Application Security🌼 Penetration Testing 🌼 API Security Person of the Year (2025) 🌼 30 under 30 in Cybersecurity 🌼 ex- @KPMG 🌼 ex-@Deloitte
Joined March 2022
- Tweets 5,256
- Following 1,967
- Followers 3,022
- Likes 18,889
176 Photos and videos
Pinned Tweet
23 Oct 2025
Just passed my over $10,000 exam, GIAC GWAPT Certified ✅ The journey was long, the late nights were real, and it was worth every bit. Huge thanks to @sisinerd who took a chance on me that I’m worth this & to @SANSInstitute for the incredible partnership with @cybersafehq
64
51
682
63,930
cybernerd🤖 retweeted
Jun 10
80
966
6,075
1,482,139
cybernerd🤖 retweeted
Jun 13
The US government, citing national security authorities, has issued an export control directive to suspend all access to Fable 5 and Mythos 5 by any foreign national, whether inside or outside the United States, including foreign national Anthropic employees.
The net effect of this order is that we must abruptly disable Fable 5 and Mythos 5 for all our customers to ensure compliance.
Access to all other Claude models is not affected.
We apologize for this disruption to our customers. We believe this is a misunderstanding and are working to restore access as soon as possible.
Read our full statement: anthropic.com/news/fable-myt…
12,219
25,428
86,289
85,153,634
cybernerd🤖 retweeted
Jun 11
C̶l̶a̶u̶d̶e̶ ̶B̶u̶g̶ ̶H̶u̶n̶t̶e̶r̶ is now BUG HUNTER.
We changed the name because it is no longer limited to Claude Code.
Now it is a standalone open-source CLI that runs from any terminal.
Use Ollama, Groq, DeepSeek, Claude, OpenAI or Grok.
Built for the bug bounty community.
Run it locally with Ollama - no paid AI subscription required.
We are very close to 2.5K GitHub stars. Let’s make it happen, guys.
More updates coming soon.
#OpenSource #BugBounty #CyberSecurity #AI #EthicalHacking #Ollama #GitHub #SecurityTools #BugHunter
31
247
1,777
72,454
cybernerd🤖 retweeted
A UUIDv4 packs 122 bits of randomness, so guessing one outright is off the table and that alone is often enough for a program to downgrade an IDOR.
brutecat hit exactly that on Google Cloud's Application Integration: referencing another account's UID let the request through across every endpoint, except the UID was a UUIDv4 and the path masked it, so there was nothing to show as proof.
The same endpoints took a filter parameter built on Google's AIP-160 spec, and AIP-160 supports greater-than and less-than, so a value the response refused to show could still be narrowed by comparison, one answer per request. That turns recovering the UUID into a binary search, and fixing the filter on a single known record pulled the full UUIDv4 out in about 128 requests.
The known record came from the test cases feature, where ListTestCases carried a workflow_id filter inside the protobuf and applied it on the client side. Dropping that field made the endpoint return the test cases of every GCP user, a fair number of them @google.com Googlers running their own integrations, which handed over both a real case to anchor on and the masked owner to recover.
This made the IDOR demonstrable across every endpoint in Application Integration, reached through the same filter parameter that had leaked the test cases in the first place.
9
71
4,947
cybernerd🤖 retweeted
Jun 9
Anthropic CEO realizing Claude 5.0 Mythos shipped 2 hours ago and a chinese girl already used it to kill a $24k bloomberg terminal
Jun 9
Claude 5.0 built a Chinese girl a trading bot.
skip to 0:08 look at her journal, bot easily earns your monthly salary in a couple of days.
how it works:
the bot runs mean reversion on s&p 500 and nasdaq on 15-min candles, catching the small overextensions indices make every few hours. on bitcoin it switches to momentum breakouts on the 1-hour crypto trends harder than indices, so you ride the move instead of fading it. gold and oil get a slower trend-following layer on the 4-hour, because commodities move in cleaner waves and you don't want noise from intraday whipsaws.
position sizing is ATR-based per instrument, so a quiet day on gold gets a bigger size than a volatile day on bitcoin - risk stays constant even when volatility doesn't. every trade has a hard 1% stop, no exceptions, no "let me give it room." and there's a correlation filter on top: if s&p and nasdaq are already long, it won't pile into another risk-on asset and double the real exposure.
claude code writes and updates the logic. the bot just executes.
then claude cowork sends her two messages a day:
- 7am: what's happening in the market
- 9pm: how did the bot do
that's the whole job. two messages. five instruments. zero screen time.
manually she could only watch one chart at a time. this thing watches five. doesn't sleep. doesn't tilt. doesn't revenge trade at 2am.
what used to need a team of quants and a $200k bloomberg terminal now runs on a laptop and claude.
And your friend is still trading manually and is constantly in the red.
save this and read the article in the comments below to write your own bot using Claude
93
464
10,426
5,947,023
cybernerd🤖 retweeted
Jun 9
Claude Fable 5 changed how we work on the Claude Code team day to day.
We used to verify that Claude did the work right. Now we verify that it's doing the right work.
Here’s the 3 biggest changes:
290
766
11,324
997,292
Claude Fable 5 is available everywhere today. Claude Mythos 5 is restricted to Glasswing partners until we expand our trusted access program.
anthropic.com/news/claude-fa…
148
244
3,640
815,782
cybernerd🤖 retweeted
Yay, I was awarded a $98,900 bounty on @Hacker0x01! hackerone.com/ismailsenturk #TogetherWeHitHarder
37
19
727
41,133
cybernerd🤖 retweeted
Jun 6
Andrej Karpathy spent 2h showing how he actually uses AI day to day
he's a co-founder of OpenAI and led AI at Tesla, so when he shows how he works, it’s worth watching
and the whole session is just him telling the machine what he wants in simple terms, like he's briefing a coworker
watch what's actually happening the entire time:
> he describes the task in normal words
> it goes off and does the work
> he glances at the result and nudges it with one more sentence
that's the whole skill, and you've had it since you learned to talk
the only gap between that and a worker that runs on its own is handing that sentence a schedule and the tools to act
check his work, then build the version that keeps working when you stop
128
1,266
10,704
1,750,495
Jun 8
This is still open
May 25
Women make up less than 25% of the cybersecurity workforce.
In offensive security and bug bounty hunting, that number drops even lower.
WiBBG was built to change that.
Introducing Women in Bug Bounty Global a community for women in bug bounty hunting, & offensive security
30
cybernerd🤖 retweeted
May 18
🚨 Agent Swarms Can Build Complex Software Systems
- Opus 4.7
- GPT 5.5 Thinking and
- Gemini 3.2 (shortly)
combined into an Agent Swarm to build complex full-stack software products
Stop paying for CRMs and SaaS, Just create custom software tailored for your organization
665
1,678
15,158
62,967,497
cybernerd🤖 retweeted
Jun 5
Rolling out CCNA in 90days cohort 2 and the registration is open now.
tinyurl.com/ccnain90
Learning Mentorship Handholding
9
44
129
7,697
Jun 5
6 months ago, HackingAPIswithDami was just an idea.
Today, it’s a global community helping developers, engineers, and security professionals build practical API Security skills.
I was scared to start, but I’m grateful I did.
Thank you to everyone who believed in the vision.
400 applications, 36 countries, 180 selected.
After 14 weeks of learning, hacking, building, presenting projects, and live challenges, we’re celebrating the first graduates of the HackingAPIswithDami API Security Series. 🎓
The future of API & AI security is in good hands.
10
17
88
3,303
cybernerd🤖 retweeted
JUST IN: US and Japan announce $1,000,000,000 partnership to advance AI and quantum computing
21
62
409
1,288,670
cybernerd🤖 retweeted
Jun 4
The first inherently interpretable AI platform is finally here. Welcome to Clarity.
69
53
527
562,820
cybernerd🤖 retweeted
Jun 2
Yay, I was awarded a $143,000 bounty on @Hacker0x01! hackerone.com/njcve #TogetherWeHitHarder
It was worth waiting for ;)
114
51
1,160
109,254
cybernerd🤖 retweeted
Hello Cyber friends, the application for my next mentorship cohort will start in September. If you’re interested in joining my 2026/27 mentorship cohort, watch this video. You can also share with anyone who is passionate about learning Cybersecurity ✨
53
133
434
9,094
cybernerd🤖 retweeted
I earned a $22,500 bounty from Airbnb using a custom Opus 4.7 workflow built with MCP and Skills.
It feels like bug bounty hunting has changed forever
34
53
1,120
63,286
cybernerd🤖 retweeted
Happy Birthday to our amazing CS, @Sisinerd! 🎉
Wishing you a day as wonderful and inspiring as you are to the CyberGirls community. Thank you for being such a blessing to us all. 🫂
@cybersafehq @CyberGirlAlumni
#ProudCyberGirls
29
24
74
4,002