mrroot @_mohd_saqlain
I teach systems to misbehave — creatively \r\n Application Security Engineer | https://t.co/qtnfutkZkK mrrootsec.vercel.app INDIA 🇮🇳 Joined November 2013-
Tweets3K
-
Followers872
-
Following407
-
Likes12K
We've just published a novel technique to bypass the __Host and __Secure cookie flags, to achieve maximum impact for your cookie injection findings: portswigger.net/research/cooki…
ViewState Deserialization Zero-Day Vulnerability cloud.google.com/blog/topics/th…
How to find bugs on a hardened target using gadgets - @aituglo bugcrowd.com/blog/how-to-fi…
Facebook Messenger for Windows RCE worth $112K via Slack/Viber DLL files override using path traversal in attachments by @vulnano vulnano.com/2025/09/remote…
As an engineer, I ❤️ clever engineering. Ruby on Rails relies on signed sessions (AES GCM). They are secure, but there is a catch: you cannot invalidate them early. You have to wait for expiry. Workarounds exist, like caching sessions you want to kill, but nothing universal.
Interesting post about Client-side RCE and CSS Injection! balintmagyar.com/articles/googl…
New tool drop: JsonViewer 🚀 Stop scrolling through JSON like a raccoon in a dumpster. 👉 Clean, searchable tables 👉 Bookmarks, filters, exports 👉 Runs in your terminal (SSH/VPS/local) GitHub: github.com/freakyclown/js… YouTube demo: youtube.com/watch?v=j8yrV7… make JSON suck less.
For YOU interested in JS exploitation: 2nd episode dissecting the current state of the art. Ready for fakeobj() ? We are looking for you at fuzzsociety.org to learn vulnerability research together, from scratch. youtu.be/hZU_KsShXGk +slides +docker
Just published a new write-up - Hacking 700 Million Electronic Arts Accounts battleda.sh/blog/ea-accoun…
Sleepless Strings - Template Injection in Insomnia - @TantoSecurity tantosec.com/blog/2025/06/i…
The whitepaper is live! Learn how to win the HTTP desync endgame... and why HTTP/1.1 needs to die: http1mustdie.com
What happens when a WAF blocks every XSS payload you throw at it? You get creative. 🔗 Read the full blog post: blog.ethiack.com/blog/bypassing…
This post is SO GOOD! I knew nothing about easy auth, It's so interesting! And the abuse ideas are so creative! It's not the first time i see how env variables on app lead to such things (See MI research by NetSpy). Go read it! dazesecurity.io/blog/abusingEa…
I'm happy to release a script gadgets wiki inspired by the work of @slekies, @kkotowicz, and @sirdarckcat in their Black Hat USA 2017 talk! 🔥 The goal is to provide quick access to gadgets that help bypass HTML sanitizers and CSPs 👇 gmsgadget.com 1/4
1/4 dbugs LIVE dbugs.ptsecurity.com — vulnerabilities’ home See trends, discover more, read AI summaries, have all references at hand, and your profile with all your CVEs and CVSS score on a leaderboard. ⬇️ See thread: what’s live + what’s next ⬇️
New blog out! Think XSS is a thing of the past with today's Web frameworks? Think again! Our new article by @i_am_canalun breaks down why this vulnerability persists and offers insights on how to stay secure. Read it here! flatt.tech/research/posts…
When applying for a job at McDonald's, over 90% of franchises use "Olivia," an AI-powered chatbot. We (@iangcarroll and I) discovered a vulnerability that could allow an attacker to access the over 64 million chat records using the password "123456". ian.sh/mcdonalds
Just dropped a new CSP bypass for salesforce.com on cspbypass.com : <script src="omtr2.partners.salesforce.com/id?callback=al…"></script>
Reversing and Tooling a Signed Request Hash in Obfuscated JavaScript buer.haus/2024/01/16/rev… Thanks to @hackinghub_io for putting together a lab to learn more about it: app.hackinghub.io/surl
Hackers 🔥 I’ve set up this Nginx that forwards traffic to a Flask server and blocks access to /secret - throwing 403 🛑 Can you find a way to bypass this restriction and access /secret? 🥷 Drop your ideas or tricks in the replies — let’s see how creative you can get! ⚡️
Intigriti @intigriti
193K Followers 658 Following Bug bounty & VDP platform trusted by the world’s largest organisations! 🌍
HackerRats - Uncle Ra... @theXSSrat
154K Followers 945 Following Alone we survive, together we prosper. Are you with me? https://t.co/AfnDsVhqqA
zseano @zseano
79K Followers 702 Following #1 Amazon Security Researcher. full time hacking team with @jonathanbouman @fransrosen @avlidienbrunn
Fat @fattselimi
16K Followers 9K Following Chasing Positive vibes only & Ethical Hacking for fun and profit🧑🍳
Louis Nyffenegger @snyff
20K Followers 590 Following Founder/CEO/Trainer/Researcher/CVE archeologist @PentesterLab. Security engineer. Bugs are my own, not of my employer...
Arshad @Mohd_Arshad09
45 Followers 486 Following
rudy.19 (Jifat) @MDTonmoyHossai7
22 Followers 430 Following trying to make my space in tech world hacking enthusiasts | Django-React dev #hacking #bug-bounty #pentesting
M.PAVAN KUMAR @PavanM73255
0 Followers 2 Following
Yadhavi @PrincessYadhavi
86 Followers 620 Following
Fuisu @Fuisu453
61 Followers 2K Following
Shubham Khanna @Shubhamkhanna06
155 Followers 2K Following Explores and learns! Pentester by Passion. AI explorer. book lover! shares bug bounty tips
Dark@Joker:~$ @ExploitNest
92 Followers 2K Following CRTA | CAP | OSCP (Aspirant) - Pentration Tester & Bug Hunter - Red Teamer 🤡
kamran khan @kamrank94955075
22 Followers 321 Following
Araf Rubayed @ArafRubayed
56 Followers 1K Following
Ryan Barnett (B0N3) @ryancbarnett
5K Followers 401 Following Web App Defender | Bug Hunter/Triager | Purple Team | Detection Engineering | Author | Senior Threat Research Manager @Akamai_research | OWASP Project Leader ✝️
Sergey Zybnev @szybnev
4 Followers 67 Following Hello! My name is Sergey Zybnev. I am a specialist in cybersecurity. I have a wide profile experience in security audit of websites, servers, web applications.
Sergio Muniesa @smuniesa
8 Followers 135 Following
Ruben DM @rcetto
483 Followers 5K Following #Informatica, #BassGuitar, #HeavyMetal... y ahora me ha dado fuerte por los #acuarios, a ver si me relajo un poco
Katie Harvey @KatieHarve8890
1 Followers 173 Following Recruiting webshell engineers to penetrate websites, with a monthly salary of up to $100,000. If interested, please contact https://t.co/LL5DllmfwY
Moshe Farrid @WooorstOne
146 Followers 2K Following
NomadicLad @nomadic_lad28
23 Followers 227 Following
MamieJonah @23Z70BW3TuGrvC5
107 Followers 3K Following
Matt @Matt32207552792
39 Followers 90 Following
Francisco Neves @fneves97
357 Followers 512 Following Software engineer, interested in bug bounty. Building https://t.co/dyLc78uDiB
Kartik Pachbudhe 🇮... @Kartikpachbudhe
247 Followers 4K Following Cybersecurity Researcher | BugBounty Hunter | Cyberspace n00b | Ethical Hacker | Psychology Enthusiast
Shuvo Kumar Saha 🇧... @syper_shuvo
572 Followers 866 Following Bug Bounty Hunter | Penetration Tester
MOGTABA @MOGTABA_X
9 Followers 525 Following
Rohit Soni @rohitsonix
3K Followers 5K Following Sarcastic || Inventory Auditor || Hustler 🔍 उम्मीद कभी हमें छोड़ कर नहीं जाती, बल्कि जल्दबाजी में हम ही उसे छोड़ देते हैं
Luke (datalocaltmp) @datalocaltmp
1K Followers 556 Following mobile reverse engineering, vulnerability research, using lldb
pentestgod @pentestgod
21 Followers 111 Following Bug Bounty Hunter | Pentester | OSEP | OSCP | CRTP | CRTO | eWPTXv2
Kishnoil Attitude @KishnoilA
3 Followers 46 Following
Sameer Dhage @samdhage16
15 Followers 603 Following
Intigriti @intigriti
193K Followers 658 Following Bug bounty & VDP platform trusted by the world’s largest organisations! 🌍
Ben Sadeghipour @NahamSec
233K Followers 1K Following Cofounder @hackinghub_io | Advisor @CaidoIO. I hack companies and make content about it. #NahamCon organizer. ex @hacker0x01🇮🇷
PentesterLab @PentesterLab
190K Followers 0 Following We make learning web hacking and security easier. Online systems, code review, videos & courses that can be used to understand, test and exploit bugs!
bugcrowd @Bugcrowd
187K Followers 6K Following The leading provider of crowdsourced cybersecurity solutions purpose-built to secure the digitally connected world...Unleash Ingenuity™
InfoSec Community @InfoSecComm
52K Followers 636 Following Largest InfoSec publication with 62,000+ followers and 1M+ monthly views.
HackerRats - Uncle Ra... @theXSSrat
154K Followers 945 Following Alone we survive, together we prosper. Are you with me? https://t.co/AfnDsVhqqA
Harsh Bothra @harshbothra_
43K Followers 741 Following Freelance Pentester & Consultant • Cobalt Core Lead & Pentester • Author • Speaker • Blogger • SecurityExplained • Project Bheem • Learn365 • Views are personal
zseano @zseano
79K Followers 702 Following #1 Amazon Security Researcher. full time hacking team with @jonathanbouman @fransrosen @avlidienbrunn
Sam Curry @samwcyo
97K Followers 1K Following Hacker, bug bounty hunter. Run a blog to better explain web application security.
Luke Stephens (hakluk... @hakluke
95K Followers 2K Following Hacker, marketer. I manage socials and produce amazing technical blogs for cybersecurity orgs. Founder of @hacker_content and @haksecio
Hussein Daher @HusseiN98D
49K Followers 197 Following Entrepreneur, Hacker 🇱🇧🇨🇮 @WebImmunify 21th/270000 BugCrowd Hacking Platform
JS0N Haddix @Jhaddix
167K Followers 7K Following CEO, CISO, Trainer, Hacker, and Speaker. Cybersecurity + Hacking + AI + Sec Leadership @arcanuminfosec
John Hammond @_JohnHammond
298K Followers 3K Following Cybersecurity Researcher @HuntressLabs || Just Hacking Training @JustHackingHQ w/ @ethicalhacker || https://t.co/UtsNJiyQtS || https://t.co/narO3sz7y6
TCM Security @TCMSecurity
207K Followers 360 Following Come learn to hack at TCM Security Academy! Veteran owned. Quality results.
shubs @infosec_au
56K Followers 2K Following Co-founder, security researcher. Building an attack surface management platform, @assetnote
TryHackMe @RealTryHackMe
283K Followers 103 Following An online platform that makes it easy to break into and upskill in cyber security, all through your browser.
Bug Bounty Reports Ex... @gregxsunday
52K Followers 616 Following Grzegorz Niedziela - a hacker who documents his hacking journey by creating and curating the best content about bug bounty and offensive security.
Nathaniel @nnwakelam
41K Followers 919 Following
BugBountyHunter.com �... @BugBountyHunt3r
36K Followers 1 Following Our membership program has come to an end and we’re no longer onboarding new members.
Seba Peyrott @speyrott
409 Followers 25 Following Auth0er, Linux enthusiast, code monkey. I enjoy learning things.
Issam Rabhi @Issam_Rabhi
4K Followers 1K Following Phd in Computer Science. Acknowledged by Google more than 100 times!
0x6c75696a616974 @luijait_
19K Followers 1K Following Apasionado de la tecnología desde corta edad | AI researcher | cybersecurity | PERSONAL ACCOUNT AND OPINION RL
Ryan Barnett (B0N3) @ryancbarnett
5K Followers 401 Following Web App Defender | Bug Hunter/Triager | Purple Team | Detection Engineering | Author | Senior Threat Research Manager @Akamai_research | OWASP Project Leader ✝️
Chaithu @ant4g0nist
2K Followers 250 Following Founder || Vulnerability Research || fuzzing artist || 🦀 + security
Bug Bounty Village @BugBountyDEFCON
8K Followers 580 Following Official X account for the Bug Bounty Village @DEFCON. Founded by @infinitelogins and @arl_rose.
Tom Gallagher @secbughunter
2K Followers 200 Following Vice President of Engineering, Microsoft Security Response Center (MSRC)
Luke (datalocaltmp) @datalocaltmp
1K Followers 556 Following mobile reverse engineering, vulnerability research, using lldb
Stealthy @stealthybugs
6K Followers 89 Following God is our refuge and strength, an ever-present help in trouble. - Psalm 46
尺Ξn4tø 尺ødɿig... @simps0n
3K Followers 244 Following ╪ͥ͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋ ◯ ⃝ ⃝ ⃝ ⌨ ⁰☠ ☂ ☺ ♬
Jonathan Bouman @JonathanBouman
7K Followers 518 Following Medical Doctor (GP) & Security Researcher
Martin Voelk @martinvoelk
10K Followers 1K Following Cyber Security Engineer II at Uber Inc. CISSP, BSCP, OSCP, CCIE. Penetration Testing, Bug Bounty and AI Security Enthusiast. Husband and dog lover.
Critical Thinking - B... @ctbbpodcast
22K Followers 69 Following A 'by Hackers for Hackers' podcast focused on technical content ranging from bug bounty tips, to write-up explanations, to the latest exploitation techniques.
Mohammed Aldoub م.م... @Voulnet
91K Followers 775 Following م.محمد قتيبة الدوب،مستشار ومهندس ومدرب عالمي بأمن المعلومات. Trainer & Cyber Security Consultant, DEFCON, SANS & RSA Speaker,CISSP GWAPT
Matan Berson @MtnBer
4K Followers 267 Following Hacker and bug bounty hunter mostly focusing on client-side security. h1-702 Vigilante, h1-65 Eliminator, AWC23 Best New Hacker
Mukul Goyal @itz_mg_
3K Followers 506 Following 17 | Bug Bounty Hunter | Aspiring Security Researcher
@ddǝɐuɐp @DanaEpp
4K Followers 225 Following I help builders and breakers of code learn to find security vulnerabilities in their apps and APIs.
డానియేల... @zeroxdtd
155 Followers 1K Following Product Security | Automation | Offensive Security 0x45 | Null @Vijayawada Lead
Arbaz Hussain @ArbazKiraak
7K Followers 2K Following Hacker / Technical Triage Lead @immunefi | Views are my own.
Matt Zorich @reprise_99
14K Followers 2K Following @Microsoft Security | https://t.co/HWozKuixTi | Tweets are my own
m s nishanth @msnishanth9001
27 Followers 556 Following ML Researcher at @f5 • @IITHyderabad • @auvcochennai •
Miroslav Stampar @stamparm
8K Followers 351 Following PhD, author of @sqlmap & @maltrail, CTF w/ @SuperGuesser, chess lover, problem solver
Noah Franklin @iamnoahfranklin
312 Followers 338 Following 🌐 Regional AppSec Delivery Lead | Cyber Security & Risk Management | Handling American Region | CPENT | CEH | Pen Tester | AI Enthusiast | Security Researcher
pwn.ai @pwn_ai
8K Followers 1 Following Built to breach. Agentic hacking ecosystem in the works. coming soon. Built by the amazing team @OctagonNetworks
Lenin Alevski @Alevsk
3K Followers 2K Following #security Eng @Google. ♥️ To Build and Break Stuff. Wannabe #Hacker. Personal opinions only, review my PR please. PGP/MIT: 0x67BA54C7DE3DD14A
Kévin GERVOT (Mizu) @kevin_mizu
6K Followers 754 Following Researcher for @ctbbpodcast lab 🐛 | DOMLogger++ developer 👨🏻💻 | CTF with @FlatNetworkOrg, @rhackgondins 🦦 | @ECSC_TeamFrance 2023 🇫🇷
Manmath Paste @ManmathPaste
9 Followers 145 Following
Sulabh Jain @Profile4Sulabh
293 Followers 15 Following https://t.co/8pQreaipF0 https://t.co/BiRddOdawt
Clint Gibler @clintgibler
22K Followers 563 Following 🗡️ Head of Security Research @semgrep 📚 Creator of https://t.co/xwtIAI0CuJ newsletter
Luke Jahnke @lukejahnke
3K Followers 6K Following
Gitesh Sharma @glitchedgitz
718 Followers 302 Following Design Develop Hack, Creating Grroxy! @grr0xy
Six2dez @Six2dez1
10K Followers 558 Following Bash lover | https://t.co/UoQ57OTS7f | reconFTW | RT @visma
Ravindra Penumarthi @ravindrapsharma
310 Followers 245 Following Security Engineer @Microsoft || Chapter lead @nullhyd || Distinguished Motorcyclist @Road_Thrill || Views are Personal
BountyTalks @BountyTalks
1K Followers 154 Following Strimeando en https://t.co/Vocuuynapx, dejanos un follow! Streaming on https://t.co/Vocuuynapx, follow for updates!
Shaik Arif Ali @ShaikArifAli1
322 Followers 3K Following Security Researcher @yeswehack | Building @BBB_GHC | @nullhyd Moderator
Subhash @pbssubhash
1K Followers 1K Following Security at @Microsoft. everything here’s my opinion and not my employer.
Sankita M. @m_sankita4u
783 Followers 96 Following Dev @WellsFargo | Building @SheCloudNative | Microsoft Cybersecurity Engage 22| Top 12% @TryHackMe | 6*Microsoft, 2*AWS, 1*ACE, CAP Gym•Travel•Cookies
Arthur Kotylevskiy @kotylevskiy
149 Followers 73 Following Information security expert, CEO at https://t.co/U0BXDiS5X4
godiego @_godiego__
6K Followers 1K Following Security researcher and bug bounty hunter. https://t.co/ybndhjqZ5z | https://t.co/ALWTKTdgwc | https://t.co/Vv5K0oN4bQ | 🇪🇸
Netlas.io @Netlas_io
7K Followers 12 Following Stay ahead with updates on high-profile vulnerabilities, expert tutorials, essential safety tips, and the latest Netlas developments.
Dinesh Shetty @Din3zh
3K Followers 2K Following Mobile/IoT/Web security; Trainer & Speaker @BlackHat/DefCon/POC/OWASP/Hackfest...; Day job as Director of Security Engineering; #OSCE #OSCP #OSWE #CCISO...
whitecyberduck @whitecyberduck
4K Followers 650 Following Ayub Jabril Yusuf | 🇸🇴🇺🇸 (he/him) | Hacker @SpecterOps | GSE • OSCPTrends for United States
You might like
