Sahil Ahamad

Bug Bounty Hunter & security engineer

over 1 year ago

Imagine opening a Discord message and suddenly your computer is hacked. We discovered a bug that made this possible and earned a $5,000 bounty for it. Here's the story and a beginner-friendly deep dive into V8 exploit development. Watch: https://t.co/QtAro4fj4t

S1r1u5_'s tweet photo. Imagine opening a Discord message and suddenly your computer is hacked.

We discovered a bug that made this possible and earned a $5,000 bounty for it.

Here's the story and a beginner-friendly deep dive into V8 exploit development.

Watch: https://t.co/QtAro4fj4t https://t.co/A1LdK05YyB

17

731

178

424

79K

Who to follow

mohammed eldeeb

@malcolmx0x

Geekboy

@emgeekboy

Hacker, Co-Founder @pdiscoveryio, Ex-Security Analyst / BugBounty @Hacker0x01

Paresh

@Paresh_parmar1

Penetration Tester/ BugBounty hunter/ Gamer

ehsahil retweeted

HTTPVoid @httpvoid0x2f

over 1 year ago

Check out our latest blog post! We dive into GitHub Enterprise’s SAML implementation and explore an authentication bypass in encrypted assertion mode. CVE-2024-4985 / CVE-2024-9487: GitHub Enterprise SAML Authentication Bypass. https://t.co/mFOE6GGkhO

0

180

49

62

17K

ehsahil retweeted

over 1 year ago

MXSS Explained Part 1: Why Server-Side HTML Sanitizers Are Doomed to Fail with this XSS! In this video, I dive into how sanitizers work, discuss the first known MXSS in IE, and showcase an MXSS vulnerability in the popular Node.js module, sanitize-html. https://t.co/4kghaCIYBc

S1r1u5_'s tweet photo. MXSS Explained Part 1: Why Server-Side HTML Sanitizers Are Doomed to Fail with this XSS!

In this video, I dive into how sanitizers work, discuss the first known MXSS in IE, and showcase an MXSS vulnerability in the popular Node.js module, sanitize-html.

https://t.co/4kghaCIYBc https://t.co/t7YRQhtGsH

5

296

72

196

35K

@niksthehacker @hillai @sagitz_ @_niteshsurana #defcon32 #BlackHat2024

almost 2 years ago

1

17

3

1

928

ehsahil retweeted

Harel @H4R3L

about 2 years ago

New blog! This time a high severity session takeover in Zoom worth $15,000. Read the story of how @sudhanshur705 , @BrunoModificato and I chained 2 completely useless XSS vulns to steal OAuth tokens, hijack browser permissions, and more: https://t.co/qVUgk5shqh

10

425

129

238

36K

ehsahil retweeted

Shreyas Chavhan @shreyas_chavhan

about 2 years ago

I was getting a lot of DMs asking me how I got started, how I progressed so fast and if I can suggest a Roadmap for the beginners who also wanna get started and progress. Sharing the answer publicly. Link: https://t.co/AUYJ3HY2J5 #BugBounty #bugbountytips

shreyas_chavhan's tweet photo. I was getting a lot of DMs asking me how I got started, how I progressed so fast and if I can suggest a Roadmap for the beginners who also wanna get started and progress. Sharing the answer publicly.

Link: https://t.co/AUYJ3HY2J5

#BugBounty #bugbountytips https://t.co/XWIuVEU54Y

44

833

203

1K

90K

ehsahil retweeted

sagitz

@sagitz_

about 2 years ago

We uploaded a backdoored AI model to @HuggingFace which we could use to potentially access other customers’ data✨ Here is how we did it - and collaborated with Hugging Face to fix it 🧵⬇️

sagitz_'s tweet photo. We uploaded a backdoored AI model to @HuggingFace which we could use to potentially access other customers’ data✨

Here is how we did it - and collaborated with Hugging Face to fix it 🧵⬇️ https://t.co/S8t49rzTIf

15

1K

231

944

403K

ehsahil retweeted

over 2 years ago

I wrote a hacker roadmap with my personal experience. Becoming a Hacker: A Personal Narrative and a Roadmap https://t.co/g7Hp1rhyEI Please let me know if you have suggestions to improve. I will be sharing with people around me.

1

201

51

132

19K

over 2 years ago

@expankita @emgeekboy

0

3

0

379

ehsahil retweeted

over 2 years ago

Here is the blog post for CVE-2023-22515: Broken Access Control Vulnerability in Confluence Data Center and Server I've left two challenges in it, try to solve them. If you solve second one, that would be a 0-day 😅 https://t.co/HZDFKRykR8

5

289

91

66

41K

over 2 years ago

I’ll be in Ahmedabad this week for @bsidesahmedabad Looking forward to meet everyone in-person :)

3

29

1

4K

Jatin Dhankhar @jatindhankhar_

over 2 years ago

@vulnh0lic @bsidesahmedabad Hi 👋

0

1

0

117

ehsahil retweeted

Wiz

@wiz_io

over 2 years ago

🚨 BREAKING: Wiz Research discovers a massive 38TB data leak by Microsoft AI researchers, including 30,000+ internal Teams messages. Here's what you need to know 🧵

wiz_io's tweet photo. 🚨 BREAKING: Wiz Research discovers a massive 38TB data leak by Microsoft AI researchers, including 30,000+ internal Teams messages.

Here's what you need to know 🧵 https://t.co/2V8u9IekGV

54

3K

844

758

964K

ehsahil retweeted

almost 3 years ago

How we @zomato, made and scaled Vinifera to track team activity on Github and expanded it to other platforms. Introducing Vinifera - https://t.co/MOvWKdkcyc It was a blast brainstorming about this in the pink room with @prateek_0490 and @ehsahil.

1

12

2

1

3K

ehsahil retweeted

Prateek Tiwari

@prateek_0490

almost 3 years ago

We aimed to create a straightforward tool for tracking our team's GitHub activities, safeguarding sensitive info. Check out Vinifera's journey so far: https://t.co/unG2BjVNUw Fun fact: We named it "Vinifera" as our security team munched on grapes while brainstorming! 🍇 #Vinifera #infosec #infosecurity

prateek_0490's tweet photo. We aimed to create a straightforward tool for tracking our team's GitHub activities, safeguarding sensitive info.

Check out Vinifera's journey so far: https://t.co/unG2BjVNUw

Fun fact: We named it "Vinifera" as our security team munched on grapes while brainstorming! 🍇 #Vinifera #infosec #infosecurity

0

41

5

11

11K