Olivia
Online
Dh33râj
@Dh33ra
Joined September 2016
286 Following
26 Followers
976 Posts
We just dove into our shelf of archived bug bounty write-ups from the most notable hackers! 🤠
In this issue, we selected 5 compelling articles (that are still relevant today) to share with you, from which you can learn something new! 😎
🧵 👇
Param Miner brute forces header and parameter names in the background while you browse - and reports everything it finds in the All Issues tab.
This is great for uncovering cache poisoning bugs, like in the example below!
13 Original OAuth Attack Techniques
OAuth is the login layer of the modern web.
Every "Continue with Google." Every "Sign in with GitHub." Every SSO button on every SaaS you've ever tested. All OAuth under the hood.
Most implementations are broken in ways that aren't documented anywhere.
Here's one of 13 original techniques — Grant Type Substitution → MFA Bypass.
MFA bound to the browser flow only. Switch grant type, MFA disappears. CVE-2024-37893.
The password grant being present is itself a finding worth reporting.
MCP is OAuth now and nobody is testing it.
Full breakdown in the replies.
𝟯𝟬 𝗕𝗹𝗼𝗴𝘀 𝘁𝗼 𝗟𝗲𝗮𝗿𝗻 𝟯𝟬 𝗦𝘆𝘀𝘁𝗲𝗺 𝗗𝗲𝘀𝗶𝗴𝗻 𝗖𝗼𝗻𝗰𝗲𝗽𝘁𝘀:
1. APIs: https://t.co/7fL4F9XGef
2. API Gateways: https://t.co/D4j6P6CYDr
3. JWTs: https://t.co/OKiOvlj8Fq
4. Webhooks: https://t.co/nvgjOsKOas
5. REST vs GraphQL: https://t.co/Kipxik9t7B
6. Load Balancing: https://t.co/34mFEh55xv
7. Proxy vs Reverse Proxy: https://t.co/IDslD2PJcL
8. Scalability: https://t.co/ohmTKQxPZZ
9. Availability: https://t.co/GkquXXNylU
10. SPOF: https://t.co/GQ8WR0E8RP
11. CAP Theorem: https://t.co/5bu4SkN9lJ
12. SQL vs NoSQL: https://t.co/4aMsfVsZbD
13. ACID Transactions: https://t.co/52MERICrzU
14. Database Indexes: https://t.co/BBoa8EMX2r
15. Database Sharding: https://t.co/rZ2ZxQS11P
16. Consistent Hashing: https://t.co/qKWIFOXKql
17. CDC: https://t.co/kBldaWUZzb
18. Caching: https://t.co/lMkqrsputO
19. Caching Strategies: https://t.co/pXru61Cfvr
20. Cache Eviction Policies: https://t.co/EoeeW1FFRy
21. CDN: https://t.co/0PcOUhdNXp
22. Rate Limiting Algorithms: https://t.co/4ocDZggbho
23. Message Queues: https://t.co/FTPz4XpgqG
24. Bloom Filters: https://t.co/ym7I98Aboj
25. Idempotency: https://t.co/itqXVPe4zT
26. Concurrency vs Parallelism: https://t.co/CbjqqzYKIx
27. Long Polling vs WebSockets: https://t.co/L1Tr4MeN5A
28. Stateful vs. Stateless Architecture: https://t.co/0AVkCh9fm1
29. Batch vs Stream Processing: https://t.co/wMWEf8IGFY
30. Geohashing: https://t.co/emPySzIVP8
🔁 Repost to help a friend.
📌 Save this post for later.
Learn DevOps by playing games 🎮
1. Kubernetes
https://t.co/6Xz5Bb3ugA
2. DevOps
https://t.co/JzrPfmPrWs
2. Linux
https://t.co/hT6Xkaa7D8
3. Git
https://t.co/Ay4nXTApkm
4. Python
https://t.co/mGAMKY2dWp
5. 25+ programming languages
https://t.co/TI3vAufdjO
🌐A complete Web Application Bug Bounty Methodology — 59 pages, 20 chapters, real techniques I actually use. Covers everything from recon to JWT attacks, SSRF, XSS, file upload RCE, HTTP smuggling, reporting and more.
▶️ https://t.co/OWquG73Ei9
#bugbounty #bugbountytips
Mind maps and methodologies for bug bounty hunters:
Methodologies:
- TBHM: https://t.co/4sxQe7soM3
- OWASP WSTG: https://t.co/QACTPoNHyF
- HackTricks: https://t.co/zsjIgdvT94
- PayloadsAllTheThings: https://t.co/s0WXLdKYrz
- HowToHunt: https://t.co/NcrbEFFvQn
- Pentest Book: https://t.co/82Mp1OAqWO
- The Hacker Recipes: https://t.co/Ne2XMSnKBZ
Mind maps:
- Mind-Maps: https://t.co/SESZ18KrOw
- Assessment-mindset: https://t.co/K5HbEs67q5
- Harsh Bothra XMind: https://t.co/PCJkb42N1D
#bugbounty #bugbountytips #infosec #cybersecurity #pentesting #appsec
🤩Bug Bounty Recon Methodology
🫡Link: https://t.co/v0E44xqIGN
An absolute goldmine for bug bounty hunters 👀💥
A massive collection of real, disclosed HackerOne reports — organized by vulnerability type, impact, and target 🎯
If you want to go beyond theory and actually understand how real-world exploits work… this is it.
Study patterns. Learn impact. Hack smarter. 🚀
🔗 Source: https://t.co/yMey4fzDbn
#BugBounty #InfoSec #CyberSecurity #EthicalHackin
Learn Coding by playing games 🎮
1. Kubernetes
https://t.co/9wwQHkWeHY
2. DevOps
https://t.co/eOvkYf672T
3. Linux
https://t.co/U6IVaXgVJL
4. Git
https://t.co/FrAYkJ4ODK
5. Python
https://t.co/N7DOFo546b
6. CSS & HTML
https://t.co/T5s0pEXy4e
7. Cybersecurity
https://t.co/XKeznMeNLT
8. Mobile Coding (like Duolingo)
https://t.co/yR63k5vGL7
9. For Complete Beginners
https://t.co/AsJ04RJwGH
10. 25+ Programming Languages
https://t.co/NlJ6hXI464
Collection of all our cheat sheets & methodology cards for exploiting BAC, XSS, CORS, CSRF, etc.! 😎
A thread! 🧵👇
CYBERSECURITY ANALYST FREE GITHUB LEARNING RESOURCES
Fundamentals Networking Linux Security Basics
The Book of Secret Knowledge
Collection of manuals cheat sheets tools and security fundamentals
https://t.co/9BDfV5YJ3S
CLI Computing
Beginner to intermediate Linux command line guide with examples
https://t.co/VS9Q2I11qb
Ethical Hacking and Penetration Testing
The Art of Hacking Extensive resources for ethical hacking penetration testing tools and labs
https://t.co/YpfVzxi8VJ
Hacker Roadmap Structured guide for beginner penetration testers with tools and practice resources
https://t.co/qOHw7fbtNI
Incident Response and Digital Forensics Awesome Incident Response
Curated tools and resources for security incident response and SOC analysts
https://t.co/4TI7KjvpVr
Awesome Forensics
Free digital forensics tools and learning resources
https://t.co/sF7QyfCyBA
Tools Hands On Labs and Practice
TryHackMe Roadmap Over 350 free TryHackMe rooms for hands on cybersecurity learning
https://t.co/mfX8PuZm0H
Awesome CTF Capture The Flag platforms tools frameworks and tutorials
https://t.co/YL81gJroJU
Certification Preparation
90 Days of Cybersecurity
Structured 90 day study plan covering Security Plus Linux Python and more
https://t.co/aqlaJ7YwXE
Cybersecurity Certification Roadmap
Free resources aligned with major cybersecurity certifications
https://t.co/BCPRwbLa6Q
Roadmaps Career Guidance and Interviews Ultimate Cybersecurity Roadmap 2025
Beginner to advanced roadmap with projects and interview preparation
https://t.co/Y5J6XrEuuc
Security Study Plan Role based study plan for Pentesting AppSec SOC and more
https://t.co/47co60GFLA
Security Interview Questions Comprehensive cybersecurity interview questions and answers
https://t.co/swoD7MdGoq
List of most loved open-source web hacking tools we featured on Intigriti! 🤑
A thread! 🧵👇
🧪 New release: Burp Bounty Vuln App
100+ vulnerable endpoints to test your Burp Bounty Pro profiles actually work.
Not a real app — just a local test lab.
👉 docker compose up --build → scan → verify ✅
🔗https://t.co/NyCWeIlg80
#BugBounty #BurpSuite #AppSec
GraphQL APIs are everywhere, but testing them for security flaws can be time-consuming and complex... 😓
GraphQL Cop by @dolevfarhi automates common GraphQL security tests including introspection checks, alias overloading, field duplication, and DoS testing! It even provides ready-to-use cURL commands for reproducing findings! 😎
Check it out! 👇
https://t.co/lzHuLbh80i
XSS LABS REPO is live!
https://t.co/WtxTX0M2mB
Read the README, pull the project and start it on your localhost.
Please give every level at least a few tries before checking hints! :D
I published it on my new page (which is still pretty empty).
@piyascode9 Gemini
Stop coding from scratch with agents.
This repo gives you 860+ battle-tested skills for Claude Code, Gemini CLI, Cursor, and Copilot.
It’s essentially a curated library that transforms your AI assistant from a basic chat interface into a production-ready engineering partner.
P.S. Check out 100+ such repos shared in this community of 200K+ AI/ML Engineers:
https://t.co/cSeCMfne9l
You can use it for:
→ RAG pipelines & LLM systems
→ Docker, AWS serverless, Vercel deployment
→ Security audits & vulnerability testing
→ Full-stack development patterns
→ TDD & QA automation
→ Growth, SEO, pricing strategy
…and much more!
Skills are grouped into role-based bundles (Web Dev, Security Engineer, DevOps, etc.) to help you get started quickly without manually exploring hundreds of skills.
Works across Claude Code, Cursor, Gemini CLI, Codex CLI, Antigravity IDE, GitHub Copilot, OpenCode, and AdaL CLI.
Install with one command:
npx antigravity-awesome-skills
FREE for ALL:
AWS: https://t.co/hn0AgaZHjx
CISSP: https://t.co/xIIugxPZZh
CISA: https://t.co/L5ebnF0YOk
CISM: https://t.co/a9bOVVqw7Z
CRISC: https://t.co/BYPSCAJUfu
CCDA: https://t.co/ne53E5GYfr
Digital Marketing: https://t.co/QQfgMBsyvD
Bug Bounty Recon Methodology
Link: https://t.co/7PvtRJXj9U
Last Seen Users on Sotwe
sex Arabic
Seen from France
türbanlı türk ifşa
Seen from Turkey
伪娘(万粉互推)
Seen from Japan
İzmir’de Kürt Bull
Seen from Germany
نيك سوداني
Pornoyu Tabana Yayıyoruz +18
Seen from United States
foto seksi ibu ibu
Seen from Indonesia
ชอบสาวสอง🤤
Seen from Thailand
kuat ☆
Seen from Italy
HegassenSaga (On Haitus)
Seen from United States
Most Popular Users
Elon Musk 
@elonmusk
240.4M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.7M followers
Cristiano Ronaldo
@cristiano
110.2M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.6M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.8M followers
KATY PERRY
@katyperry
87.4M followers
Taylor Swift
@taylorswift13
81.3M followers
Lady Gaga
@ladygaga
72.8M followers
Kim Kardashian
@kimkardashian
69.7M followers
Virat Kohli
@imvkohli
69.5M followers
YouTube
@youtube
68.7M followers
Bill Gates
@billgates
63.7M followers
The Ellen Show
@theellenshow
62.5M followers
Neymar Jr
@neymarjr
62.2M followers
CNN
@cnn
61.9M followers
X
@x
60.8M followers
Selena Gomez
@selenagomez
60.5M followers