Joined May 2024
- Tweets 1,102
- Following 188
- Followers 11,828
- Likes 868
585 Photos and videos
Pinned Tweet
16 Aug 2025
🎬 We’ve created special playlists for you! 🚀
📌 Hacking 101: PenTesting & Cybersecurity
👉 youtube.com/playlist?list=PL…
📌 TryHackMe & HackTheBox Walkthroughs
👉 youtube.com/playlist?list=PL…
📌 Bug Bounty POC's
👉 youtube.com/playlist?list=PL…
⚡ Learn, practice, hack! - Share
#BugBounty
3
27
145
60,587
Jun 13
New Video0o: Burp Suite Hidden Gems: Powerful Extensions for Real Bug Bounty Hunting @theXSSrat
Most people use Burp Suite basics… but real bug bounty hunters go deeper. Hidden extensions, auth testing, automation & inside Burp Suite.
Watch now:
youtube.com/watch?v=lufxVI7r…
1
1
13
1,413
NullSecurityX retweeted
Jun 10
DeepSeek hacked! “AI has ended hacking” they say. I reported vulnerabilities in Gemini, Grok and Claude just 10 days ago. Last year I could access tokens and read chats on DeepSeek. Mythos just opened and they say it’s over… but it’s just talk.:D
youtube.com/@NullSecurityX
3
4
48
4,230
NullSecurityX retweeted
Jun 11
🚨 NEW Bug Bounty Video: Stored XSS in an Unexpected Attack Surface | Razer Bug Bounty
In this video, I walk through:
• Identifying the attack surface
• Validating the injection point
• Achieving persistent JavaScript execution
youtu.be/jZmrC6js1ls
2
11
3,415
Jun 10
We’re always open to YouTube content suggestions.Over the past few months, we’ve been a bit inactive due to OSCP preparation and some personal commitments.But we’re coming back. 🚀
Two new vulnerability analysis videos will be published soon.
Stay tuned. 👀
2
7
1,253
Jun 9
Congratulations! 🎉Leaving this here: by November, we’ll both be holding our OSCP certificates. ✍️ @catgirl_root
Jun 9
After months of preparation, countless hours in the lab, and learning experiences, I am excited to share that I have successfully passed the @offsectraining Offensive Security Certified Professional (OSCP) certification!
to my study partners @Olufela_Jr @pinedamian thanks.
2
19
1,894
NullSecurityX retweeted
Jun 7
New Videoo: Strikoder Complete OSCP Journey | From Failure to 70 Pass (Full Exam Review & Resources) is live.
No “3 months OSCP” story here just the real journey: failures, technical mistakes, AD struggles, lab experience, and what actually worked...
youtu.be/V1Fo01YRAvg
2
9
1,545
Jun 6
The attack was discovered by Codex, which chained two techniques known to humans for a decade: a compression bomb and a Slowloris-style hold.
youtube.com/@NullSecurityX
blog.calif.io/p/codex-discov…
2
27
118
9,467
NullSecurityX retweeted
Jun 6
One of the comments we received on our latest video. 🙌
If you're interested in advanced XSS techniques, bug bounty hunting, and real-world exploitation chains, you can also get access to our member-only technical videos. 🔒🎥
Jun 5
New VideooOo:
Advanced XSS Hunting: 5 Unique Exploitation Paths
From CSP bypasses and JSONP abuse to Open Redirect XSS and trusted-domain abuse, this video explores how small injection points can be chained into full JavaScript execution.
youtu.be/FG3rSUf4HtI
3
11
1,572
Jun 5
New VideooOo:
Advanced XSS Hunting: 5 Unique Exploitation Paths
From CSP bypasses and JSONP abuse to Open Redirect XSS and trusted-domain abuse, this video explores how small injection points can be chained into full JavaScript execution.
youtu.be/FG3rSUf4HtI
1
2
11
3,006
Jun 4
New Videoo0o! Account Takeover via Email Verification Redirect Exploit | $650
We demonstrate how a user-controlled redirect parameter in an email verification flow led to verification token exposure and a potential Account Takeover (ATO).
Watch 👇
youtu.be/bV1lf5zP8_k
1
4
13
2,561
Jun 3
The funny part? Around the same period, I submitted three different reports. One was closed. Another was marked as a duplicate.And now, seeing a completely different report make headlines is a reminder of how unpredictable bug bounty can be.
Back to hacking. 🫠
Jun 3
Reported on May 30.
Closed as non-impactful. Today, the same issue is all over the news.Not every missed bounty hurts because of the money.
Sometimes it's because you knew you were right.
Back to hacking... :(
3
524
Jun 3
Reported on May 30.
Closed as non-impactful. Today, the same issue is all over the news.Not every missed bounty hurts because of the money.
Sometimes it's because you knew you were right.
Back to hacking... :(
🚨 New Google Gemini Vulnerability Exploited via Prompt Injections from WhatsApp, Slack, and SMS
Source: cybersecuritynews.com/google…
A new class of indirect prompt injection (IPI) attacks targets Google Gemini's voice assistant, allowing attackers to silently hijack the AI through malicious payloads delivered via everyday messaging apps, including WhatsApp, Slack, Signal, SMS, Instagram, and Messenger.
The core exploit leverages Gemini's Android Utilities agent, specifically the tool that reads incoming notifications. Because this tool processes untrusted data from third-party apps, an attacker can embed malicious instructions directly inside a crafted message.
Once Gemini reads the poisoned notification, it silently incorporates the attacker's commands into the conversational context without the user's knowledge.
#cybersecuritynews
3
4
27
4,191
Jun 3
Saldık bombayı🔥🔥 Ciddi mana da Türkçe kaynak oluşturacak bir seri var aklımızda takipte kalın..:) @catgirl_root sayesinde süreç baya hızlandı 😄 ⌛️⌛️
1
2
373