Vikas Khanna @0xn00b
#Learner #BugHunter #Pentester #InfosecAddict #WebSecurity Singapore Joined September 2010-
Tweets810
-
Followers191
-
Following1K
-
Likes161
خذ العلم من محترفين الأمن السيبراني في ورش العمل التقنية في #بلاك_هات23 😎👨💻
Exciting Speaker Announcement for HCKSYD 2023! Introducing Vikas Khanna! Vikas will share his incredible journey of discovery in the world of security. He will reveal two security issues he uncovered in Apple's systems! #HCKSYD23
Using Burp Bounty for find XXE bugs. @cinzinga_ cinzinga.com/XXE-Case-Studi…
SSRF Bypass list for localhost (127.0.0.1): http://127.1/ http://0000::1:80/ http://[::]:80/ http://2130706433/ http://[email protected] http://0x7f000001/ http://017700000001 http://0177.00.00.01 Also using a redirect to localhost will often work. #bugbountytips
Use shodan to find HTTP servers of a company that are running on "non-standard" ports. HTTP ASN:<here> -port:80,443,8080 Make sure you are logged in.
We've just used Stepper to solve a new @WebSecAcademy lab. portswigger.net/bappstore/065d… It's a great BApp that allows you to construct multi-step sequences and extract data from any step and re-use that data. This is all done using repeater style tabs.
Blog's up! "Firebase Cloud Messaging Service Takeover: A small research that led to 30k$+ in bounties" #GoogleVRP writeup included that relays how business rep & every user of Hangouts,Google Play Music, YouTube Go etc were affected! abss.me/posts/fcm-take… #bugbounty #infosec
Learn about CSRFs: medium.com/swlh/bypassing… medium.com/swlh/attacking… medium.com/swlh/intro-to-…
An Awesome Account Takeover just by adding .json on endpoint by @SalahHasoneh1 #bugbounty #bugbountytip
List of bug bounty writeups (2012 - 2020) pentester.land/list-of-bug-bo…
Extension list for File upload bugs ASP: ".aspx", ".config", ".ashx", ".asmx", ".aspq", ".axd", ".cshtm", ".cshtml", ".rem", ".soap", ".vbhtm", ".vbhtml", ".asa", ".asp", ".cer", "shtml" PHP: php, php5, php3, php2, shtml, html, .php.png(double extension attack)
Want to find critical bugs by changing a single header? Do just like @hacker_ & set your host header to 'localhost' in your next directory bruteforce, the results might be surprising! 🔥 #BugBountyTip #BugBountyTips
BugBounty Resources ♥️♥️🤘 @stokfredrik @TomNomNom @Jhaddix @NahamSec @pdiscoveryio @PwnFunction @farah_hawa01 @AseemShrey @InsiderPhD @thecybermentor @ameenmaali @pry0cc @hakluke @hahwul @0xReconless github.com/1ndianl33t/Bug…
How do you properly hunt on 100k targets? Automation is the key to success when hunting at scale. In my blog post I discuss the techniques and methodology I use while hunting at scale. ghostlulz.com/bug-bounty-aut… #bugbounty #bugbountytip #redteam #xss #osint #infosec
NYtimes says Twitter hacker used Slack as the "in". I think most of us bounty hunters have found at least one Slack token exposed on Github. Example: hackerone.com/reports/386614 hackerone.com/reports/397527
Easy way to find BIG-IP @Alra3ees @ADITYASHENDE17 cat companys |while read url;do test=$(shodan search org:$url http.title:"BIG-IP®-Redirect" | awk '{print $1,$2}');echo -e "\033[32m$url""\033[34m\n$test";done
I just published How I was able to change victim’s password using IDN Homograph Attack link.medium.com/zSmBpWKg27 Thanks to @musiclouderlml for sharing #bugbountytips
hackerone.com/reports/771666 A new fully disclosed HTTP Request Smuggling ATO report from yours truly. Thanks @prateek_0490 and @zomato for working to help kill this nasty bug. 🙏
This blog post by @notsoshant was so helpful in doing SQL injection with MS SQL Server. Definitely worth the read.
This blog post by @notsoshant was so helpful in doing SQL injection with MS SQL Server. Definitely worth the read.
I honestly didn't know about fingerprinting using the favicon hash until now. It's such a little neat recon technique paired with Shodan. I just leveraged for some more attack surface on the program I hack on now. This is a good reference: medium.com/@Asm0d3us/weap…
Farpal @Farpal3567
1 Followers 181 Following
AfraGabriel @007snsp55c4Q0
96 Followers 3K Following
Alice☆ @ManteTanne1459
10 Followers 417 Following
Slytooth @SlytoothR6q
45 Followers 839 Following
Shosl @ShoslqB1dP
37 Followers 863 Following
McThysee @McThyseePHM
24 Followers 922 Following
Riseash @RiseashKQK3cBi
28 Followers 908 Following
Rajat gaba @gabaM786
0 Followers 32 Following
OlgaAbraham @AcgVM2fk3q6Jr
75 Followers 7K Following
たねせまりこ @tanesemari21592
56 Followers 6K Following
LynnLaurie @2sIyfql707dW3MJ
26 Followers 3K Following
Marc R @Seifreed
17K Followers 3K Following 🌍 Geopolitics & Cyber Intel | 🧠 Reverse Engineering Pro | 🔎 Geostrategy Analyst | 💻 Combatting Cybercrime & APT | 🚀 All tweets are my own!
Hacktivity @hacktivityconf
4K Followers 463 Following #HACKTIVITY is the biggest event of its kind in Central & Eastern Europe. Started and founded in 2003. Main theme: hacking, cyber&IT sec, AI,crypto, innovation.
quidbit @nktropy
149 Followers 632 Following
Leyart @Leyart
227 Followers 771 Following Application Security Engineer. Moonlighter. typeof opinions === 'mine' #CBBH.
Isha Desai @IshaDesai21
0 Followers 38 Following
Gold Coin @GC336699
0 Followers 96 Following
Josh Summitt @null0perar0r
33 Followers 462 Following Founder of Faction an Open Source Security Assessment Collaboration Framework @[email protected] #pentesting #cybersecurity #hacking
Make money easily @eu0ZSQgehjZ8ZM
8 Followers 472 Following MEXC focuses on financial management, stocks, cryptocurrencies, digital assets and investments. Currently, new users can get free dollars when they sign up.
Saleh Mohamed @0xManticore
145 Followers 424 Following Cyber Security Consultant | Information Security - Penetration Testing |OSWE | OSCP | OSWP | KLCP | CRT | CPSA (Doing some CyberSecurity on a casual basis).
Tur.js @Tur24Tur
4K Followers 1K Following Application security fan, dedicated to writing custom security tools. @NoBugEscapes @BugBountyZip JavaScript - ExpressJS ♥️💛 https://t.co/bltifT1jkQ
Jakub Pruzinec @offbyfour
23 Followers 18 Following A cybersecurity researcher at Nanyang Technological University, Singapore.
BleshTheGame @BleshThe
78 Followers 361 Following Fight for the noble cause! Pick an Hero! You will be part of the pioneers travelling to Thyle. #NFT #NFTgame https://t.co/DaNlOBdhkW…
Deandra @DeandraSec
765 Followers 4K Following Security Researcher | Bug Bounty🎯, Web&Mobile Apps Security | Red Team🔥 | Offensive Security
Koh Eng Kiat @EngKiat0
4 Followers 389 Following
Pugazhanthi Jayabalan @PugazhPRIDE
27 Followers 152 Following
The Ascent Conference @AscentConf
931 Followers 1K Following Connecting thought leaders in #SaaS. Spotlight Event Series: #Cybersecurity, #finance, #Marketing, #HR, #revenue, #productManagement, #startups
rosana @rosana44064096
474 Followers 3K Following All of those people in that room and you’re telling me that NOBODY was sober enough to tell him to stop? Y’all were sober enough to correct him on his terminolo
Anik 🛠️ @xettabyte1
541 Followers 2K Following Human | Bug Bounty Hunter 🐛| Ethical Hacker |Cyber security enthusiast | IOT and SBC Lover
Kanika @KANIKAster
55 Followers 138 Following Born and raised in India, Myself Kanika have a diverse career from marketing to fashion. I am very results-oriented and pay attention to my work.
App-Ray Mobile Securi... @AppRayOfficial
1K Followers 1K Following App-Ray is a Mobile Security company, headquartered Vienna, Austria - We scan smart device apps to find threats to your personal and corporate data.
Silvio @silviocorbelle
125 Followers 710 Following
Ariyan @SidAriyan
9 Followers 2K Following
Nishank Chauhan @NishankChauha12
22 Followers 100 Following 😍Delhite😍 🙇FORE school of management 🙇 🍕Always hungry🍕 💪Fitness priority 💪 🍻Daru pakka-9 Oct🍻
Vivek Ramachandran @vivekramac
26K Followers 5K Following Founder, SquareX (@getsquarex) | (exited) Founder, PentesterAcademy (@securitytube) - acquired by INE (@ine) | Defcon - Blackhat Speaker | Book Author
Mahbubor Rahman @mrchonchal61
10 Followers 89 Following সত্যের পুজারী, সত্য আপন মহিমায় প্রকাশিত হবেই
CaptureTheFlag @CaptureTheFlg
888 Followers 4K Following Pentester & security enthusiast. #RedTeam #Appsec #OSCP #IoTExploitation #RTFM
Pablo Endres 🥋 @epablosensei
2K Followers 4K Following Hacker, Trainer, Entrepreneur and Occasional speaker | IoT, Cloud and ICS | Karate. He/Him
OPPO Security @OSRC_Official
2K Followers 441 Following Official Twitter for OPPO Security Response Center. Submit your report⌨️: https://t.co/TDArf2ZYyr Contact Us📧 : [email protected]
Pallavi Roy @1ng3ne0us
43 Followers 450 Following
Kamlesh @Kamlesh11263840
1 Followers 23 Following
Aman Jain @Aman4sure
36 Followers 340 Following
MarcoFigueroa @MarcoFigueroa
12K Followers 3K Following Mozilla GenAI Bug Bounty Programs Manager @0dinai | https://t.co/dOLNVgK9xN | Based in Austin, Tx | Finding Bugs In AI | My Thoughts Are My Own!
quidbit @nktropy
149 Followers 632 Following
AppSec Village @AppSec_Village
11K Followers 6K Following AppSec Village @DEFCON & @RSAConference A volunteer-run, non-profit focused on education, awareness, and community. Founded by @erezyalon and @tzionit411.
Cloud Village @cloudvillage_dc
6K Followers 24 Following Cloud Village is an open space to meet folks interested in offensive and defensive aspects of cloud security.
Nitesh Surana @_niteshsurana
688 Followers 1K Following Cloud Research w/ Trend Micro | Opinions/retweets are personal reflections | Metalhead | If you can, be kind.
Pam O’Shea @pamoshea
3K Followers 5K Following Security consultant | @BlackHatEvents @BSidesCbr @BSidesSG @OWASPMelbourne Review Boards | @SDR_Melbourne | VK3HXX |@haXX_group | @sheasecurity🖖📚☕️
Saleh Mohamed @0xManticore
144 Followers 423 Following Cyber Security Consultant | Information Security - Penetration Testing |OSWE | OSCP | OSWP | KLCP | CRT | CPSA (Doing some CyberSecurity on a casual basis).
Tur.js @Tur24Tur
4K Followers 1K Following Application security fan, dedicated to writing custom security tools. @NoBugEscapes @BugBountyZip JavaScript - ExpressJS ♥️💛 https://t.co/bltifT1jkQ
Black Hat MEA @Blackhatmea
22K Followers 55 Following #BHMEA25 | @TahalufGlobal @SAFCSP in assoc. with @BlackHatEvents | Dec 2-4 2025 📍Riyadh Exhibition and Convention Center, Malham
InfoSec CFPs @infosec_cfp
3K Followers 3 Following Sharing CFP and event data about #infosec conferences, so you don't have to miss any. Maintained by @mboelen
Joe Grand @joegrand
28K Followers 599 Following Hardware hacker, computer engineer, former L0pht member and juvenile delinquent, sometimes known as Kingpin.
tomdev @tomdev
2K Followers 861 Following I got the plans right here • Infrastructure Engineer @ HackerOne • Groningen
Koh Eng Kiat @EngKiat0
4 Followers 389 Following
Guang Gong @oldfresher
4K Followers 266 Following
Abdullah Nawaf (Hacke... @XHackerx007
8K Followers 414 Following Hackerx007 Bug hunter FB/Twitter/Mail.ru HOF 41 Bugcrowd rank 11 Bugcrowd P1 rank with 226 p1 :) In love with P1 ;)
Aditi Singh @aditi_singghh
13K Followers 731 Following Bug Bounty Hunter | Cyber security Researcher
martin newton @Martin__Newton
1K Followers 9 Following The only SAVTA Certified Professional Safe Technician in Europe. Winner of The Harry Miller combination lock manipulation championship 2005.
Laxman Muthiyah @LaxmanMuthiyah
5K Followers 32 Following Web Developer, Security Researcher, Whitehat hacker ;-) Definitely not a geek :P :D
Jon Helmus @Moos1e_Moose
3K Followers 1K Following Offensive Security | Professor | Veteran 🇺🇲 | Alpaca Farmer 🦙 | Author² | Tattoos | Music Producer
CyberSecurityJobsite @CyberJobsite
3K Followers 940 Following Cyber Security Jobsite , a dedicated Job Board for Clients and candidates within the Cyber Security area
Swaroop Yermalkar �... @swaroopsy
3K Followers 2K Following Head of Cyber Security (Red Team) | OWASP iGoat Project Lead (https://t.co/agfAGIomWH) | Author | Speaker | OSCE | CREST Certified | All tweets are personal!
Bug Bounty Tips @bugbounty_tips
5K Followers 0 Following This account is created to help to beginners, sharing about Information Security, Hacking, Bug Bounty Tips, IT and interesting write-ups,info sec jobs posts.
Ryan Rutan 🌮 @ryanrutan
3K Followers 1K Following Red Team Evangelist, Developer Relations, Technology Enthusiast, Solutions Architect, Inventor/Author & Enabling the Impossible! Not necessarily in that order.
BugBountyHQ @BugBountyHQ
24K Followers 95 Following
Bug Bounty Reports Ex... @gregxsunday
52K Followers 616 Following Grzegorz Niedziela - a hacker who documents his hacking journey by creating and curating the best content about bug bounty and offensive security.
Chirag Gupta @chiraggupta8769
1K Followers 312 Following Hacker | Bug Bounty Hunter | Got Acknowledgement From Google, Apple, Microsoft, AT&T, Intel, Oracle, Netgear, Asus, Pinterest.
Felix Gröbert @fel1x
4K Followers 623 Following Principal Engineer, Product Security Engineering at Google Cloud. Opinions own. Tweets deleted periodically.
Splint3r7 @Splint3r7
3K Followers 1K Following
Luke Tucker @luketucker
8K Followers 685 Following Marketing & community leader. Angel investor and cybersecurity advisor. Building https://t.co/ZRGEw2kwDA. Prev VP Hackers at @Hacker0x01
Point3 @point3sec
2K Followers 224 Following Empowering corporations to develop highly trained cybersecurity professionals through gamified challenges.
Harsh Bothra @harshbothra_
43K Followers 741 Following Freelance Pentester & Consultant • Cobalt Core Lead & Pentester • Author • Speaker • Blogger • SecurityExplained • Project Bheem • Learn365 • Views are personal
Facebook Security @fbsecurity
35K Followers 119 Following See a scam? Report it: https://t.co/39HJ9wJi9F. Think your account's been hacked? Try: https://t.co/aNhlQgIOhL
Aditya Shende @ADITYASHENDE17
60K Followers 420 Following MS Cyber 🇬🇧 | Work @BforeAI | @Bugcrowd Top 100 | Bug Bounty Trainer | Keynote Speaker | Professional Biker | @kong_sec 🇮🇳 | Own Views ≠ Employment
ProjectDiscovery @pdiscoveryio
37K Followers 125 Following Detect real, exploitable vulnerabilities. Harness the power of Nuclei for fast and accurate findings without false positives.
Aseem Shrey @AseemShrey
8K Followers 3K Following Founder https://t.co/gzIQqhCPZb - We handle security. You ship awesome products 🚀 🛠️ Founder SecureMyOrg 📹 https://t.co/ZjN2YzePJW #cybersec #privacy
Ameen @ameenmaali
3K Followers 107 Following appsec infant, bug bounty fetus - Blog: https://t.co/IULDdK4Wh1 (@abugzlife1)
pry0cc @pry0cc
30K Followers 1K Following
HAHWUL @hahwul
11K Followers 257 Following 🔥 Offensive Security Engineer, Developer and H4cker. Feel free to call me HAH-hul or HOWL—whichever you prefer!
Reconless @0xReconless
6K Followers 3 Following Security research, blogs, and videos by @filedescriptor, @ngalongc & @EdOverflow YouTube: https://t.co/IGj1aW40ro
Hacking is NOT a Crim... @hacknotcrime
24K Followers 0 Following A global organization advocating the decriminalization of hacking through policy reform. Privacy and security hacktivism. Hack, ergo sum. #HackingIsNotACrimeTrends for United States
You might like
