Aditya Soni
@hetroublehacker
~ Your friendly neighbourhood hacker ¯\_(ツ)_/¯
You might like
You found a bug. You wrote the PoC. You hit Submit. …but what happens next? 👀 Join Sameer @sameer_bhatt5 , Senior Triager @HackerOne, as he breaks down what really goes on behind triage, reports, reviews, rejections & rewards! 🎯 Pure triager insights + 🎁 PentesterLab…
We found a way to access Max Verstappen's passport, driver's license, and personal information. Along with every other @Formula1 driver's sensitive data. It took us 10 minutes using one simple security flaw 🧵
much better
I'm giving away the secrets to our 20K$ bounty. Link :- speakerdeck.com/dk999/to-the-d… Cost - 0$
The recording of "HTTP/1.1 must die: the desync endgame" has now landed on YouTube. Enjoy! youtube.com/watch?v=zr5y6B…
youtube.com
YouTube
RomHack 2025 - James “albinowax” Kettle - HTTP/1.1 Must Die! The...
hustle. consistency. reward
Spent around 2 months hunting on @Bugcrowd Total submissions on Atlassian = 56 Pending = 2 Accepted = 12 Rejected = 10 Duplicate = 32 All manual, no recon, no tools/extensions—just Burp on a single domain.
How to turn iframes and window.open into weapons for XSS. From origin manipulation to sandbox escape, this paper by @aszx87410 is stacked with juicy info. Huli dives deep into the magical world of iframes and and is definitely worth a read!…
Just scored a reward @intigriti, check my profile: app.intigriti.com/profile/hetrou… #HackWithIntigriti
How to grab subs for a target using subfinder, validate them and extract the text body from each response using httpx and jq, extract a wordlist of keywords using NLP then resolve them using puredns to find valid subdomains 👇 You can also use LLMs and tools like alterx to…
Shoutout to @intigriti triagers!! Thanks for being awesome to work with! Somehow landed at the top of the 90-day leaderboard…
When applying for a job at McDonald's, over 90% of franchises use "Olivia," an AI-powered chatbot. We (@iangcarroll and I) discovered a vulnerability that could allow an attacker to access the over 64 million chat records using the password "123456". ian.sh/mcdonalds
ian.sh
Would you like an IDOR with that? Leaking 64 million McDonald’s job applications
When applying for a job at McDonald's, over 90% of franchises use "Olivia," an AI-powered chatbot. We discovered a vulnerability that could allow an attacker to access more than 64 million job...
When HTTP/1.1 Must Die lands at DEFCON we’ll publish a @WebSecAcademy lab with a new class of desync attack. One week later, I’ll livestream the solution on air with @offby1security! You’re invited :) youtube.com/live/B7p8dIB7b…
youtube.com
YouTube
Novel HTTP/1 Request Smuggling/Desync Attacks with James Kettle
After 9 months+ of cranking, cursing, and cursoring, and drawing on over 20 years experience running #HITB's Call for Papers, I bring you CFP Directory - a single system to make it easier for speakers to submit and organizers to connect and curate talks: cfp.directory
cfp.directory
CFP Directory - Find Your Next Speaking Opportunity
Connect speakers with conferences worldwide. Discover open CFPs, submit talks, and grow your speaking career.
After about five years of sifting through and triaging thousands of vulnerability reports, I’ve got a pretty good sense of what makes a report stand out, and what makes it a slog to read. Lately, I’ve noticed more and more folks using AI to jazz up their reports with flowery,…
HackerOne Clubs across Asia-Pacific are adding fresh energy. Welcome to these new Brand Ambassadors! 🇮🇩 @zeeagils & 🇮🇩 root_geek280 (Indonesia—new club!) 🇮🇳 @hetroublehacker & 🇮🇳 @05__Yash (India North) 🇮🇳 @0xcharan (India South) 🇮🇳 @ThisIsDK999 & snifyak (India East) 🇧🇩…
casually dropping some info, how you can enroll on zoom private BBP! instagram.com/reel/DKjobWfBE…
AI isn’t replacing bug bounty hunters anytime soon, but it’s getting surprisingly close. In this DEF CON talk, Joel Noguera & Diego Jurado (@xbow) show how they built agents that exploit real-world XSS, JWT, and CSRF bugs autonomously youtu.be/YDsHI2acEVA #BugBounty #DEFCON
I've been working on something behind the scenes for the past couple of months, and I'm finally ready to share it. Disclosed. A curated newsletter about the bug bounty world. getdisclosed.com/subscribe Over the last four weeks, I've been quietly publishing weekly issues and…
getdisclosed.com
Subscribe | Disclosed.
The bug bounty world, curated.
Automation handles the known. Humans uncover the new. Here are 6 ways to manually find new attack vectors 👇 1️⃣ Redefining the Impossible - "You can't" Search documentation for “X cannot do Y” restrictions. These statements often highlight strong assumptions and logic. Use…
Just dropped a breakdown of one of my most viral reels — XSS explained #XSS #bugbountytips #Cybersecurity #HeTroubleHacker #infosec Viral XSS Reel Breakdown | Hacks Explained EP 1 | HeTroubleHacker youtu.be/4n9OV7P70EU?si…
youtube.com
YouTube
Viral XSS Reel Breakdown | Hacks Explained EP 1 | HeTroubleHacker
RFC 2047 "encoded-word" is crazy! It lets you smuggle encoded payloads into email addresses and the craziest thing is that some parsers decode it before validation 👇 Shout out to @garethheyes for this 🔥
United States Trends
- 1. Aaron Gordon 29.1K posts
- 2. Steph 68.4K posts
- 3. Jokic 23.7K posts
- 4. Good Friday 41.8K posts
- 5. Halle 21.5K posts
- 6. #criticalrolespoilers 14.1K posts
- 7. #EAT_IT_UP_SPAGHETTI 260K posts
- 8. Vikings 53.3K posts
- 9. Wentz 25.7K posts
- 10. Talus Labs 19.2K posts
- 11. Sven 7,807 posts
- 12. #LOVERGIRL 19.2K posts
- 13. Hobi 44K posts
- 14. Warriors 95.4K posts
- 15. #breachchulavista 1,352 posts
- 16. Ronald Reagan 21.7K posts
- 17. Megan 38.7K posts
- 18. Cupcakke 5,298 posts
- 19. Pacers 22.2K posts
- 20. Digital ID 91.5K posts
You might like
-
pikpikcu
@pikpikcu -
Aseem Shrey
@AseemShrey -
Hx01
@Hxzeroone -
streaak
@streaak -
Shiv chouhan
@1ndianl33t -
Sunil Yedla
@sunilyedla2 -
HAHWUL
@hahwul -
pwnmachine 👾
@princechaddha -
Deepak Dhiman🇮🇳
@Virdoex_hunter -
Aditya sharma 🇮🇳
@Assass1nmarcos -
Udit Bhadauria
@udit_thakkur -
Avanish Pathak
@avanish46 -
Ashish Kunwar
@D0rkerDevil -
Ninad Mathpati 🇮🇳
@Ninad_Mathpati -
Ahmad Halabi
@Ahmad_Halabi_
Something went wrong.
Something went wrong.