Aditya Soni
@hetroublehacker
~ Your friendly neighbourhood hacker ¯\_(ツ)_/¯
คุณอาจชื่นชอบ
Someone going by "wwwiesel" on GitHub picked up @securitymeta_’s tradition this year and dropped a full list of #BlackFriday deals in the #InfoSec space Online Courses & Training - 8kSec Academy - AI Security Professional Course - Altered Security - Belkasoft - Blu Raven Academy…
You found a bug. You wrote the PoC. You hit Submit. …but what happens next? 👀 Join Sameer @sameer_bhatt5 , Senior Triager @HackerOne, as he breaks down what really goes on behind triage, reports, reviews, rejections & rewards! 🎯 Pure triager insights + 🎁 PentesterLab…
We found a way to access Max Verstappen's passport, driver's license, and personal information. Along with every other @Formula1 driver's sensitive data. It took us 10 minutes using one simple security flaw 🧵
much better
I'm giving away the secrets to our 20K$ bounty. Link :- speakerdeck.com/dk999/to-the-d… Cost - 0$
The recording of "HTTP/1.1 must die: the desync endgame" has now landed on YouTube. Enjoy! youtube.com/watch?v=zr5y6B…
youtube.com
YouTube
RomHack 2025 - James “albinowax” Kettle - HTTP/1.1 Must Die! The...
hustle. consistency. reward
Spent around 2 months hunting on @Bugcrowd Total submissions on Atlassian = 56 Pending = 2 Accepted = 12 Rejected = 10 Duplicate = 32 All manual, no recon, no tools/extensions—just Burp on a single domain.
How to turn iframes and window.open into weapons for XSS. From origin manipulation to sandbox escape, this paper by @aszx87410 is stacked with juicy info. Huli dives deep into the magical world of iframes and and is definitely worth a read!…
Just scored a reward @intigriti, check my profile: app.intigriti.com/profile/hetrou… #HackWithIntigriti
How to grab subs for a target using subfinder, validate them and extract the text body from each response using httpx and jq, extract a wordlist of keywords using NLP then resolve them using puredns to find valid subdomains 👇 You can also use LLMs and tools like alterx to…
Shoutout to @intigriti triagers!! Thanks for being awesome to work with! Somehow landed at the top of the 90-day leaderboard…
When applying for a job at McDonald's, over 90% of franchises use "Olivia," an AI-powered chatbot. We (@iangcarroll and I) discovered a vulnerability that could allow an attacker to access the over 64 million chat records using the password "123456". ian.sh/mcdonalds
When HTTP/1.1 Must Die lands at DEFCON we’ll publish a @WebSecAcademy lab with a new class of desync attack. One week later, I’ll livestream the solution on air with @offby1security! You’re invited :) youtube.com/live/B7p8dIB7b…
youtube.com
YouTube
Novel HTTP/1 Request Smuggling/Desync Attacks with James Kettle
After 9 months+ of cranking, cursing, and cursoring, and drawing on over 20 years experience running #HITB's Call for Papers, I bring you CFP Directory - a single system to make it easier for speakers to submit and organizers to connect and curate talks: cfp.directory
After about five years of sifting through and triaging thousands of vulnerability reports, I’ve got a pretty good sense of what makes a report stand out, and what makes it a slog to read. Lately, I’ve noticed more and more folks using AI to jazz up their reports with flowery,…
HackerOne Clubs across Asia-Pacific are adding fresh energy. Welcome to these new Brand Ambassadors! 🇮🇩 @zeeagils & 🇮🇩 root_geek280 (Indonesia—new club!) 🇮🇳 @hetroublehacker & 🇮🇳 @05__Yash (India North) 🇮🇳 @0xcharan (India South) 🇮🇳 @ThisIsDK999 & snifyak (India East) 🇧🇩…
casually dropping some info, how you can enroll on zoom private BBP! instagram.com/reel/DKjobWfBE…
AI isn’t replacing bug bounty hunters anytime soon, but it’s getting surprisingly close. In this DEF CON talk, Joel Noguera & Diego Jurado (@xbow) show how they built agents that exploit real-world XSS, JWT, and CSRF bugs autonomously youtu.be/YDsHI2acEVA #BugBounty #DEFCON
I've been working on something behind the scenes for the past couple of months, and I'm finally ready to share it. Disclosed. A curated newsletter about the bug bounty world. getdisclosed.com/subscribe Over the last four weeks, I've been quietly publishing weekly issues and…
Automation handles the known. Humans uncover the new. Here are 6 ways to manually find new attack vectors 👇 1️⃣ Redefining the Impossible - "You can't" Search documentation for “X cannot do Y” restrictions. These statements often highlight strong assumptions and logic. Use…
Just dropped a breakdown of one of my most viral reels — XSS explained #XSS #bugbountytips #Cybersecurity #HeTroubleHacker #infosec Viral XSS Reel Breakdown | Hacks Explained EP 1 | HeTroubleHacker youtu.be/4n9OV7P70EU?si…
youtube.com
YouTube
Viral XSS Reel Breakdown | Hacks Explained EP 1 | HeTroubleHacker
United States เทรนด์
- 1. Warner Bros 103K posts
- 2. HBO Max 49.1K posts
- 3. #FanCashDropPromotion N/A
- 4. Good Friday 54K posts
- 5. #FridayVibes 4,146 posts
- 6. Paramount 27.5K posts
- 7. $NFLX 4,781 posts
- 8. Ted Sarandos 2,791 posts
- 9. NO U.S. WAR ON VENEZUELA 2,741 posts
- 10. #FridayMotivation 4,087 posts
- 11. The EU 135K posts
- 12. Jake Tapper 56.9K posts
- 13. RED Friday 4,541 posts
- 14. #FridayFeeling 1,793 posts
- 15. Happy Friyay 1,083 posts
- 16. Pickens 17.2K posts
- 17. #FlashbackFriday N/A
- 18. $WBD 2,123 posts
- 19. Blockbuster 19K posts
- 20. David Zaslav 1,606 posts
คุณอาจชื่นชอบ
-
Aseem Shrey
@AseemShrey -
Hx01
@Hxzeroone -
streaak
@streaak -
Vegeta
@_justYnot -
Sunil Yedla
@sunilyedla2 -
HAHWUL
@hahwul -
pwnmachine 👾
@princechaddha -
Deepak Dhiman🇮🇳
@Virdoex_hunter -
Udit Bhadauria
@udit_thakkur -
Avanish Pathak
@avanish46 -
Ashish Kunwar
@D0rkerDevil -
Saad Ahmed
@XSaadAhmedX -
Ahmad Halabi
@Ahmad_Halabi_ -
0xrudra
@0xrudrapratap -
~Ankit Tiwari
@Debian_Hunter
Something went wrong.
Something went wrong.