poking around with @AmirMSafari on a public program, no WAF bypass, no special payload
3x Dom XSS: javascript:alert(origin)
CSPT + parameter pollution: critical CSRF
HTMLi: leaking URL equipped with token
Tip: read JS files curiously, do not rush for bug, enjoy the process :]
after a long time, I decided to write a blog post about one of the old bugs I found in an Android app, which finally led me to achieve 0-Click Mass Account TakeOver
it's now published, you can read it here :
blog.voorivex.team/0-click-mass-a…
after many unlucky moments in bug bounty, july was fun with interesting findings, I made around $30k bounty, mostly from XSS and OAuth
in august, I've planned to dive deeper into client-side stuff
After my first year of full-time bug hunting, I successfully completed Justin’s Challenge on @Hacker0x01 .
I want to share a few things that might help beginners. The bugs I’ve earned the most from are IDOR and XSS — they’re great to focus on when you're getting started.
One…
After my first year of full-time bug hunting, I successfully completed Justin’s Challenge on @Hacker0x01 .
I want to share a few things that might help beginners. The bugs I’ve earned the most from are IDOR and XSS — they’re great to focus on when you're getting started.
One… https://t.co/0TEoBQzjL9
Has the HackerOne Mediation team's responsiveness slowed down, or am I just having bad luck? They opened a ticket (#594174) to gather my feedback on a report's status, but I haven’t received any response from them in over a month
Q2 is over. I’ve pushed so hard in 2025, I think I’m going to slow things down for Q3. It’s summer, and I think I need some relaxation: “Shirazi Mode” activated. (Shiraz is a city in Iran where people are famously calm and laid-back)
95% of self-XSS vulns are exploitable. In cases of OAuth or a page containing sensitive information + login/logout CSRF -> ATO or info leak. I’ve previously tweeted a white box challenge based on a real-world example, you can practice with it :]
233K Followers 1K FollowingCofounder @hackinghub_io | Advisor @CaidoIO. I hack companies and make content about it. #NahamCon organizer. ex @hacker0x01🇮🇷
187K Followers 6K FollowingThe leading provider of crowdsourced cybersecurity solutions purpose-built to secure the digitally connected world...Unleash Ingenuity™
42K Followers 286 FollowingYapping about AI, AppSec, Hacking, & Cybersecurity • Helped secure organizations like Google • Opinions are my cat's • Part-time shitposter
233K Followers 1K FollowingCofounder @hackinghub_io | Advisor @CaidoIO. I hack companies and make content about it. #NahamCon organizer. ex @hacker0x01🇮🇷
187K Followers 6K FollowingThe leading provider of crowdsourced cybersecurity solutions purpose-built to secure the digitally connected world...Unleash Ingenuity™
42K Followers 286 FollowingYapping about AI, AppSec, Hacking, & Cybersecurity • Helped secure organizations like Google • Opinions are my cat's • Part-time shitposter
52K Followers 616 FollowingGrzegorz Niedziela - a hacker who documents his hacking journey by creating and curating the best content about bug bounty and offensive security.
14K Followers 618 FollowingTrying to make internet a safer place for everyone. Pentest Lead @Hacker0x01. Providing penetration testing services @ https://t.co/eTR0t81zbu
1K Followers 1 FollowingThis is the X page for the Off By One Security YouTube channel and Discord server. Streams every Friday at 11AM PT. https://t.co/Q8qt342Nhx
7K Followers 597 FollowingHacking neural networks so that we don’t get stuck in the matrix. Builder and Breaker. Opinions are my own. https://t.co/ij8buvMaXg