Olivia
Online
MadMaxx
@0xCCFFF
Keep calm and hack the planet.! Cybersecurity Analyst. Spread love, not malware.
Internet
Joined September 2017
896 Following
232 Followers
1.7K Posts
Day 30 / 30 — HUNTERS WORTH FOLLOWING
If you want to think like a pro, surround yourself with them.
→ @NahamSec — methodology + live recon
→ @Jhaddix — author of The Bug Hunter's Methodology
→ @stokfredrik — high-energy hunter (STÖK)
→ @InsiderPhD — beginner-friendly + API hacking
→ @rez0__ — researcher + AI security
→ @hakluke — tool creator + recon king
→ @TomNomNom — author of half the tools we use
→ @PortSwigger — research team behind Burp
→ @intigriti — platform + CTFs
→ @Bugcrowd — platform + content
→ @d0nutptr — top hunter, smart writeups
→ @_zer0pwn — quiet, lethal
If this series helped repost the day that hit hardest. See you next series. 🎯
#bugbountytips #infosec #bugbounty #infosec
I earned a $22,500 bounty from Airbnb using a custom Opus 4.7 workflow built with MCP and Skills.
It feels like bug bounty hunting has changed forever
Google Chrome is rolling out device-bound session credentials to all users. Session cookies get cryptographically tied to your device, so stolen cookies can't be replayed from a different machine. Attackers who exfiltrate your cookie database get nothing usable.
Finally, the members-only YouTube video article is out. Hope this helps everyone who couldn’t get the membership.
https://t.co/nRXePyRfsl
all easy bugs , just reading js files, copying endpoints, and throwing them into repeater😅
Curated collection of OSINT tools for cybersecurity and research
https://t.co/ScfibjdP6n
lof web apps that are built by AI, it have .md and mostly 🔥
so any app you test, JSP / PHP / ASP
Add for fuzzing the extensions
ffuf -w /wordlist -u .com/FUZZ -e .md,.db,.txt,.xml,.sql,.7z,.zip,.tar.gz,.env
it will take some time, but it will be back with very good results♥
Bug Bounty Tips: Extract API Endpoints and Construct Complex HTTP Requests from JavaScript Files Using AI
Stuck analyzing complex JS files while manually hunting on a target and can't figure out how to construct those GET/POST requests? 🤯 No fancy tools needed!
👉 Quick tip: Copy the JS file from your Chrome Dev Console, save it locally, and upload it to ChatGPT. Use this prompt:
"Could you read this JavaScript file and help me construct GET/POST endpoints?"
Then, ask for specific requests like:
"Can you help me construct the API request for getUserDetails with a raw HTTP example based on the JavaScript file uploaded?" and other similar questions based on the functionality you're looking into within the JavaScript source code.
You’ll be amazed by the results as ChatGPT constructs these complex GET/POST requests with parameters based on the AI code review—making what seemed impossible at first glance possible! 🚀
Once you have this information, you can start manually testing the endpoints with your cookies to test for IDORs, SQLi, CSRF, Privilege Escalations, XSS, etc.
#BugBountyTips #SourceCode #Infosec #HackerOne #BugCrowd 🕵️♂️🎯
🚨 Hackers, this series is for you - Lethal SSRF 🚨
Coming with a short series of advanced SSRF exploitation ⚡️
The first part is now available on Injected 💉
Happy Hacking 🔥
https://t.co/CQmfFHlr0u
SSTI Tip: "IDENTIFY"
Nice 🔥
Gotta say that the WordPress vulnerability CVE-2025-3616 just brought me some great findings just by searching at Fofa:
body="/wp-content/plugins/greenshift-animation-and-page-builder-blocks/" && asn="YourTarget"
IP address in 6 minutes.
@elonmusk So you guys still call it Twitter?
Prefer not to login with Facebook on other services. If you lose your facebook account, you'll loose your other services too. It's pretty hard to get it back. A reminder to have separate username and password for each of the apps and services you use. It's inconvenient, but worth
“Finding subdomains that are hidden in the cloud.” by loyalonlytoday https://t.co/hjctS3wUBt
@UK_Daniel_Card Hmm.. now I wonder what the real answer might be.
@chux13786509 Eyeballing over the code, found LFI in 10 seconds
@hatab1_ What did they respond?
@PentesterLab Thanks. This is very true.
@e11i0t_4lders0n Any good disclosed h1 report that you can link here?
Last Seen Users on Sotwe
Samanın altındaki su 🙃💦
Seen from Turkey
Ensest Cuckold Sex
Seen from Turkey
雲南黑熊學長 
Seen from Korea
bolehhh
Seen from Indonesia
Verse Bi Freak
Seen from United States
Corpinho de pai
Seen from Brazil
ŞEHVETİN TADI
Seen from Turkey
janda sange
Seen from United States
José.Est.Rosa.02
Seen from United States
Putaria.com.putaria
Seen from United States
Most Popular Users
Elon Musk
@elonmusk
240.4M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.7M followers
Cristiano Ronaldo
@cristiano
110.1M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.6M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.8M followers
KATY PERRY
@katyperry
87.4M followers
Taylor Swift
@taylorswift13
81.3M followers
Lady Gaga
@ladygaga
72.8M followers
Kim Kardashian
@kimkardashian
69.7M followers
Virat Kohli
@imvkohli
69.5M followers
YouTube
@youtube
68.7M followers
Bill Gates
@billgates
63.7M followers
The Ellen Show
@theellenshow
62.5M followers
Neymar Jr
@neymarjr
62.2M followers
CNN
@cnn
61.9M followers
X
@x
60.8M followers
Selena Gomez
@selenagomez
60.5M followers