist - cyber/national security. Author - COUNTDOWN TO ZERO DAY: Stuxnet and the Launch of the World's First Digital Weapon. https://t.co/334DzfSL1f
RyotaK @ryotkak
7K Followers 659 Following Security researcher? | Icon: @MelvilleTw | Private: @RyotaK_Private | Misskey: https://t.co/63E5Rpv2pk | Blog: https://t.co/c7NFQXhV90
Palisade @PalisadeLLC
583 Followers 5 Following Palisade is a boutique security consultancy specializing in application security for Web3 and all-things crypto.
Gabriel Landau @GabrielLandau
4K Followers 708 Following Tech Lead @ Elastic Security. Thoughts are my own. Also @[email protected] & @gabriellandau.bsky.social
Nick Frichette @Frichette_n
6K Followers 2K Following Staff Security Researcher @datadoghq | DEF CON/Black Hat main stage speaker | he/him | OSCP OSWE | Tweets are my own | Created https://t.co/QGWMJjv9pc
Porchetta Industries @porchetta_ind
5K Followers 3 Following A centralized platform for organizations to support the developers of Open Source Infosec/Hacking tools.
Clément Labro @itm4n
7K Followers 166 Following Pentest & Windows security research (I stopped using this account in December 2022) ➡ Mastodon: @[email protected]
Marco Lancini @lancinimarco
6K Followers 373 Following 💼 Principal Security Engineer 💬 I tweet about Cloud Security and technical leadership ✍🏻 Subscribe to https://t.co/MR69KiF8RH 📚 https://t.co/TrQKzxfnYg is out now!
Intrigue, acquired by... @Intrigueio
720 Followers 71 Following Intrigue is a leader in the external Attack Surface Management space. Discover your attack surface, automatically assess it for risk, and eliminate exposures.
secret club @the_secret_club
17K Followers 0 Following secret club is a not-for-profit reverse-engineering group; publishing new research on popular software. No ads, no cookies, just research.
Alexis Gay @yayalexisgay
123K Followers 982 Following type A comedian 😎 | 🎟 tix + email list at the link! ⬇️
Kuba Gretzky @mrgretzky
16K Followers 709 Following Offensive security tools developer. Malware dev, bedroom DJ & ex-MMO game hacker. Creator of Evilginx / Bartender @ BREAKDEV RED. bsky: @mrgretzky.breakdev.org
The Paranoids @TheParanoids
15K Followers 153 Following We are the information security team @Yahoo! Report vulnerabilities at https://t.co/VaAvra8Rv9
Maddie Stone @maddiestone
62K Followers 805 Following Security Researcher. Previously Google Project Zero and TAG | 0days all day. Love all things bytes, assembly, and glitter. she/her.
Cody Thomas @its_a_feature_
7K Followers 312 Following Mythic Developer (https://t.co/Uz4fOxIUbe) | @SpecterOps @[email protected] | @its-a-feature.bsky.social
Yogesh Ojha 🚀 @ojhayogesh11
3K Followers 764 Following creator of reNgine, loves reverse engineering Building and Breaking things @ TRG Research
Reconless @0xReconless
6K Followers 3 Following Security research, blogs, and videos by @filedescriptor, @ngalongc & @EdOverflow YouTube: https://t.co/IGj1aW40ro
GrinningSoul @GrinningSoulEmu
450 Followers 1 Following Userland iOS Emulator. Run all your favorite App Store apps on top of the Apple Simulator
spaceraccoon | Eugene... @spaceraccoonsec
25K Followers 301 Following Here to learn! Infosec@Open Government Products | White Hat && SecOps
Fisher @Regala_
10K Followers 505 Following Half hacker, half daydreamer. Mercenary for hire. Casabranca. Snarky tweets only. Opinions my own
André Baptista @0xacb
17K Followers 786 Following Hacker grinding for L1gh7 and Fr33dφm, straight outta the cosmic realm. Co-founder @ethiack
Justin Gardner @Rhynorater
35K Followers 2K Following Christian | Full-time Bug Bounty Hunter | Host of @ctbbpodcast | Advisor @CaidoIO | 4x LHE MVH | 🗣️ English, 日本語 | ♥️ @mariahchan_ ♥️
ege @egeblc
4K Followers 1K Following Malware enthusiast. Reverse engineer. Threat Intel @PRODAFT, FPV drone pilot 🚁 @[email protected] https://t.co/QnOokdPYYy
ebeip90.cc @ebeip90
3K Followers 780 Following Security Engineering & Research / Xoogler / CTF dude. Tweets are my own opinion.
Nathan @nj_dav
858 Followers 79 Following I type instructions into computers, which are intermittently understood.