Olivia
Online
SecurityReapers
@SecurityReapers
Bug hunter at H1/bugcrowd/Synack/YWH
Pakistan
Joined March 2017
600 Following
865 Followers
146 Posts
Pinned Tweet
In May this year , I, along with @M_Zeeshan899, found our biggest bug with our biggest bounty on @Hacker0x01. The bug was quickly fixed and awarded with a bounty of 76500$ .
The bug was similar to what nahamsec has explained in his video https://t.co/gjAvlLz0aD
Just got a reward for a high vulnerability submitted on @yeswehack
https://t.co/VerImkj86U #YesWeRHackers
💰💰💸💸
@zonduu1 Sure mate
Who to follow
/ XNL -н4cĸ3r (and @xnl-h4ck3r in the new Sky)
@xnl_h4ck3r
Aspiring Bug Bounty Hunter & dev of tools: GAP, xnLinkFinder, waymore, urless, XnlReveal, knoxnl, xnldorker 🤘
RTFM🧐... always... PLEASE!
Raviraj Rao 💻
@ravEmperorEye
Senior Product Security Analyst & Brand ambassador @hacker0x01
r00tz 🇮🇳
@yaser_s
🚀CFP & Speaker Ops @BugBountyDefcon🏅@Hacker0x01 Brand Ambassador Canada🎖️@Bugcrowd Hacker Advisory Board 🏆Top Spots-US DoD🥈H1 Hack the Airforce7'22🥇HackUS
Just heard about HackerOne allegedly training an AI pentesting agent on private bug bounty reports.
Which is great news.
I’ve always wanted to be part of something bigger than myself.
Like a dataset.
I logged into the platform to review one of my old private reports.
The one with the 47-step reproduction chain and the custom Burp extension I wrote at 2:13am.
It now feels less like a finding.
More like a contribution to the collective.
Some people are upset that private reports might be used to train an AI.
I prefer to think of it as mentorship.
I walked so the model could run automated recon at scale.
That’s legacy.
The platform says it’s trained on years of proprietary exploit intelligence.
Which sounds suspiciously like “stuff we already did.”
But I appreciate the rebrand.
I used to be a hacker.
Now I’m pre-training data.
Career growth.
I checked my dashboard to see if I get royalties.
There is no royalties tab.
But there is a leaderboard.
I assume the AI is climbing it.
I hope it enjoys the hoodie.
A few researchers are worried this devalues human work.
I disagree.
My work has never been more valuable.
It’s now infinitely reusable.
Like a zero-day sourdough starter.
I submit vulnerability reports.
The AI absorbs them.
The AI pentests the same targets next quarter.
Somewhere in there is synergy.
Or recursion.
Hard to tell.
I asked support if the AI will be submitting duplicate reports based on patterns it learned from mine.
They said the system is designed to enhance signal.
I respect that.
Nothing enhances signal like automation replaying my exact payloads at machine speed.
I’ve decided to lean into this.
From now on, I will optimize my reports for model readability.
Clear headings.
Concise PoCs.
Structured exploitation paths.
If I can���t win the bounty, I can at least improve the weights.
This is what scale looks like.
The future of bug bounty is continuous, AI-driven testing powered by historical exploit intelligence.
Which is a very elegant way of saying:
“Remember that bug you found? It found you back.”
I’m proud to be part of the ecosystem.
Even if the ecosystem is now pentesting itself.
Submitting my next report tonight.
For training purposes.
@melardev Hey mate
Can you check dm?
🎉There's a new #ReconRoyale King in town🎉
Congrats👑@UsmanMansha420👑Couldn't have gone to a nicer human!
May your rule be long and fluffy🐾
@nbk_2000 Thanks mate 🫡 this made my day 🎉🎉
@nbk_2000 Thanks mate 🫡
@pxmme1337 Hey @pxmme1337 , thanks for making this great platform.
I think i found a bug in Wildcard checking in the validation script.
Check your dm for details.
notes on 2024, second year as a VR/bounty hunter
despite its inevitable share of injustices, it is a unique way of life that breathes freedom, based -its functioning at least- on a meritocratic system
its uncertain character can be stressful, but it is what makes it so addictive
@nbk_2000 Thanks mate 🫡
🐬 Wrapped up 2024 with 92 vulnerability reports on @Hacker0x01 along with @M_Zeeshan899 ! Proud to have identified 15 critical issues and helped secure the digital ocean. Here's to more hunting in 2025! 🚀 https://t.co/9wvjiWw0u9
#hackerone #BugBounty #infosec
@nbk_2000 @_Ali4s_ @e1abrador And about umbrella , c99 and dnsdb,
Have you bought a subscription for all of these or do you just use trial and web versions ? Such as umbrella is around 90$ which i checked .
@nbk_2000 @_Ali4s_ @e1abrador Which wordlists do u use for bruteforcing, permutations, and resolvers ?
@nbk_2000 @_Ali4s_ @e1abrador Riskiq/passiveTotal is now part of microsoft xdr which is very expensive and community one is not available, did you buy the whole xdr or is there any cheaper option which i couldn't find?
Also what is avros , can you share URL?
And umbrella is cisco umbrella, right?
#RR_AMA
@nbk_2000 Thanks mate 🫡
Last Seen Users on Sotwe
ChennaiCpl_Intimacy69🔥
Seen from India
Analsexy Thailand 🍑
Seen from Turkey
𝖇𝖑𝖆𝖈𝖐 🐐
Seen from Turkey
o
Seen from Switzerland
Metehanyücel
Seen from Turkey
𝗔𝘀𝘀 𝗛𝗼𝗹𝗲 𝗙𝗲𝘃𝗲𝗿
Seen from Singapore
🇦🇷🍆XAVIX🍆🇦🇷 
Seen from Greece
Korean Smutt
Seen from Indonesia
Hany Mostafa
Seen from Italy
Pemuas Emak2 STW
Seen from Indonesia
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.1M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.9M followers
Taylor Swift
@taylorswift13
80.7M followers
Lady Gaga
@ladygaga
72.3M followers
Kim Kardashian
@kimkardashian
69.4M followers
Virat Kohli
@imvkohli
68.7M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.2M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60M followers