alex @insertScript
@[email protected] # https://t.co/liE6hop4OX Array(10).join('a'-1)+ Batman! #Cure53 Joined June 2012-
Tweets2K
-
Followers7K
-
Following209
-
Likes13K
Even if you are familiar with these vectors, its a really good summary to freshen up your memory.
GMSGadget (Give Me a Script Gadget) is a collection of JavaScript gadgets that can be used to bypass XSS mitigations such as Content Security Policy (CSP) and HTML sanitizers like DOMPurify. gmsgadget.com A useful tool by @kevin_mizu
I’ve just published slides on Shadow DOM & security! 遅ればせながら #shibuyaxss の資料を公開しました!Shadow DOMとセキュリティの話です~ speakerdeck.com/masatokinugawa… (日本語) speakerdeck.com/masatokinugawa… (English)
<meta http-equiv="refresh" content="0;url='//example.com'@X.com/'"> Chrome redirects to x.com, Safari and Firefox redirect to example.com.
publication of my latest modest paper; Eclipse on Next.js: Conditioned exploitation of an intended race-condition - (CVE-2025-32421) enabling a partial bypass of my previous vulnerability, CVE-2024-46982 by chaining a race-condition to a cache-poisoning zhero-web-sec.github.io/research-and-t…
This will be one of the few occasion I will mention a brand, its not IT Security related and positive. My @HyperX wireless headset started to dismantle itself and the support just requested proof pictures and all was good, a new one was shipped.
I think many people are familiar with the topic of blind CSS exfiltration, especially after the post by @garethheyes However, an important update has occurred since then, which I wrote below ->
the research paper is out: Next.js and the corrupt middleware: the authorizing artifact result of a collaboration with @inzo____ that led to CVE-2025-29927 (9.1-critical) zhero-web-sec.github.io/research-and-t… enjoy the read!
What an awesome research! Also really well explained
Absolutely stunning work from @pspaul95 on this CSS Injection - > text node exfil technique. blog.pspaul.de/posts/bench-pr…
MXSS Part 2: Why Client-Side HTML Sanitization is hard In this video, we dive into Parser Differentials, Namespace Confusion, and the Nesting Depth Limit that led to an XSS on Google and multiple DOMPurify bypasses. youtu.be/vVwo5tW6d3w
I really liked it - can't wait for any additional research in this field
I really liked it - can't wait for any additional research in this field
MXSS Explained Part 1: Why Server-Side HTML Sanitizers Are Doomed to Fail with this XSS! In this video, I dive into how sanitizers work, discuss the first known MXSS in IE, and showcase an MXSS vulnerability in the popular Node.js module, sanitize-html. youtu.be/aczTceXp49U
here is the story about CUPS unauthenticated RCE and the messy info dicslosure process the researcher had gone through... evilsocket.net/2024/09/26/Att…
really interesting documentation how history.back, iframes srcdoc and the sandbox attribute are evaluated/loaded to achieve XSS.
really interesting documentation how history.back, iframes srcdoc and the sandbox attribute are evaluated/loaded to achieve XSS.
XSS in PDF.js! I think this is going to cause some chaos both client-side and server-side... really nice finding by @CodeanIO codeanlabs.com/blog/research/…
Can't wait to see the payload - especially as I had looked at PDF.js in the past and back then their implementation seemed quite good to ensure XSS can't occure.
Can't wait to see the payload - especially as I had looked at PDF.js in the past and back then their implementation seemed quite good to ensure XSS can't occure.
I've built a brand new version of my fuzzing tool Shazzer🚀 shazzer.co.uk - Easy fuzz browser behaviour - Find bugs - Share the results with the world
Recently, I discovered a DOMPurify bypass in the case of CUSTOM_ELEMENT_HANDLING and FORBID_CONTENT options usage ⏭️ This issue isn't a big deal as it doesn't involve a default configuration bypass. However, I thought it was interesting to document it 👇 mizu.re/post/playing-w…
In case you missed it...I wrote a book, please support my work by buying a copy. If you've already bought one thank you, please can you RT to spread the word! leanpub.com/javascriptforh…

Gareth Heyes \u2028 @garethheyes
37K Followers 1K Following JavaScript for hackers: Learn to think like a hacker. https://t.co/e0aNEbEDk5
Ben Sadeghipour @NahamSec
233K Followers 1K Following Cofounder @hackinghub_io | Advisor @CaidoIO. I hack companies and make content about it. #NahamCon organizer. ex @hacker0x01🇮🇷
LiveOverflow 🔴 @LiveOverflow
155K Followers 1K Following wannabe hacker... he/him 🌱 grow your hacking skills @hextreeio
shubs @infosec_au
56K Followers 2K Following Co-founder, security researcher. Building an attack surface management platform, @assetnote
@[email protected]... @SecurityMB
11K Followers 284 Following Improving the world’s security at Google. Opinions are mine.
James Kettle @albinowax
79K Followers 92 Following Director of Research at PortSwigger aka Burp Suite. Find my research, tools & contact details at https://t.co/vP6UbGmvl3
STÖK ✌️ @stokfredrik
135K Followers 1K Following Hi.. im that hacker / creative that your friends told you about., 💫🔮
Youssef Sammouda (sam... @samm0uda
37K Followers 499 Following Hacker, bug bounty hunter, guy behind https://t.co/TBAtP71Cop. 1st in Meta bug bounty program for the last 6 years. YES Team Member
Tuan Anh Nguyen⚡️... @haxor31337
15K Followers 2K Following 29 y/o Bug Bounty Hunter and Red Teamer at Viettel Cyber Security. Brand Ambassador @Hacker0x01 - Researcher Spotlight @Bugcrowd
Harsh Jaiswal @rootxharsh
22K Followers 1K Following Building @hacktronai | researching at @httpvoid0x2f | auditing at @cure53berlin | prev @zomato @vimeo @pdiscoveryio
Frans Rosén @fransrosen
43K Followers 897 Following Co-founder of @centrahq/@detectify/@poweredbyingrid. I do not advertise doing hacking services, do not trust the ones telling you I do.
Nicolas Grégoire @Agarri_FR
27K Followers 630 Following Web hacker and Burp Suite Pro trainer Refer to https://t.co/D5tRH7U2hg for trainings Follow @MasteringBurp for free tips and tricks
Justin Gardner @Rhynorater
35K Followers 2K Following Christian | Full-time Bug Bounty Hunter | Host of @ctbbpodcast | Advisor @CaidoIO | 4x LHE MVH | 🗣️ English, 日本語 | ♥️ @mariahchan_ ♥️
Soroush Dalili @irsdl
20K Followers 909 Following Hacker (ethical), web appsec specialist, trainer, tools builder & apps breaker, @SecProjectLtd founder 🕸️https://t.co/YipuTcYnWc🥷 🍏A dad-joke maker🍐
InfoSec Community @InfoSecComm
52K Followers 636 Following Largest InfoSec publication with 62,000+ followers and 1M+ monthly views.
spaceraccoon | Eugene... @spaceraccoonsec
25K Followers 302 Following Here to learn! Infosec@Open Government Products | White Hat && SecOps
lcamtuf @lcamtuf
38K Followers 498 Following Substack: https://t.co/yFvmNisGW3 Homepage: https://t.co/iFAXZxCO5H
Muhammad Farhad Ansar... @fteagleeye1
701 Followers 3K Following Fundamentalist Muslim | Student | Bug Bounty Hunter
PandyaMayur @pandyaMayur11
654 Followers 1K Following
orvalho @orvalhoDev
123 Followers 629 Following
Jorian @J0R1AN
2K Followers 359 Following Normalize being weird. (also here: https://t.co/cr9Y0kDEBi)
Cyber_Security @x_CybSec
8 Followers 971 Following
Anish Kumar @AnishKumar74315
7 Followers 57 Following
HKR PI @HKRPI1
5 Followers 1K Following
BugzBunny666 @BugzBunny_666
1 Followers 100 Following
Ismail Arabi @IsmailArabi18
85 Followers 2K Following
Vincent @vincentscode
8 Followers 103 Following Freelance Software Developer Feel free to contact me if you have any request, idea or project you want to talk about with me.
SNOWDEN @SNOWDEN69200694
239 Followers 2K Following
Daniel Elobeamer @elobeamer96144
18 Followers 82 Following
Aerlyn Vorynx @myu_2y
132 Followers 3K Following
@Kinho0woned @JaxKinho
54 Followers 496 Following
Firef1y @WildFireflyy
1 Followers 237 Following
Hussein Sherafat @Hussein_Sherafa
233 Followers 6K Following
someone @someone0725178
8 Followers 232 Following
yiming zhang @kerjo_007
0 Followers 9 Following
soutag @soutagx86
61 Followers 512 Following aaaaaaaaaaaaaaaaaabbbbbbbbv mostly websec blog : https://t.co/orahW4iR1r
rumper81 @rumper811
17 Followers 2K Following
uta4052 @3Iip71Xgjrsn1Mr
157 Followers 347 Following M2 secammp2022 X4 2024 NOCチューター mini名古屋25 チューター CODEBLU23,24学生スタッフ
Sohail @Sohaila58465791
5 Followers 323 Following
nuyo4h @nuyo4h
0 Followers 2K Following
Ineza Ryan @ryan_10o0
0 Followers 13 Following
T1nt1n @t1nt1nsn0wy
700 Followers 4K Following Noobie H4CK3R and researcher at @qualys. Prev @pwc. Views are my own :)
Ahi @hyrfvh6543
0 Followers 487 Following
🇸🇩KASHOO$$ 🇵... @Kasho0_1
99 Followers 410 Following
CVCW10 CWCCW5 @vcxw06
1 Followers 111 Following
Zubin @p1ngfl0yd
705 Followers 1K Following Application Security | Red Teamer | Fuzzing | IoT & Linux Enthusiast
Intigriti @intigriti
193K Followers 658 Following Bug bounty & VDP platform trusted by the world’s largest organisations! 🌍
Gareth Heyes \u2028 @garethheyes
37K Followers 1K Following JavaScript for hackers: Learn to think like a hacker. https://t.co/e0aNEbEDk5
Ben Sadeghipour @NahamSec
233K Followers 1K Following Cofounder @hackinghub_io | Advisor @CaidoIO. I hack companies and make content about it. #NahamCon organizer. ex @hacker0x01🇮🇷
LiveOverflow 🔴 @LiveOverflow
155K Followers 1K Following wannabe hacker... he/him 🌱 grow your hacking skills @hextreeio
PentesterLab @PentesterLab
190K Followers 0 Following We make learning web hacking and security easier. Online systems, code review, videos & courses that can be used to understand, test and exploit bugs!
@[email protected]... @SecurityMB
11K Followers 284 Following Improving the world’s security at Google. Opinions are mine.
Nicolas Krassas @Dinosn
146K Followers 735 Following Head of Threat & Vulnerability Mgmt @ Henkel AG & Co. KGaA https://t.co/NC1orlKrW3
PortSwigger Research @PortSwiggerRes
111K Followers 7 Following Web security research from the team at @PortSwigger
chompie @chompie1337
83K Followers 1K Following hacker, weird machine mechanic, X-Force Offensive Research (XOR)
James Kettle @albinowax
79K Followers 92 Following Director of Research at PortSwigger aka Burp Suite. Find my research, tools & contact details at https://t.co/vP6UbGmvl3
STÖK ✌️ @stokfredrik
135K Followers 1K Following Hi.. im that hacker / creative that your friends told you about., 💫🔮
Binni Shah @binitamshah
141K Followers 165 Following Linux Evangelist, Malwares, Security enthusiast , Investor, Contrarian , Philanthropist , Reformist , Sigma female 🦋 https://t.co/WOvf41tMKV
Frans Rosén @fransrosen
43K Followers 897 Following Co-founder of @centrahq/@detectify/@poweredbyingrid. I do not advertise doing hacking services, do not trust the ones telling you I do.
Nicolas Grégoire @Agarri_FR
27K Followers 630 Following Web hacker and Burp Suite Pro trainer Refer to https://t.co/D5tRH7U2hg for trainings Follow @MasteringBurp for free tips and tricks
Justin Gardner @Rhynorater
35K Followers 2K Following Christian | Full-time Bug Bounty Hunter | Host of @ctbbpodcast | Advisor @CaidoIO | 4x LHE MVH | 🗣️ English, 日本語 | ♥️ @mariahchan_ ♥️
Soroush Dalili @irsdl
20K Followers 909 Following Hacker (ethical), web appsec specialist, trainer, tools builder & apps breaker, @SecProjectLtd founder 🕸️https://t.co/YipuTcYnWc🥷 🍏A dad-joke maker🍐
ippsec @ippsec
119K Followers 353 Following
lcamtuf @lcamtuf
38K Followers 498 Following Substack: https://t.co/yFvmNisGW3 Homepage: https://t.co/iFAXZxCO5H
Martin Doyhenard @tincho_508
3K Followers 227 Following Security Researcher at PortSwigger. Speaker at BlackHat, DEF CON, RSA, Hack In The Box, Troopers, EkoParty
Jorian @J0R1AN
2K Followers 359 Following Normalize being weird. (also here: https://t.co/cr9Y0kDEBi)
Hacktron AI @HacktronAI
2K Followers 6 Following Hacktron is an autonomous vulnerability hunter for ambitious engineering teams. Built by world-class security researchers. Powered by one principle: PoC || GTFO
slonser @slonser_
4K Followers 163 Following Co-Founder @neploxaudit. CTF team @C4TBuTS4D Security Researcher at Solidlab.
Valentino Massaro @valent1nee
325 Followers 125 Following
PraSec @PraSec_conf
110 Followers 0 Following PraSec (Prague Security) is an IT security (hacking if you prefer) event which brings together similarly minded people from our beloved industry.
splitline 👁️🐈... @_splitline_
1K Followers 569 Following @D3VC0R3 / CTF with ${cYsTiCk} / 友民党 / Taigi, zh-TW, en-US, es-PY / 🐈⬛
Chris Evans @scarybeasts
25K Followers 202 Following CISO and Chief Hacking Officer at HackerOne. Past: Founded {vsftpd, Chrome security, Google Project Zero}; Tesla; Dropbox. Hacker / Researcher. beebjit.
GMO Flatt Security In... @flatt_sec_en
630 Followers 1 Following Building AI that finds & fixes web security bugs — autonomously. SOTA in white-box bug hunting. Try Takumi: https://t.co/zruO7dgEcc
RyotaK @ryotkak
7K Followers 662 Following Security researcher? | Icon: @MelvilleTw | Private: @RyotaK_Private | Misskey: https://t.co/63E5Rpv2pk | Blog: https://t.co/c7NFQXhV90
Simone Margaritelli @evilsocket
47K Followers 2K Following Music, cybersecurity, open source and AI • Author of bettercap, pwnagotchi, opensnitch, bleah, legba and a few other things.
Erik Donker @kire_devs_hacks
605 Followers 457 Following I develop stuff and I hack things. #6 Microsoft MSRC 2024 Most Valuable Researcher. Two times consecutive #1 Dynamics 365/Power Platform security researcher.
Gal Weizman @WeizmanGal
2K Followers 529 Following Security (Browser / JavaScript / Client-side) | Focusing on the “Same Origin Concern” | Unfriendly to iframes at @metamask’s LavaMoat 🌋
Kévin GERVOT (Mizu) @kevin_mizu
6K Followers 755 Following Researcher for @ctbbpodcast lab 🐛 | DOMLogger++ developer 👨🏻💻 | CTF with @FlatNetworkOrg, @rhackgondins 🦦 | @ECSC_TeamFrance 2023 🇫🇷
bebiks @bebiksior
3K Followers 486 Following breaking stuff and developing plugins part-time at @CaidoIO
David Buchanan does n... @David3141593
17K Followers 763 Following add my blog to your RSS reader or something. also @[email protected], at://retr0.id
h43z @h43z
5K Followers 382 Following Interested in the unexpected - js, web, security, linux, mind, religion, drugs, history, psychology, culture, freedom and trailrunning
Chromium Disclosed Se... @BugsChromium
8K Followers 0 Following Tweets publicly disclosed bugs in Chromium. Not an official Google product. Run by @SecurityMB. Mastodon: @[email protected]
C:\hristian Mehlmauer @firefart
3K Followers 2K Following I hacked the planet - opinions are my own - Mastodon: https://t.co/FTAelGh7DO
BrunoZero @BrunoModificato
2K Followers 419 Following CTFer for: @Water_Paddler / Security auditor @osec_io my writeups: https://t.co/XurIhbWdj7 24y
Arseniy Sharoglazov @_mohemiv
4K Followers 254 Following Penetration Tester at Positive Technologies, likes to share what I learn with others | @ptswarm
Jakob Inf @JakobInf
7 Followers 8 Following
Renwa @RenwaX23
8K Followers 59 Following
Pew @TheGrandPew
3K Followers 625 Following Defying Logic. BlackHat US 2022 & Defcon 30 Speaker. Pwn2own Winner 2024, 2025.
SentinelOne @SentinelOne
56K Followers 1K Following ONE autonomous platform to prevent, detect, respond, and hunt. Do more, save time, secure your enterprise: https://t.co/N75g1HAnCs 🐱💻
ΡΛSCΛLSΞC @PascalSec
4K Followers 500 Following 👨💻 Team Lead Sol. Engineering @Intigriti 📺 Hacking Content Creator at @Hacksplained (paused) Views are my own and don't reflect the views of my employer.
Reconless @0xReconless
6K Followers 3 Following Security research, blogs, and videos by @filedescriptor, @ngalongc & @EdOverflow YouTube: https://t.co/IGj1aW40ro
SecuriTEA & Crumpets @SecuriTnC
195 Followers 61 Following Talking all things security with professionals, hosted by @LewisArdern Upcoming Guest: Gareth Heyes - PortSwigger Join the community! https://t.co/6m1KmgQENr
maia @joaovitormaiaa
211 Followers 883 Following
Luan Herrera @lbherrera_
3K Followers 423 Following
s1r1us @S1r1u5_
11K Followers 2K Following aham nityaṃ śiṣyaḥ, jagat mama guruḥ. {~hacker~} {founder @ElectrovoltSec, @HacktronAI}
Jens Müller @jensvoid
1K Followers 222 Following Hack the Planet! On a #yolo trip around the word during a pandemic. Involved in https://t.co/UATbdfU5vH, #efail, #pdfex. Raw tech. No chit-chat.