👑 OFJAAAH 👑 @ofjaaah - Twitter Profile

Pinned Tweet

about 5 years ago

I am very happy for the donation I had from @zseano I am very grateful because I am inspired by you, my friend, always a good man. Thank you for everything and I wish you many good things, be well my friend and thank you very much. I was very happy. #bugbounty #twitch

ofjaaah's tweet photo. I am very happy for the donation I had from @zseano I am very grateful because I am inspired by you, my friend, always a good man. Thank you for everything and I wish you many good things, be well my friend and thank you very much. I was very happy.

#bugbounty #twitch https://t.co/rbKbd7xtP1

5

223

9

8

0

ofjaaah retweeted

Nico

@nicos_ai

4 days ago

No estás usando el 100% de Claude Code. Hasta que instalas esto. Se llama Everything Claude Code y es el toolkit open source más completo que he visto. → 30 agents, 64 skills, 33 commands → AgentShield integrado con 1.282 tests de seguridad → planificación, code review, fixes, TDD y optimización de tokens → funciona en Claude Code, Cursor, OpenCode y Codex CLI Un repo que reemplaza semanas de setup. 100% gratis y Open source. Te dejo el enlace abajo👇 Guarda este post para no perderlo 🔖

nicos_ai's tweet photo. No estás usando el 100% de Claude Code.
Hasta que instalas esto.

Se llama Everything Claude Code y es el toolkit open source más completo que he visto.

→ 30 agents, 64 skills, 33 commands
→ AgentShield integrado con 1.282 tests de seguridad
→ planificación, code review, fixes, TDD y optimización de tokens
→ funciona en Claude Code, Cursor, OpenCode y Codex CLI

Un repo que reemplaza semanas de setup.
100% gratis y Open source.

Te dejo el enlace abajo👇

Guarda este post para no perderlo 🔖

39

923

141

1K

47K

ofjaaah retweeted

Vitor Falcão "busfactor"

@busf4ctor

5 days ago

https://t.co/tVuFQJxvO9

8

255

32

174

48K

ofjaaah retweeted

Juan Cruz

@DevJuanCruz

6 days ago

corrí /insights en claude code me analizó las ultimas 30 sesiones, y me dijo patrones que se repiten y qué agregar al CLAUDE.md para no tener que aclarar lo mismo cada vez es el tipo de feature que parece simple pero cambia como trabajas

DevJuanCruz's tweet photo. corrí /insights en claude code

me analizó las ultimas 30 sesiones, y me dijo patrones que se repiten y qué agregar al CLAUDE.md para no tener que aclarar lo mismo cada vez

es el tipo de feature que parece simple pero cambia como trabajas https://t.co/XIgjzTrPTY

6

302

12

260

27K

Who to follow

Youssef Sammouda (sam0)

@samm0uda

Security Researcher/Hacker 1st in Meta bug bounty program for 6 years Opinions are my own and not my employer's.

publiclyDisclosed

@disclosedh1

This is an unofficial HackerOne public disclosure watcher who keeps you up to date about the recently disclosed bugs. By @NOBBD

ofjaaah retweeted

6 days ago

【衝撃】 Claude Code でとんでもないモードが解禁👀 Opus 4.8 ＋ /ultracode で有効になる新機能「Dynamic Workflows」！ https://t.co/26H8PJwpg2 これ何をしてるかというと👇 ・タスク難易度を自動検知・オーケストレーション用スクリプトを生成・複数エージェントに役割分担・検証フローまで自動構築・エージェントスウォームで並列実行つまり開発フローの全工程を Claude が自走。これまでは人間（細かく指示） ↓ Claude Code（実装担当）今は人間（ゴール投げるだけ） ↓ Claude Code（PM ＋開発チームを自動編成） ↓ スウォームで開発進行開発、次のフェーズに入った可能性あるで、「Claude Code進化早すぎて、正直ついていけてない…」って感じてる人へ。その感覚、かなり正常です。ここ最近だけでも、・/simplify → /code-review ・Plugins ・権限管理まわり・レビュー設計・Hooks ・Subagents とか、思想レベルでかなり変わってきてる。ただ、この変化についていけるかで、半年後の生産性かなり変わると思う。なので、「後で追えばいいや」より、最低限だけでも今追った方がいい。なので今回、先週のClaude Codeアップデート、全部この下の記事で整理しました👇是非これで追いついてください。

30

3K

264

3K

495K

ofjaaah retweeted

Preben

@prebenve

6 days ago

Found a cool bug at Meta. From misconfigured Grafana instance to R/W access on 507 private Meta repositories. Wrote up the full chain here: https://t.co/LYQ0prc68d $157k bounty awarded by @metabugbounty

24

790

129

599

64K

ofjaaah retweeted

Tom Dörr

@tom_doerr

8 days ago

Gives Claude access to 27 security intelligence tools https://t.co/ojUxXKp7Lw

4

787

132

909

38K

ofjaaah retweeted

Justin Gardner

@Rhynorater

8 days ago

Great stuff here from Bug Bounty Maturity Framework: https://t.co/dyx2RHsSZq

1

140

14

126

6K

ofjaaah retweeted

VLM Run

@vlmrun

8 days ago

Introducing mm-ctx: A fast, multimodal context manager for your agents.

22

2K

171

765

8M

ofjaaah retweeted

Erfan Tavakoli @Maverick_0o0

8 days ago

برای بچه‌هایی که هانت میکنن و حوصله ندارن توی js دنبال endpointها بگردن یه اکستنشن Burp نوشتم که امیدوارم خوشتون بیاد. https://t.co/P6C1TC2bW5

Maverick_0o0's tweet photo. برای بچه‌هایی که هانت میکنن و حوصله ندارن توی js دنبال endpointها بگردن یه اکستنشن Burp نوشتم که امیدوارم خوشتون بیاد.
https://t.co/P6C1TC2bW5 https://t.co/TR47baQQKc

12

581

80

608

27K

👑 OFJAAAH 👑 @ofjaaah

9 days ago

@1Iucas Tá virado numa máquina! Parabéns rei 👑

0

34

ofjaaah retweeted

Tur.js

@Tur24Tur

10 days ago

Authorized testing on a production API endpoint. Opus 4.7 confirmed the SQL injection was real but couldn't pull any database names. sqlmap said false positive. I switched to DeepSeek V4 Pro inside Claude Code and it figured out a trick: make the database answer yes/no questions by crashing on purpose. The payload wraps CASE WHEN around two XML casts. If the condition is true, it parses broken XML like <root>< and throws HTTP 500. If false, it parses clean XML like <root/> and returns HTTP 200. WAF was watching for SQL keywords, not XML errors. Extracted 19 database names. DeepSeek V4 Pro succeeded where both Opus and sqlmap failed. Two hours. Twenty cents. Setup: Mapped Claude Code to DeepSeek V4 Pro by creating ~/bin/claude-deep with ANTHROPIC_BASE_URL=https://t.co/RhiWu8K5Ja and ANTHROPIC_MODEL=deepseek-v4-pro[1m]. No config changes needed, original claude command stays untouched. No cybersecurity restrictions!!! Image 1: sqlmap output showing "false positive" / "all tested parameters do not appear to be injectable" Image 2: Claude Code terminal showing 19 databases extracted in ~2 hours Image 3: DeepSeek platform dashboard showing $0.20 total cost Image 4: Why this trick is different from standard blind SQLi types and why sqlmap has no built-in vector for it

Tur24Tur's tweet photo. Authorized testing on a production API endpoint. Opus 4.7 confirmed the SQL injection was real but couldn't pull any database names. sqlmap said false positive.

I switched to DeepSeek V4 Pro inside Claude Code and it figured out a trick: make the database answer yes/no questions by crashing on purpose.

The payload wraps CASE WHEN around two XML casts. If the condition is true, it parses broken XML like <root>< and throws HTTP 500. If false, it parses clean XML like <root/> and returns HTTP 200. WAF was watching for SQL keywords, not XML errors.

Extracted 19 database names. DeepSeek V4 Pro succeeded where both Opus and sqlmap failed. Two hours. Twenty cents.

Setup: Mapped Claude Code to DeepSeek V4 Pro by creating ~/bin/claude-deep with ANTHROPIC_BASE_URL=https://t.co/RhiWu8K5Ja and ANTHROPIC_MODEL=deepseek-v4-pro[1m]. No config changes needed, original claude command stays untouched.

No cybersecurity restrictions!!!

Image 1: sqlmap output showing "false positive" / "all tested parameters do not appear to be injectable"

Image 2: Claude Code terminal showing 19 databases extracted in ~2 hours

Image 3: DeepSeek platform dashboard showing $0.20 total cost

Image 4: Why this trick is different from standard blind SQLi types and why sqlmap has no built-in vector for it

15

538

82

629

102K

ofjaaah retweeted

Vivek | Cybersecurity

@VivekIntel

11 days ago

🛡️ CAI — Open-source framework for AI-powered cybersecurity automation Build and run specialized AI security agents for pentesting, automation & security research. • Supports 300+ AI models including OpenAI, Claude & Ollama • Built-in recon, exploitation & security testing tools • Agent-based architecture for offensive & defensive workflows • Includes prompt injection protections & guardrails • Used in CTFs, bug bounty research & real-world assessments https://t.co/frEHB9nCvk #CyberSecurity #AI #Pentesting #BugBounty #OpenSource

VivekIntel's tweet photo. 🛡️ CAI — Open-source framework for AI-powered cybersecurity automation

Build and run specialized AI security agents for pentesting, automation & security research.

• Supports 300+ AI models including OpenAI, Claude & Ollama
• Built-in recon, exploitation & security testing tools
• Agent-based architecture for offensive & defensive workflows
• Includes prompt injection protections & guardrails
• Used in CTFs, bug bounty research & real-world assessments

https://t.co/frEHB9nCvk

#CyberSecurity #AI #Pentesting #BugBounty #OpenSource

4

112

24

88

4K

ofjaaah retweeted

Jsmon | AI-Powered Attack Surface Management

@jsmonsh

11 days ago

Introducing apiffuf (ffuf for APIs) 🔓 An API URL fuzzer that cross-joins hosts × paths → normalizes URLs → probes over HTTP → reports live endpoints. apiffuf -hosts targets.txt -paths wordlist.txt → https://t.co/7It588xmie #bugbounty #recon #appsec #infosec #cybersecurity

1

31

9

28

2K

ofjaaah retweeted

Clandestine

@akaclandestine

11 days ago

GitHub - ShulkwiSEC/bb-huge: bb-huge 🤗 , Personal bug bounty findings hub and bug bounty orchestration for multiple agents · GitHub https://t.co/9vOIFspQZR

0

44

6

41

4K

ofjaaah retweeted

PA13L0

@Fluyeporlaweb

13 days ago

El web scraping acaba de cambiar de nivel Scrapling evita los bloqueos de Cloudflare, es 774 veces más rápido que BeautifulSoup y no necesita configuración de proxies 52.2k estrellas en GitHub No es otro scraper más Es un framework adaptativo que aprende la estructura de cada web y se ajusta automáticamente cuando cambia Sin mantenimiento manual. Sin que te bloqueen. ✅ Bypassa Cloudflare y los anti-bots más agresivos ✅ 774x más rápido que BeautifulSoup en benchmarks reales ✅ Sin necesidad de proxies ni configuración especial ✅ Se adapta automáticamente cuando cambia la estructura de la web ✅ Compatible con agentes de IA como servidor MCP ✅ Soporte para JavaScript, iframes y contenido dinámico ✅ Modo stealth para webs con detección avanzada ✅ 46 releases. Actualizado la semana pasada. ✅ Licencia BSD-3 Lo que antes tardabas días en montar y mantener ahora son minutos 52.2k estrellas. 5k forks. BSD-3. repo aquí 👇

23

2K

257

3K

118K

ofjaaah retweeted

João Monge 📈 ₿itcoin Village Inc. 🇵🇹 🇧🇷 🇪🇸 @Novos_Rurais

15 days ago

Como eu uso o @claudeai pra me preparar agora:

1

252

14

204

42K

ofjaaah retweeted

Vitor Falcão "busfactor"

@busf4ctor

18 days ago

shipped a few things to my Interceptor fork today. you can now set your context ID from the popup, --context routes commands to the right browser profile, so now we can validate cross-account vulns easier. PR to the main repo coming soon. https://t.co/35X9AXXvGa

2

65

7

44

5K

ofjaaah retweeted

Anthropic

@AnthropicAI

27 days ago

Our security bug bounty program is now public on HackerOne. We've run the program privately within the security research community, and their findings have strengthened our products. Now anyone can report vulnerabilities and get rewarded. Read more: https://t.co/li1QvSTCMs

221

4K

529

2K

941K

👑 OFJAAAH 👑 @ofjaaah

27 days ago

@gustavorobertux @BugBountyDEFCON @B1luuU @1Iucas 🚀🚀🚀

0

19

ofjaaah retweeted

SILENTCHAIN AI @silentchainai

29 days ago

SILENTCHAIN AI benchmark! ⚔️ 253,778 tokens ⚔️ 163 AI requests ⚔️ 171 findings ⚔️ 7 validated vulnerabilities Using ONLY deepseek-r1:8b via Ollama local w. 2x1080ti GPU's! 🤯 Local AI for offensive security is getting real. #AI #redteam #ollama #cybersecurity #bugbounty

silentchainai's tweet photo. SILENTCHAIN AI benchmark!

⚔️ 253,778 tokens
⚔️ 163 AI requests
⚔️ 171 findings
⚔️ 7 validated vulnerabilities

Using ONLY deepseek-r1:8b via Ollama local w. 2x1080ti GPU's! 🤯

Local AI for offensive security is getting real.
#AI #redteam #ollama #cybersecurity #bugbounty https://t.co/tNU88lDF3I

3

38

5

36

3K

👑 OFJAAAH 👑

@ofjaaah

Who to follow

Last Seen Users on Sotwe

Trends for you

Most Popular Users