@[email protected] @BugBountyWeekly
Weekly #BugBounty realated news and tips - Curated by @TechbrunchFR The Internet Joined March 2016-
Tweets1K
-
Followers4K
-
Following300
-
Likes506
Finally my talk from @x33fcon is online! 🔥 I try my best to explain what websites could do to protect the users against reverse proxy phishing attacks like Evilginx.🪝🐟 There is also a bonus live demo at the end with some Evilginx Pro secret sauce! 💡 youtube.com/watch?v=C-Fh4s…
I decided to make a homage-post to @homakov and @Nirgoldshlager about different OAuth-token leakage methods I've been researching – ten years after their blog posts that inspired me to start hunt for bugs ♥️ thank you. labs.detectify.com/2022/07/06/acc…
@zeyu2001 I used <object> with fonts to leak it with even stricter CSP. My tweet also has a reference to a research paper in the first reply :) These leaks are also useful for port scanner in an environment with javascript disabled
@zeyu2001 I used <object> with fonts to leak it with even stricter CSP. My tweet also has a reference to a research paper in the first reply :) These leaks are also useful for port scanner in an environment with javascript disabled
☢️ClickOnce + AppDomain Manager Injection (aka signed EXE + DLL sideloading) is the new Initial Access Hotness❤️ Check out @zyn3rgy and @0xthirteen insights on weaponising them: posts.specterops.io/less-smartscre… Pssst. there's a training & framework already scratching that surface too🥳
I wish the SEC had filed their exhibits in the binance lawsuit, which include internal chatlogs, before I published my article (newsletter.mollywhite.net/p/sec-v-binanc…) because these are great reading 🍿 Instead I will do a thread 🧵
[In a movie trailer voiceover voice] This summer, Burp Scanner is going to get a whole lot more customizable …
Help us fuel #sqlmap's journey! Passionate about #websecurity? Support our open-source project & make the digital world safer. Check our GitHub Sponsors page for donation options & unique benefits: github.com/sponsors/sqlma… 💙🔒 #cybersecurity #opensource
🔥 Big update! Nanodump now supports the PPLMedic exploit! meaning you can dump LSASS on an up-to-date system with PPL enabled 😃 github.com/fortra/nanodump
Continuing the #BingBang thread, many have asked how we found the vulnerable Bing Trivia endpoint. Let me share our unique Azure Active Directory cloud reconnaissance technique to find misconfigured authentication prompts🧵
In some cases, employees advised customers who were "very closely associated with illicit activity" that they need to be "careful with [their] flow of funds, especially from darknet like hydra", and to create new accounts. "offboarding = bad in cz's eyes"
New cloud security research! We found a method to bypass CloudTrail logging for both read AND write API actions in AWS Service Catalog! In addition, we also reported an issue with a lack of CloudTrail logging in AWS Control Tower. securitylabs.datadoghq.com/articles/bypas…
Just submitted my talk proposal to Black Hat USA!🤞 Psyched to share some wild techniques that should burn for a long time after! #BHUSA
If you have shell access on an EC2 and want to extract creds, instead of remembering how to get them from the 169.254.169.254 path, recent versions of the AWS CLI allow you to use `aws configure export-credentials --format env`.
Does anyone has a script to correlate DNS and Portscan results ? Something like github.com/pry0cc/tew but that uses dnsx and naabu ? #bugbounty
📝 New blog post! Let's talk about NTLM authentication coercion methods using Impacket. Somedays ago, we updated mssqlclient[.]py with many new commands. Among them, the xp_dirtree option was added. MSSQL and xp_dirtree, you know the rest 😉. 0xdeaddood.rocks/2023/02/28/rel…
📣 We’re excited to announce the launch of Porchetta 2.0! We migrated from Gitlab to Gitea. If you’re an existing subscriber you can access the private tools and updates at git.porchetta.industries. Use your subscription email and perform a password reset to gain access.
After almost 2 years of working on NimPlant as a personal side project, I’m proud to release it to the public! NimPlant is a light-weight, first-stage C2 implant written in Nim, with a supporting Python server and Next.JS web GUI. Available here now! 👇 github.com/chvancooten/Ni…
"Fog of War: How the Ukraine conflict Transformed the Cyber Threat Landscape" TAG's biggest ever report. Along with @Mandiant and others from @Google we outline insights into changes in the cyber threat landscape triggered by the war. blog.google/threat-analysi… 1/7
Recently, a vulnerability was reported to our bug bounty program, in the way some of our code interprets IPv4 addresses mapped into IPv6 addresses. Read about how Cloudflare addressed this vulnerability and what will prevent similar exploits in the future. cfl.re/3DyPBoq
Intigriti @intigriti
193K Followers 658 Following Bug bounty & VDP platform trusted by the world’s largest organisations! 🌍
JS0N Haddix @Jhaddix
167K Followers 7K Following CEO, CISO, Trainer, Hacker, and Speaker. Cybersecurity + Hacking + AI + Sec Leadership @arcanuminfosec
bugcrowd @Bugcrowd
187K Followers 6K Following The leading provider of crowdsourced cybersecurity solutions purpose-built to secure the digitally connected world...Unleash Ingenuity™
Md Ismail Šojal �... @0x0SojalSec
30K Followers 5K Following Cyber_Security_Re-searcher || 0SINT || Malware Analysis II Pwn || Ai Re-searcher || Project @AIStrikeSec || 0ld Accounts Suspended @0xSojalSec ||
Het Mehta @hetmehtaa
36K Followers 1K Following Security Analyst | Content Creator | I Spread Cybersecurity News & Talk about AI, Cloud, Tech, Tools & Recent Updates
Iman Gurung @ImanGurung13
8K Followers 441 Following Computer Engineer, Ethical Hacker, Tatoo Lover, Blind xss king
YesWeHack ⠵ @yeswehack
39K Followers 3K Following Global Bug Bounty & Vulnerability Management Platform 🎯 https://t.co/57gODBq2WZ 👾 https://t.co/ICc6RyhJTp 💡 https://t.co/KNYxhkKuzt
Paul Seekamp @nullenc0de
17K Followers 608 Following I spend a significant amount of time reading security stuff. Co-Founder/Partner @CoastlineCyber https://t.co/ZQT5L8q2RO
HackerOne @Hacker0x01
324K Followers 3K Following The only official HackerOne Twitter account. A global leader in offensive security solutions. #HackForGood #togetherwehitharder
Arif_Hun13r @NHun13r
2 Followers 140 Following
Nelda Bartell @NeldaBarte87594
48 Followers 3K Following
آدَم الفَقِ... @elfaqii
0 Followers 97 Following فأقم وجهك للدين القيم من قبل ان ياتي يوم لا مرد له من الله ▼ 🇵🇸
noobs-sec @NoobsSec
4 Followers 132 Following
Frozt Nova @FroztNova127
250 Followers 734 Following Bug hunter https://t.co/nKsZi9MB64 https://t.co/lyDCJaFahc
ge ten @geten359678
2 Followers 90 Following
Netclouts 🇳🇬 @netclouts
17 Followers 323 Following CEO at Netclouts | Cybersecurity Researcher | Malware Analyst & Exploit Developer | WebApp Penetration Tester
Mirghani_x🇸🇩�... @Hydro_911
6 Followers 242 Following Just a guy who try to get a better life . #KeepEyesOnSudan #FreePalestine
Nay Linn Oo @NayLinnOo211289
3 Followers 129 Following
sec sec @Snipe3r_dz
0 Followers 76 Following
islam. hasan @Spartac55
13 Followers 704 Following
Khloe Bailey @bailey_khl34745
33 Followers 1K Following
betmen rdpx @jekbr0w
5 Followers 112 Following
Nightvale @Nightval7
2 Followers 216 Following
T SRAVAN KUMAR @KUMAr87731
0 Followers 17 Following
James Bond @0xjamesbond1337
0 Followers 46 Following
John Kill @john86024
15 Followers 580 Following
Deyonna Krystelle @BriannonPj83277
1 Followers 98 Following Recruiting we bshell engineers to penetrate websites, with a monthly salary of up to $100,000. If interested, please contact https://t.co/pRSCVXDU27
Ali Hassan @imalihassan03
53 Followers 1K Following 23 CA to be Trying to be an artist https://t.co/O1x65I7LF4
Gtb Bubble @BubbleGtb30617
0 Followers 87 Following
DomainXHunt @DomainHunt1
2K Followers 7K Following 🔥 Premium Domains for Sale! 🌐 https://t.co/gHi1KHPeuq | ⚡ https://t.co/DF2XpI6twj | 😎 https://t.co/o11xi5vGFG | ✈️ https://t.co/RvJBHhQE5w| 🏨 No1Stay 📩 [email protected]
Bug Bounty School @BBSISR336111349
98 Followers 2K Following Michael Shekhtman @GayArabDruze +972524393362
swwe r @rswwe4
1 Followers 26 Following
Rohan Kumar Mandal @mandalrohan798
14 Followers 1K Following
Fares Nader @frsndr1
7 Followers 342 Following
scriptsrc @ho153280
0 Followers 35 Following
Mohamed Ahmed @Mohamedahmed_76
1 Followers 153 Following
MSE @DigitalMistica
351 Followers 4K Following 🌐 I made this account to warn others and share my experience with a potential Trojan that auto-downloaded from the TikTok Seller website. 🆘
xu @xxvvthjb6h6
19 Followers 185 Following
elhacker @Bed0xploit
1 Followers 122 Following
Raza Abbas @RazaJafy5
0 Followers 41 Following
Mohamed Elgendy @MoElgende
0 Followers 61 Following
Toqa Ezzatly @TEzzatly
2 Followers 120 Following
Pablo @pabloTaddei26
236 Followers 3K Following Soy Desarrollador de software desde hace unos 10 años. Pero desde hace 4 años estoy en el mundo de la ciberseguridad (Pentesting, ethical hacking).
Ahmed Rageh @AhmedRageh404
0 Followers 59 Following
iamanandraj @anandupes
16 Followers 188 Following Cognizant-Software developer | Traveler | YouTuber
Kaizer Baynosa @supra_boys
3 Followers 279 Following
MrNull @Nulllllllx
22 Followers 665 Following
secOps XXX @SecopsX
4 Followers 742 Following
Mohamed A.Hassen @SIGMA_ZERO
59 Followers 654 Following Architect|Computer Geek|Tech Maniac|Scuba Diver|Urban Designer And Regional Planner|Movies&Series Critic |+18| أي هتش...وخلاص
Intigriti @intigriti
193K Followers 658 Following Bug bounty & VDP platform trusted by the world’s largest organisations! 🌍
Ben Sadeghipour @NahamSec
233K Followers 1K Following Cofounder @hackinghub_io | Advisor @CaidoIO. I hack companies and make content about it. #NahamCon organizer. ex @hacker0x01🇮🇷
Sam Curry @samwcyo
97K Followers 1K Following Hacker, bug bounty hunter. Run a blog to better explain web application security.
bugcrowd @Bugcrowd
187K Followers 6K Following The leading provider of crowdsourced cybersecurity solutions purpose-built to secure the digitally connected world...Unleash Ingenuity™
payloadartist @payloadartist
42K Followers 286 Following Yapping about AI, AppSec, Hacking, & Cybersecurity • Helped secure organizations like Google • Opinions are my cat's • Part-time shitposter
zseano @zseano
79K Followers 702 Following #1 Amazon Security Researcher. full time hacking team with @jonathanbouman @fransrosen @avlidienbrunn
Julien | MrTuxracer �... @MrTuxracer
37K Followers 443 Following Freelancer | #BugBounty | @Hacker0x01 H1-Elite | $1,500,000 Overall Bounties | ❤️ Reversing | Mobile Hacker | https://t.co/pcWduPOt0n
shubs @infosec_au
56K Followers 2K Following Co-founder, security researcher. Building an attack surface management platform, @assetnote
James Kettle @albinowax
79K Followers 92 Following Director of Research at PortSwigger aka Burp Suite. Find my research, tools & contact details at https://t.co/vP6UbGmvl3
Yassine Aboukir 🐐 @Yassineaboukir
31K Followers 372 Following HackerOne Top 50, Elite, Pentest Lead, Ambassador, MVH Title and (former) Hacker Advisory Board • Digital Nomad • (Un)pro Athlete
Gareth Heyes \u2028 @garethheyes
37K Followers 1K Following JavaScript for hackers: Learn to think like a hacker. https://t.co/e0aNEbEDk5
Jobert Abma @jobertabma
43K Followers 718 Following I tweet about security and my experience as a hacker. Co-founder of HackerOne (@Hacker0x01).
PortSwigger Research @PortSwiggerRes
111K Followers 7 Following Web security research from the team at @PortSwigger
Harsh Jaiswal @rootxharsh
22K Followers 1K Following Building @hacktronai | researching at @httpvoid0x2f | auditing at @cure53berlin | prev @zomato @vimeo @pdiscoveryio
ProjectDiscovery @pdiscoveryio
37K Followers 125 Following Detect real, exploitable vulnerabilities. Harness the power of Nuclei for fast and accurate findings without false positives.
YesWeHack ⠵ @yeswehack
39K Followers 3K Following Global Bug Bounty & Vulnerability Management Platform 🎯 https://t.co/57gODBq2WZ 👾 https://t.co/ICc6RyhJTp 💡 https://t.co/KNYxhkKuzt
HackerOne @Hacker0x01
324K Followers 3K Following The only official HackerOne Twitter account. A global leader in offensive security solutions. #HackForGood #togetherwehitharder
Alex Plaskett @alexjplaskett
12K Followers 571 Following Security Researcher | Pwn2Own 2018, 2021, 2022, 2024 | Posts about 0day, OS, mobile and embedded security.
morisson @morisson
1K Followers 583 Following Breaker of bits. @BSidesLisbon founder and organiser. Mastodon: @[email protected] DISCLAIMER: Tweets are no one’s opinion, probably not even mine.
Antoine Chr @antoinechstr
41 Followers 250 Following Building https://t.co/rBm1SaleKe an AI Airbnb checker. Telling the story of the Fox, my AI companion with a mini-series: The Nomad Code #buildinpublic #nomads
Jack Halon @jack_halon
5K Followers 399 Following Red Team and Offensive R&D at @CrowdStrike | Powered by ☕🍻🍩
Molly White @molly0xFFF
123K Followers 2K Following crypto & tech industry researcher & critic at https://t.co/hb1tT2Q3bJ & @web3isgreat • software engineer • wikipedian support my work: https://t.co/FPG3uvikH0
Yossi Sassi @Yossi_Sassi
10K Followers 6K Following H@כk3r | 1nTh35h3ll; The Hacktive Directory guy; Pow3r5h3ll dude; Look | Think | Do; Co-founder #OrphanedLand, #OrientalRockOrchestra, #10Root
Victor Grenu @zoph
3K Followers 596 Following Cloud Consultant @zoph_io (former @microsoft, @google) — 💸 chasing idle AWS assets @unusd_cloud — Find me on 🦋 https://t.co/PC9C2G9OqP
ẗäüẗöl̈ög̈y... @tautology0
3K Followers 476 Following vi is the best text editor. FACT! @tautology0 @[email protected] @tautology.uk
Dan Olson @FoldableHuman
162K Followers 291 Following Albertan documentarian behind In Search of a Flat Earth, Line Goes Up, and The Future is a Dead Mall Not actually a duck [email protected]
AWS Security @AWSSecurityInfo
62K Followers 157 Following The official Twitter profile for AWS Security. Infrastructure and services to elevate your security in the cloud
matrosh @matro7sh_
128 Followers 0 Following Smersh is a pentest oriented collaborative tool used to track the progress of your company's missions.
frycos @frycos
4K Followers 518 Following Private account! Red teamer @codewhitesec. @[email protected] @frycos.bsky.social
AWS Security Advisori... @AWSSecAdv
726 Followers 1 Following Not an official AWS account! I tweet security advisories from AWS Latest Bulletins RSS feed.
Hash Miser @H_Miser
9K Followers 1K Following Internet janitor, #CERT #BlueTeam and Whisk(e)y enthusiast "Everything you do is useless ! Enjoy 🍻" [email protected] https://t.co/pBOfukJZJi
Charlie Bromberg « ... @_nwodtuhs
15K Followers 653 Following Trying to hack the way we hack things 🏴☠️
Youssef Sammouda (sam... @samm0uda
37K Followers 496 Following Hacker, bug bounty hunter, guy behind https://t.co/TBAtP71Cop. 1st in Meta bug bounty program for the last 6 years. YES Team Member
Martin Doyhenard @tincho_508
3K Followers 227 Following Security Researcher at PortSwigger. Speaker at BlackHat, DEF CON, RSA, Hack In The Box, Troopers, EkoParty
Kim Zetter @KimZetter
93K Followers 3K Following Journalist - cyber/national security. Author - COUNTDOWN TO ZERO DAY: Stuxnet and the Launch of the World's First Digital Weapon. https://t.co/334DzfSL1f
RyotaK @ryotkak
7K Followers 662 Following Security researcher? | Icon: @MelvilleTw | Private: @RyotaK_Private | Misskey: https://t.co/63E5Rpv2pk | Blog: https://t.co/c7NFQXhV90
Palisade @PalisadeLLC
584 Followers 5 Following Palisade is a boutique security consultancy specializing in application security for Web3 and all-things crypto.
Gabriel Landau @GabrielLandau
4K Followers 707 Following Tech Lead @ Elastic Security. Thoughts are my own. Also @[email protected] & @gabriellandau.bsky.social
Nick Frichette @Frichette_n
6K Followers 2K Following Staff Security Researcher @datadoghq | DEF CON/Black Hat main stage speaker | he/him | OSCP OSWE | Tweets are my own | Created https://t.co/QGWMJjv9pc
Porchetta Industries @porchetta_ind
5K Followers 3 Following A centralized platform for organizations to support the developers of Open Source Infosec/Hacking tools.
Clément Labro @itm4n
7K Followers 166 Following Pentest & Windows security research (I stopped using this account in December 2022) ➡ Mastodon: @[email protected]
Marco Lancini @lancinimarco
6K Followers 371 Following 💼 Principal Security Engineer 💬 I tweet about Cloud Security and technical leadership ✍🏻 Subscribe to https://t.co/MR69KiF8RH 📚 https://t.co/TrQKzxfnYg is out now!
Intrigue, acquired by... @Intrigueio
720 Followers 71 Following Intrigue is a leader in the external Attack Surface Management space. Discover your attack surface, automatically assess it for risk, and eliminate exposures.
secret club @the_secret_club
17K Followers 0 Following secret club is a not-for-profit reverse-engineering group; publishing new research on popular software. No ads, no cookies, just research.
Alexis Gay @yayalexisgay
124K Followers 982 Following type A comedian 😎 | 🎟 tix + email list at the link! ⬇️
Kuba Gretzky @mrgretzky
16K Followers 707 Following Offensive security tools developer. Malware dev, bedroom DJ & ex-MMO game hacker. Creator of Evilginx / Bartender @ BREAKDEV RED. bsky: @mrgretzky.breakdev.org
The Paranoids @TheParanoids
15K Followers 153 Following We are the information security team @Yahoo! Report vulnerabilities at https://t.co/VaAvra8Rv9
Maddie Stone @maddiestone
61K Followers 804 Following Security Researcher. Previously Google Project Zero and TAG | 0days all day. Love all things bytes, assembly, and glitter. she/her.
Cody Thomas @its_a_feature_
7K Followers 310 Following Mythic Developer (https://t.co/Uz4fOxIUbe) | @SpecterOps @[email protected] | @its-a-feature.bsky.social
Yogesh Ojha 🚀 @ojhayogesh11
3K Followers 766 Following creator of reNgine, loves reverse engineering Building and Breaking things @ TRG Research
Reconless @0xReconless
6K Followers 3 Following Security research, blogs, and videos by @filedescriptor, @ngalongc & @EdOverflow YouTube: https://t.co/IGj1aW40ro
GrinningSoul @GrinningSoulEmu
450 Followers 1 Following Userland iOS Emulator. Run all your favorite App Store apps on top of the Apple Simulator
spaceraccoon | Eugene... @spaceraccoonsec
25K Followers 302 Following Here to learn! Infosec@Open Government Products | White Hat && SecOps
Fisher @Regala_
10K Followers 505 Following Half hacker, half daydreamer. Mercenary for hire. Casabranca. Snarky tweets only. Opinions my own
André Baptista @0xacb
17K Followers 781 Following Hacker grinding for L1gh7 and Fr33dφm, straight outta the cosmic realm. Co-founder @ethiack
Justin Gardner @Rhynorater
35K Followers 2K Following Christian | Full-time Bug Bounty Hunter | Host of @ctbbpodcast | Advisor @CaidoIO | 4x LHE MVH | 🗣️ English, 日本語 | ♥️ @mariahchan_ ♥️
ege @egeblc
4K Followers 1K Following Malware enthusiast. Reverse engineer. Threat Intel @PRODAFT, FPV drone pilot 🚁 @[email protected] https://t.co/QnOokdPYYy
ebeip90.cc @ebeip90
3K Followers 781 Following Security Engineering & Research / Xoogler / CTF dude. Tweets are my own opinion.
Nathan @nj_dav
854 Followers 79 Following I type instructions into computers, which are intermittently understood.
𝚑𝚎𝚗𝚔 𝚟... @henkvaness
56K Followers 9K Following Cutting through #AI for sharper investigations. Workshops worldwide. Trusted by Pulitzer winners, law makers and NGOs. My mission: find a story in public data.Trends for United States
You might like
