/home/toxicat0r
@toxicsolution
OSCE3 | OSED | OSEP | OSWE | OSWA | OSCP | BSCP | CCNA | Bug Bounty Hunter | Security Researcher
You might like
HTTP/2: The Sequel is Always Worse by @albinowax portswigger.net/research/http2
I earned $1800 for my submission on @bugcrowd bugcrowd.com/toxicat0r #ItTakesACrowd API takeover (customer data exposed). Several small bugs resulted in one big final payment :)
I earned $600 for my submission on @bugcrowd bugcrowd.com/toxicat0r #ItTakesACrowd Administrator privileges to their API :)
I earned $450 for my submission on @bugcrowd bugcrowd.com/toxicat0r #ItTakesACrowd IDOR exposed customer data. Changed the HTTP method from PUT to GET, shortened down the URL, and finally changed the user ID :)
I earned $300 for my submission on @bugcrowd bugcrowd.com/toxicat0r #ItTakesACrowd IDOR in a private program ;) Got another $150 for no rate limiting as well 🥳
Shoutout to @evildaemond, Ulas, and Viper at @Bugcrowd. Triaging at the speed of light 💯
Just bought myself a couple of new IoT cameras. Not sure if I should laugh or cry :)
BendyBear: Novel Chinese Shellcode Linked With Cyber Espionage Group BlackTech unit42.paloaltonetworks.com/bendybear-shel…
Accessed the computer system of a facility that treats water for about 15,000 people and sought to add a dangerous level of additive to the water supply reuters.com/article/us-usa…
9 exploits published today with my name on them. Super happy about that, but also worrying that some WP plugin developers really don’t care about security. They ignored my requests until I contacted the WP plugin security team directly.
[webapps] WordPress Plugin Supsystic Backup 2.3.9 - Local File Inclusion dlvr.it/RsFRB4
CVE-2021-3156: Heap-Based Buffer Overflow in Sudo (Baron Samedit) blog.qualys.com/vulnerabilitie… via @qualys
New campaign targeting security researchers @google blog.google/threat-analysi…
Don't forget to add "Password2021" to your wordlists.
I have report from Microsoft about SolarWinds hack, including IoCs. Excerpts in this thread: "Microsoft security researchers recently discovered a sophisticated attack where an adversary inserted malicious code into a supply chain development process.... 1/
Stumbled across this awesome tool yesterday. Perfect for OSINT, bug bounty hunting, and so on. Search across a half million git repos 💯 grep.app
"Sent torsdag kveld fikk VG inn en rekke tips fra lesere som hadde blitt logget inn på andres profiler når de forsøkte å logge seg inn via ID-porten, en felles innloggingsløsning til offentlige tjenester." direkte.vg.no/nyhetsdognet/n…
United States Trends
- 1. Happy Birthday Charlie 29.3K posts
- 2. Good Tuesday 25K posts
- 3. #tuesdayvibe 2,635 posts
- 4. #Worlds2025 31.1K posts
- 5. #T1WIN 14.7K posts
- 6. Pentagon 69.5K posts
- 7. Martin Sheen 5,861 posts
- 8. Romans 10.5K posts
- 9. Blinken 24.5K posts
- 10. Dissidia 4,858 posts
- 11. Time Magazine 14.9K posts
- 12. Snell 25.9K posts
- 13. Jake Moody 14.7K posts
- 14. Trump's Gaza 135K posts
- 15. Jayden 23.9K posts
- 16. JPMorgan 11.6K posts
- 17. Benin 94.7K posts
- 18. #BearDown 2,507 posts
- 19. Conquered 29.9K posts
- 20. Joji 36.3K posts
You might like
-
Soumyani1
@reveng007 -
Sm4rty.xyz 𝕏
@Sm4rty_ -
error4o4
@error404sec -
SecHawk
@sec_hawk -
Abhishek Karle
@AbhishekKarle3 -
Fatin Sirat
@fatinsourav1 -
T0t0r0
@T0t0r04 -
Tanmay
@blackk_hawkkk -
SplinterSec
@splint3rsec -
AbdeRaouf 🇵🇸
@abderaoufzx -
Ashiqur Emon
@Ashiqur_Emon78 -
Steffen
@devourer_stf -
0xPratyaksh
@mr_fr3qu3n533 -
pedro bart
@pedrobart01 -
🍀 Fritz Meyer 🐜🎗️🐜🏴💀
@Boomer_1960
Something went wrong.
Something went wrong.