Olivia
Online
Hussam Linux
@HussamLinux
Joined June 2014
2.9K Following
621 Followers
3.2K Posts
Finding Critical Bugs in Adobe Experience Manager (AEM) https://t.co/6nqra8PbHO
A lot of people are now building and using their own hackbots daily. Here's a nice blog on using AI to hunt for vulns by @0xAsm0d3us.
Some takeaways that I've also been experiencing:
> Instead of asking "is this code secure?", ask "how would you break this?". This shifts the flow from auditor to attacker. It will force it to generate attack strategies.
> Avoid bloated prompts. Stuffing big MD files and skills into context degrades reliability of the model. Your scaffolding becomes the haystack and the bug becomes the needle.
> Don't just say "find bugs". Assert the bug exists, e.g. this function has 3 vulnerabilities, find them, don't quit.
Further reading:
https://t.co/KZX9jETYJ7
🤖 Bug Hunter — AI-Powered Adversarial Code Review
AI-based security scanner that finds and verifies real vulnerabilities
• 3-agent system: Hunter → Skeptic → Referee
• Eliminates false positives via adversarial validation
• Detects real bugs (security, logic, concurrency, API issues)
• CVSS scoring + CWE + STRIDE mapping
• Auto-fix with safe rollback (canary rollout)
• PR review + dependency CVE scanning
• Supports major languages & frameworks
Use cases:
• Secure code review
• Bug bounty automation
• CI/CD security checks
https://t.co/IOk3C6aJJs
⚠️ Use for ethical & authorized testing only
#CyberSecurity #AI #CodeReview #BugBounty
From Source Code Review to Critical Vulnerability: Critical Firebase API Takeover by 0xm0r4d https://t.co/Ip9JWcz5nt #bugbounty #bugbountytips #bugbountytip #infosec #Firebase
Advanced SSRF exploitation techniques are explained in detailed guides.
They include bypass methods and cloud metadata attacks.
Read https://t.co/anqjpazZ8h
#BugBounty #SSRF #CyberSecurity #Research
Bug Bounty tip 🧵
Don't just swap IDs — wrap them.
❌ {"Account": 1111}
✅ {"Account": {"Account": 3333}}
Auth validates the outer key.
Business logic executes the inner one.
Scanners miss it. You won't.
#BugBounty #IDOR #APIHacking
My first write-up about a vulnerability I found in a private HackerOne program, with a $3,000 bounty.
Read here:
https://t.co/jzarQnSHWO
#BugBounty #HackerOne
I built FoxHound, a Firefox extension that gives any AI agent full control over your browser.
I needed this while hunting. There are bugs the egent can not properly exploit without using the browser. Clicking things, reading the DOM, replaying requests, checking cookies across containers, running JS on the page. So i built it.
The agent can navigate tabs, click elements, fill and submit forms, upload files, take screenshots, capture all HTTP traffic with full request and response bodies, replay and modify requests, read and write cookies and storage, intercept live requests, hook into postMessage traffic, WebSocket connections, route changes, console output, service workers, and more.
It also uses PwnFox containers so the agent knows which container each request came from. If you are doing multi account testing, everything stays separated.
Setup takes 2 minutes:
1. Install the extension: https://t.co/zp0L5sonlL
2. Run: npm install -g foxhound-mcp
3. Copy the config from the extension options page into your MCP client. Done.
It is free. Give it a try and if you find any issues or want to add anything, open an issue on the GitHub: https://t.co/XtmZfbZzcU
Stealing Salesforce OAuth Tokens using the WAF, nice XSS escalation by @castilho101
https://t.co/QPXJH2KCd6
Site-DOM-XSS using Cookie Injection: The AI Hackers are Coming Faster than You Think.
Nice AI use case (and attack chain) by @RenwaX23
https://t.co/xr6z4XNMJI
https://t.co/fUtAF5yqwo
Hiroshima : 15 000 tonnes / 900 km².
Gaza : 70 000 tonnes / 365 km².
6 fois plus de bombes sur un territoire 2,5 fois plus petit. L’anéantissement méthodique d’un peuple.
الله لا يحرمكم الخير ساعدوني في التبرع والنشر ، بحاجة طارئة للمساعدة لتوفير اساسيات الحياة..
ريتويت بوركتم والي بإمكانه مساعدتنا يتواصل معي جزاكم الله كل خير..
headi: 20+ HTTP Header Injection Payloads for Bypass & Internal Access Testing 🌐💀
X-Forwarded-For, X-Real-IP, Host override & more
Baseline diffing to detect response changes
Custom payload injection (internal IPs/domains)
Fast recon for access control bypass
https://t.co/BDgf53fO8x
#Pentesting #BugBounty #WebSecurity #CyberSecurity #Infosec
Google dorks for bug bounty hunters:
1. https://t.co/7opvbqZP7P
2. https://t.co/r43rTkSlBN
3. https://t.co/MmzehdlwRk
4. https://t.co/qPon4dyDZq
5. https://t.co/jVyTWQg8gk
#BugBounty #GoogleDorks #Recon #InfoSec
After a longtime i decided to write it
How a 404 Page Led Me to an Unauthenticated AI Chatbot Leaking an Entire ERP Knowledge Base
https://t.co/Do51C5FPtu
How I Made $6,000 with JWT Manipulation on Web3 Crypto Application by @zack0x01_ https://t.co/g4FJs94BOj #bugbounty #bugbountytips #bugbountytip #infosec #JWT #Web3 #Crypto
403 bypass tools for bug bounty hunters:
bypass-403 → https://t.co/MCDBZWSFE9
nomore403 → https://t.co/p7oJS8phSt
4-ZERO-3 → https://t.co/N3dxE3QdDr
byp4xx → https://t.co/wFriI9w6dg
dontgo403 → https://t.co/s1Jwo6S0tH
#bugbounty #bugbountytips #infosec #websecurity #hacking
Last Seen Users on Sotwe
Trends for you
Most Popular Users
Elon Musk 
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.9M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.5M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers