thechiefumar @thechiefumar
Joined April 2026-
Tweets15
-
Followers0
-
Following115
-
Likes17
Wrote some exploits for Chrome recently. A little teaser article:
New Zero Day Engineering research: Chrome Exploit Mitigations, by @alisaesage zerodayengineering.com/research/chrom…
A LINUX KERNEL DEVELOPER PROVED THE THING YOU PUSH CODE TO IS SECRETLY A DATABASE THAT CAN VERSION ALMOST ANYTHING AND THAT MOST DEVS HAVE ONLY EVER TOUCHED A TENTH OF IT 42 minutes from Josh Triplett -- a longtime Linux kernel and Debian developer -- showing that Git is a general-purpose, tamper-evident versioning engine that just happens to be famous for code. -> The moment it clicks, Git stops being "Where my code lives" and becomes what it really is underneath: a content-addressable store that can version almost anything -- your configs, your notes, your servers' state, entire datasets. People run whole wikis on it. They version their entire machine's configuration with it. They ship websites by pushing to it. They track data too big to email. None of it is a hack -- it's the same handful of objects you already use for code, pointed somewhere new. Treating Git as a code-only tool was never the ceiling -> it's a versioning engine for anything, and the people who see that automate what the rest of the team still does by hand. And as AI agents start spitting out not just code but configs, docs and data, the one system that can version and audit all of it at once is already sitting on your machine. You learned five commands to survive. This is the talk that shows you were standing on top of a database the whole time. It changes what you think the tool is even for. Bookmark & Watch it today ↓
ONE OF THE MINDS BEHIND JAVA GAVE A LECTURE WHERE HE BANNED HIMSELF FROM USING ANY BIG WORD UNTIL HE DEFINED IT FIRST AND IN DOING SO QUIETLY EXPLAINED HOW EVERY GREAT SYSTEM GETS BUILT A talk from Guy Steele -- co-author of the Java spec and a designer of Scheme -- where the
What to LOOK for when hunting for IDORs? 👀 @InsiderPhD shares some solid tips and insight on why you shouldn’t be intimidated by unpredictable IDs. Check it out. 👇
Mass assignment bugs hide in plain sight on most SaaS apps. 10-minute playbook:
1. Find an update endpoint. PUT /api/users/me, PATCH /profile, GraphQL updateUser. Any "save settings" feature.
2. GET the resource first. Read the ENTIRE response — including fields the UI never displays. role, plan, isAdmin, emailVerified, balance, organizationId, kycStatus. Those are targets.
3. Send the GET body back as PUT/PATCH. Most backends accept it because devs use "spread body into model" patterns (Object.assign, _.merge, Rails update_attributes, Mongoose findByIdAndUpdate).
4. Flip interesting fields one at a time. {"role":"admin"}, {"isAdmin":true}, {"plan":"enterprise"}, {"emailVerified":true}, {"balance":999999}.
5. Try BOTH casings. is_admin vs isAdmin. Backends check one, accept the other.
6. Try nested. {"user":{"role":"admin"}}. Deep-merge endpoints eat these.
7. Same trick on CREATE. POST /projects with "ownerId":"
Curious what "learn web hacking" actually looks like from day one? 🐀 The 901 Beginner Bundle is the path I wish I'd had — labs, mindset, your first XSS. Peek inside (discount baked into the link): thexssrat.podia.com/901-beginner-w… #bugbounty #hacking
@github I can login and make changes to my repository but others aren't able to view my profile and repositories:
Hey @github . My github profile Whitecat18 was accidentally flagged without prior mail and activies, i was trying to push my code from dev to main branch. I can login, but my profile shows a public 404 error. Appeal submitted under ticket ID: #4440743. Kindly look and resolve the issue.
Found this amazing book on creating an os from scratch!
loving seeing others succeed <3
after seeing @thedawgyg fuzzing posts, i started learning about fuzzing myself. the results so far have been encouraging: interesting crashes, memory corruption indicators, and plenty more to dig into. #TogetherWeHitHarder #bugbounty
Unpopular opinion: 90% of bug bounty content teaches people how to find low-hanging fruit. Very little teaches how to think like an attacker and chain vulnerabilities for real impact. That’s exactly what this playlist covers. If your methodology starts and ends with automated scans, you’re probably going to hate it. 🥱 youtube.com/playlist?list=…
Check out my latest article: General Malware Analysis Steps on FlareVM | Article 03 linkedin.com/pulse/general-… via @LinkedIn
Automated Reverse Engineering with LibGhidra, GhidraSQL, and AI Agents x.com/i/broadcasts/1…
Owen | Guardian @0xOwenThurm
13K Followers 1K Following Founder, @guardianaudits. $45,000,000,000+ Protected. Host: Permissionless Podcast. Book an audit → https://t.co/M4i98qFCD3
Paladin Blockchain Se... @0xPaladinSec
8K Followers 60 Following Smart contract audits with a focus on safety from the user's perspective. Audited projects are not an endorsement nor financial advice. https://t.co/hm7CmgOr4t
Zero Day Engineering @zerodayalpha
11K Followers 1 Following State-of-the-art vulnerability research & exploit intelligence • @alisaesage @zerodaytraining
Alisa Esage Шевч�... @alisaesage
41K Followers 99 Following Independent hacker and researcher, owner of Zero Day Engineering @zerodayalpha
HackingHub @hackinghub_io
13K Followers 14 Following Educating the next generation of ethical hackers.
YesWeHack ⠵ @yeswehack
42K Followers 3K Following Offensive Security & Exposure Management Platform 🎯 https://t.co/57gODBqAMx 👾 https://t.co/ICc6RyihIX 💡 https://t.co/KNYxhkL2p1
peterChain @peterChain7
943 Followers 935 Following Cybersecurity, Digital forensics, CTF player, System development, Friend, Apache web server Configuration, CTFs Creator
slash1s @slash1sol
8K Followers 300 Following smoke cigs and post about coding, ai, crypto, trading, prediction markets..
Imamul Mursalin @inscryption1
4K Followers 473 Following Security enthusiast aka Cyber Security Researcher
ChainSecurity @chain_security
7K Followers 192 Following Trusted by top DeFi engineers since 2017. Born at @ETH_en, ex-@PwC. Probably the most stable team in Web3.
0age @z0age
14K Followers 126 Following
Blockchain Threat Int... @blockthreat
5K Followers 2 Following A weekly, independent newsletter to capture the latest security news, tools, events, vulnerabilities, and threats in the cryptocurrency landscape by @iphelix
pashov @pashov
42K Followers 2K Following Telegram https://t.co/qOHEkyaNYl Security audits @PashovAuditGrp Angel investing @PashovCapital
Code4rena @code4rena
41K Followers 547 Following Web3 security, on demand. $20M+ in rewards paid. 1600+ High Severity vulns found. Zero platform fees.
Immunefi @immunefi
75K Followers 640 Following Immunefi is the leading security platform for blockchains. Over $180B of user funds protected across 650+ protocols.
TruthLover @0xtruthlover
316 Followers 2K Following In God we trust, all others must verify their code.
⚡🌌🌌teslatheg0... @TeslaTheGod
5K Followers 195 Following 🌐Top 60 https://t.co/FjfGmQxPWD || https://t.co/pPR9UWSmG1 || Just a Teenage Hacker Spirit || Full Time BugHunter since July 2023 || Streamer
skull @brutecat
7K Followers 372 Following hacker, security researcher. 21. i run a blog @ https://t.co/cBW6gzTpV2
Jerome Kaino @jeromekaino
78K Followers 3K Following The Official account of Former Auckland, @BluesRugbyTeam, @AllBlacks player currently living in 🇫🇷 Toulouse @stadetoulousain Instagram: jeromekaino @wasserman
Steven Luatua @StevenLuatua
28K Followers 626 Following Always be yourself. Unless.. you can be Batman. Always be Batman. @AucklandRugby, @BluesRugbyTeam #197 @Allblacks #1121 & now @Bristolbears / @manusamoa #626
gr3pme @gr3pme
3K Followers 652 Following Cohost @ctbbpodcast || Bug Bounty Hunter || hacker - OSWE, OSCP
bsysop @bsysop
6K Followers 770 Following TOP10 @bugcrowd, TOP7 P1 Warrior 🚀 H1 AWC Champions 2024 and 2025 https://t.co/4PRRx7QQaH 🤟🏻 https://t.co/eehzMtCJO4
sw33tLie @sw33tLie
10K Followers 945 Following Web application hacker, 25yo. Top 30 @ https://t.co/wX0yr85Tzk https://t.co/ZI7a8oJJcQ https://t.co/LGYK7tMOGo
spaceraccoon | Eugene... @spaceraccoonsec
26K Followers 315 Following Author of "From Day Zero to Zero Day" - No Starch Press. Every day is 0day! Personal profile - all opinions expressed are my own.
STÖK ✌️ @stokfredrik
138K Followers 1K Following Hi.. im that hacker / creative that your friends told you about.,
XSS Payloads @XssPayloads
55K Followers 0 Following
Joel Margolis (teknog... @0xteknogeek
16K Followers 1K Following AppSec by day, Hacker by night || Puzzle addict
RyotaK @ryotkak
11K Followers 660 Following Security researcher? | Icon: @MelvilleTw | Private: @RyotaK_Private | Misskey: https://t.co/63E5Rpv2pk | Blog: https://t.co/c7NFQXhV90
Geluchat @Geluchat
5K Followers 971 Following Baptiste Devigne | Bug Bounty Hunter | Most Impactful Team H1-0131 (AWS) | Eradicator H1-6102 (Salesforce)
Kévin GERVOT (Mizu) @kevin_mizu
7K Followers 779 Following Vulnerabilty researcher at @assetnote 🐛 | DOMLogger++ developer 👨🏻💻 | CTF with @FlatNetworkOrg, @rhackgondins 🦦 | @ECSC_TeamFrance 2023 🇫🇷
Nicolas Grégoire @Agarri_FR
28K Followers 628 Following Web hacker and Burp Suite Pro trainer Refer to https://t.co/D5tRH7U2hg for trainings Follow @MasteringBurp for free tips and tricks
Santiago Lopez @santi_lopezz99
23K Followers 189 Following World's first $1M hacker | Top 3 @hacker0x01
Pentester Land @PentesterLand
32K Followers 824 Following
Frans Rosén @fransrosen
43K Followers 907 Following Co-founder of @centrahq/@detectify/@poweredbyingrid. I do not advertise doing hacking services, do not trust the ones telling you I do.
Nuclei by ProjectDisc... @pdnuclei
38K Followers 183 Following Nuclei uses a vast templating library to scan applications, cloud infrastructure, and networks to find and remediate vulnerabilities.
ProjectDiscovery @pdiscoveryio
42K Followers 144 Following Real, exploitable vulnerabilities. No noise. Nuclei scans fast. Neo closes the loop. @pdnuclei × @neo_ai_engineer
LeighTrinity @LeighGi66657535
12K Followers 1K Following COO Malware village/World cyber health. Hacker. Assembly/Bash/Python/C. Exploitz dot ca
Jenny Qu @GuanniQu
2K Followers 1K Following ctf player @SquidProxyLover • previously RL for math @caltech • she/they • DMs open
Calif @calif_io
5K Followers 30 Following We're https://t.co/KTEDnC2VUV. Join us to make the Internet safer for your mum and everyone else: https://t.co/eUFMLkW9t2.
Nightmare Eclipse @ChaoticEclipse0
9K Followers 574 Following
SEKTOR7 Institute @SEKTOR7net
16K Followers 350 Following Homo Aptus. Vincit qui se vincit - Publilius Syrus. Consulting, Training, Technology, Cyber domain, and more... @x33fcon founder.
JUMPSEC @JUMPSEC
748 Followers 766 Following JUMPSEC leading provider of #cybersecurity services. We are on a mission to enable effective cyber security. Discover our industry-leading research @JumpsecLabs
Smukx.E @5mukx
23K Followers 226 Following Adversary Simulation | Malware Researcher & Red Teamer | 0x16 Y/o
Intigriti @intigriti
209K Followers 666 Following Bug bounty & VDP platform trusted by the world’s largest organisations! 🌍
Medusa @medusa_0xf
9K Followers 208 Following Security Researcher | Building Medusa | Partnering with cybersecurity companies on technical content | Partnerships 📩You might like
