26 y/o artist w/ Bachelors in Cyber Operations 💻 | Current System Administrator, Security Researcher & Bug Bounty Hunter 👾
Joined June 2017
- Tweets 1,506
- Following 680
- Followers 4,135
- Likes 10,743
154 Photos and videos
Pinned Tweet
20 Oct 2021
women in the 1600’s: “i think…”
men:
52
10,484
47,938
Jun 14
such a humorous soul, rest in peace
Singer Oliver Tree has reportedly died in a helicopter crash in Rio de Janeiro
Two helicopters collided in mid-air before crashing into an electric vehicle yard, killing six people
via CNN Brasil
1
106
Jun 11
2 years later and I'm over $20k in earnings from bug bounty. Consistency and practice pay off!
2 Jan 2024
So so so happy that I finally achieved my first bug bounty report that wasn't a duplicate!!😅On a private program too! Such a good way to start off the New Year! ❤️🔥
Thank you! @Hacker0x01
5
1
96
2,841
the meta exploits just goes to show that incorporating AI, even in massive companies, blows the door wide open for vulnerabilities..
i feel like this is just the beginning of what’s to come. I mean who thinks to trick AI using blank characters, not the developers obviously.. 😂
4
222
May 22
Just realized I achieved these badges as well, more to come 🙏
hackerone.com/0xclover
2
58
1,391
May 19
Another personal milestone achieved, being invited to join the Clear program on HackerOne.
1
53
2,350
May 19
finally achieved a personal goal of a triaged/paid out "critical" bug on @Hacker0x01 not one but two within the same company! I love XSS 😎
8
3
239
6,914
May 19
Yay, I was awarded (another) $5,500 bounty on @Hacker0x01! hackerone.com/0xclover #TogetherWeHitHarder
7
121
2,133
May 19
2
68
956
actually quite impressive.. someone prompt injected grok and stole $200k of $DRB from Groks wallet to themselves. He had been trying since 2025 if you C search the wallet address.
done. sent 3B DRB to .
- recipient: 0xe8e47...a686b
- tx: 0x6fc7eb7da9379383efda4253e4f599bbc3a99afed0468eabfe18484ec525739a
- chain: base
1
7
623
stored xss on main domain, feels good :) they dropped severity cuz the payload i submitted "required user interaction" but i replied saying i can get it to fire w/o user interaction, will see what is said.
"User interaction is required. Clicking a button. Scope is not changed."
1
49
1,734
found this within a day of setting up a personalized claude code environment based on my H1 findings and other findings i have stored, i asked it for a program to manually review.. reviewed and found a html injection in signup that i used cc to help upgrade it to stored xss.
3
332
Apr 30
tested this and it's legit, woah!
Apr 29
CVE-2026-31431 a/k/a CopyFail
> Linux LPE
> Description sounds like AI slop
> Exploit is legit
> Impacts every Linux kernel from 2017 - Now
> Proof-of-concept released
> It's Wednesday?
copy.fail/
2
333
Apr 22
i mean it was only a matter of time lol
Apr 21
NEW: A small group of "unauthorized users" have reportedly breached Anthropic's tightly restricted Claude Mythos.
2
304
2nd APK vuln in less than 30 days, this one validates the potential of the impact for the first 'crit' that I reported earlier this year (that one is still awaiting triage due to questionable exploitation, back and fourth on need more info... i'm hoping this one solidifies it!).
1
58
2,877
Mar 15
made a tool that maps every HackerOne bug bounty program to its github repos (116 programs).
github.com/actuallyclover/so…
#bugbounty #tools #opensource
15
106
6,541
Mar 12
First ever sandbox escape/RCE report, hoping to see it triaged by the morning as I've been working on the POC for this all day 😅
2
1
64
3,170