D_J @D_J_Hack - Twitter Profile

Pinned Tweet

D_J @D_J_Hack

almost 6 years ago

MVP for 2 consecutive Quarters 🥰😍

bugcrowd

@Bugcrowd

almost 6 years ago

Congrats to all of our MVP researchers for last quarter. Didn't make it in Q2? Get hacking and maybe you'll see your name on the Q3 list! 🎯 (P1 Warrior list is out tomorrow) #ItTakesACrowd #bugcrowdMVP https://t.co/Gtb5SR2X2i

6

79

15

0

3

0

D_J_Hack retweeted

James Kettle

@albinowax

15 days ago

It's really cool to see people exploring taking the single-packet attack even further with HTTP/3! Excited to integrate these techniques directly into @Burp_Suite in future.

2

139

15

71

22K

D_J_Hack retweeted

Elon Musk

@elonmusk

28 days ago

Accurate

5K

235K

28K

29K

44M

D_J_Hack retweeted

Mike Takahashi

@TakSec

about 1 month ago

Learn how to hijack an AI agent with a single email. Join me and @nahamsec as we dive into hacking 3rd-party connectors in AI agents

6

91

15

69

20K

Who to follow

dirty0124

@dirtycoder0124

A positive, never give up person. Founder of https://t.co/2H0KjZ5riG Telegram group https://t.co/bjQUMjI9Lh

Khizer Javed

@KHIZER_JAVED47

Hacker 👨‍💻

Abartan Dhakal (MAD) 🇳🇵🇦🇨 ✈️ was at DC/BH!!!

@imhaxormad

D_J_Hack retweeted

Shad0w @Itx_Shad0w

2 months ago

For years, Google API keys (AIza...) had little to no real-world impact. But recently, many of them unexpectedly gained access to Google Gemini. curl "https://t.co/w9AaJy4JhU" This appears to be a widespread misconfiguration that can be hunted in the wild.

Itx_Shad0w's tweet photo. For years, Google API keys (AIza...) had little to no real-world impact.
But recently, many of them unexpectedly gained access to Google Gemini.

curl "https://t.co/w9AaJy4JhU"

This appears to be a widespread misconfiguration that can be hunted in the wild. https://t.co/ZY049Usahn

15

492

48

399

33K

D_J_Hack retweeted

Jenish Sojitra

@_jensec

5 months ago

Sharing my Burp Extension that earned me $200k in 2025 while API testing heavy JS-rich targets. https://t.co/2ttRurgoPh The tool helps find endpoints, files, internal emails, and some secrets from minified JS. Its goal is to achieve maximum efficiency with reduced noise in results. Contributions and feedbacks are welcome.

_jensec's tweet photo. Sharing my Burp Extension that earned me $200k in 2025 while API testing heavy JS-rich targets.

https://t.co/2ttRurgoPh

The tool helps find endpoints, files, internal emails, and some secrets from minified JS.

Its goal is to achieve maximum efficiency with reduced noise in results. Contributions and feedbacks are welcome.

39

2K

409

3K

127K

D_J_Hack retweeted

James Kettle

@albinowax

8 months ago

HTTP is supposed to be stateless, but sometimes... it isn't! Some servers create invisible vulnerabilities by only validating the first request on each TCP/TLS connection. I've just published a Custom Action to help you detect & exploit this - here's a narrated demo:

23

1K

181

1K

140K

D_J_Hack retweeted

PentesterLab

@PentesterLab

9 months ago

A good mix of everything to please everyone: CVEs, AI, Integrity Bypass and Unicode 🛠 https://t.co/rwPnBvWCj7 🔐 https://t.co/FcoFGtQTtb 📰 https://t.co/hFCQa3Cmvj 🤖 https://t.co/D0LF7LDatV 🍪 https://t.co/8K1gfD8AzG

2

72

19

50

6K

D_J_Hack retweeted

James Kettle

@albinowax

11 months ago

It's easy to bash vulnerabilities with logos but... I couldn't resist, say hello to https://t.co/nrJtM5dDp3 :)

15

477

88

184

51K

D_J_Hack retweeted

Thomas Roccia 🤘

@fr0gger_

11 months ago

🤓 If you want to learn more about MCP attacks or vulnerabilities, check out this project called Damn Vulnerable MCP. It allows you to experiment on MCP server security through 10 challenges, from basic prompt injection to multi-vector attacks. https://t.co/ny0jOAPJFk

fr0gger_'s tweet photo. 🤓 If you want to learn more about MCP attacks or vulnerabilities, check out this project called Damn Vulnerable MCP.

It allows you to experiment on MCP server security through 10 challenges, from basic prompt injection to multi-vector attacks.

https://t.co/ny0jOAPJFk https://t.co/zt7pmXxLGX

3

119

27

105

10K

D_J_Hack retweeted

Intigriti

@intigriti

12 months ago

Even though common CORS attack vectors have been mitigated... It still remains exploitable! 🤠 Open this thread to master CORS misconfiguration vulnerabilities! 🧵 👇

intigriti's tweet photo. Even though common CORS attack vectors have been mitigated... It still remains exploitable! 🤠

Open this thread to master CORS misconfiguration vulnerabilities! 🧵 👇 https://t.co/dM37axcknI

1

114

18

113

9K

D_J_Hack retweeted

Masato Kinugawa @kinugawamasato

about 1 year ago

lol, this works on Firefox: <object data=# codebase=javascript:alert(document.domain)//> OR <embed src=# codebase=javascript:alert(document.domain)//>

9

468

68

330

42K

D_J_Hack retweeted

Yasho

@YShahinzadeh

about 1 year ago

How did we (@AmirMSafari) earn $50k using the Punycode technique? I’ve published a detailed blog post about our recent talk, we included 3 attack scenarios, one of which poses a high risk of account takeover on any "Login with GitLab" implementation https://t.co/sUGsnJz2Fm

26

711

150

567

100K

D_J_Hack retweeted

James Kettle

@albinowax

about 1 year ago

I'm thrilled to announce "HTTP/1 Must Die! The Desync Endgame", at #BHUSA! This is going to be epic, check out the abstract for a teaser ↓↓↓

albinowax's tweet photo. I'm thrilled to announce "HTTP/1 Must Die! The Desync Endgame", at #BHUSA! This is going to be epic, check out the abstract for a teaser ↓↓↓ https://t.co/fcqGETt6dW

29

615

102

150

87K

D_J_Hack retweeted

Tal Be'ery

@TalBeerySec

about 1 year ago

The $64k Bounty: Automating secret extraction from GitHub to win $64K in bounties. Loved the way Sharon glued his @github internals knowledge, existing tools (@trufflesec trufflehog), cloud and AI to automate at scale. https://t.co/hcKuMqxY3r

0

26

5

23

3K

D_J_Hack retweeted

James Kettle

@albinowax

about 1 year ago

Blind CSS exfiltration attacks recently got a lot easier! Full details in this thread:

3

208

35

111

16K

D_J_Hack retweeted

James Kettle

@albinowax

about 1 year ago

Detect the NextJS middleware bypass directly in Burp Suite with this BCheck from @eternalky_u https://t.co/dByPxACndM

0

384

85

207

27K

D_J_Hack retweeted

JS0N Haddix

@Jhaddix

about 1 year ago

Introducing @arcanuminfosec 's hack_tips! We will begin posting some of our team's best bite-sized content on our repo. This stuff comes from slack, internal wikis, bug bounty history, etc. Our 1st commit is all about Actuators Enjoy! https://t.co/wlCT7etOlh

Jhaddix's tweet photo. Introducing @arcanuminfosec 's hack_tips!

We will begin posting some of our team's best bite-sized content on our repo. This stuff comes from slack, internal wikis, bug bounty history, etc.

Our 1st commit is all about Actuators

Enjoy!

https://t.co/wlCT7etOlh

0

194

33

116

10K

D_J_Hack retweeted

KNOXSS @KN0X55

over 1 year ago

Do you know why most of our #XSS payloads start with a "1" ? 🤔 Besides to appear as a regular alphanumeric input (not lead by any special char) it's mainly to exploit a validation vulnerability named TYPE JUGGLING. #KNOXSS is on another level.