Surya S @Surya_Appsec
Senior Security Consultant @ Netsentries bugcrowd.com/Surya_Appsec Tamil Nadu, India Joined April 2020-
Tweets298
-
Followers121
-
Following772
-
Likes2K
happy to release my new article entitled: Next.js and cache poisoning: a quest for the black hole zhero-web-sec.github.io/research-and-t… good reading;
Discover subdomains and assets across global IPv4 with our advanced search capabilities. As an alternative to #Shodan, our tool offers comprehensive asset discovery features. Sign up now at rsecloud.com and get 2 months of the Starter Plan for free!
I've just developed my first @Burp_Suite Bambdas specifically to identify OWASP Top-25 Parameters potentially vulnerable to XSS, SSRF, RCE, SQLi, LFI, and Open Redirect. For easy code access, visit GitHub: github.com/BugBountyzip/B… #Bambdas #Java
Successfully bypassed a SSRF WAF by using a combination of IPV6 + Unicode. Payload for Metadata instances: http://[::ⓕⓕⓕⓕ:①⑥⑨。②⑤④。⑯⑨。②⑤④]:80 Check images for response difference between 169.254.169.254 and the above payload I shared 🔥 #bugbounty #infosec #waf
I have developed a small @Burp_Suite extension that allows you to copy HTTP requests without including cookies or tokens. I hope it will help you. Enjoy! 🧡 github.com/haticeerturk/r…
Breaking into bug bounty?💻 Skip the cash chase! Focus on skills, rep, and non-paying programs first. Unpopular advice (we know), but crucial if you want to smash bugs in those bigger programs. 💡 Don't miss @TechAlissa's sly tips in @SearchSecurity: bit.ly/45wR2QL
Find Origin IP. 1. subdomain enumeration. 2. Save All A records in IPs.txt. 3. Remove CDN IP. 4. Fuzz Host Header on IPs.txt with list of all subdomains. for ip in $(cat ip.txt);do echo $ip && ffuf -w ./subdomains.txt -u http://$ip -H "Host: FUZZ" -s -mc 200; done
Using dnshistory.org you can find hosts that have a specific CNAME #bugbountytips
🚀 ffufPostprocessing - an ffuf extension script by @damian_89_ when running "-o -od -of json" You can run ffufPostprocessing on the output after and get: github.com/Damian89/ffufP…
Sometimes you might find a pendo-integration key in a js file. Here are some curl commands to increase impact. Run them at your own risk as they might return PII!
Exploiting Out-of-Band XXE in the Wild from P4 to P1 🏆 #bugbountytip
Nice free ngrok alternative. Use Cloudflare tunnels to proxy your localhost application to the outside world with https. 1. brew install cloudflared 2. cloudflared tunnel --url http://localhost:6969
Here is how I managed to find multiple Payment Bypass vulnerabilities on the same target. 📌THREAD📌 Thanks to @irsdl for his awesome research about "Common Security Issues in FinanciallyOriented Web Applications" Which can be found here : soroush.secproject.com/downloadable/c… #bugbountytip
@G0LDEN_infosec Agreed! But here are a few approaches that are useful in #bugbounty hunting. :) 1) gist.github.com/m4ll0k/31ce050… by @m4ll0k 2)docs.google.com/presentation/d… bugbountyhunter.com/guides/?type=j… by @zseano @BugBountyHunt3r 3) youtu.be/HmDY7w8AbR4?t=… Application analysis by @Jhaddix
Got random tokens as part of manual search or automation but not sure if the found tokens/keys are valid or which service they belong to? now it's possible to automate the process using nuclei templates. More details - blog.projectdiscovery.io/nuclei-v2-5-3-… #recon #hackwithautomation
Thanks all, with "Ghauri" by @r0oth3x49 (github.com/r0oth3x49/ghau…) It took me just minutes. this is the first-time I used it...wow.
Recon Skills and Tips by God Father Orwa Link:docs.google.com/presentation/d… Pwning Admin Panels Methodology by Ahsan Khan Link:drive.google.com/file/d/10CC3n-… #infosec #bugbountytips #CyberSecurity
Bug Hunters: @riphunte4 @RootxRavi @s4thi5h_infosec @bughuntersurya
Easy P1 🙃 1: Collect all the Js files by using the developer tool on mozila 2: Run Link Finder Tool on that JS files which you got from dev tool or use Js Miner tool 3: Now check manually sensitive keyword js file #bugbounty #bugbountytips #security
I just published a blog post for the people that want to get into bug bounties. I hope it helps people that are thinking about doing bug bounties, but haven't started yet. It explains what to expect and how to deal with common problems / situations: shubs.io/so-you-want-to…
Aman Subedi @amsubedi2
4 Followers 661 Following
Dark@Joker:~$ @ExploitNest
89 Followers 2K Following CRTA | CAP | OSCP (Aspirant) - Pentration Tester & Bug Hunter - Red Teamer 🤡
Lenorvum @LenorvumIKz5f
85 Followers 3K Following
EmilyMurray @NTUlrB7P5Z4Z1gI
70 Followers 3K Following
Gourav Joshi @Gouravj0shi
1 Followers 23 Following
A @appsecmonitor
4 Followers 484 Following
Vinay Kumar @vinkrp
87 Followers 679 Following Open-source code is the operating system of civilization | AppSec Founder | Stealth Startup
Senderwallet @SenderWallet
10K Followers 167 Following
Janlele91 🇻🇳 @janlele91
1K Followers 364 Following Full-time Penetration Tester | Bug Bounty Hunter | AI Security Researcher https://t.co/lBJ46w8kxv | https://t.co/VTy6puacun
Jimmy @tigerincup
148 Followers 1K Following
Vegeta @_justYnot
7K Followers 715 Following Curious. Hungry for knowledge. Just why not? Acknowledged by @Apple security | eWPTXv2 |eCPPTv2 | eJPT | @Synackredteam member | Bug Bounty Hunter
sagar dhakal @PhotonSagar
22 Followers 552 Following
lonewolf 1997 @Lonee_Wolf_
4 Followers 176 Following
Loganathan Venkatesan @Loganathanvenk1
18 Followers 2K Following Cyber Security Analyst , Malware Research, Penetraction Testing , Security Research
Tufail @tufail_073
276 Followers 2K Following |HackTheBox| |TryHackMe| |Offensive Security| Currently in pursuit of accomplishing OSCP
Mr.MK @MrTmkumaran
73 Followers 2K Following
Ramah bashir @N13_r3m37
187 Followers 5K Following cyber security researcher | CTF Player | penetration tester | Bug bounty hunter
Ayadim @ayadim_
2K Followers 1K Following 🇲🇦.{Farmer, Developer background , bug bounty hunter N00b , PUBG mobile player...}
abdul aziz @aaypn99
13 Followers 581 Following
chinu lohar @chinu_lohar10
102 Followers 4K Following
kumaresh @kumareshksk
9 Followers 146 Following Ethical Hacker | OSCP | Security Researcher | Penetration Tester
Sridhar M @HunkyHack3r
111 Followers 550 Following 3 Years Experienced Cyber Security Professional. Active Bug Hunter. Security Project Development. Good in Automated and Manual Testing. CEH v11 Certified.
Pavan Vyas @vyasp979
178 Followers 570 Following #Bug bounty hunter #ethical hacker #Pentesting How to hack a hacker 😁if u know u know...
Suresh Subramanian @sureshbe777
34 Followers 183 Following
3m1l1n9_8unt3r @Smilinghunter01
78 Followers 2K Following
Ractiurd @ractiurd
273 Followers 516 Following
Ramesh Kanna @RameshKanna05
83 Followers 1K Following
Aakash Rathee @iamaakashrathee
194 Followers 529 Following Teaching people personal finance | career, Jobs, personal development and new amazing thing every day
QenaTechnology @QenaTechnology
512 Followers 2K Following اللهم إني أستغفرك وأتوب إليك، واعترف بذنبي، فارحمني واغفر لي يا رب العالمين، إنه لا يغفر الذنوب إلا أنت.
Ravindra Lakhara 🇮... @RootxRavi
5K Followers 530 Following CREST CPSA & CRT | OSCP | CRTA | CRTP | eJPT | eCPPTv2 | eWPTX | eMAPT | Yogosha 20 | Bugcrowd 200 | Open for freelance project
JustinBmz @Justin85563950
654 Followers 4K Following 22Y/o||No Certifications||Reading new bug bounty blogs applying on websites||Digital Marketing Specialist||Part Time Bug Hunter||Coder||AI Enthusiast||
Pandbx @Pandbx1337
56 Followers 123 Following
a7madn1 @a7mad__n1
2K Followers 116 Following telegram channel for hacking/WriteUps https://t.co/UzLb7V9FSc
Shreyas Chavhan @shreyas_chavhan
6K Followers 389 Following Semi-Consciously simplifying bug bounties for myself and others | Slaying Bugs Full Time with My Nichirin Sword (aka Burp) since Aug 2023 | INFJ
Biscuit @OreoB1scuit
2K Followers 447 Following Student of CoMpUtEr sCiEnCe pretending to be a hakur android, web, api bug bounty hunter
Mustafa Can İPEKÇİ @mcipekci
8K Followers 426 Following I'm an engineer from Turkey, who is interested with biotechnology, computer science and digital gaming. Proud father of three little devils. A.K.A nukedx
Profundis.io @profundisio
684 Followers 0 Following Mapping the internet - turning DNS/host data into intel for sec teams, OSINT & bug-bounty hunters. Automated recon & real-time alerts.
ASHISH KUMAR @ydvashish224
191 Followers 307 Following Cyber Security Learner |Dream/Work/ Achieve 🔥| Crowdsourced Security Researcher at Bugcrowd
Suyash Sharma @SuyashS91823422
2K Followers 289 Following Security Engineer| Helping companies to secure their digital assets
Mohamed Ahmed @mooo_sec
585 Followers 128 Following
XBOW @Xbow
10K Followers 6 Following Bringing AI to offensive security by autonomously finding and exploiting web vulnerabilities. Watch XBOW hack things: https://t.co/D5Mco1u8zM
Priyank Ahuja @ahuja_priyank
121K Followers 178 Following Helping professionals get their dream job • Sharing insights on AI, Tech Tools, Career Growth, Productivity & Online Business • 660K LinkedIn • ✉️DM for collabs
Coffin @coffinxp7
25K Followers 207 Following 🕵🏻♂️| ꜱᴇᴄᴜʀɪᴛʏ ʀᴇꜱᴇᴀʀᴄʜᴇʀ | ᴄᴏɴᴛᴇɴᴛ ᴄʀᴇᴀᴛᴏʀ | ᴡʀɪᴛᴇᴜᴘꜱ: https://t.co/xRCKfLzQG7 |ᴡᴇʙꜱɪᴛᴇ: https://t.co/pjFfqTxbZO | ᴄᴏᴍᴍᴜɴɪᴛʏ: https://t.co/5p05U7h0BM
GlobalGPT @GlbGPT
53K Followers 63 Following Your ultimate all-in-one AI platform Unlock GPT-5, Claude 4.1, Google Veo 3, Kling and 100+ top AI tools. Trusted by over 1 million users worldwide.
Vishal Vishwakarma @rootxvishal
494 Followers 189 Following Security Analyst | eJPT | VAPT | Bug Hunter | Secured Google, NASA , BBC, Lenskart & 300+ Companies | 8xCVE
Web Security Academy @WebSecAcademy
130K Followers 36 Following Free web security training from @PortSwigger
Drocapy @azam_gassim
601 Followers 260 Following Bug Bounty Hunter | Penetration Tester | Cyber Security Researcher
Aishvik @Aishvik361675
2K Followers 35 Following Growth investor at reasonable valuations. Passionate about Smallcaps & Midcaps. Nothing i share is a buy/sell reco. I'm not a SEBI registered advisor.
Shakti Ranjan Mohanty... @3ncryptSaan
6K Followers 173 Following Product Security Analyst- Triager @Hacker0x01 || Hackerone Brand Ambassador || Ethical Hacker || Penetration Tester || Bug hunter || H1 verified Clear Hacker
Dave Gerry @davegerryjr
2K Followers 3K Following #girldad x2. CEO @bugcrowd. Former WhiteHat Security, Sumo Logic & Veracode. Tweets are my own.
karkisec @kaks3c
718 Followers 21 Following
Bhavan | Protein Mini... @BhavanChand
12K Followers 654 Following Nutrition and Exercise professional | Father | Lost 25kg | I will help you lose 25kg+ fat | Message me for personal coaching
Daily OSINT @DailyOsint
41K Followers 111 Following Daily Open Source Intelligence Powered by @SOCRadar XTI® #OSINT #XTI #ThreatIntelligence
Bug Hunter Labs @BugHunterLabs
2K Followers 678 Following
RSECloud @Rsecloud
74 Followers 8 Following RSECloud powers cybersecurity intelligence with cloud IP monitoring, advanced subdomain discovery, and secret scanning across JS, GitHub, and DockerHub.
Haroon Hameed 🇵�... @HaroonHameed40
645 Followers 92 Following Cyber Security Enthusiast | Pentester | @YesWeHack Hunter
Mehran Hameed 🇵�... @newt0n_133740
137 Followers 5 Following Cyber Security Enthusiast |18 Years Old |Active on @YesWeHack @Intigriti
Janlele91 🇻🇳 @janlele91
1K Followers 364 Following Full-time Penetration Tester | Bug Bounty Hunter | AI Security Researcher https://t.co/lBJ46w8kxv | https://t.co/VTy6puacun
Tomi 🥀 @archyxsec
2K Followers 268 Following Full-Time Bug Bounty Hunter 🇪🇸 | Computer Engineer |💍 @selen0phile
Mantas Sabeckis @ott3rly
6K Followers 333 Following Bug Bounty Hunger. Helping people to score bounties 💰
Yunus Emre Öztaş @ynsmroztas
6K Followers 163 Following #BugBounty #Hunter #Python #Java #Dev #CyberSecurity #Android #GALATASARAY
Lupin @0xLupin
17K Followers 678 Following Roni Carta alias Lupin. Co-Founder of Lupin & Holmes. R&D. Red Teamer. Bug Hunter. Musician 🤘
Dinesh Shetty @Din3zh
3K Followers 2K Following Mobile/IoT/Web security; Trainer & Speaker @BlackHat/DefCon/POC/OWASP/Hackfest...; Day job as Director of Security Engineering; #OSCE #OSCP #OSWE #CCISO...
x1337loser @x1337loser
4K Followers 48 Following A 24-year-old Hacker, Gamer, Eater, Trainer, programmer(python, go, bash) Hungry learner, Noob at bug bounty😪😪Trends for United States
You might like
