nick @gddisvcs
Joined April 2017-
Tweets119
-
Followers30
-
Following592
-
Likes3K
I found another vulnerability to leak Microsoft Employee PII ($7500 Bounty) and 700M+ Microsoft partner records. Here's the writeup: blog.faav.top/microsoft-part… #BugBounty #BugBountytips
gpoParser, which I presented at #leHACK2025 and #DEFCON, is available here: github.com/synacktiv/gpoP… It is a specialized utility designed to enumerate Group Policy Objects (GPOs) and identify potential security misconfigurations.
Building off of @CodyBurkard's prior work, I put together a tool for automating the decryption of Entra ID application tokens from Azure App Services resources. Here's a blog that outlines the tooling: netspi.com/blog/technical…
Free Autoswagger Tool Finds the API Flaws Attackers Hope You Miss bleepingcomputer.com/news/security/…
🚨 Hackers & Bug Hunters! By combining Katana, LinkFinder, Arjun, and Burp Suite, I uncovered hidden API endpoints — including ones under /dev/ — and exploited: ✅ Mass Assignment ✅ API Excessive Data Exposure ✅ IDOR (Insecure Direct Object Reference) These tools are gold when…
I have been presenting the risk to Active Directory if VMware infrastructure isn't well protected since 2015. adsecurity.org/wp-content/upl… VMWare admins can access the storage associated with virtual Domain Controllers and therefore have access to the AD database file (ntds.dit).…
I have been presenting the risk to Active Directory if VMware infrastructure isn't well protected since 2015. adsecurity.org/wp-content/upl… VMWare admins can access the storage associated with virtual Domain Controllers and therefore have access to the AD database file (ntds.dit).… https://t.co/upHm088O45
Red teamers, no need to “pull” clipboard data when Windows already saves it all on disk for you in a neat little file 🗿 (including past clipboard items) inversecos.com/2022/05/how-to…
Red teamers, no need to “pull” clipboard data when Windows already saves it all on disk for you in a neat little file 🗿 (including past clipboard items) inversecos.com/2022/05/how-to… https://t.co/H6zfZDd7J0
Most people miss this.. Hidden parameters are gold mines in web hacking. They aren't visible. They aren’t linked. And that’s exactly why they’re valuable. Let’s explore how to hunt them-manually, smartly, and effectively. 👇 A practical recon guide to finding what others ignore.
How to find the Entra ID sync server - A new NetExec module🔎 Inspired by the great Entra ID talks at #Troopers25, I looked into how to find the Entra ID sync server. Results: The description of the MSOL account, as well as the ADSyncMSA service account reference this server🚀
I just published How a GitHub Quirk Helped Me Earn $40K+ in Bug Bounties medium.com/p/how-a-github…
基于 Claude Code 的理念自动生成 Agentic Workflow 得项目开源🔥 内置 87+ MCP 工具可以 Agent 自动生成企业级的 Workflow github.com/ruvnet/claude-…
This person created a prompt that stops ChatGPT from hallucinating
Guide on Manual Exploitation of SQL Injection👾 🔗websec.ca/kb/sql_injecti…
here we go! hope this helps every beginner trying to master the full recon to exploitation process. i’ve covered every step in detail and will be adding more soon..just a bit caught up with things right now. infosecwriteups.com/recon-to-maste…
Anyone can learn Web3 Security for $0! Resources: @CyfrinUpdraft is free @immunefi (Bug Bounty Writeups/Blogs) is free @TheSecureum is free @trailofbits (Blogs/Publications) is free @RektHQ is free @CryptoZombiesHQ is free @OpenZeppelin resources are free @ProgrammerSmart is…
Here some RCE reports. You should read 📔 hackerone.com/reports/460545 hackerone.com/reports/591295 hackerone.com/reports/296991 hackerone.com/reports/470637 hackerone.com/reports/430463 hackerone.com/reports/502758 hackerone.com/reports/423541 hackerone.com/reports/510887 hackerone.com/reports/538771 #bugbounty #infosec
Finding SSTIs on easy mode! 😎 1. Fetch all endpoints and parameters with GAU (GetAllUrls) 2. Run Tplmap Example 👇
Python alternative to Mimikatz lsadump::dcshadow github.com/ShutdownRepo/d…
How to recon like 👇 Find subs > assetfinder Find alive hosts > httprobe Fetch paths for hosts > meg Check this out 👇 #BugBounty
🚨Alert🚨 CVE-2025-49493:Akamai CloudTest Allows File Inclusion via XML External Entity (XXE) injection. 🧐Deep Dive from @Xbow : xbow.com/blog/xbow-akam… 🔥PoC : github.com/MuhammadWaseem… 📊316 Services are found on the hunter.how yearly. 🔗Hunter…
🚨Alert🚨 CVE-2025-49493:Akamai CloudTest Allows File Inclusion via XML External Entity (XXE) injection. 🧐Deep Dive from @Xbow : xbow.com/blog/xbow-akam… 🔥PoC : github.com/MuhammadWaseem… 📊316 Services are found on the hunter.how yearly. 🔗Hunter… https://t.co/CGEEZjThn8
STOCK OF GOD @mithuch58310602
86 Followers 739 Following New York stock market expert decoding market moves and delivering clear, actionable insights. Navigating volatility with precision and strategy.
TeresaKitto @7W28Kg7548bRQ75
99 Followers 2K Following
Sweeshew @SweeshewzLnMFm
98 Followers 6K Following
alexa @qianzhengjian1
26 Followers 196 Following
Daniel @DMakewea
1 Followers 1K Following
Руслан Пост... @Poster133
44 Followers 1K Following
lol @loOOo00oO0ol
0 Followers 1K Following
Lauren @laurenbroglio3
606 Followers 3K Following
Frankie @frankie_patters
216 Followers 3K Following
Jacquelyn @jacquelyn_oconn
414 Followers 3K Following
Robin @robin_noyes1
324 Followers 3K Following
Marilyn @colantromarilyn
269 Followers 3K Following
Amanda @gore_amanda48
363 Followers 3K Following
Lottie @Lottie722165834
243 Followers 3K Following
Margaret @knight61margare
295 Followers 3K Following
AdFighter @TheAdFighter
12K Followers 11K Following Data Privacy Is Everyone's Fundamental Right - AdFighter is free blocking software program for annoying advertisement, intrusive content, online trackers etc.
MARWA @khalfaouimar
16 Followers 316 Following
Evelyn @evelyn_kim24
397 Followers 3K Following
Laura Kloosterman @LauraKloosterm3
152 Followers 5K Following I specialize in digital marketing and growth hacking. I have experience working in a wide range of industries, from small businesses to large corporations 📊
PwrSpl0it @newbiepath
853 Followers 1K Following Bug bounty hunter, web app security enthusiast, chess player, soccer player sometimes
Faizan Akhtar @86xm1
2K Followers 736 Following Web Security Researcher Bug Bounty Hunter (Ethical Hacker) SRT Synack Red *Featured* https://t.co/6LNcJy4xeu
c26 @c26root
44 Followers 1K Following
Bounty Security @BountySecurity
19K Followers 10K Following Offensive Web Application Security Software
M0H4M3D @M0H4M3D5
48 Followers 675 Following
Microsoft Threat Inte... @MsftSecIntel
187K Followers 1K Following We are Microsoft's global network of security experts. Follow for security research and threat intelligence.
纽约时报中文网 @nytchinese
3.8M Followers 369 Following 纽约时报中文网官方推特。Official Twitter Account of The New York Times Chinese Website. iPhone & iPad app: https://t.co/hzbwaOOxA6 Android app: https://t.co/NIusFpRU2S
Advance-sec @advance_sec0
765 Followers 705 Following Advance-sec platform: is one of the top leaders in research and acquisition of vulnerabilities and 0day exploits. Email: [email protected] Wire: @advance_sec
7h3h4ckv157 @7h3h4ckv157
51K Followers 117 Following Hacker (He/Him) | Hall of Fame: Google, Apple, NASA, 𝕏 (FKA Twitter) | Speaker: BlackHat MEA x1 | CVE ×4 | HTB Rank: Guru | P1 warrior - Bugcrowd | CS Engineer
Tanveer Gill @GillTanveer89
1K Followers 211 Following Building @TraycerAI My soul is nurtured by family, friends, games, dogs & nature.
Mehdi @silentgh00st
5K Followers 2K Following 🔎 @mapperplus 🥷 Cyber Security Engineer - Penetration Tester 🔴 Synack Red Team Member 💻 Coding enthusiast ... --------------- OSCP-CRTO
CISA Cyber @CISACyber
284K Followers 71 Following Part of @CISAgov, we respond to major incidents, analyze threats, and exchange critical cybersecurity information with partners around the world.
CCob🏴�... @_EthicalChaos_
9K Followers 437 Following Ceri Coburn: Hacker | R̷u̷n̷n̷e̷r̷ DIYer| Vizsla Fanboy and a Little Welsh Bull apparently 🏴 Author of poorly coded tools: https://t.co/P6tT2qQksC
XBOW @Xbow
10K Followers 6 Following Bringing AI to offensive security by autonomously finding and exploiting web vulnerabilities. Watch XBOW hack things: https://t.co/D5Mco1u8zM
djurado @djurado9
6K Followers 671 Following Security Researcher at @xbow - Former @microsoft Activision Blizzard King - Bug Bounty Hunter https://t.co/l69MUUXLBA
club1337 @club31337
2K Followers 71 Following Threat Intelligence & Security Research • Telegram: https://t.co/dyJBoFbrgr
Coffin @coffinxp7
25K Followers 207 Following 🕵🏻♂️| ꜱᴇᴄᴜʀɪᴛʏ ʀᴇꜱᴇᴀʀᴄʜᴇʀ | ᴄᴏɴᴛᴇɴᴛ ᴄʀᴇᴀᴛᴏʀ | ᴡʀɪᴛᴇᴜᴘꜱ: https://t.co/xRCKfLzQG7 |ᴡᴇʙꜱɪᴛᴇ: https://t.co/pjFfqTxbZO | ᴄᴏᴍᴍᴜɴɪᴛʏ: https://t.co/5p05U7h0BM
Whiteintel @whiteintel_io
4K Followers 10 Following Real-time threat and infostealer intelligence for MSSPs, enterprises, and researchers. Detect leaks, monitor takeovers and respond instantly.
Scam Sniffer | Web3 A... @realScamSniffer
92K Followers 45 Following Crypto Anti-Scam🛡️ | User-safety advocate 🌐 🧩 Extension: https://t.co/How2d4sL8b 📲 | ✈️ TG: https://t.co/qbfM5Z44mZ
Searchlight Cyber @SLCyberSec
688 Followers 382 Following Searchlight Cyber creates products to enhance investigations, protect businesses, and combat cybercrime. Request a trial at https://t.co/zDISBtLIcU
Karl @kfosaaen
5K Followers 949 Following VP of Research - @netspi Co-author of “Penetration Testing Azure for Ethical Hackers” (https://t.co/R8AjWWbSyj). @kfosaaen on most other platforms
Cody Burkard @CodyBurkard
168 Followers 48 Following Security researcher specializing in Entra, Azure and application security
OccupytheWeb @three_cube
247K Followers 3K Following Pentester, Forensic investigator, and former college professor. Trained hackers at every branch of US military and intelligence. Visit me at https://t.co/G478wufszw
Nepal News English @nepalnews_eng
37K Followers 1 Following Nepal News offers accurate and independent news with multi-sided perspectives on Nepal.
mgeeky | Mariusz Bana... @mariuszbit
14K Followers 812 Following 🔴 Operator, Initial Access afficionado, Researcher, ex-AV engine developer, ex-Malware analyst 🦋 @mgeeky.bsky.social 🫖 green tea lover
SEKTOR7 Institute @SEKTOR7net
15K Followers 346 Following Homo Aptus. Vincit qui se vincit - Publilius Syrus. Consulting, Training, Technology, Cyber domain, and more... @x33fcon founder.
Vincent Yiu @vysecurity
29K Followers 308 Following Director, Red Team, Offensive Security. Help organizations safeguard their businesses from the bad guys.
Hacking Articles @hackinarticles
276K Followers 453 Following House of Pentesters Join us: https://t.co/Y6XOlSOA92
TryHackMe @RealTryHackMe
282K Followers 103 Following An online platform that makes it easy to break into and upskill in cyber security, all through your browser.
reverseame @reverseame
21K Followers 1 Following RME-DisCo research group from University of Zaragoza. Special interest on software and systems security. Link to our Telegram channel: https://t.co/UmkcXVG8MU
Clandestine @akaclandestine
49K Followers 5K Following | Security | Osint | Threat Research | Opsec | Threat Intelligence | Infosec | Threat Hunting | Humint |
Josh @passthehashbrwn
10K Followers 332 Following Adversarial Simulation at IBM, tweets are mine etc.
ACE Responder @ACEResponder
17K Followers 225 Following Practice threat hunting & detection engineering in a real SIEM with real attacks. Join us and become the best.
André Baptista @0xacb
17K Followers 781 Following Hacker grinding for L1gh7 and Fr33dφm, straight outta the cosmic realm. Co-founder @ethiack
SinSinology @SinSinology
13K Followers 674 Following Pwn2Own 20{22,23,24,24.5,25,25.5}, i look for 0-Days but i find N-Days & i chase oranges 🍊
Cyber Saiyan | RomHac... @cybersaiyanIT
5K Followers 77 Following A community | RomHack Conference, Training and Camp - more info https://t.co/15V29skoWi
Kévin GERVOT (Mizu) @kevin_mizu
6K Followers 754 Following Researcher for @ctbbpodcast lab 🐛 | DOMLogger++ developer 👨🏻💻 | CTF with @FlatNetworkOrg, @rhackgondins 🦦 | @ECSC_TeamFrance 2023 🇫🇷
LeakIX @leak_ix
7K Followers 235 Following Provide comprehensive visibility into internet-facing assets. Looking for vulnerabilities and misconfigurations 24/7 since 2020. https://t.co/MEjkffN1xg
Soroush Dalili @irsdl
20K Followers 909 Following Hacker (ethical), web appsec specialist, trainer, tools builder & apps breaker, @SecProjectLtd founder 🕸️https://t.co/YipuTcYnWc🥷 🍏A dad-joke maker🍐
Keanu Nys @RedByte1337
896 Followers 74 Following Offensive Security Lead @ Spotit. Creator of GraphSpy
Dirk-jan @_dirkjan
28K Followers 206 Following Hacker at @OutsiderSec. Researches AD and Azure (AD) security. Likes to play around with Python and write tools that make work easier.
Dr. Nestori Syynimaa @DrAzureAD
20K Followers 2K Following Principal Identity Security Researcher at Microsoft. Ex-Secureworks. (MSc, MEng, PhD, CITP, CCSK). And yes, opinions are my own ;)
Markus Wulftange @mwulftange
3K Followers 195 Following Principal Security Researcher and Pâtissier at @codewhitesec
Piotr Bazydło @chudyPB
4K Followers 307 Following Principal Vulnerability Researcher at watchTowr | Previously: Zero Day Initiative | @[email protected]
Khoa Dinh @_l0gg
2K Followers 119 Following
Sean Metcalf @PyroTek3
36K Followers 615 Following Identity Security Architect @ TrustedSec. Microsoft Certified Master #ActiveDirectory & former Microsoft MVP. Co-Host @ Enterprise Security Weekly. He/Him. #BLMTrends for United States
You might like
