Security Researcher | Crypto auditor and malware analyst 🥰
Joined May 2022
- Tweets 362
- Following 755
- Followers 2,613
- Likes 445
38 Photos and videos
Pinned Tweet
29 Jan 2023
Top google Dorking
Thread 🧵:👇 Here is how to find sensitive data issues:
1) publicly exposed documents :- site:target.com ext:doc | ext:docx | ext:odt | ext:rtf | ext:sxw | ext:psw | ext:ppt | ext:pptx | ext:pps | ext:csv
#BugBounty #bugbountytips #infosec
31
199
571
54,857
Let's gooooo back to back triaged and bounty , thanks @HackenProof what a great platform to test your knowledge 🔥
May 8
Top 3 researchers this week:
🥇 @0day_exploit_
🥈 @VagnerAndrei98
🥉 @Nord0x
On a roll! 🔥
Want your handle here? Join active programs: hackenproof.com/programs
4
7
882
Apr 23
Huge congratulations for the great achievement sir 💐 making the web3 more secured day by day 🫡
Apr 22
Thank you, @thedaofund! It’s an honor to be among the ETHSecurity badge holders!
And thank you, @d0rsky and the @HackenProof team, for your daily engagement and support! More security ideas and work are coming!
1
1
223
Mar 29
How I found a Critical ($100k) bug that could allow an attacker to drain the entire pool in under an hour and end on an information already known issue🥲
Read full article at ;-medium.com/@0day_exploit/cri…
2
1
11
1,082
Mar 29
@adeolRxxxx This is the original report you got a duplicate of. Read my story about how I argued and ended up on information rather than paying 100k$ 😰
1
268
Mar 26
Crazy 😍
Mar 25
As of today, BattleChain testnet is LIVE.
The pre-mainnet, post-testnet blockchain, where whitehats legally attack your smart contracts before they reach production.
Deploy. Get attacked. Ship stronger.
Here's why we built it, what it is, and how you can get involved 🧵
1
276
0 day exploit retweeted
11 Oct 2023
Thread 🧵:📷 Here is how I Do my Recon fast automated bug bounty
1) we are not using any kind of paid service to do automation 🔥
2) We use shell.cloud.google.com/ for hacking open terminal
#infosec #bugbountytips #Hacking #cybersecurity
12
95
293
46,612
10 Mar 2025
Top JS Bugs
Thread 🧵:👇 Here is how to find Exposed :
1) collect all the js endpoint by lazyegg
github.com/schooldropout1337…
- using automatic tools find sensitive data
chromewebstore.google.com/de…
#BugBounty #bugbountytips #infosec
1
6
18
1,232
10 Mar 2025
5) exploit using jsleak
cat test.txt | jsleaks -s -l -k
github.com/byt3hx/jsleak
6) expoit by nuclei
cat test.txt | nuclei -t credentials-disclosure-all.yaml -c 30
4
568
8 Mar 2025
Top AWS S3 Bugs
Thread 🧵:👇 Here is how to find Exposed
1) Misconfigured AWS S3 buckets that may expose sensitive data we can manually check by on the XML error page or Wappalyzer AWS technology
#BugBounty #bugbountytips #infosec
4
3
18
904
8 Mar 2025
join our bug bounty community for additional resource and support t.me/ 6F5g8_YDGtJjZmFl
703
8 Mar 2025
9) public searching
GitHub ;- org:target "amazonaws" ,"bucket_name" ,"aws_access_key" , "aws_access_key_id" , "aws_key" ,"aws_secret" , "aws_secret_key" , "S3_BUCKET"
10) Check the access control bugs
aws s3 cp file.txt s3://[bucketname] --no-sign-request
--> used for copy
1
1
426
8 Mar 2025
10) continue
aws s3 ls s3://[bucketname] --no-sign-request
aws s3 rm s3://[bucketname]/file.txt --no-sign-request
aws s3 cp s3://[bucketname]/ ./ --recursive --no-sign-request
1
380
7 Mar 2025
Top Browser Extensions
Thread 🧵:👇 Here is 30 Best extension used for attackers:
1) nuclei-ai-extension -> Browser Extension for Rapid Nuclei Template Generation
github.com/projectdiscovery/…
#BugBounty #bugbountytips #infosec
3
3
14
1,263
7 Mar 2025
24) S3BucketList — AWS Bucket Finder
25) D3coder — Encode/Decode Tool
26) Mitaka — OSINT Search Tool
27) Vortimo OSINT Tool
28) knoxss community - find advance xss
29) APKCombo - find android bugs and informatio
1
2
445
7 Mar 2025
Thanks, if you get difficulty finding tools Dm for link Bonus: causion This extension are only used for educational purposes and contain js injection, so don't use them on personal browsers
30) Hackbar - used for advanced payload
chromewebstore.google.com/de…
2
340