Sh4d0w_Xp @x_f4c_t0r
Ethical Hacker(CyberSecurity Researcher) BugBountyHunter.. 127.0.0.1 Joined June 2025-
Tweets41
-
Followers9
-
Following181
-
Likes160
Always check for ID’s disclosed in response: 1. Found a json POST request without user ID to fetch user information in the response 2. Adding new parameter “user_id”:<victims ID> in the request body 3. Victims full PII details fetched in response #bugcrowd #bugbountytips
2FA bypass: 1. Login request path: /api/v1/… -> redirect to 2FA page 2. Manipulate path to: /api/v2/… -> Access token disclosed in response 3. Use “access token” and send request to disable 2FA endpoint 4. 2FA disabled. Now login and get full access. #bugbounty #bugbountytip
2FA bypass: 1. 2FA activated on main domain 2. Found subdomain : embed.<target>.com 3. Logged in to subdomain with same creds 4. After login to subdomain option to redirect to main domain. 5. Full access to main domain without entering 2FA #BugBountytips #BugBounty #2fabypass
I've made $500k+ from SSRF vulnerabilities. Here are my tricks:
How to start your journey as a web3 security researcher/auditor? 1. Create an X/Twitter and LinkedIn profile where you will post about your work and connect with the others from the space. 2. Read "Mastering Ethereum" by Gavin Wood (Vyper part is optional) 3. Complete all…
$5 Membership sale is live for the next 24 hours: account.shodan.io/billing/member
🔍 Abusing 404 Pages for Endpoint Discovery (The Hidden Recon Technique No One Talks About) Most hackers move on when they hit a 404 page. It just says “Not Found,” right? But here’s the twist sometimes those 404 pages leak information about real endpoints.
Mr.Holmes: An information gathering tool (OSINT). The main purpose is to gain information about domains, usernames and phone numbers. GitHub: github.com/Lucksi/Mr.Holm…
🗂️ Hidden File Extensions to Try in Dir Bruteforce • .bak → backups • .old → old versions • .swp → editor swap files • .php~ → temp files • .txt → configs or logs 📂 Extensions reveal forgotten secrets! #BugBounty #Recon #WebHacking
🧵 Bug Bounty Tip: Attack Vectors in Forgot Password Flows "Forgot Password?" — a simple feature, but a goldmine for bugs. Here are 🔟 high-impact attack vectors to test in password reset flows 👇 #BugBounty #AppSec #WebSecurity
2FA Bypass techniques:🔥 List of 15 Common 2FA Bypasses For Bug Bounty / Penetration Testing. 1. Response Manipulation In response if "success":false Change it to "success":true 2. Status Code Manipulation If Status Code is 4xx Try to change it to 200 OK and see if it…
[#bugbountytip] 1. Go to a Program's Hacktivity page (or Writeups) 2. Find a P1/P2/P3 patched not so long ago (~1 Year). 3. Understand the Report, and test for that exact same bug on the Live App today. 4. $1337, $7331 or Knowledge++ Don't forget to Thank them Later.
Anyone can learn Web3 Security for $0! Resources: @CyfrinUpdraft is free @immunefi (Bug Bounty Writeups/Blogs) is free @TheSecureum is free @trailofbits (Blogs/Publications) is free @RektHQ is free @CryptoZombiesHQ is free @OpenZeppelin resources are free @ProgrammerSmart is…
Bug Bounty Cheat Sheet RECON - GitHub Dorks & Tools
some good moduls..
Types of penetration testing every ethical hacker should know.
that's the real truth....
RCE on Call of Duty WWII exploited in the wild
RCE on Call of Duty WWII exploited in the wild
RAID in Linux crash course
Claire U. @JanelB67839
19 Followers 819 Following
Alkaliep @Alkaliep022002
88 Followers 3K Following
Mr Owl @ziko29504803
558 Followers 1K Following Bug Bounty Hunter - BBH Top 10 OWASP vulnerabilities Cyber Security It's better to lose yourself when you hacking
bougesh @bougeshh
241 Followers 835 Following very positive and polite man. I’m a huge tech nerd and a crypto guy that’s hopeful for profits
Alklaupo @Alklaupo48437
25 Followers 2K Following
Linda Emily @LindaEmily80
0 Followers 22 Following I’m a very outgoing, quirky, and silly girl who loves to laugh and make others smile.💞
Legal Hacker @HackerLega50822
0 Followers 70 Following I'm a Nigerian student in university of calabar studying cyber security and Hacking.
Md. Jakirul Alam @Jakirpentest
380 Followers 2K Following Aspiring Ethical Hacker | Learning Cyber Scurity | Post Office Entrepreneur
Suryesh 🇮🇳 @Suryesh_92
1K Followers 521 Following Security Researcher | HackWithSuryesh | https://t.co/Y3UySjPQKl
Sunil Yedla @sunilyedla2
9K Followers 250 Following Trying to make Internet a safer place 👨🏼💻 by helping companies find security loopholes. Hustling to make my parents proud! 🧡
Shubham Bhamare 𝕏 @theshubh77
711 Followers 91 Following Cyber Security Researcher | 2018, 2019, 2020, 2021 - Meta (formerly Facebook) HoF | An ORDINARY guy with EXTRAORDINARY dreams!
FailSafe @getfailsafe
38K Followers 218 Following Backed by @Sequoia & @dragonfly_xyz | Secured $8B+ across 100+ protocols incl. @HyperliquidX, @Base & @BNBChain | Audit Grants https://t.co/vgygefazk5
Rtree Finance @RtreeFinance
4K Followers 40 Following Hong Kong’s first compliance-driven RWA platform. Backed by HKEX-listed GoFintech Quantum (https://t.co/OBz5QP0kXp) and licensed asset manager MaiCapital Limited.
Kle0z @Kle0z
251 Followers 53 Following Security Researcher | Part-time bug bounty hunter | Building automation tools for Bug Bounty | https://t.co/IzMYJTVaH1
Mr Owl @ziko29504803
558 Followers 1K Following Bug Bounty Hunter - BBH Top 10 OWASP vulnerabilities Cyber Security It's better to lose yourself when you hacking
0xSimao @0xSimao
3K Followers 614 Following Founding Researcher @blackthornxyz #2 @sherlockdefi 2025 https://t.co/TXqTc5h4fT 27 Top-3 Finishes & 30+ Private Audits DM for audits
preslaven @preslaven
2K Followers 849 Following Web3 Security Researcher. Reach me out at https://t.co/7ALZCFzBxV
Maglov @krasi_markov
62 Followers 262 Following Smart Contract Security Researcher | Web3 Еnthusiast
Securr @Securrtech
6K Followers 235 Following Securing Web3 with the most advanced Bug Bounty platform & Expert Smart Contract Audits! 🛡 100+ PROJECTS SERVED 💰 $2B+ FUNDS SAVED 🧑💻 15000+ HACKERS
Pashov Audit Group @PashovAuditGrp
5K Followers 1 Following Solidity, Rust, Cairo, Move, Go, Vyper security audits company. Trusted by Aave, Uniswap, LayerZero, Ethena, Euler, Pumpfun. Book an audit: https://t.co/Ujh04UZ7GH
pashov @pashovkrum
34K Followers 1K Following Security audits @PashovAuditGrp Angel investing @PashovCapital
kingamabrook @kingamabrook
400 Followers 2K Following Crypto culture aficionado | NFT collector 🌌 | Decentralizing the art world one token at a time | Embracing blockchain's endless potential
Zigtur @zigtur
3K Followers 866 Following The "web3 cybersec guy" breaking Rust, Solidity & Go | Lead Security Researcher @spearbit & #1 all-time @cantinaxyz 🪐 | RareSkills instructor
JohnnyTime 🤓🔥 @RealJohnnyTime
12K Followers 1K Following Founder @ https://t.co/gcgrMm4Njh, JohnnyTime @ Youtube, Securing Web3 @ https://t.co/wJdpJyYcg0 & https://t.co/3d9aL8n5G8
frs.eth 🦇🔊 @0xfrsmln
1K Followers 800 Following achieving serenity | independent security researcher | @CyfrinUpdraft alumni
Blackhole @BlackholeDex
34K Followers 99 Following
WhiteHatMage @WhiteHatMage
3K Followers 316 Following Bug bounty wizard - All Stars @immunefi. I cast Exorcise on vulnerabilities and Heal on protocols. Prevented exploits worth over $150M.
ZetaChain 🟩 @zetablockchain
1.1M Followers 61 Following Build Once, Launch Everywhere. Access everything from everywhere including native Bitcoin with ZetaChain, the First Universal Blockchain.
Dacian @DevDacian
6K Followers 205 Following Audit Team Leader @CyfrinAudits Protected $40,000,000,000+ on-chain TVL! DM for Cyfrin private audits!
Jack Sanford 🛡️ @jack__sanford
4K Followers 973 Following CEO / co-founder 🔎 @sherlockdefi | ALL4 🌱 @alliancedao | prev 📈 @citadel | alum 🎾 @UCBerkeley
Bluefin @bluefinapp
199K Followers 0 Following Trading, Simplified. Backed by @Polychain, Brevan Howard Digital, and SIG. Discord: https://t.co/nSI5aNWUUh
Aptos @Aptos
668K Followers 402 Following Aptos is the layer 1 blockchain engineered to evolve. Make Your Move on Aptos 🌐 Twitter by Aptos Foundation.
Circuit DAO 🌱 @Circuit_DAO
1K Followers 12 Following CDP protocol on the Chia blockchain. Join the community on our Discord server: https://t.co/NaFaZ14cHR
Cantina 🪐 @cantinaxyz
17K Followers 2 Following Securing the world's most important code alongside @spearbit. Explore our security solutions @ https://t.co/UGMSesXryV
Beast Boy 🔮 @0xBeastBoy
478 Followers 2K Following Software Engineer & Web3 Enthusiast Security Researcher | Discord - 0xbeastboy
Killua @0x158_
343 Followers 816 Following @HackenProof Security Researcher Solidity | Move | " तत् त्वम् असि | " https://t.co/UfLTNIOvsO
conqueror - Ahmed Qar... @c0nqr0r
4K Followers 516 Following Cyber Security Engineer II at Cyshield Founder https://t.co/ZpwGTG61Fd Content Creator
NonKyc.io @nonkyc_exchange
13K Followers 431 Following NonKyc Exchange https://t.co/pB2GqYUF5b = Deposit, Trade, and Withdraw. Not your keys, Not your Coins, we don't beg for liquidity ! https://t.co/9594q1UQyS
Tech Enthusiast @CtPrecious
18K Followers 3K Following Threat Intelligence Analyst | OSINT | Partner with @anyrun_app | Explore My Security Tools & Projects: https://t.co/G7Jmi1UrPg
ZKsync (∎, ∆) @zksync
1.5M Followers 100 Following The Elastic Network: an ever expanding verifiable blockchain network, secured by math. Built on Ethereum.
Vinay ⧫ OnChain @Web3_Vinay
633 Followers 455 Following Future Smart Contract Auditor | Learning Solidity & blockchain security to secure Web3. Passionate about DeFi & code integrity.
Binance @binance
14.9M Followers 580 Following The world’s leading blockchain ecosystem and digital asset exchange | #Binance #BNB | Support: @BinanceHelpDesk | Posts are not directed towards UK users.
ThreatLocker @ThreatLocker
3K Followers 978 Following ThreatLocker protects against zero-day exploits and cyberattacks by giving you complete control over what runs in your organization.
Bitcoin @Bitcoin
7.9M Followers 13 Following Bitcoin is an open source censorship-resistant peer-to-peer immutable network. Trackable digital gold. Don't trust; verify. Not your keys; not your coins.
Ethereum @ethereum
4.0M Followers 0 Following The universal platform for crypto, blockchain apps, stablecoins & decentralized tech. An account about the Ethereum ecosystem maintained by @ethereumfndn.
DeFi Land @DeFi_Land
92K Followers 840 Following DeFi, Gaming, NFTs and Alpacas in a new and all-in-one game ecosystem🚜Join us now https://t.co/vZZMWqHVUX
Solana Developers @solana_devs
69K Followers 114 Following gm Solana Developooooors! News, updates, content, code and job opportunities for Solana developers 🧑🏽💻Trends for United States
You might like
