Keyur @Keyur_K_P - Twitter Profile

about 1 month ago

@_jensec @_jensec I had same issue, but now it is working fine for me. What I did was: I Gave program detail, what I want to achieve in Claude Web UI, and ask to create me CLAUDE.md and relevant file. I had copy it in my Claude Code CLI. And it work fine.

0

1

0

1

382

Keyur @Keyur_K_P

2 months ago

@NFSU_Official Covering: Claude Code + Burp Suite MCP + Shodan + Censys + IP Recon An Upskill Initiative by NFSU Alumnus #PenTest #BugBounty #AI #CyberSecurity #ClaudeCode #EthicalHacking #NFSU

0

147

Keyur @Keyur_K_P

2 months ago

What if AI could do your recon, analyze Burp traffic, and write your pentest report — all from one terminal? I'll show you exactly how this Sunday. Live demos, real findings, no slides-only fluff. 📅 5th April | 11:00 AM 🔗Registration Link: https://t.co/WuX9CgacPo

Keyur_K_P's tweet photo. What if AI could do your recon, analyze Burp traffic, and write your pentest report — all from one terminal?
I'll show you exactly how this Sunday. Live demos, real findings, no slides-only fluff.
📅 5th April | 11:00 AM 🔗Registration Link: https://t.co/WuX9CgacPo https://t.co/pfDUCHCMDp

1

2

0

1

84

Keyur_K_P retweeted

bugcrowd

@Bugcrowd

3 months ago

Let’s STOP ignoring WebSockets There are P1s to be found. Here we go.👇🧵

5

176

27

170

11K

Who to follow

harrymg

@GertyBoy27

Web Application Security, harrymg: @Hacker0x01,@Bugcrowd | Game Dev: https://t.co/X50MiHbr4b | Views are my own

Chavda Zeel

@ChavdaZeel

Pentester | @synack | Web Security | Learner | My tweets are my own

Pritesh Mistry

@pritesec

Senior Penetration Tester | Security Analyst

Keyur_K_P retweeted

Behi

@Behi_Sec

4 months ago

https://t.co/ybPysEvzt9

3

369

72

588

29K

Keyur_K_P retweeted

Behi

@Behi_Sec

3 months ago

https://t.co/K8gZsopzNg

10

455

63

390

35K

Keyur @Keyur_K_P

5 months ago

@Ravenzbb @8kSec Congratulations Ishwar!

1

0

35

Keyur @Keyur_K_P

about 1 year ago

@kyrian_cyber Your Welcome !

0

7

Keyur_K_P retweeted

Security BSides Ahmedabad

@bsidesahmedabad

about 1 year ago

🔥 Guess who’s back and bringing the heat to the Cyber Party 🤫💥 @Hacker0x01 is now the official Bug Bounty Sponsor for BSides Ahmedabad 0x06! 🕵️‍♂️💥 Not only are they bringing their A-game to the world of bug bounties, but they're also helping us make this the Finest Cyber Security Conference Around. 🤩 Ready to flex those cybersecurity skills? 🧠💻 And yes… that must-have t-shirt and the coolest swag in town? It’s making a comeback too — and you better believe it’s gonna be 🔥 this year! 😎🧢👕 Feeling excited? You should be! 👀 Tickets drop soon – don’t let the bugs (or the FOMO) get you! 🏃‍♂️💨 #HackerOne #BugBountySponsor #BSidesAhmedabad #Cybersecurity #CyberHunt #HackTheWorld #NextLevelCyber #FOMO #CyberPower #Innovation

bsidesahmedabad's tweet photo. 🔥 Guess who’s back and bringing the heat to the Cyber Party 🤫💥

@Hacker0x01 is now the official Bug Bounty Sponsor for BSides Ahmedabad 0x06! 🕵️‍♂️💥

Not only are they bringing their A-game to the world of bug bounties, but they're also helping us make this the Finest Cyber Security Conference Around. 🤩

Ready to flex those cybersecurity skills? 🧠💻

And yes… that must-have t-shirt and the coolest swag in town? It’s making a comeback too — and you better believe it’s gonna be 🔥 this year! 😎🧢👕

Feeling excited? You should be! 👀

Tickets drop soon – don’t let the bugs (or the FOMO) get you! 🏃‍♂️💨

#HackerOne #BugBountySponsor #BSidesAhmedabad #Cybersecurity #CyberHunt #HackTheWorld #NextLevelCyber #FOMO #CyberPower #Innovation

0

24

12

1

984

Keyur @Keyur_K_P

over 1 year ago

@bhavukjain1 My Authentication Bypass report was mark as Not Applicable on Shopify😅.

0

1

0

599

Keyur_K_P retweeted

Security BSides Ahmedabad

@bsidesahmedabad

over 1 year ago

We’re beyond excited to launch the BSides Ahmedabad 0X06 new website landing page – it’s officially LIVE! 🎉🚀 Go check it out now at https://t.co/Bv6GKsqz6s🔥 Get ready, the CFP is just around the corner! 📝✨ More updates coming your way, stay tuned! 👀📲 #bsidesahmedabad #websitelaunch #bsidesahmedabad0x06 #cybersecurity #techcommunity #ahmedabadevents #newwebsite #staytuned #pentesting #ethicalhacking #securityexperts #hackerprevention #cyberawareness #cyberdefence

bsidesahmedabad's tweet photo. We’re beyond excited to launch the BSides Ahmedabad 0X06 new website landing page – it’s officially LIVE! 🎉🚀 Go check it out now at https://t.co/Bv6GKsqz6s🔥

Get ready, the CFP is just around the corner! 📝✨

More updates coming your way, stay tuned! 👀📲

#bsidesahmedabad #websitelaunch #bsidesahmedabad0x06 #cybersecurity #techcommunity #ahmedabadevents #newwebsite #staytuned #pentesting #ethicalhacking #securityexperts #hackerprevention #cyberawareness #cyberdefence

0

17

10

2

2K

Keyur @Keyur_K_P

over 1 year ago

@tabaahi_ And another was something related to blood change.

0

52

Keyur @Keyur_K_P

over 1 year ago

@tabaahi_ Hi Mohsin, Recovery from GBS takes time, depends upon multiple factors. Ranging from 6 months to may be 1 year. I would suggest start the treatment as soon as possible. There was 2 types of treatments, one was injection which cost 16k - 17k in 2022

1

2

0

326

Keyur_K_P retweeted

Security BSides Ahmedabad

@bsidesahmedabad

over 1 year ago

🚨 Big Announcement! 🚨 🥁 We’re thrilled to unveil the official dates for BSides Ahmedabad 2025! 🕶️🎉 🗓️ 12-13 September 2025 🔥 Mark your calendars🗓️, rally your squad🫡& prepare for two incredible days packed with groundbreaking talks😎, hand-on workshops🤩,unparalleled networking🛜& of course,the coolest swags to take home.💼✌️✨ #bsidesahmedabad #ethicalhacking #infosec #techevent #cybersecurity #bugbounty #cyberdefense #conference #dataprotection #pentesting #securityawareness #cloudsecurity #cyberthreat #securityresearch #networking #workshops

2

40

10

3

2K

Keyur_K_P retweeted

Jayesh Madnani

@Jayesh25

over 1 year ago

🚨 Yay, we were rewarded with $20,000 on our @Hacker0x01 submission for a SSRF bug discovered in collaboration with @Shlibness! 💰🎉 🥳 We uncovered a Critical SSRF vulnerability, turning it into unauthorized access to internal admin endpoints, leading to PII leaks and administrative access! Here’s how we escalated a simple SSRF to a $20,000 bounty. 💰🛡️ 🔍 Step-by-Step Breakdown: 1️⃣During our testing, we found an endpoint accepting an "url" parameter. 2️⃣To confirm it was vulnerable to SSRF, we passed a Burp Collaborator URL and received an HTTP pingback, indicating a potential SSRF issue. ✅ 3️⃣We then attempted to escalate this Issue by accessing localhost and AWS metadata. 4️⃣It turned out the endpoint was part of an AWS Lambda function. By hitting http://localhost:9001/2018-06-01/runtime/invocation/next, we retrieved Lambda function details. 💡 5️⃣At this point, there were no sensitive credentials or Information leaked. But since the SSRF allowed partial read, we wondered: "What if we could access internal services whitelisted for this Lambda?" 🤔 6️⃣Next, we identified two categories of targets across all subdomains: Externally resolving but not directly accessible via HTTP Internally resolving and obviously not accessible via the Internet🌐 7️⃣We used Shub's @infosec_au Surf tool (https://t.co/8OS9NuWx8d) for discovering potential Internal targets and found 5000+ viable subdomains that were inaccessible from the internet. 🎯 8️⃣Chaining the SSRF further, we searched for Swagger endpoints on all these targets Identified by the surf tool, we ended up looking for endpoints like: http://<internalhost>/swagger-ui/swagger.json http://<internalhost>/api/v1/api-docs http://<internalhost>/api/v2/api-docs etc We discovered that the Lambda function had whitelisted access to internal hosts exposing Swagger API documentation. 🚀 9️⃣The Swagger docs revealed administrative endpoints. Chaining the SSRF again, we accessed these Internal API endpoints, leading to PII leaks and unauthorized access to other internal administrative functionalities. 🔓 ⚠️ Impact: This vulnerability allowed attackers to access internal administrative endpoints, leaking PII and exposing other critical business risks. 🚨 💡Lesson Learned: Don’t stop at confirming SSRF! Always think outside the box and explore ways to escalate for maximum impact. Creativity wins the game! 🧠✨ #BugBounty #HackerOne #BugCrowd #YesWehack #Intigriti #bugbountytips #security Y

Jayesh25's tweet photo. 🚨 Yay, we were rewarded with $20,000 on our
@Hacker0x01 submission for a SSRF bug discovered in collaboration with @Shlibness! 💰🎉

🥳 We uncovered a Critical SSRF vulnerability, turning it into unauthorized access to internal admin endpoints, leading to PII leaks and administrative access! Here’s how we escalated a simple SSRF to a $20,000 bounty. 💰🛡️

🔍 Step-by-Step Breakdown:
1️⃣During our testing, we found an endpoint accepting an "url" parameter.

2️⃣To confirm it was vulnerable to SSRF, we passed a Burp Collaborator URL and received an HTTP pingback, indicating a potential SSRF issue. ✅

3️⃣We then attempted to escalate this Issue by accessing localhost and AWS metadata.

4️⃣It turned out the endpoint was part of an AWS Lambda function. By hitting http://localhost:9001/2018-06-01/runtime/invocation/next, we retrieved Lambda function details. 💡

5️⃣At this point, there were no sensitive credentials or Information leaked. But since the SSRF allowed partial read, we wondered: "What if we could access internal services whitelisted for this Lambda?" 🤔

6️⃣Next, we identified two categories of targets across all subdomains:
Externally resolving but not directly accessible via HTTP
Internally resolving and obviously not accessible via the Internet🌐

7️⃣We used Shub's @infosec_au Surf tool (https://t.co/8OS9NuWx8d) for discovering potential Internal targets and found 5000+ viable subdomains that were inaccessible from the internet. 🎯

8️⃣Chaining the SSRF further, we searched for Swagger endpoints on all these targets Identified by the surf tool, we ended up looking for endpoints like:
http://<internalhost>/swagger-ui/swagger.json
http://<internalhost>/api/v1/api-docs
http://<internalhost>/api/v2/api-docs
etc

We discovered that the Lambda function had whitelisted access to internal hosts exposing Swagger API documentation. 🚀

9️⃣The Swagger docs revealed administrative endpoints. Chaining the SSRF again, we accessed these Internal API endpoints, leading to PII leaks and unauthorized access to other internal administrative functionalities. 🔓

⚠️ Impact: This vulnerability allowed attackers to access internal administrative endpoints, leaking PII and exposing other critical business risks. 🚨

💡Lesson Learned: Don’t stop at confirming SSRF! Always think outside the box and explore ways to escalate for maximum impact. Creativity wins the game! 🧠✨

#BugBounty #HackerOne #BugCrowd #YesWehack #Intigriti #bugbountytips #security Y

58

1K

142

590

69K

Keyur_K_P retweeted

Godfather Orwa 🇯🇴 @GodfatherOrwa

over 1 year ago

Slides of my talk in @bsidesahmedabad I hope you like it and found it a little bit useful https://t.co/BBqJdCLrWv #bugbounty #bugbountytip #bugbountytips #infosec Thanks for support for all of you and @bsidesahmedabad & @Bugcrowd

25

479

112

349

32K

Keyur_K_P retweeted

Godfather Orwa 🇯🇴 @GodfatherOrwa

over 1 year ago

check my new tools for #bugbounty its just came public now https://t.co/4lsLDEc0L1 https://t.co/Ckel7Kri38 and dont forget to check my updated wordlists Thanks @bsidesahmedabad @Bugcrowd #bugbountytip #bugbountytips

7

608

149

478

65K

Keyur_K_P retweeted

𝕏 Bug Bounty Writeups 𝕏

@bountywriteups

almost 2 years ago

Blind Command Injection Leads to Nothing!! https://t.co/R4d2NtJZBy #bugbounty #bugbountytips #bugbountytip

0

15

3

8

2K

Keyur_K_P retweeted

KNOXSS @KN0X55

almost 2 years ago

Top 10 #XSS Payloads By @RodoAssis https://t.co/gY25rgIco2

0

53

8

28

3K

Keyur

@Keyur_K_P

Who to follow

Last Seen Users on Sotwe

Trends for you

Most Popular Users