AOXSIN @aoxsin
CHANGE | GROW | SUCCEED Joined January 2022-
Tweets808
-
Followers1K
-
Following48
-
Likes2K
@Bugcrowd Who’s asking about what wordlist I use I use mostly github.com/orwagodfather/… and github.com/six2dez/OneLis… Important note all the time update your wordlist manually by adding interesting endpoints / dirs that you have
Here's one for ya. In order to be successful in bug hunting, do you need to be able to build before you can learn to break?
Chained `hakrawler` + `x8` in one python script. A perfect combination for crawling websites and parameter discovery. github.com/improphethacke… #bugbountytips #bugbounty @sh1yo_ @hakluke #recontips
CRLF Injection attack Severity: Medium CRLF injection — a web vulnerability that allows an attacker to inject CRLF characters (%0d%0a) into an HTTP response. CRLF Injection attack has two common use cases: Log Splitting and HTTP Response Splitting 1/n #bugbountytip #Hacking
Diving deep into Burp Suite's sitemap and scanner. #pentesting #appsec #infosec #cybersecurity #bugbounty youtube.com/watch?v=WcAzmh…
Old but gold #bugbountytip add this for your world list .svn/entries or edit on the ready template github.com/projectdiscove… Ex: admin/.svn/entries next step if you locate the svn configuration use svn-extractor github.com/anantshri/svn-… start looking for bugs in the source
Great one 🖤 @zseano Finding bugs on NFT websites for fun & profit youtu.be/25O6pX6qQY0?si… via @YouTube
Detection and exploitation of a PHP Code Injection with an "abused" version of #SQLMap. The picture presents the PHP shell. I am planning to make this "thing" available at github.com/DimopoulosElia… the next few days. Don't put the expectations too high :-)
More from @PortSwigger: When exploring unfamiliar application domains in bug bounty hunting, pentesting, or secure coding, thoroughly review documentation and consult domain experts. This effort often uncovers overlooked bugs, especially in obscure domains. #pentesting #appsec…
The developer responsible tried to fix the SSTI vulnerability in the previous version! 😄 He's now confident that it's no longer vulnerable as he introduced a new validation feature! But can you prove him wrong? 😎
New Updates on my web application penetration checklist 1-Wordpress Common Vulns 2-403 bypass techniques 3-Burp Suite Extensions Link: github.com/e11i0t4lders0n… #BugBounty #BugBountytip #BugBountytips
Do you have a New Year's resolution to start bug bounty hunting? Get a head start with @NahamSec's HUGE list of resources for beginners: 🐞 Basics 🐛 Blogs & Talks 🐜 Books 🦟 Setup 🪲 Tools 🪳 Labs 🕷️ Talks 🐜 Coding 🦟 Mindset And more! 👇 github.com/nahamsec/Resou…
Do not post Open redirect as Open redirect, try to chain it with other vuln. Do not post XSS as XSS, try to chain it with ATO or SSRF. Do not post IDOR as IDOR. Try increase impact by leaking PII or ATO. #bugbounty #bugbountytip #bugbountytips
I've dropped my 403 bypass tampers on @DanielMiessler , @g0tmi1k , and I's project SecLists this afternoon. I have found many bugs with these tricks. Enjoy 🫶✌️🤫 github.com/danielmiessler…
If your lfi @pdnuclei templates not working because the WAF is blocking /etc/passwd Change to /etc/shells and edite the matchers. matchers: - type: word words: - "# valid login shells" - "/bin/sh" - "/bin/ash" - "/bin/bash" condition: and part: body
You asked and we answered... Because of the interest in our merch, we've decided to run a giveaway! We're offering merch bundles to 10 lucky winners (items may vary to those shown). To enter: 🛡️ Follow us and @CysecCareers 🛡️ Retweet this tweet Worldwide. Closes Jan 5, 2024
Google Dork - File Upload 📁 (site:example[.]com | site:example[.]org) & intext:"choose file” credit: @TakSec #BugBounty #BugBountytips
http://example(.)com/app?origin=https://evil(.)com/ - Forbidden http://example(.)com/app?origin=http:/evil.com/ redirect -> evil.com/?authToken=eyJ.... 🤯 It's always a good idea to revisit your old reports & try to bypass the fix.
Dr Tahir @Tahirkhan_4
7K Followers 8K Following Ph.D | Teacher | Son of a Teacher |Mentor | Social Counseling | Content CreatorKhaliq Dad @Khaliqdad78602
72 Followers 265 Following New Business Setup Renewal Tade License . Office Ejari 2 year freelance Visa Partnor Visa +971-54 3540518Md Riazul Islam @riazul_isl33639
27 Followers 223 Following I am a Professionsl#Digital Marketor And# Social Media Expert #Twitter Marketing #Facebook Marketing # You Tube Marketing# Instagram Marketing # ms WordGrowth Profit @growth_profit_1
96 Followers 972 Following Just trade the system. We never master the market we just master our own discipline and risk management.Jane @jane_church_
182 Followers 3K FollowingCyberSHIELD🛡️ @cyb3rshi3ld
6K Followers 250 Following From Learning to Leading with The #CybersecurityOS! Interested in The #CyberSHIELD Career Accelerator Program? DM “CYBER” for More Info + Free #INFOSEC101 GuideAMSAR CUPANG CHENNEL @AmsarCupang
54 Followers 90 FollowingSheila Morgan @SheilaMorg57242
0 Followers 20 Followingsprima @sprima99
290 Followers 4K FollowingAyyan Ahad @Ayyanahad1
5 Followers 86 FollowingOmid khan @SkyOmid786
4 Followers 28 FollowingNikhila K S @Nikhila_KS_
783 Followers 1K Following IGDTUW'25🎓 She believes she can, so she is striving 🚀 Blog - https://t.co/IIqq7RxCNVBalogun Josuha @Josuha369
24 Followers 195 Following Experienced digital marketing strategist driving online business growth through #socialmediamarketing. Let's take your brand to new heights! #DigitalMarketingJessie Carney @jessie_car6276
101 Followers 3K FollowingCathy @smithcathy67
148 Followers 3K FollowingVishal Vishwakarma @rootxvishal
239 Followers 190 Following Security Analyst | eJPT | VAPT | Bug Hunter | Secured Google, BBC, Lenskart & 100+ Companies | 8xCVEmeer @MeerbalochB
247 Followers 1K FollowingRocky Bhai @RockyBhai598351
56 Followers 113 Followingipro light @ipro_light
935 Followers 5K Following IPROI Technology Co., Ltd. is a professional LED lighting manufacturer & supplier and prides ourselves on offering high quality, cost-effective LED lighting.Hack_duck @hack0duck
26 Followers 251 Following A regular normal Duck | Cyber Duck | Learner । Pack Pack PwnedKatherine Safford @KatherineSaff
93 Followers 5K FollowingNancy @nancyszymansky7
176 Followers 3K FollowingKokalagi Rushikesh(3R.. @3RaasRK
111 Followers 2K Following Cyber Security Researcher | Bug Bounty Hunter | Penetration TesterChristina @brisco32christi
131 Followers 3K FollowingEliza Maxam @ElizaMaxam47511
92 Followers 5K FollowingFreedom Guru @freedomgru
1K Followers 4K Following Funny Video | News Junkie | Politics | Foreign Affairs | National Security | Observer & Analyst | i tweet informative facts and opinions |Alesia Recor @AlesiaReco7318
68 Followers 5K FollowingMahsa @maddyelv
3 Followers 110 FollowingBen Sadeghipour @NahamSec
197K Followers 1K Following Cofounder @hackinghub_io, Advisor @Trick3st @CaidoIO. I hack companies and make content about it. Bug Bounty Village & #NahamCon organizer. ex @hacker0x01🇮🇷Intigriti @intigriti
155K Followers 644 Following Global Bug Bounty & VDP Platform. 🌐: https://t.co/fgCupJckrW ▶️: https://t.co/lRfCzZBgb7 👾: https://t.co/Inf7N9VQIlInfoSec Community @InfoSecComm
38K Followers 637 Following Largest InfoSec publication with 30k+ followers and 1M+ monthly views. 3rd edition of @IWcon_ happening in December 2023!bugcrowd @Bugcrowd
160K Followers 6K Following The leading provider of crowdsourced cybersecurity solutions purpose-built to secure the digitally connected world...Unleash Ingenuity™root@AkashHamal0x01:~.. @AkashHamal0x01
7K Followers 691 Following Solo | https://t.co/I6KH8WN8nm | Community Helper 🤝| WebApp Security 🐞 | Avid Learner 📖 | Male | Father of One | Married 💍PentesterLab @PentesterLab
153K Followers 0 Following We make learning web hacking and security easier. Online systems, code review, videos & courses that can be used to understand, test and exploit bugs!Ahsan Khan @hunter0x7
33K Followers 1K Following [Hacker + lover of bash] I Don't know how to hack but i know how to pwnd!🇷🇴 cristi @CristiVlad25
38K Followers 151 FollowingJason Haddix @Jhaddix
146K Followers 7K Following CEO, CISO, Trainer, Hacker, and Speaker. @arcanuminfosec 18 years hacking + sec leadership. ex:BuddoBot-Ubisoft-Bugcrowd-Fortify-HP-Redspin-Citrix.Katie Paxton-Fear @InsiderPhD
82K Followers 2K Following Dr, apparently. Creator @traceableai, Lecturer & Hacker. #BugBounty hunter & #infosec YouTuber. APIs & Interlinked OffSec, PhD in AI+Sec @hacknotcrime. she/herZeeshan @by6153
1K Followers 730 Following Red Teamer | PNPT | CRTP | CRTO | Bugs Hunter | OFFSHORE-HTBYoussef (s3c) @s3c_krd
9K Followers 447 Following Muslim & Security researcher at hackerone & SRT member & Hackerone Ambassador #bugbounty #hacker #bugbounytipsBug bounty notes @bugbounty0
6K Followers 1 Following account for sharing infosec and bug bounty related stuff. Follow for Tips.Security Blue Team @SecBlueTeam
13K Followers 27 Following Training technical cyber defenders in government, law enforcement, military, and private sectors | Please don't DM for support | @BlueLabsOnline + @CySecCareersCySec Careers @CysecCareers
1K Followers 7 Following The go-to place to find cybersecurity roles and industry talent. Powered by @SecBlueTeam.Ashutosh Upadhyay @ashutoshuy
53 Followers 74 Following Senior Security Engineer at @dhanhq 🚀 | thinking what to write in Bio 🤔...Dr Iretioluwa Akerele @ireteeh
106K Followers 18K Following PhD| Founder @CybarikGlobal | CyberDOC | Researcher| CyberSecurity Career Mentor| @Cloudrica @cyblackorg| @cybersafehq| ChelseaFC|@PhDSafeSpace |Views are mineAbida Shariff @BawseOne
2K Followers 743 Following OSCP | eJPT | Security Engineer @redsentry_tech | Synack Red Team | Web & Mobile Security | advocate @hacknotcrime (she/her) ☠️Web Security Academy @WebSecAcademy
108K Followers 5 Following Free web security training from @PortSwiggerNikhila K S @Nikhila_KS_
783 Followers 1K Following IGDTUW'25🎓 She believes she can, so she is striving 🚀 Blog - https://t.co/IIqq7RxCNVOutreachy Internships @outreachy
32K Followers 2K Following Remote three-month #internships with mentoring. Outreachy interns are paid a $7,000 USD stipend. Outreachy supports diversity in #opensource and open science!ghostlulz @ghostlulz1337
13K Followers 1K Following Founder of RedSentry @redsentry_tech. @DakotaState Alum , Ex @bishopfox. #bugbounty #infosec #redteam #startup #machinelearningSix2dez @Six2dez1
9K Followers 507 Following Ethical hacker | bash lover | https://t.co/UoQ57OTS7f | reconFTW | @vismaBugBountyPlayer @TipsBug
4K Followers 31 Following {{fname}} {{lname}} Twitter bookmark account. Used to prevent spamming my regular twitter followers with boring appsec tweets.Remmy @NineRemmy
633 Followers 357 Following A Hacker, Bug-Hunter, Pentester, and Computer, Internet, and Security-related stuff enthusiast.Nagli @galnagli
33K Followers 556 Following Hacker, Bug Bounty Hunter - Top 5 All Time @Hacker0x01, Top 20 @BugCrowd. Live Hacking Events Winner & Founder of @shockwave_sec - Attack Surface ManagementYogosha @YogoshaOfficial
8K Followers 357 Following Offensive Security Testing Platform. Bug Bounty, Penetration testing as a Service, VDP & Special Operations.Godfather Orwa 🇯�.. @GodfatherOrwa
17K Followers 1K Following Hacker | Bug Hunter | Cooker | Top 3 P1 Warrior On https://t.co/dzFQH75OWj | https://t.co/TdLNCtmEGt | LevelUpX Champion | 10+ 0Days/CVEsDC | David Lee @dccybersec
13K Followers 642 Following Freelancing | Cybersecurity | Director @saferinternetprVickie Li @vickieli7
32K Followers 202 Following Infosec nerd. Hacks and secures. Creates god awful infographics. Author of #BugBountyBootcamp. Security @instacart.Rana Khalil 🇵🇸 @rana__khalil
51K Followers 869 Following AppSec Team Lead | OSCP | CEO & Instructor of @ranakhalilacadLiveOverflow 🔴 @LiveOverflow
142K Followers 1K Following wannabe hacker... he/him 🌱 grow your hacking skills @hextreeioSTÖK ✌️ @stokfredrik
126K Followers 1K Following Hi.. im that hacker / creative that your friends told you about. Creative Director & Hacks all the things at @truesecTryHackMe @RealTryHackMe
233K Followers 103 Following An online platform that makes it easy to break into and upskill in cyber security, all through your browser.HackerOne @Hacker0x01
289K Followers 3K Following The only official HackerOne Twitter account. Peace of mind from security's greatest minds. #HackForGood #togetherwehitharderSecurity Lit Limited @security_lit
871 Followers 133 Following Simplifying Cyber Security in both Web2 and #web3CAPTURE THE BUG @Capturethebugs
1K Followers 15 Following Capture the Bug: AI-powered Bug Bounty Platform💡🥷Doug Hardman @DougHardman
3K Followers 755 Following CTO at @swaggolfco - Recovering Drunk - Active Hobby Addict - NFT Evangelist$FEISTY @feisty_sol
3K Followers 7 Following Embrace financial freedom with $FEISTY: a dynamic token uniting a vibrant community. Explore decentralized opportunities, ignite growth, and thrive together!Yay, I was awarded a $300 bounty on @Hacker0x01! hackerone.com/ehtabbu #TogetherWeHitHarder #bugbounty #cybersecurity #infosec
Yay, I was awarded a $$$$ bounty on @Hacker0x01! hackerone.com/hassan_sheet #TogetherWeHitHarder Bug : host header injection in reset password leads to 1-click ATO Host : my[.]company[.]com Host : evil[.]com ---> not work Host : my[.]evil[.]com ---> success
Today, I want to share some tips for admin panel access/bypass. There are two approaches mainly I follow: 1: technologies enumeration and then bypass accordingly. 2: getting credentials from Leaked dbs [1/N] #bugbountytips #bughunting #adminpanelbypass
I have found a new method for account takeover, almost all websites are vulnerable to it. #bugbounty
Yogosha sera sur le plateau de l'émission @HacktBack ce Jeudi 21 Mars de 20h30 à 22h30, en direct sur Twitch pour parler Bug Bounty, plateformes, hackers, OffSec et plus encore. 🎬 Rdv demain à 20h30 sur Twitch >> twitch.tv/hacktback (et plus tard en replay sur YouTube)
You've probably seen this SQL Injection payload before... 🧐 But how does it exactly work? Let's break it down and also craft a few variants for bypassing WAFs! 🤑👇
HackerOne disclosed a bug submitted by mafia: hackerone.com/reports/67929 #hackerone #bugbounty
@naglinagli @shockwave_sec happy birthday bro, have a good one! (you will prob spend it hacking knowing you haha). 4 more years til it's all down hill, make 'em count ;)
@GodfatherOrwa @Bugcrowd What is your computer/vps config and how much threads you using with fuzz tools. Can you share full command too. Thank you
You just found a bug! How exciting, but what comes next? 🤔 @InsiderPhD lays out every step! 👇 youtu.be/qlzbzfNAXXE?si…
I still remember first day when I asked @XHackerx007 to collaborate with me on #Fisglobal program in (08 Sep 2021) and from that date till today me & HackerX007 working fully on FIS , we still finding critical bugs we can say that we know about FIS more than FIS employees 1/2
@Bugcrowd Who’s asking about what wordlist I use I use mostly github.com/orwagodfather/… and github.com/six2dez/OneLis… Important note all the time update your wordlist manually by adding interesting endpoints / dirs that you have
Here's one for ya. In order to be successful in bug hunting, do you need to be able to build before you can learn to break?
Chained `hakrawler` + `x8` in one python script. A perfect combination for crawling websites and parameter discovery. github.com/improphethacke… #bugbountytips #bugbounty @sh1yo_ @hakluke #recontips
Well, look at that... @knoxss just found XSS for me and knoxnl sent me a Discord notification with the POC 🔥 ➡️ knoxss.me ▶️ github.com/xnl-h4ck3r/kno… 🤘
Curious about how a $20,000 OAuth bug I discovered at a Live Hacking Event last year looks like? Today you can dive into an exact replica and see for yourself! I've collaborated with @NahamSec & @hackinghub_io to create walkthrough video + demo lab 🧪 youtube.com/watch?v=VLgB2f…
Password Reset Token Leak Full Case Study: linkedin.com/feed/update/ur…
CRLF Injection attack Severity: Medium CRLF injection — a web vulnerability that allows an attacker to inject CRLF characters (%0d%0a) into an HTTP response. CRLF Injection attack has two common use cases: Log Splitting and HTTP Response Splitting 1/n #bugbountytip #Hacking
According to them this IP does not belongs to them but still they want me to exploit it further. Since already I have admin Privileges and I have Dumped DB and Config File as well. What should I do now ? @bug_vs_me @fattselimi @GodfatherOrwa @ADITYASHENDE17 @Jayesh25_ @bxmbn