Forbidden403 @40rbidd3n - Twitter Profile

Forbidden403 @40rbidd3n

25 days ago

🔥

zhero;

@zhero___

25 days ago

New short article on a real-world exploitation case rather than pure research, demonstrating how a specific mistake in Next.js can lead to a systematic zero-click SXSS on its latest versions (w/@inzo____): Re:CACHE - Excessive reflection, type confusion, and 0-click SXSS on Next.js https://t.co/0JWjH6yzC2

zhero___'s tweet photo. New short article on a real-world exploitation case rather than pure research, demonstrating how a specific mistake in Next.js can lead to a systematic zero-click SXSS on its latest versions (w/@inzo____):

Re:CACHE - Excessive reflection, type confusion, and 0-click SXSS on Next.js

https://t.co/0JWjH6yzC2

6

358

68

212

22K

0

1

0

83

40rbidd3n retweeted

payloadartist @payloadartist

about 1 month ago

Do you watch Netflix in your free time? Try hackflix for security conference talks https://t.co/SVbkWApdoe #cybersecurity #bugbounty

payloadartist's tweet photo. Do you watch Netflix in your free time?

Try hackflix for security conference talks

https://t.co/SVbkWApdoe

#cybersecurity #bugbounty https://t.co/X0o4k7MvYi

19

2K

324

2K

77K

Forbidden403 @40rbidd3n

about 1 month ago

DFRobot ♥️

DFRobot

@dfrobotcn

about 1 month ago

Nice build from @40rbidd3n — a full open-source hydroponic stack. ESP32 firmware, async MQTT/TLS, InfluxDB telemetry, React dashboard, even RSA-2048 signed OTA. Real-time pH, EC, water level, temp and humidity. Pair it with our Gravity pH and TDS probes and you've got a lab-grade rig in a grow tent. https://t.co/DXsM7r1uiV #SmartFarming #ESP32

dfrobotcn's tweet photo. Nice build from @40rbidd3n — a full open-source hydroponic stack. ESP32 firmware, async MQTT/TLS, InfluxDB telemetry, React dashboard, even RSA-2048 signed OTA.

Real-time pH, EC, water level, temp and humidity. Pair it with our Gravity pH and TDS probes and you've got a lab-grade rig in a grow tent.

https://t.co/DXsM7r1uiV

#SmartFarming #ESP32

0

41

7

42

2K

0

1

0

34

Forbidden403 @40rbidd3n

3 months ago

I just vibe-coded a hydroponic farming system for the future when AI replaces all IT jobs💀 HydroOne: a production-grade hydroponic system - ESP32 firmware (C++) - MQTT real-time - Fastify backend + InfluxDB - RSA-signed OTA updates - React dashboard https://t.co/kytp7sRbdk

40rbidd3n's tweet photo. I just vibe-coded a hydroponic farming system for the future when AI replaces all IT jobs💀

HydroOne: a production-grade hydroponic system

- ESP32 firmware (C++)
- MQTT real-time
- Fastify backend + InfluxDB
- RSA-signed OTA updates
- React dashboard

https://t.co/kytp7sRbdk https://t.co/ZQLuXGKD5e

0

2

0

1

96

40rbidd3n retweeted

James Kettle

@albinowax

3 months ago

I've just submitted my latest research to Black Hat USA! This one has been cooking since last June, can't wait to share it with the world... in fact I'm quite excited just to see the community reaction to the title reveal.

albinowax's tweet photo. I've just submitted my latest research to Black Hat USA! This one has been cooking since last June, can't wait to share it with the world... in fact I'm quite excited just to see the community reaction to the title reveal. https://t.co/Za4eKs9quk

18

400

22

43

16K

40rbidd3n retweeted

Jenish Sojitra

@_jensec

4 months ago

✨ Launching https://t.co/muyolpXluI - free, community, no signup Stop blindly installing OpenClaw skills like Maniac. My friend mass-installed OpenClaw skills for a client project last month. Two days later his AWS bill exploded. A skill that looked totally legit was quietly stealing his credentials the whole time. Together we built Clawned Paste any skill → scanned against 60+ threat patterns in under 2 seconds. 6,500+ skills scanned so far. 1 in 5 flagged something. Stop trusting https://t.co/hVK0WIHzvr files blindly.

6

147

31

122

11K

Forbidden403 @40rbidd3n

4 months ago

@theXSSrat Glad you found it interesting XD

0

1

0

26

Forbidden403 @40rbidd3n

4 months ago

Just published my write-up for @Intigriti challenge 0226 by @d3dn0v4 Stored XSS & CSP bypass. A nice example of how client-side rendering + JSONP can break strict CSP Read it here: https://t.co/61U2Zd2XQF #bugbounty #infosec #xss #ctf

40rbidd3n's tweet photo. Just published my write-up for @Intigriti challenge 0226 by @d3dn0v4

Stored XSS & CSP bypass. A nice example of how client-side rendering + JSONP can break strict CSP

Read it here: https://t.co/61U2Zd2XQF

#bugbounty #infosec #xss #ctf https://t.co/gJN2NpPWLl

3

70

7

45

5K

40rbidd3n retweeted

zhero;

@zhero___

7 months ago

second research on Astro, a shorter paper than usual, which led to CVE-2025-64764 (w/ @inzo____): Unlocking Reflected XSS in the Astro framework https://t.co/7G90FyCEj2 all applications using the Server Island feature are vulnerable

zhero___'s tweet photo. second research on Astro, a shorter paper than usual, which led to CVE-2025-64764 (w/ @inzo____):

Unlocking Reflected XSS in the Astro framework

https://t.co/7G90FyCEj2

all applications using the Server Island feature are vulnerable https://t.co/UnDshIf6yS

6

298

38

135

21K

40rbidd3n retweeted

zhero;

@zhero___

8 months ago

release of our new paper (w/ @inzo____) which resulted in CVE-2025-64525: Astro framework and standards weaponization from path-based middleware protection bypass to potential SSRF & XSS + full bypass of CVE-2025-61925 on @astrodotbuild https://t.co/xTO55gNFu4

zhero___'s tweet photo. release of our new paper (w/ @inzo____) which resulted in CVE-2025-64525:

Astro framework and standards weaponization

from path-based middleware protection bypass to potential SSRF & XSS + full bypass of CVE-2025-61925 on @astrodotbuild

https://t.co/xTO55gNFu4 https://t.co/EYqe7wdCAa

11

345

79

162

53K

Forbidden403 @40rbidd3n

9 months ago

@jaymiee__ @chux13786509 Thanks a lot. appreciate it 🫡

0

29

Forbidden403 @40rbidd3n

9 months ago

Just published my write-up for the Intigriti's October challenge by @chux13786509 🕵️‍♂️ → https://t.co/YTESN2cECv #bugbounty #infosec #CTF #writeup #bugbountytips

2

39

4

27

3K

Forbidden403 @40rbidd3n

9 months ago

@chux13786509 Really glad you liked it, was such a fun challenge🔥

0

1

0

33

40rbidd3n retweeted

Jenish Sojitra

@_jensec

10 months ago

Is most Pentest companies are scam? Just saw a $30k Pentest report with 8 informative findings and only valid findings were missing cookie flags, rate limit on apply account and origin check.

26

268

13

84

38K

Forbidden403 @40rbidd3n

12 months ago

Just got a bounty from @Apple for reporting a security vulnerability Grateful to be recognized through the Apple Security Bounty program #BugBounty #Apple

40rbidd3n's tweet photo. Just got a bounty from @Apple for reporting a security vulnerability
Grateful to be recognized through the Apple Security Bounty program
#BugBounty #Apple https://t.co/o7IgLjT7nU

0

6

0

78

Forbidden403 @40rbidd3n

about 2 years ago

@daoud_youssef جربتها فكرة جميلة ان تعمل فقط border كنوع من alert غير مزعج لكن مرات تطلع false positive حتى على توتير بسبب head method ولانه في 403 responses لايكون x-frame-options لذا اضفت هذا condition if (client.status!==403 && upper.includes("X-FRAME-OPTIONS")!==true) يجب التحقق حتى من csp

0

15

Forbidden403 @40rbidd3n

almost 3 years ago

@pranshux0x @bxmbn @Bugcrowd I agree

0

2

0

72

Forbidden403

@40rbidd3n

Last Seen Users on Sotwe

Trends for you

Most Popular Users