Aditya Soni
@hetroublehacker
~ Your friendly neighbourhood hacker ¯\_(ツ)_/¯
Tal vez te guste
much better
I'm giving away the secrets to our 20K$ bounty. Link :- speakerdeck.com/dk999/to-the-d… Cost - 0$
The recording of "HTTP/1.1 must die: the desync endgame" has now landed on YouTube. Enjoy! youtube.com/watch?v=zr5y6B…
youtube.com
YouTube
RomHack 2025 - James “albinowax” Kettle - HTTP/1.1 Must Die! The...
hustle. consistency. reward
Spent around 2 months hunting on @Bugcrowd Total submissions on Atlassian = 56 Pending = 2 Accepted = 12 Rejected = 10 Duplicate = 32 All manual, no recon, no tools/extensions—just Burp on a single domain.
How to turn iframes and window.open into weapons for XSS. From origin manipulation to sandbox escape, this paper by @aszx87410 is stacked with juicy info. Huli dives deep into the magical world of iframes and and is definitely worth a read!…
Just scored a reward @intigriti, check my profile: app.intigriti.com/profile/hetrou… #HackWithIntigriti
How to grab subs for a target using subfinder, validate them and extract the text body from each response using httpx and jq, extract a wordlist of keywords using NLP then resolve them using puredns to find valid subdomains 👇 You can also use LLMs and tools like alterx to…
Shoutout to @intigriti triagers!! Thanks for being awesome to work with! Somehow landed at the top of the 90-day leaderboard…
When applying for a job at McDonald's, over 90% of franchises use "Olivia," an AI-powered chatbot. We (@iangcarroll and I) discovered a vulnerability that could allow an attacker to access the over 64 million chat records using the password "123456". ian.sh/mcdonalds
When HTTP/1.1 Must Die lands at DEFCON we’ll publish a @WebSecAcademy lab with a new class of desync attack. One week later, I’ll livestream the solution on air with @offby1security! You’re invited :) youtube.com/live/B7p8dIB7b…
youtube.com
YouTube
Novel HTTP/1 Request Smuggling/Desync Attacks with James Kettle
After 9 months+ of cranking, cursing, and cursoring, and drawing on over 20 years experience running #HITB's Call for Papers, I bring you CFP Directory - a single system to make it easier for speakers to submit and organizers to connect and curate talks: cfp.directory
After about five years of sifting through and triaging thousands of vulnerability reports, I’ve got a pretty good sense of what makes a report stand out, and what makes it a slog to read. Lately, I’ve noticed more and more folks using AI to jazz up their reports with flowery,…
HackerOne Clubs across Asia-Pacific are adding fresh energy. Welcome to these new Brand Ambassadors! 🇮🇩 @zeeagils & 🇮🇩 root_geek280 (Indonesia—new club!) 🇮🇳 @hetroublehacker & 🇮🇳 @05__Yash (India North) 🇮🇳 @0xcharan (India South) 🇮🇳 @ThisIsDK999 & snifyak (India East) 🇧🇩…
casually dropping some info, how you can enroll on zoom private BBP! instagram.com/reel/DKjobWfBE…
AI isn’t replacing bug bounty hunters anytime soon, but it’s getting surprisingly close. In this DEF CON talk, Joel Noguera & Diego Jurado (@xbow) show how they built agents that exploit real-world XSS, JWT, and CSRF bugs autonomously youtu.be/YDsHI2acEVA #BugBounty #DEFCON
I've been working on something behind the scenes for the past couple of months, and I'm finally ready to share it. Disclosed. A curated newsletter about the bug bounty world. getdisclosed.com/subscribe Over the last four weeks, I've been quietly publishing weekly issues and…
Automation handles the known. Humans uncover the new. Here are 6 ways to manually find new attack vectors 👇 1️⃣ Redefining the Impossible - "You can't" Search documentation for “X cannot do Y” restrictions. These statements often highlight strong assumptions and logic. Use…
Just dropped a breakdown of one of my most viral reels — XSS explained #XSS #bugbountytips #Cybersecurity #HeTroubleHacker #infosec Viral XSS Reel Breakdown | Hacks Explained EP 1 | HeTroubleHacker youtu.be/4n9OV7P70EU?si…
youtube.com
YouTube
Viral XSS Reel Breakdown | Hacks Explained EP 1 | HeTroubleHacker
RFC 2047 "encoded-word" is crazy! It lets you smuggle encoded payloads into email addresses and the craziest thing is that some parsers decode it before validation 👇 Shout out to @garethheyes for this 🔥
Make the best out of it, for the kickstart!
I keep seeing big companies making this simple regex mistake. Developers often ignore regex metacharacters, like dots and don't escape them. The Recollapse tool was missing it, so I've just included this mode by default in v0.4 🚀
United States Tendencias
- 1. Good Wednesday 22.5K posts
- 2. #LoveYourW2025 137K posts
- 3. #wednesdaymotivation 5,054 posts
- 4. TAEHYUNG AT LOVE YOUR W 79.1K posts
- 5. Hump Day 1,476 posts
- 6. Markey N/A
- 7. And the Word 77.5K posts
- 8. #GenV 3,594 posts
- 9. #15Oct 2,894 posts
- 10. Raila Odinga 162K posts
- 11. #LeeKnowXGucci 6,476 posts
- 12. LEE KNOW FOR HARPERS BAZAAR 5,794 posts
- 13. Young Republicans 90.7K posts
- 14. Tami 5,130 posts
- 15. cate 4,730 posts
- 16. George Floyd 37.4K posts
- 17. Baba 130K posts
- 18. Yamamoto 51.9K posts
- 19. Lucia 58.7K posts
- 20. Politico 335K posts
Tal vez te guste
-
pikpikcu
@pikpikcu -
Aseem Shrey
@AseemShrey -
Hx01
@Hxzeroone -
streaak
@streaak -
Shiv chouhan
@1ndianl33t -
Sunil Yedla
@sunilyedla2 -
HAHWUL
@hahwul -
pwnmachine 👾
@princechaddha -
Deepak Dhiman🇮🇳
@Virdoex_hunter -
Aditya sharma 🇮🇳
@Assass1nmarcos -
Udit Bhadauria
@udit_thakkur -
Avanish Pathak
@avanish46 -
Ashish Kunwar
@D0rkerDevil -
Ninad Mathpati 🇮🇳
@Ninad_Mathpati -
Ahmad Halabi
@Ahmad_Halabi_
Something went wrong.
Something went wrong.