Olivia
Online
Isaac Milan
@zer0maxx
Penetration Testing | OSCP | OSWE | eCPPTv2 | CEH
Mexico
Joined May 2011
927 Following
98 Followers
445 Posts
¡ÚLTIMA HORA: Claude Fable 5 finalmente ha reemplazado a todos y cada uno de los editores de video!!
Claude Fable 5 ahora puede:
1. Descargar videos de YouTube
2. Encontrar momentos virales en ellos
3. Añadir subtítulos atractivos
4. Recuadrar a los hablantes
5. Programar y publicar en redes sociales
esto es realmente una locura…
Turn your Burp Suite findings into clean, professional cards, ready for reports, bug bounty submissions, and social sharing.
Credit/Resource: https://t.co/XBzyk4X11D
$2000 for a web cache deception bug. As always I share my methodology 👇
Identifying a deception bug is always easy but exploiting it can be hard due to SameSite restrictions on victims cookie
I bypassed this to steal victim JWT. Read about it here:
🔗 https://t.co/CAxfKAC0eP
⚔️Top 15 Vulnerability Scanners
🔹Nuclei
🔹Sn1per
🔹Metasploit - Framework
🔹Nikto
🔹Arachni
🔹Jaeles
🔹Retire.js
🔹Osmedeus
🔹Getsploit
🔹Flan
🔹Findsploit
🔹Blackwidow
🔹Backslash-powered-scanner
🔹Eagle
🔹Cariddi
🔖#infosec #cybersecurity #hacking #pentesting #security
🔥 If you’re serious about bug bounty, this repo is pure gold.
📦 Bug Bounty Reference by @ngalongc
🔗 https://t.co/uUr3SCRE0H
📌 Why it’s a game-changer:
✅ Real-world disclosed reports — not just theory
✅ Organized by bug class: XSS, SSRF, IDOR, RCE, you name it
✅ Peek inside the actual hacker mindset 🧠
✅ Connect the dots across different targets & reports
🚀 Pro-level way to use it:
Pick a vulnerability class
Read 5+ reports in that category
Map out sources → sinks → attack chains
Apply those patterns to live targets
⚠️ Stop memorizing payloads.
Start recognizing patterns.
#BugBounty #InfoSec #CyberSecurity #EthicalHacking #WebSecurity #HackerMindse
Claude Bug Bounty Hunter - Claude Code skill for AI-assisted bug bounty hunting - recon, IDOR, XSS, SSRF, OAuth, GraphQL, LLM injection, and report generation
https://t.co/cpAhSiQtPI
Released WinDbg MCP — attach Claude (or any LLM) to a live Windows process and let it poke around. set breakpoints, read memory, walk the stack, load crash dumps. 55 tools over MCP.
https://t.co/Hw2qqEKw4k
🚨BREAKING: You can now run Claude Code for FREE.
No API costs. No rate limits. 100% local on your machine.
Here's how to run Claude Code locally (100% free & fully private):
GitHub repos for bug bounty hunters:
1. https://t.co/tiVuKOZiMJ
2. https://t.co/rXVnH8A4M7
3. https://t.co/qsNefMh7ca
4. https://t.co/wBw9INq4C0
5. https://t.co/qQUxXtm6Wl
6. https://t.co/Uy8DYZmotk
7. https://t.co/uNJIJMb09G
8. https://t.co/mBG8g4kOAH
9. https://t.co/u3tvgRGI82
10. https://t.co/XPeD7l69tL
11. https://t.co/7rxOE4mn3H
12. https://t.co/vncIFEpoaH
13. https://t.co/azotc3cWAp
14. https://t.co/s0WXLdKYrz
15. https://t.co/KF4E9xKbPU
16. https://t.co/T25lwIcmO3
17. https://t.co/7zNTRGndJw
18. https://t.co/8vrqvBWsh3
19. https://t.co/HU8KTOelUK
20. https://t.co/kaE4hX3Qhl
21. https://t.co/UT8FZGxhzF
22. https://t.co/LEuw8peVII
23. https://t.co/aqaHFL34Hn
24. https://t.co/ss0soKwgVa
25. https://t.co/GZmT8SHGzI
26. https://t.co/JWJUNJoGxk
27. https://t.co/hne7nBtgHo
28. https://t.co/RKtjSar9Be
29. https://t.co/AFNt3oGGO0
30. https://t.co/TH6XbMrad8
31. https://t.co/kcSNdd4aMF
Drop the ones I'm missing or the ones you find most useful in your hunting workflow.
#BugBounty #BugBountyTips #WebSec
Pixel-perfect website reverse-engineering
https://t.co/jhUudRS2IR
AIRecon
AIRecon 是一款自主网络安全代理,它结合了自托管的大型语言模型 (Ollama)、Kali Linux Docker 沙箱和文本用户界面 (TUI)。它的设计目标是自动化安全评估、渗透测试和漏洞赏金侦察,无需任何 API 密钥或云依赖。
https://t.co/Pu02izeQhU
‼️A new Android Remote Administration Tool (RAT) called "Darkweb" is being sold on a popular cybercrime forum, marketed as "the most powerful" Android hacking tool available.
Onion in sub-post.
▪️ Access: Tor browser (.onion link)
▪️ Developer Contact: Telegram
▪️ Features Include: Client Folder, Permissions, APK Tool, Crypter, Dropper, Create APK
The tool offers an extensive set of capabilities:
▪️ VNC/AcVNC: Real-time device screen control with gesture support; bypasses Android's Secure flag (black screen) protection
▪️ Keylogger: Records UI interactions and captures device unlock passwords
▪️ Target Detect: Identifies crypto and banking apps for direct launch or removal
▪️ Injects: Bank-oriented overlays for stealing credentials from crypto/banking apps
▪️ Control Elements: Full device control (Home, Back, Power, Volume, etc.)
▪️ Blank/Update Screen: Hides operations behind fake loading or system update screens
▪️ Password Logging: Enhanced capture during device unlock
▪️ APK Dropper/Crypter: Silent malware deployment with encryption to evade antivirus
▪️ Ransomware: Lock/encrypt victim devices and demand payment
▪️ File & Gallery: Silent upload of photos, videos, and documents to C2 server
▪️ Microphone & Camera: Covert activation of front/back cameras and microphone
▪️ Unlock & Screen Wake: Force wake and unlock using captured PINs/patterns
▪️ Call & Message: Monitor, initiate calls, send messages, and access contacts
Additional features include client ranking by banking/crypto app presence, auto firewall configuration, domain support, HTML editor for dropper customization, and auto-install of dependencies.
@tom_doerr interesting, adding this the awesome-ai-hacking-agents repo https://t.co/DAmaP45vOr
AI reverse engineering assistant for IDA Pro
https://t.co/HrpppDCT1a
Your tools are the difference between finding nothing and finding critical vulnerabilities.
Stop wasting hours on manual recon when automation can do the heavy lifting.
But remember — real bugs come from manual hunting, not just running tools.
Tools help you cover ground. Your brain finds the bounty. Use them wisely. 🧠
IMP TOOLS FOR BUG BOUNTY
Just discovered an insane resource 👀
“Awesome AI Hacking Agents” — a curated list of AI agents that can think, plan, and execute security tasks like a real hacker 🤖⚡
We’re slowly moving from manual recon → autonomous hacking workflows.
The future of bug bounty isn’t just skill… it’s skill + AI. 🧠🔥
Worth exploring: https://t.co/rVxVup96qa
#AIHacking #BugBounty #CyberSecurity #AITools #HackerMindset
Claude Code skill for AI-assisted bug bounty hunting - recon, IDOR, XSS, SSRF, OAuth, GraphQL, LLM injection, and report generation https://t.co/afoXjzyRaj
⚠️SSTI (Server Side Template Injection)
Payload List → If evaluated as 49 - the target is vulnerable:
1. {7*7}
2. {7*7}
3. {{7*7}}
4. [[7*7]]
5. ${7*7}
6. @(7*7)
7. <?=7*7?>
8. <%= 7*7 %>
9. ${= 7*7}
10. {{= 7*7}}
11. ${{7*7}}
12. #{7*7}
13. [=7*7]
Last Seen Users on Sotwe
teroretjink
Seen from Indonesia
Dumbmuttdiary 
Seen from United Kingdom
Kıbrıs Tek Erkek Cuckold Bull
Seen from Turkey
Janda Montok
Seen from Indonesia
Fany
Seen from Singapore
คู่แท้สุรินทร์
Seen from Thailand
محمد صبري
Seen from Egypt
sea
Seen from Indonesia
Kürt sikici
Seen from Turkey
Khan Cute
Seen from Pakistan
Most Popular Users
Elon Musk
@elonmusk
240.5M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.7M followers
Cristiano Ronaldo
@cristiano
110.3M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.6M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.8M followers
KATY PERRY
@katyperry
87.5M followers
Taylor Swift
@taylorswift13
81.3M followers
Lady Gaga
@ladygaga
72.9M followers
Kim Kardashian
@kimkardashian
69.7M followers
Virat Kohli
@imvkohli
69.7M followers
YouTube
@youtube
68.7M followers
Bill Gates
@billgates
63.8M followers
The Ellen Show
@theellenshow
62.5M followers
Neymar Jr
@neymarjr
62.4M followers
CNN
@cnn
61.9M followers
X
@x
60.8M followers
Selena Gomez
@selenagomez
60.6M followers