locolocosec @locolocosec
Dev & Security Researcher l Loves Cooking & Football 🌿🌞 Joined November 2023-
Tweets1K
-
Followers59
-
Following564
-
Likes2K
Second-Order SQL Injection 1️⃣ Attacker injects payload into a field that is stored in DB (e.g., username). 2️⃣ Later, another query uses this stored value unsafely. 3️⃣ Payload executes → data leak, auth bypass, or privilege escalation. #SQLi #BugBounty #WebSecurity
What screenshotting tools have you used, and which one is the best?
I've made over 100k on SSRF vulnerabilities. They aren't always as simple as pointing it at localhost or AWS Metadata service. Here are some tricks I've picked up over the past 5 years of web app testing:
I don’t hunt bugs, I hunt databases. 🗡️ #SQLiMaster #BugBounty #Intigriti #InfoSec #BugBounty
(Thread 🧵) 1/ Most hunters stop testing a file upload after failing to get RCE. You're leaving critical bugs on the table. Think bigger: Stored XSS, SSRF, XXE. Here’s a deeper methodology to find what others miss. 👇 #bugbountytips
medium.com/@one33se7en Good articles , Give a read guys #bugbounty
Found a great waf bypass for client side path traversal (a thread)
I've made $500k+ from SSRF vulnerabilities. Here are my tricks:
New day new SQLI 💉 Don't waste your time on finding XSS let the automated tools find it for you and focus on finding critical bugs also how to bypass the WAF's #SQLiMaster #BugBounty #Intigriti #InfoSec #BugBounty @intigriti
If you are an Indian Bug Bounty Hunter looking to save Money on Forex fees and get better conversion rates USD to INR, I use Skydo for that. If you sign up using my referral link => join.skydo.com/9az1u We both get $30 discount, which can be used to waive the Skydo fee.
Hello everyone, my blogs were not updated for quite some time. So, I'm sharing my notes which I took while learning about web cache deception. PS: These are not original notes. Many parts of this blogs are taken from other resources. So credit to them. medium.com/@mrd17x/web-ca…
IDOR allows me to upgrade my own user role to Admin 😃 Also, I can downgrade the real Admin just by simply changing the ID and "isAdmin": true/false Easy bug highest impact! #bugbountytips
Critical Vulnerability Rewarded by Deutsche Telekom (T-Mobile Germany/European Union) #bugbounty #p1
5 Test-cases every bug bounty hunter needs to try on WordPress targets! 🤠 • Test for open registration (use misconfig-mapper) • Test for REST API access /wp-json/wp/v2/users (search for emails & test for weak credentials) • Test for directory listings on /wp-content/uploads…
The Thousand Dollar Bug #bugbounty #bugbountytips
Another Blind XSS Triaged #bugbountytips
poking around with @AmirMSafari on a public program, no WAF bypass, no special payload 3x Dom XSS: javascript:alert(origin) CSPT + parameter pollution: critical CSRF HTMLi: leaking URL equipped with token Tip: read JS files curiously, do not rush for bug, enjoy the process :]
Not all CSRFs are created equal. Understanding the difference is key to writing impactful bug reports. Here are 5 ways to spot a CSRF worth reporting👇
💡Tips: 1- Test duplicate account registration. 2- Inject Null Byte %00 → bypass checks. 3- Poor input validation = full account take over . #BugBounty #BugBountytips #BugBountytip #hackerone medium.com/@nayefhamouda/…
There's no secret recipe or roadmap to find high & critical bugs. Although there are many niche bugs which require a lot of experience to find and exploit. Other than that it's all about.. 1/n
Connie Tremblay @ConnieTrem40461
81 Followers 4K Following
Fodhil Benhiba 🇵�... @BenhibaFodhil
97 Followers 183 Following Computer Science Student | Bug Bounty Hunter | Cyber Security Enthusiast | CTF player @h3avensbirds
PenguinWeb3 @PenguinWebz3
494 Followers 6K Following Narratives & DeFi. Crypto Penguin is always on its way to help!🐧| DM's open 24/7
CarolCarroll @9nB0tZ8i4rfS2
98 Followers 3K Following
VINCHI @iamvinchi
324 Followers 2K Following Learning @CyfrinUpdraft | Web3 security researcher | Smart contract Auditor in progress.
Rosalia @rosaliastrain99
255 Followers 3K Following
Andrea Hamilton @AndreaHami81231
1 Followers 176 Following Recruiting webshell engineers to penetrate websites, with a monthly salary of up to $100,000. If interested, pl ease contact https://t.co/84g3zO1JtM
Ysoohawx @Ysoohawx327882
57 Followers 1K Following
me @Paul14218670
7K Followers 229 Following
Kam Khan Sang @r1skkam
85 Followers 1K Following
Surya Vijayan @abcdxyz3210
1 Followers 158 Following
PaulHaykeens @haykeens_
27 Followers 444 Following an optimistic being....Curiosity is the only crime 🧑💻
linillo @linilloCS
7 Followers 262 Following
Abdullah Nawaf (Hacke... @XHackerx007
8K Followers 414 Following Hackerx007 Bug hunter FB/Twitter/Mail.ru HOF 41 Bugcrowd rank 11 Bugcrowd P1 rank with 226 p1 :) In love with P1 ;)
Mr Owl @ziko29504803
559 Followers 1K Following Bug Bounty Hunter - BBH Top 10 OWASP vulnerabilities Cyber Security It's better to lose yourself when you hacking
Cherlyn @hallcherlyn11
189 Followers 3K Following
Braeden Metz @MetzBraede33051
124 Followers 2K Following
McDadore @McDadorew6zh8
15 Followers 1K Following
Carrie @carrieparis81
281 Followers 3K Following
Harkamal Singh @H3LLD3V_K
0 Followers 202 Following
Spark Alchemist @Spark_Alchemist
2 Followers 3 Following Website Design and Copywriting Studio! Delivering consistent value and creating magic, together.
MouhannadlrX(Mouhanna... @MouhannadlrX0
499 Followers 2K Following @HackenProof Security Researcher , in love with diving deep and chains issues toghether to achive most impact possible , CVE-2022-36178
Marilyn @marilynsapp42
289 Followers 3K Following
Megan @gilbertmegan77
246 Followers 3K Following
Tunahan TEKEOĞLU @tun4hunt
632 Followers 508 Following 🇹🇷 Senior Cyber Security Consultant | Bug Bounty Hunter
Jessie @harrison_jessie
247 Followers 3K Following
n1nja007 @n1nja007
84 Followers 4K Following
Muhammad Farhad Ansar... @fteagleeye1
701 Followers 3K Following Fundamentalist Muslim | Student | Bug Bounty Hunter
sandesh @onceuponahacker
380 Followers 1K Following cybersecurity , ethical hacking ...ALL VIEWS expressed here ARE MINE... 🇮🇳 Jai Hind !
Aditya Bhandari @adityabhandari1
326 Followers 4K Following Designing with purpose. ✷Brand Identity ✷ Website ✷ Strategy | TEDx Speaker | UN_GirlUp Speaker 🌿🌻
Mary @mary71barr
378 Followers 3K Following
Jackie @g_jackie84
282 Followers 3K Following
Elizabeth @treadwayelizabe
277 Followers 3K Following
Debra @debra64garay
298 Followers 3K Following
scifiboiahoy @scifiboiahoy
84 Followers 948 Following "protecting innocent people, making the internet safe" "it is not about you or me, it is about the community, and creating a positive impact" Good Vibez Only!
Kuldeep Pandya @kuldeepdotexe
5K Followers 348 Following OSINT | Web | Binary | [email protected] | @SynackRedTeam Envoy && Hero
Hero_of_Digital @_MK_Mustafa
143 Followers 59 Following 27y & oil engineer & penetration tester & investment trading & still learning..I love sports & traveling and 🪂🏊✈️🤵☃️🌄🌍🎹. 🇮🇶
drop @dropn0w
2K Followers 568 Following Offensive Security Consultant | HackerOne Ambassador for 🇧🇪 Belgium | Security Researcher | Views are my own
r00tz 🇮🇳 @yaser_s
1K Followers 2K Following 🚀CFP & Speaker Ops @BugBountyDefcon🏅@Hacker0x01 Brand Ambassador Canada🎖️@Bugcrowd Hacker Advisory Board 🏆Top Spots-US DoD🥈H1 Hack the Airforce7'22🥇HackUS
Faav @efaav
694 Followers 166 Following Developer @ https://t.co/qiMEJOTD1H (& NameMC Extras), Bad web developer, Bug hunter.
Vincent @vinhacks
460 Followers 238 Following 🇨🇦⚜️ 18 y/o bug bounty hunter & student. Sharing my bug bounty journey | https://t.co/PdrXkrMVCS | https://t.co/QnXe4wtL11
Priyanshu @priyanshu_xo
2K Followers 663 Following full time bug bounty hunter https://t.co/Z1PExchTcf
GiuseppeDeLaZara @windhustler
4K Followers 806 Following Ex-Petroleum Engineer | Solidity Developer | Chief of Security @BurraSec | Security Researcher @spearbit, @zenith256 | Mentor @TheSecureum
xploiterr @_xploiterr
2K Followers 905 Following Let everything happen to you, just keep going… like she said. ✍️ Write-ups → https://t.co/2ki4J3756e
Eno Leriand @0x3n0
5K Followers 154 Following Cyber Security, mostly on hacking, chasing flags & life goal? idk | Red team @Synack | Researcher @YogoshaOfficial • Discord: 0x3n0 (UTC+8) No DM without scope
Lee | 33Audits @33audits
4K Followers 295 Following auditing, researching, building | DM for audits/dev work
Muqsit 𝕏 @mqst_
8K Followers 99 Following Sharing resources from the cybersecurity community • Passionate learner and creator • YouTube: https://t.co/1BmE6QOd0D • Turn ON Notifications 🔔
Profundis.io @profundisio
681 Followers 0 Following Mapping the internet - turning DNS/host data into intel for sec teams, OSINT & bug-bounty hunters. Automated recon & real-time alerts.
Devansh (⚡, 🥷) @0xAsm0d3us
16K Followers 3K Following Pwn, Security Research & Math ⚡ Views are personal
Dark Web Intelligence @DailyDarkWeb
138K Followers 0 Following Daily Dark Web dose from the dark side.
Hossam A. Mesbah 🇵... @m359ah
4K Followers 224 Following Sr. Security consultant | Bug bounty hunter https://t.co/tuKTyrFrWo | https://t.co/PGSwsav7HG | https://t.co/Z6BCawM3XF
Ron Chan @ngalongc
19K Followers 501 Following
Ackee Blockchain Secu... @AckeeBlockchain
7K Followers 789 Following Cybersecurity experts | We audit Ethereum and Solana | Creators of @WakeFramework, Solidity (Wake) & @TridentSolana | Educational partner of Solana Foundation
MoveJay @movebrah
2K Followers 614 Following Move SR @spearbit | Ambassador @Suinetwork @Walrusprotocol
phil @philbugcatcher
2K Followers 464 Following Security Researcher @CertoraInc | @CyfrinUpdraft alumni
Alon Leviev @alon_leviev
1K Followers 182 Following Vulnerability Researcher at Microsoft | Researcher, Speaker, BJJ Black Belt, Former BJJ World and Euro Champion
djurado @djurado9
6K Followers 671 Following Security Researcher at @xbow - Former @microsoft Activision Blizzard King - Bug Bounty Hunter https://t.co/l69MUUXLBA
OffSec @offsectraining
325K Followers 119 Following Empowering the world to fight cyber threats with indispensable cybersecurity skills and resources. Build the path to a secure future with OffSec.
Trend Zero Day Initia... @thezdi
83K Followers 16 Following Trend Zero Day Initiative™ (ZDI) is a program designed to reward security researchers for responsibly disclosing vulnerabilities.
CVE @CVEnew
56K Followers 3 Following Official account maintained by the CVE™ Program to notify the community of new CVE IDs. Posts contain abbreviated details. Full CVE Records on https://t.co/ALn4YvUtom
c4ng4c3ir0 @c4ng4c3ir0
7K Followers 612 Following Que meus advogados não falhem. Que meus pecados sejam perdoados.
g @gjaldon
4K Followers 254 Following LSW @sherlockdefi | @blackthornxyz | 6x 🥇 wins (91 contest days) | Infra and Contracts Expertise | Rust Go Solidity | https://t.co/kbiPdpKeLS
Cubed @Cubed_h1
2K Followers 345 Following Career in hacking into stuff on https://t.co/9wUU4HbNMO | Security Researcher @hacker0x01. Half 🇷🇴 and half 🇪🇬
Aditya sharma 🇮�... @Assass1nmarcos
6K Followers 56 Following Cyber Security Researcher, Hacker🇮🇳 Love to get unauthorized access in your Server. HOF from Google | Microsoft | Apple | Meta | Adobe | Oneplus
Mehdi @silentgh00st
5K Followers 2K Following 🔎 @mapperplus 🥷 Cyber Security Engineer - Penetration Tester 🔴 Synack Red Team Member 💻 Coding enthusiast ... --------------- OSCP-CRTO
0x0smilex @assa2940
918 Followers 97 Following bug hunter 🐛 ethical hacker / noob 🤓/ Follow for more cool tips & stuffs! 🤙🏻 hungry for knowledge
Louis Nyffenegger @snyff
20K Followers 590 Following Founder/CEO/Trainer/Researcher/CVE archeologist @PentesterLab. Security engineer. Bugs are my own, not of my employer...
harris0ft @harris0ft
5K Followers 98 Following Christian, Hacker, Independent Security Researcher. https://t.co/7rmqelX5L4
MorboAalst - Kitty @MorboAalst
1K Followers 582 Following Amateur dartplayer, repping the hello kitty brand. Part of the @Intigriti family
Md Ismail Šojal �... @0x0SojalSec
30K Followers 5K Following Cyber_Security_Re-searcher || 0SINT || Malware Analysis II Pwn || Ai Re-searcher || Project @AIStrikeSec || 0ld Accounts Suspended @0xSojalSec ||
Barracks @BarracksArmy
188 Followers 38 Following Beyond the lab rut. Barracks forges hyper-realistic WarZones mirroring appsec chaos. Adapt. Report. Thrive. Build skills that cash actual checks.
Sandeep | CEO, Polygo... @sandeepnailwal
343K Followers 5K Following Absolute-Individual-Freedom Maximalist. Founder & CEO @0xPolygon Foundation, Founder @cryptorelief_, Co-founder @SentientAGI . Re/tweets are not endorsements.
Harley Kimball @infinitelogins
7K Followers 1K Following Hacker Community Cultivator, Pentester, Bug Bounty Hunter | Co-Founder of @BugBountyDEFCON | Founder of Disclosed. (link in bio)
Neeraj Sharma @root_n33r4j
5K Followers 97 Following
xit! 🇮🇳 @xitsec
3K Followers 230 Following Security Engineer !| Bug bounty hunter !| Pentester | whitehat @Immunefi | bugcrowd | hackerone | @Hackenproof Security Researcher
Dacian @DevDacian
6K Followers 206 Following Audit Team Leader @CyfrinAudits Protected $40,000,000,000+ on-chain TVL! DM for Cyfrin private audits!
DadeKuma @DadeKuma
2K Followers 254 Following Independent Security Researcher | Top 100 Warden & Judge @code4rena | Zenith Researcher @zenith256 | Available for private audits, Rust & EVM 🗓️Trends for United States
You might like
