Habibur Rahman Hasan @hasn0x - Twitter Profile

Pinned Tweet

Habibur Rahman Hasan @hasn0x

over 2 years ago

I helped secure the Internet 😃 Alhamdulillah! Recently I received swag from @Hacker0x01 and @fastly .

4

12

0

1K

hasn0x retweeted

Densel @luckyhacker43

2 days ago · Sigor

"$500 for a UUID Swap: I Almost Gave Up on This IDOR" by tinopreter 🤯🔥 👨‍💻 tinopreter (x/tinopreter) 🔗 https://t.co/bOYIuLHxVx 🔗 Join team 👉https://t.co/FeMz53HSN0

luckyhacker43's tweet photo. "$500 for a UUID Swap: I Almost Gave Up on This IDOR" by tinopreter 🤯🔥

👨‍💻 tinopreter (x/tinopreter)
🔗 https://t.co/bOYIuLHxVx

🔗 Join team 👉https://t.co/FeMz53HSN0 https://t.co/0mEXjIXtwt

1

89

9

61

3K

hasn0x retweeted

Amr Elsagaei

@amrelsagaei

1 day ago

Auth bugs pay the most in bug bounty. Most hunters never touch them, because they never actually understood how auth works. In this video, I break down web auth the way the developer who built it sees it. Sessions, JWTs, OAuth 2.0, the Authorisation Code Flow, PKCE, and OpenID Connect. Why each protection exists, what it defends, and the exact bug that shows up when it's missing. Auth For Hackers https://t.co/RJ8gr7FkpS #BugBounty #WebSecurity #EthicalHacking #AmrSec #OAuth #JWT #OIDC

amrelsagaei's tweet photo. Auth bugs pay the most in bug bounty. Most hunters never touch them, because they never actually understood how auth works.

In this video, I break down web auth the way the developer who built it sees it. Sessions, JWTs, OAuth 2.0, the Authorisation Code Flow, PKCE, and OpenID Connect. Why each protection exists, what it defends, and the exact bug that shows up when it's missing.

Auth For Hackers https://t.co/RJ8gr7FkpS

#BugBounty #WebSecurity #EthicalHacking #AmrSec #OAuth #JWT #OIDC

4

149

12

119

5K

hasn0x retweeted

Kuldeep Pandya @kuldeepdotexe

1 day ago

They verify your login in client-side JavaScript, never on the server. So you can walk right in. New write-up: Client-side Authentication Bypass. 4 real cases (one led to a $4,000 SQLi): https://t.co/XYNTSx2t6q #BugBounty #AppSec #InfoSec #BarracksArmy

kuldeepdotexe's tweet photo. They verify your login in client-side JavaScript, never on the server. So you can walk right in.

New write-up: Client-side Authentication Bypass. 4 real cases (one led to a $4,000 SQLi):

https://t.co/XYNTSx2t6q

#BugBounty #AppSec #InfoSec #BarracksArmy https://t.co/wsxAWU2cY1

3

276

37

233

10K

Who to follow

Arif Ahmed – আরিফ আহমেদ

@MkX5EZv7cykmQ0B

আমি জানি না বলতে শেখাই সবচেয়ে বড় শিক্ষা। ---হিব্রু প্রবাদ। Free Palestine 🇵🇸 Free Arakan-Rohingya

❤Respect to be Respected❤

hasn0x retweeted

Densel @luckyhacker43

3 days ago · Sigor

$15,000 Facebook Bug Bounty 🤑 How a Simple GraphQL Query Exposed Facebook Page Admins and Their Personal Emails by Vivek PS 🤯🔥 👨‍💻 Vivek PS (x/vivekps143) 🔗 https://t.co/5w9lpVLcQE 🔗 Join team 👉https://t.co/FeMz53HSN0

luckyhacker43's tweet photo. $15,000 Facebook Bug Bounty 🤑

How a Simple GraphQL Query Exposed Facebook Page Admins and Their Personal Emails by Vivek PS 🤯🔥

👨‍💻 Vivek PS (x/vivekps143)
🔗 https://t.co/5w9lpVLcQE

🔗 Join team 👉https://t.co/FeMz53HSN0 https://t.co/ZkWsmcdVuB

2

212

23

168

8K

hasn0x retweeted

Intigriti

@intigriti

3 days ago

We just dove into our shelf of archived bug bounty write-ups from the most notable hackers! 🤠 In this issue, we selected 5 compelling articles (that are still relevant today) to share with you, from which you can learn something new! 😎 🧵 👇

intigriti's tweet photo. We just dove into our shelf of archived bug bounty write-ups from the most notable hackers! 🤠

In this issue, we selected 5 compelling articles (that are still relevant today) to share with you, from which you can learn something new! 😎

🧵 👇 https://t.co/5fFQR4omFX

2

58

14

82

4K

hasn0x retweeted

Intigriti

@intigriti

4 days ago

Quick reminder! With or without AI, developers still accidentally push API keys, credentials, and any other types of secrets to public repositories every day! 🤠 Our complete guide shows how you can find them before anyone else using several techniques. 😎 Check it out! 👇 https://t.co/Jxe0FJC4pz

intigriti's tweet photo. Quick reminder!

With or without AI, developers still accidentally push API keys, credentials, and any other types of secrets to public repositories every day! 🤠

Our complete guide shows how you can find them before anyone else using several techniques. 😎

Check it out! 👇
https://t.co/Jxe0FJC4pz

1

63

12

52

4K

hasn0x retweeted

skull

@brutecat

4 days ago

Hacking Google with A.I. for $500,000 https://t.co/S8NbDU9ZaN

59

2K

500

3K

321K

Habibur Rahman Hasan @hasn0x

4 days ago

@asad0x01 @wunderwuzzi23 Yeah, submitted on May 5, got initial eval on May 11. No further portal updates since then, but noticed it's completely fixed. It’s a core logical bypass with high revenue impact, so I guess they are taking time to fully assess the numbers.

0

1

0

41

Habibur Rahman Hasan @hasn0x

4 days ago

@mamunwhh @Hacker0x01 ma sha allah vai

0

110

Habibur Rahman Hasan @hasn0x

5 days ago

@Emad777_ @wunderwuzzi23 same question dude

0

377

Habibur Rahman Hasan @hasn0x

5 days ago

@syper_shuvo Owh acchaa btw bug type?

0

8

Habibur Rahman Hasan @hasn0x

6 days ago

Any Meta bounty hunters around? Need to clear up a few general doubts regarding their payout timeline/process.

0

23

hasn0x retweeted

Densel @luckyhacker43

7 days ago · Sigor

A Journey of Limited Path Traversal To RCE With $40,000 Bounty! https://t.co/s4pzvjTIiT Join my channel. Link on Bio

3

395

32

213

10K

Habibur Rahman Hasan @hasn0x

6 days ago

@BugBountyDEFCON @hackthebox_eu @PentesterLab @fteagleeye1 @mmnah1an

0

1

0

11

hasn0x retweeted

Bug Bounty Village

@BugBountyDEFCON

7 days ago

Time for another giveaway! We will pick 6 winners to win one of the following: 1x Annual VIP @hackthebox_eu Licence 5x @PentesterLab 3 Month Licences To enter: 1️⃣ Follow us @BugBountyDefcon 2️⃣ Like this post ❤️ 3️⃣ Re-tweet this post 🔁 Giveaway open until Monday June 15th! GOOD LUCK!

100

469

360

33

17K

Habibur Rahman Hasan @hasn0x

17 days ago

@kamrul0x @Hacker0x01 ma sha allah vai

0

2

0

53

hasn0x retweeted

systemd @secsystemd

19 days ago

Stored XSS in markdown via the DesignReferenceFilter Read Disclosed Report : https://t.co/hATe8NqWCZ Report Submitted by vakzz Bounty 16000$

2

266

25

185

16K

Habibur Rahman Hasan @hasn0x

18 days ago

@intigriti in sha allah

0

1

0

112

Habibur Rahman Hasan @hasn0x

19 days ago

Selected as the 1st Write-up Winner for the @intigriti Challenge 0526! Out of 33 submissions, they liked my documentation of 3 different solve paths (including an unintended one). Waiting for the SWAG! Read it here: https://t.co/Csh6LD8W3l #Intigriti #bugbountytips

hasn0x's tweet photo. Selected as the 1st Write-up Winner for the @intigriti Challenge 0526!
Out of 33 submissions, they liked my documentation of 3 different solve paths (including an unintended one). Waiting for the SWAG!

Read it here: https://t.co/Csh6LD8W3l

#Intigriti #bugbountytips https://t.co/5fBBgPgr09

1

5

0

5

1K

Habibur Rahman Hasan

@hasn0x

Who to follow

Last Seen Users on Sotwe

Trends for you

Most Popular Users