samael0x𝟜 ☠ @nerdbyt - Twitter Profile

Pinned Tweet

about 2 months ago

🚨 Credited by Oracle in CPU April 2026 Reported a security issue on Oracle infrastructure → responsibly disclosed → fixed by the vendor → publicly acknowledged Proof 👇 https://t.co/vg9d4r43WE #halloffame #bugbountytips #oracle

1

0

74

samael0x𝟜 ☠ @nerdByt

7 days ago

@GodLDeViL07 @intigriti Congratulations 🎊 👏🏽

1

0

14

samael0x𝟜 ☠ @nerdByt

about 2 months ago

nerdByt's tweet photo. https://t.co/nYNVL7zene

0

1

0

16

samael0x𝟜 ☠ @nerdByt

about 2 months ago

🚨 Credited by Oracle in CPU April 2026 Reported a security issue on Oracle infrastructure → responsibly disclosed → fixed by the vendor → publicly acknowledged Proof 👇 https://t.co/vg9d4r43WE #halloffame #bugbountytips #oracle

1

0

74

samael0x𝟜 ☠ @nerdByt

2 months ago

🚨 URGENCY + VIRAL New Critical CVE 🚨 CVE-2026-21643 — Unauthenticated SQL Injection (9.1) Demo + PoC 👇 https://t.co/BovHhEpcWu

0

72

samael0x𝟜 ☠ @nerdByt

3 months ago

Quick check: npm list axios If vulnerable → assume full compromise. Fix: • Downgrade immediately • Rotate ALL credentials • Rebuild system from clean image

0

25

samael0x𝟜 ☠ @nerdByt

3 months ago

🚨 Axios supply chain attack (2026) — this should scare every developer. 100M+ weekly downloads. No exploit. No click. Just npm install… and you're owned. 💀 Attacker took over the maintainer’s npm account. No code vuln. No zero-day. Just account compromise → full access.

1

0

64

samael0x𝟜 ☠ @nerdByt

3 months ago

The real weapon = postinstall script Runs automatically when you do: → npm install No user interaction needed. Payload behavior: • Downloads cross-platform RAT • Executes in ~1.1 sec • Works on Windows / Linux / macOS

1

0

24

nerdByt retweeted

Chaofan Shou

@Fried_rice

3 months ago

Claude code source code has been leaked via a map file in their npm registry! Code: https://t.co/jBiMoOzt8G

3K

49K

8K

42K

36M

samael0x𝟜 ☠ @nerdByt

3 months ago

@3XS0 hey can you tell me more about this ???

0

63

nerdByt retweeted

KNOXSS @KN0X55

4 months ago

🚨 KNOXSS GIVEAWAY March 2026 ✅ Follow us ✅ Like and share this 🎁 Prize: KNOXSS Pro for 1 Month 🏆 Results: March 6th (3 winners) Want to find some vulns? Get one of our plans and test for #XSS consistently. Sign up now! 😀 https://t.co/IncubanLjv #BugBounty #PenTesting

13

51

34

4

5K

samael0x𝟜 ☠ @nerdByt

4 months ago

@IranTimes9 “One stand. Many shadows.” 🔥

0

3

samael0x𝟜 ☠ @nerdByt

4 months ago

🚨 CVE-2026-22200 — Confirmed & Validated [ osTicket Arbitrary File Read ] Manual validation ✔ Root cause analysis ✔ "/etc/hosts" manipulation for controlled testing ✔ 🔗 https://t.co/iYzlRcnlFN #CVE #BugBounty #OffensiveSecurity #AppSec #CVE202622200 #nuclei #osTicket

0

1

0

191

samael0x𝟜 ☠ @nerdByt

4 months ago

@KN0X55 Excited

0

1

0

23

samael0x𝟜 ☠ @nerdByt

4 months ago

#الحمدالله Successfully worked with a major Enterprise vendor on a Responsible Disclosure. 🐞🔥 Issue resolved. Credit coming in next advisory. Patience is part of the process. 🛡️

1

2

0

27

samael0x𝟜 ☠ @nerdByt

5 months ago

🚨 Unauthenticated RCE in WordPress One vulnerable plugin. One request. Full compromise. CVE-2025-13486 Explained + EXPLOITED 👇 https://t.co/ypXaG9S3qU #WordPress #CVE #BugBounty #CyberSecurity #rce

0

207

samael0x𝟜 ☠ @nerdByt

6 months ago

Reflected XSS identified via unsanitized error parameter — mapped to CVE-2020-19282. User input is reflected back without proper sanitization, allowing script execution in the browser. Minimal PoC used. Reported responsibly. Now waiting for Response 🕶️ #RXSS #BugBounty

nerdByt's tweet photo. Reflected XSS identified via unsanitized error parameter — mapped to CVE-2020-19282.
User input is reflected back without proper sanitization, allowing script execution in the browser.
Minimal PoC used. Reported responsibly.
Now waiting for Response 🕶️

#RXSS #BugBounty https://t.co/PWkS7dLm61

0

208

samael0x𝟜 ☠ @nerdByt

6 months ago

Blind XSS → Stored XSS → Admin panel execution. User input from a feedback form reached the backend without proper sanitization. Impact validated, sensitive data redacted. #BugBounty #BlindXSS #WebSecurity #InfoSec

nerdByt's tweet photo. Blind XSS → Stored XSS → Admin panel execution.
User input from a feedback form reached the backend without proper sanitization.
Impact validated, sensitive data redacted.
#BugBounty #BlindXSS #WebSecurity #InfoSec https://t.co/gphrzAdCs2

0

98

nerdByt retweeted

Coffin

@lostsec_

7 months ago

We have only one life, if we can't achieve what we desire, then what's the point of living it?

13

173

15

9K

nerdByt retweeted

Nana Sei Anyemedu

@RedHatPentester

7 months ago

WhatsApp End-to-End Encryption vs. Forensic Extraction Although WhatsApp uses end-to-end encryption to protect messages, calls, and shared media during transmission, this protection only applies while the data is moving between devices. Once the content reaches the device, it is stored unencrypted within WhatsApp’s local databases and media folders. Out of the volumes of content, such as 733,543 WhatsApp messages, along with videos, audios, images, and documents. I was able to get a conversation between my kid sister @ama_Anyemedu in November 11, 2020. The chat preview shows a typical WhatsApp conversation recovered from a mobile forensic extraction. At the top of the chat, WhatsApp displays the standard banner “Messages are now secured with end-to-end encryption.” This banner simply means that when messages are being transmitted between two devices, WhatsApp’s servers cannot read them because they are protected by encryption keys stored only on the users’ devices. However, end-to-end encryption does NOT protect data stored on the device itself. Mobile forensics work by accessing the phone’s internal storage, not by intercepting messages from WhatsApp servers. Once a device is unlocked or decrypted by the lawful extraction process, the tool can read the local WhatsApp databases stored on the device (usually the `msgstore.db` and related SQLite databases). This is why, despite the presence of the "end-to-end encryption" banner, the forensic tool is still able to extract: * Full chat history * Timestamps * Participants * Message contents * Attachments * Deleted messages (if still recoverable in the database) End-to-end encryption protects data in transit, not data *at rest* on the device. Forensic tools exploit lawful access to the device’s decrypted file system, enabling them to parse and display the stored WhatsApp database, which is why you can see the complete message timeline, content, and timestamps on the right side.

RedHatPentester's tweet photo. WhatsApp End-to-End Encryption vs. Forensic Extraction

Although WhatsApp uses end-to-end encryption to protect messages, calls, and shared media during transmission, this protection only applies while the data is moving between devices. Once the content reaches the device, it is stored unencrypted within WhatsApp’s local databases and media folders.

Out of the volumes of content, such as 733,543 WhatsApp messages, along with videos, audios, images, and documents.
I was able to get a conversation between my kid sister @ama_Anyemedu in November 11, 2020.

The chat preview shows a typical WhatsApp conversation recovered from a mobile forensic extraction. At the top of the chat, WhatsApp displays the standard banner “Messages are now secured with end-to-end encryption.”

This banner simply means that when messages are being transmitted between two devices, WhatsApp’s servers cannot read them because they are protected by encryption keys stored only on the users’ devices.

However, end-to-end encryption does NOT protect data stored on the device itself.

Mobile forensics work by accessing the phone’s internal storage, not by intercepting messages from WhatsApp servers. Once a device is unlocked or decrypted by the lawful extraction process, the tool can read the local WhatsApp databases stored on the device (usually the `msgstore.db` and related SQLite databases).

This is why, despite the presence of the "end-to-end encryption" banner, the forensic tool is still able to extract:

* Full chat history
* Timestamps
* Participants
* Message contents
* Attachments
* Deleted messages (if still recoverable in the database)

End-to-end encryption protects data in transit, not data *at rest* on the device.
Forensic tools exploit lawful access to the device’s decrypted file system, enabling them to parse and display the stored WhatsApp database, which is why you can see the complete message timeline, content, and timestamps on the right side.

103

3K

612

2K

302K

samael0x𝟜 ☠

@nerdByt

Last Seen Users on Sotwe

Trends for you

Most Popular Users