Sotwe logo Sotwe logo
ShehSec's profile image

Shehzad Ali

@ShehSec

Penetration Tester || Security Researcher
169.254.169.254
Joined July 2019
766 Following
920 Followers
1.3K Posts
ShehSec's profile image
Shehzad Ali @ShehSec
@arshadkazmi42 Hey, DM i'm interesting in https://t.co/G9Z89WbqGZ
1
0
0
0
52
ShehSec  retweeted
obscaries's profile image
obscaries ❘ AppSec @obscaries
Modern apps hide gold in JavaScript: 🔐 APIs & auth logic 🗝️ Secrets 🐛 Client-side bugs waiting to be exploited If you’re not analyzing JS, you’re leaving bugs on the table. 🔍🔥 Level up your recon: 👉 https://t.co/4JBnnkbR4B #BugBounty #Pentesting #WebSecurity #AppSec #JavaScript
obscaries's tweet photo. Modern apps hide gold in JavaScript: 🔐 APIs & auth logic 🗝️ Secrets 🐛 Client-side bugs waiting to be exploited If you’re not analyzing JS, you’re leaving bugs on the table. 🔍🔥 Level up your recon: 👉 https://t.co/4JBnnkbR4B #BugBounty #Pentesting #WebSecurity #AppSec #JavaScript
1
101
21
95
7K
ShehSec  retweeted
sahilsince2000's profile image
Sahil Choudhary @sahilsince2000
No jailbreak. No problem. 🔓 I built a tool that bypasses iOS SSL Pinning using OpenVPN + iptables — works with Burp Suite & mitmproxy out of the box. 👇 GitHub https://t.co/N4QyCDaXvR #CyberSecurity #BugBounty #iOS #Pentesting
4
1K
173
1K
61K
ShehSec  retweeted
zack0x01_'s profile image
zack0x01 Verified account @zack0x01_
https://t.co/GLZlGlnyVo is outperforming most recon tools 🔥🚀: 🔴waybackurls → 10,184 ✅recox → 53,030 🔥 🔴subfinder → 896 🔴subd...c99nl → 896 ✅recox → 901 ⚡ check it out : https://t.co/GLZlGlnyVo #bugbounty #bugbountytips
zack0x01_'s tweet photo. https://t.co/GLZlGlnyVo is outperforming most recon tools 🔥🚀: 🔴waybackurls → 10,184 ✅recox → 53,030 🔥 🔴subfinder → 896 🔴subd...c99nl → 896 ✅recox → 901 ⚡ check it out : https://t.co/GLZlGlnyVo #bugbounty #bugbountytips https://t.co/IxLxexGQ7o
17
694
119
852
55K

Who to follow

Br0k3n_1337's profile image
Sourav Khan🇧🇩 🇵🇸
@Br0k3n_1337
Bug Bounty Hunter | Muslim❤️
_2os5's profile image
Fares
@_2os5
Hacker | Bug Bounty Hunter
Raman_Mohurle's profile image
Raman_MG Verified account
@Raman_Mohurle
Synack Red Team | Microsoft MVR 2024 | Intigriti #7 in 2024 Q4 | GPCSSI Intern | Bug Bounty Hunter | Ethical Hacker #BUGBOUNTY
ShehSec  retweeted
Dinosn's profile image
Nicolas Krassas Verified account @Dinosn
SSLPinDetect is a tool for analyzing Android APKs to detect SSL pinning implementations https://t.co/RGfZLYhakL
0
143
45
139
9K
ShehSec  retweeted
the_IDORminator's profile image
the_IDORminator Verified account @the_IDORminator
I spent a great deal of time #hacking Salesforce Lightning and have learned quite a bit about it. If you ever see endpoints that end in "/aura", you are probably on one. They are almost always vulnerable to some kind of information leak, due to poor configuration. Poorly secured classes, controllers, methods, and input parameters can lead to so many problems. This one dumped out full order information by orderId only, no authentication. Salesforce IDs look random, but they are not. That 8016T0000020JQsQAZ can be easily iterated as the first bit just refers to an order object. OK BYE
the_IDORminator's tweet photo. I spent a great deal of time #hacking Salesforce Lightning and have learned quite a bit about it. If you ever see endpoints that end in "/aura", you are probably on one. They are almost always vulnerable to some kind of information leak, due to poor configuration. Poorly secured classes, controllers, methods, and input parameters can lead to so many problems. This one dumped out full order information by orderId only, no authentication. Salesforce IDs look random, but they are not. That 8016T0000020JQsQAZ can be easily iterated as the first bit just refers to an order object. OK BYE
7
571
49
369
22K
ShehSec  retweeted
mrdesoky0's profile image
mrdesoky0 @mrdesoky0
this Secure Code Explain page is a goldmine. Super easy breakdowns of common vulns with vulnerable code: https://t.co/VNn4HLA6vL #bugbountytips #InfoSec
mrdesoky0's tweet photo. this Secure Code Explain page is a goldmine. Super easy breakdowns of common vulns with vulnerable code: https://t.co/VNn4HLA6vL #bugbountytips #InfoSec https://t.co/4lm6VpHT12
4
279
65
317
14K
ShehSec  retweeted
ctbbpodcast's profile image
Critical Thinking - Bug Bounty Podcast Verified account @ctbbpodcast
Gareth Heyes just showed how to smuggle data from the URL hash directly into an event handler by making the element rewrite its own attributes. https://t.co/SdwyeiLIeB Let's see how it works:
1
74
12
51
13K
ShehSec  retweeted
infosec_au's profile image
shubs Verified account @infosec_au
As a homage to the work of @Blaklis_, our Security Researcher @softpoison_ debuts his first research post on reverse engineering a critical unauthenticated RCE in Magento (SessionReaper) CVE-2025-54236 at @SLCyberSec: https://t.co/VcKSXGZmCY
7
180
44
86
19K
ShehSec  retweeted
tabaahi_'s profile image
Mohsin Khan @tabaahi_
I asked 10+ top bug hunters who made over $500k+ about their secrets. Here’s what they said: 1. They work insanely hard (280+ hrs/month) even after earning millions. 2. They master 1–3 programs deeply. 3. Speed matters. Never break your momentum. 1/n
1
974
168
921
69K
ShehSec's profile image
Shehzad Ali @ShehSec
@mujtabasec Missing HTTP Security Headers
1
0
0
0
54
ShehSec  retweeted
ctbbpodcast's profile image
Critical Thinking - Bug Bounty Podcast Verified account @ctbbpodcast
Prompt injection works a lot better if your message sounds like the data the model was trained on. Some prompt formats that have worked in real bugs:
ctbbpodcast's tweet photo. Prompt injection works a lot better if your message sounds like the data the model was trained on. Some prompt formats that have worked in real bugs: https://t.co/uf8AdUqEbm
1
128
18
67
11K
ShehSec  retweeted
0x0SojalSec's profile image
Md Ismail Šojal 🕷️ Verified account @0x0SojalSec
Using Objection Framework, how to perform iOS apps penetration testing 📱 Part I :-https://t.co/S7A5d1PZMj Part II :- https://t.co/PNzasfrgtg #infosec #cybersec #bugbountytips
0x0SojalSec's tweet photo. Using Objection Framework, how to perform iOS apps penetration testing 📱 Part I :-https://t.co/S7A5d1PZMj Part II :- https://t.co/PNzasfrgtg #infosec #cybersec #bugbountytips https://t.co/0SDHcsavlL
0
25
6
10
1K
ShehSec's profile image
Shehzad Ali @ShehSec
ATO via OTP Bypass on Android Application Just published a new write-up, check it out! #AndroidSecurity #Pentesting #CyberSecurity #ATO #bugbounty https://t.co/lZTbt5EKIj
0
7
2
3
283
ShehSec's profile image
Shehzad Ali @ShehSec
@ghostlulz1337 Would be great if you start Thick Client Apps pentesting or game hacking
1
1
0
0
105
ShehSec's profile image
Shehzad Ali @ShehSec
@TheMsterDoctor1 I’m ready to earn my OSCP
0
1
0
0
78
ShehSec  retweeted
hetmehtaa's profile image
Het Mehta Verified account @hetmehtaa
BRUTAL TRUTH: 83% of Pentest candidates fail interviews despite having solid technical skills After conducting 50+ security interviews and helping dozens land their dream roles, here's why most fail (and the exact fix) 🧵 #CyberSecurity #InfoSec #TechCareers
9
602
102
918
77K
ShehSec's profile image
Shehzad Ali @ShehSec
Hey! I just published "How a Simple Git Leak Led to AWS Keys & Database Credentials" https://t.co/QmlZKiDSOD
0
33
9
22
2K
ShehSec's profile image
Shehzad Ali @ShehSec
@burhangee Hi please DM
1
1
0
0
37
ShehSec's profile image
Shehzad Ali @ShehSec
@XHackerx007 Legend never die
0
2
0
0
267

Last Seen Users on Sotwe

Sofieaadam89's profile image
sofiea adam
Seen from United States
yerliifsa06's profile image
yerli ifsa
Seen from Turkey
6cc699's profile image
ام البنين البدويه
Seen from Saudi Arabia
gj_tzh's profile image
jack geem
00assbig00's profile image
Danny Mamador Verified account
Seen from United States
FarmerB28's profile image
Bernard Verified account
Seen from United States
gaycruisingfan's profile image
gay cruising؜
Seen from Turkey
00o00_00's profile image
حديد
baristakiki1's profile image
✨Kiki✨
Seen from United States
AphiwatKha73773's profile image
ชอบเอาน้องสาวกับกลาน
Seen from Thailand

Trends for you

1
Norway
Under 10K tweets
2
Mbappe
Under 10K tweets
3
Senegal
Under 10K tweets
4
Drake Baldwin
Under 10K tweets
5
Senga
Under 10K tweets
6
Spencer Jones
Under 10K tweets
7
Huckabee
Under 10K tweets
8
#TeamRedBill
Under 10K tweets
9
Messi
Under 10K tweets
10
The View
Under 10K tweets

Most Popular Users

elonmusk's profile image
1
Elon Musk Verified account
@elonmusk
240.3M followers
barackobama's profile image
2
Barack Obama Verified account
@barackobama
119.3M followers
realdonaldtrump's profile image
3
Donald J. Trump Verified account
@realdonaldtrump
111.6M followers
cristiano's profile image
4
Cristiano Ronaldo Verified account
@cristiano
109.6M followers
narendramodi's profile image
5
Narendra Modi Verified account
@narendramodi
106.9M followers
rihanna's profile image
6
Rihanna Verified account
@rihanna
97.4M followers
nasa's profile image
7
NASA Verified account
@nasa
92.1M followers
justinbieber's profile image
8
Justin Bieber Verified account
@justinbieber
90.7M followers
katyperry's profile image
9
KATY PERRY Verified account
@katyperry
87.2M followers
taylorswift13's profile image
10
Taylor Swift Verified account
@taylorswift13
81M followers
ladygaga's profile image
11
Lady Gaga Verified account
@ladygaga
72.6M followers
kimkardashian's profile image
12
Kim Kardashian Verified account
@kimkardashian
69.6M followers
imvkohli's profile image
13
Virat Kohli Verified account
@imvkohli
69.1M followers
youtube's profile image
14
YouTube Verified account
@youtube
68.6M followers
billgates's profile image
15
Bill Gates Verified account
@billgates
63.6M followers
theellenshow's profile image
16
The Ellen Show
@theellenshow
62.5M followers
cnn's profile image
17
CNN Verified account
@cnn
61.9M followers
neymarjr's profile image
18
Neymar Jr Verified account
@neymarjr
61.8M followers
x's profile image
19
X Verified account
@x
60.9M followers
selenagomez's profile image
20
Selena Gomez Verified account
@selenagomez
60.3M followers
Olivia
Online
💫