roughwire @roughwire - Twitter Profile

Pinned Tweet

over 5 years ago

I am not a frequent bugbounty hunter. I am a pentester with some years of experience in infosec. I started bugbounties in March2020 on weekly basis. Today I have bought this baby with my bounties. A big thanks to @Hacker0x01

roughwire's tweet photo. I am not a frequent bugbounty hunter. I am a pentester with some years of experience in infosec. I started bugbounties in March2020 on weekly basis. Today I have bought this baby with my bounties. A big thanks to @Hacker0x01 https://t.co/3FM9t7R20s

33

660

23

14

0

roughwire @roughwire

12 days ago

What happened @OpenAI My codex started typing this garbage

0

77

roughwire @roughwire

about 1 month ago

@Bugcrowd ls 👨‍💻

0

46

roughwire retweeted

Aman

@Amank1412

about 2 months ago

Someone built a transparent Mario game that runs OVER IDE so can play while waiting for Copilot to write code.

165

6K

594

2K

775K

Who to follow

BBAC kidnapped me | I hack things, play video games and occasionally take photographs

roughwire retweeted

Yasho

@YShahinzadeh

4 months ago

It's time for sharing, this is not a simple write-up, we are sharing our methodology and reasoning, detailing how we approached and hunted the flaw, I hope you like it :] https://t.co/MNmJyNZVBg

YShahinzadeh's tweet photo. It's time for sharing, this is not a simple write-up, we are sharing our methodology and reasoning, detailing how we approached and hunted the flaw, I hope you like it :]

https://t.co/MNmJyNZVBg https://t.co/Ic6RbsQutn

12

333

54

246

25K

roughwire retweeted

payloadartist @payloadartist

2 months ago

Claude wrote a Full FreeBSD Remote Kernel RCE with Root Shell (CVE-2026-4747) https://t.co/RwP6a0lOsQ (by Calif team)

11

544

90

268

35K

roughwire retweeted

Damian Strobel

@damian_89_

2 months ago

Small bug bounty writeup from one of my findings from the past - even back then having a carefully crafted list of non resolving starbucks hostnames was essential (shameless ad: https://t.co/ruxCzwsAni). Writeup: https://t.co/ChumcG0JXp Background of https://t.co/LEy2JpUTns

damian_89_'s tweet photo. Small bug bounty writeup from one of my findings from the past - even back then having a carefully crafted list of non resolving starbucks hostnames was essential (shameless ad: https://t.co/ruxCzwsAni). Writeup:

https://t.co/ChumcG0JXp

Background of https://t.co/LEy2JpUTns https://t.co/rxS2KHuzCS

6

403

77

388

30K

roughwire retweeted

obscaries ❘ AppSec

@obscaries

2 months ago

ffuf just got smarter 🤖⚡ ffufai brings AI into fuzzing — smarter payloads, better endpoint discovery, less noise. Stop guessing. Start targeting. 🎯 🔗 Source: https://t.co/PjsnllwvBV #BugBounty #Infosec #WebSecurity #Recon

2

344

63

339

15K

roughwire retweeted

Shad0w @Itx_Shad0w

2 months ago

For years, Google API keys (AIza...) had little to no real-world impact. But recently, many of them unexpectedly gained access to Google Gemini. curl "https://t.co/w9AaJy4JhU" This appears to be a widespread misconfiguration that can be hunted in the wild.

Itx_Shad0w's tweet photo. For years, Google API keys (AIza...) had little to no real-world impact.
But recently, many of them unexpectedly gained access to Google Gemini.

curl "https://t.co/w9AaJy4JhU"

This appears to be a widespread misconfiguration that can be hunted in the wild. https://t.co/ZY049Usahn

15

493

48

400

33K

roughwire retweeted

AmirMohammad Safari

@AmirMSafari

2 months ago

My challenge is actually based on a bug I found in Apollo Server; in its default configuration, it uses the same blacklist-based approach to prevent CSRF. I was able to bypass it and use it as an XS-Leak in default configs. I’ll be writing a detailed write-up soon about it :)

8

201

17

113

27K

roughwire @roughwire

3 months ago

@pxmme1337 Haha that New Delhi guy 🤣🤣

0

1

0

41

roughwire retweeted

Six2dez 🇵🇸 @Six2dez1

4 months ago

This is the first public release of Burp AI Agent. Expect rough edges. If something isn’t clear after reading the docs or you hit a bug, feel free to open an issue. Feedback and improvements are very welcome. Repo: https://t.co/tSIHsmY4wE Docs: https://t.co/khQnwiJ2ZE

4

156

28

112

16K

roughwire retweeted

payloadartist @payloadartist

4 months ago

Somebody built an AI agent to audit smart contracts and managed to find a $250k bug on Immunefi 🤯 https://t.co/Ou6lyrEGyX Are you still sleeping on AI anon? #bugbounty #bugbountytips

payloadartist's tweet photo. Somebody built an AI agent to audit smart contracts and managed to find a $250k bug on Immunefi 🤯

https://t.co/Ou6lyrEGyX

Are you still sleeping on AI anon?

#bugbounty #bugbountytips https://t.co/fWhYC52HLs

3

210

18

131

17K

roughwire retweeted

Youssef Sammouda (sam0) @samm0uda

5 months ago

Datr cookie theft and AI leading to Facebook account takeover ($24,000) https://t.co/n2MVZKxDBg Two-click Facebook account takeover via FXAuth ($30,000) https://t.co/MtuvFzGRsS Self-XSS in Facebook payments flow leads to account takeovers ($62,500) https://t.co/D7qXu1Avim

samm0uda's tweet photo. Datr cookie theft and AI leading to Facebook account takeover ($24,000)
https://t.co/n2MVZKxDBg
Two-click Facebook account takeover via FXAuth ($30,000) https://t.co/MtuvFzGRsS
Self-XSS in Facebook payments flow leads to account takeovers ($62,500)
https://t.co/D7qXu1Avim https://t.co/RWcLbyAOFQ

17

947

138

709

95K

roughwire retweeted

Behi

@Behi_Sec

7 months ago

IDOR Trick: If you're dealing with a UUID-based IDOR, try this: 00000000-0000-0000-0000-000000000000 This might expose default objects or unintended access.

7

680

70

539

28K

roughwire retweeted

André Baptista

@0xacb

7 months ago

If you found a package.json file in the wild, you might find some internal packages vulnerable to a dependency confusion attack 👀 Check for it quicker using this cool new tool by JSMon: https://t.co/zjdmSzRfqy 👇

7

362

86

371

23K

roughwire retweeted

binaryboy @b1n4r1b01

10 months ago

Brief info and POC for this week's Apple 0click iOS 18.6.1 RCE bug CVE-2025-43300 https://t.co/EL3qg56N8X

15

806

217

402

131K

roughwire retweeted

Debangshu 🇮🇳🥷

@ThisIsDK999

10 months ago

https://t.co/Obc7lYSirT Super-nice technique! Something refreshing to see in the AI-everything era :)

3

156

24

110

8K

roughwire retweeted

André Baptista

@0xacb

10 months ago

If you're learning about vibe hacking, here's a cool article demonstrating how @mattrkeeley used AI to create a working exploit for CVE-2025-32433 before any public PoCs existed! Worth a read 👇 https://t.co/74ALoE8V48

0xacb's tweet photo. If you're learning about vibe hacking, here's a cool article demonstrating how @mattrkeeley used AI to create a working exploit for CVE-2025-32433 before any public PoCs existed!

Worth a read 👇
https://t.co/74ALoE8V48 https://t.co/gVNhYNLC2M

3

339

76

300

24K

roughwire retweeted

JS0N Haddix

@Jhaddix

11 months ago

https://t.co/8UPWxpqrKd

0

27

6

35

4K

roughwire retweeted

Intigriti

@intigriti

11 months ago

💡 Tip! Injecting Log4Shell payloads is also possible in PDF files! eelyvy has a dedicated GitHub repository showing exactly how to craft your PDF payload file! 😎 🔗 https://t.co/fjMU9yOYje

intigriti's tweet photo. 💡 Tip!

Injecting Log4Shell payloads is also possible in PDF files! eelyvy has a dedicated GitHub repository showing exactly how to craft your PDF payload file! 😎

🔗 https://t.co/fjMU9yOYje https://t.co/pRq427yDql

2

401

92

276

21K

roughwire

@roughwire

Who to follow

Last Seen Users on Sotwe

Trends for you

Most Popular Users