Farah Hawa
@Farah_Hawaa
Followers
45,644
Following
849
Media
172
Statuses
1,496
security analyst @fbsecurity | part-time bug hunter | content creator | she/her | views = mine
London, England
Joined March 2015
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
オリンピック
• 561044 Tweets
Christianity
• 187077 Tweets
Cène
• 76784 Tweets
#TENatWATERBOMBBUSAN
• 68498 Tweets
DDAY YOU BETTA CATCH UP
• 67779 Tweets
隅田川花火大会
• 67485 Tweets
WTWGWS x MILKLOVE
• 64901 Tweets
ONE WORLD ONE SKY
• 63977 Tweets
世界遺産
• 60416 Tweets
佐渡金山
• 47043 Tweets
#男子バレー
• 42457 Tweets
バレー男子
• 33610 Tweets
#Olympics2024Paris
• 26356 Tweets
ニッポン
• 24082 Tweets
Vakko
• 22178 Tweets
#アークナイツハニバ2024
• 18259 Tweets
#withMUSIC
• 15941 Tweets
Patrick HK Walk Vlog🫨
• 14417 Tweets
Charlie Hebdo
• 14121 Tweets
フルセット
• 12347 Tweets
モンテス
• 10710 Tweets
Pinned Tweet
New video 🚨
Answering some common questions I get in my DMs, comments etc.
Check it out below:
9
10
155
found this Stanford course for web security; with exam papers, assignments, labs & everything:
a true goldmine 🫡
48
591
2K
I’m super excited to share that I’m gonna start my next job at the end of this month, as an Application Security Engineer with
@Bugcrowd
😄
54
22
1K
Moved to London 2 days ago 🙌🏻🙌🏻
Anyone wants to hang out / show me around, drop me a DM!
40
6
913
New full circle moment unlocked:
Going back to my school (alma mater) as a speaker, addressing over 400 girls about cybersecurity and bug bounties 🥹
17
34
904
i was told i needed to look "serious" and "older" for a screen test because apparently, I look “too babyish” on camera.
This is what I came up with and I don’t recognise myself. 🤣
88
9
733
It's finally here! In this video I talk about Same-Origin policy, when & how postMessage() is used and vulnerabilities in the postMessage() method. There's a lot of diving into JavaScript in this one🤓🧐Click the link below to watch it now!
18
130
719
NEW VIDEO 📹 🚨
I focused on learning code reviews for 20 days and made a video about it!
Click here to watch:
9
117
697
Hi! The Web Cache Deception video is up on my channel! In this video, I talk about caching functionalities, path confusion & how WCD can lead to sensitive info disclosure! Like, share & subscribe if you learnt something new🥰🥰 Click link below to watch🤩
20
135
652
NEW VIDEO: In this video, I tak about SAML authentication, SSO’s, the flow of SAML and how to bypass it. Click the link below to watch it now!
#bugbountytips
#bugbounty
#infosec
#cybersecurity
17
134
611
NEW VIDEO! 🎥
Lately, I’ve been super fascinated with HTTP/2 bugs so I made this short video on h2c smuggling which can be used to bypass access controls on vulnerable apps.
Click the link below to watch!
17
109
603
Hate makes me stronger ;) A new, highly requested video is up on YT. Click the link & watch as I explain what is OAuth 2.0, how it works, what are its vulnerabilities & how you can exploit them. Much love xx
#bugbounty
#bugbountytips
29
65
544
Hi! A new video is up which is about 5 P1 bugs that I noticed are super common since I’ve started working
@Bugcrowd
.
Click the link below to get some insights from a triager’s POV. If you liked this video, lemme know & I’ll more of these😋
#bugbounty
17
81
540
NEW VIDEO: This video is all about the basics of GraphQL and how to attack it. There's also a giveaway for three 3-month
@PentesterLab
subscriptions which is sponsored by
@Bugcrowd
🤩!! Watch now to learn some GraphQL and participate in the giveaway!
23
103
528
After almost 24+ hours of travel, finally in SAN FRANCISCO! ✈️🥳
16
4
519
Just realised I have 100K views on my first ever video 7 months ago!! 🥺
Thank you for all the love, I appreciate you 💗 What an amazing way to end the year! 😸
16
13
489
Just wanted to clarify something: I may have started bug bounty a few months ago, but I’ve been in infosec & web pentesting for 2+ years now. Even though pentesting & bug bounty are different, the technical skills for both are definitely transferable. 🤗🤗
14
21
491
I love this illustration. It’s an awesome reminder to stop procrastinating/making excuses and this applies to anything in life, personal or professional 🙂
12
104
479
Eid Mubarak to each of you celebrating🌙❤️
I hope you are staying safe and celebrating with friends and family at home 🥰
32
4
451
The 2nd part of Android hacking is up!
I’m deep diving into vulnerable WebViews with 3 FULL DEMOS on exploiting different bugs related to WebViews 🤩
Click the link below to watch! ⬇️
#bugbounty
#infosec
#androidhacking
9
93
444
NEW VIDEO: In this video, I explain how JWTs work and how to attack them. I've also shown a simple walk-through of the attacks. I've covered only the basic types to keep this video beginner-friendly :)
#bugbounty
#bugbountytips
#infosec
#cybersecurity
19
93
430
THANK YOU
@intigriti
for giving me one of the best gifts I’ve received 😭🤍
Y’all made me look way cooler than I actually am 😂
16
7
414
A new video is up! This one’s about what an Android application is made up of!
This video can be used as a reference for future videos about static security analysis of android apps😇
Click the link below to watch it now 👇🏻
#infosec
#bugbounty
12
84
409
NEW VIDEO: Finally the interview with
@Th3g3nt3lman
is up! Watch the video as he shares details about his recently disclosed bug which paid out $30k+, useful tips on recon, methodology, full-time bug bounty & a lot more!
#bugbounty
#infosec
#bugbountytips
18
99
409
NEW VIDEO! 🎥
This one is about NoSQL injection attacks 💉 //
Click the link below or tap the one in my bio to watch!
#bugbounty
#infosec
#bugbountytips
10
64
394
I’m giving away 2 passes for the
@bsidesahmedabad
conference happening in October. ✌🏻
If you want the pass & can make it to the con, retweet and I’ll pick 2 of you!
63
322
383
My video on Web Cache Poisoning is finally up! In this video, I explain what are web caches, cache keys and how the WCP attack works! Like, share & subscribe if you learnt something new 🥰
Don’t forget to participate in the
@PentesterLab
giveaway 🎁
12
61
380
As a hacker, what’s the most you’ve spent on a tool/service and what was it? 💸
112
21
359
This needs to be called out. It’s been only a month since I’ve been on YouTube and I’ve already thought about quitting the platform MULTIPLE times bcz of these bs comments from self appointed gatekeepers
@ceos3c
You'd be surprised with how sexist some members of the community can be, especially those who have decided I'm not a real hacker or I'm only popular because I'm a woman, etc
6
4
56
101
50
370
Just adding some final touches to my next video on postMessage() vulnerabilities. Be prepared to dive into some JavaScript🧐😛
10
12
368
The Bug Bounty Playbook v1 is a great book to use as a reference while doing recon.
It’s super practical with loads of helpful tips + goes through many workflows.
You can find it here:
#sponsored
(but loved)
10
74
360
Inspired by my own video about P1 bugs, I found a sensitive info disclosure bug on
@DisneyPlusHS
using Google dorks! Aaaand they sent me some cool goodies for it 🤩
16
11
362
Thank you so much for 5K subscribers!!! I’m so ecstatic and this is just the beginning of my journey! I’ll be doing a giveaway for
@PentesterLab
subscriptions to celebrate this milestone really soon so stay tuned!!
#bugbounty
#pentesterlab
#infosec
30
15
363
India's new Data Protection Bill will fine companies up to ₹250cr for data breaches that leak personal data.
Will this change the cybersecurity game in India?
28
44
350
Hi! After many requests on my last video, I have made a video about 5 P2 bugs that I noticed are super common from my experience as a triager.
Click the link below to know what those bugs are and get some insights from a triager’s POV. 😇
#bugbounty
17
37
361
Can’t believe I hit 10K subs 🎉 🎉 A HUGE thank you to everyone who supported me. I wouldn’t be anything if it wasn’t for your encouragement💓. Thank you for believing in me ❤️🥰
25
4
345
New YouTube logo🥳 How do we feel about it?
Illustration was made by Samuel Tyler from
@Bugcrowd
🧡
23
2
345
Just booked flights to participate in my first ever live hacking event. 🚀
Cannot wait to see some amazing hackers irl 🥳
11
6
340
YOUTUBE FAM IS NOW FULL OF 20K AWESOME PEOPLE! THANK YOU THANK YOU THANK YOU ❤️❤️❤️🥳🥳
23
4
337
Challenging myself to learn code reviews (with a focus on PHP web apps) in the next 21 days 🔍
Starting with
@PentesterLab
‘s code review badge, I’ll keep this thread updated with my journey🧵
Drop down any other good code review learning resources👇🏻
14
60
323
At the
@ekoparty
Argentina, thanks
@github
for giving me this awesome plushie and letting me win the raffle TWICE!!! 🥳
#GithubEko23
6
3
321
My new MacBook came in today 🥰🥰
Feels so weird to have a sticker- less laptop now 😂
26
2
311
NOT MY VIDEO embedded on the
@GoogleVRP
website omg🥳🥳🥳
Huge thanks to
@LiveOverflow
for giving me this opportunity to collab with all these amazing people 😄
13
11
308
My next video on Web Cache Deception is almost finished☺️ For those who don’t know about it, I hope you get to learn something new from this video! 😄
9
8
307
Gonna take a little time off from creating videos. My university exams are coming up after multiple delays & I’m hoping that nothing changes this time so I can peacefully graduate this year 😄 Thank you for understanding 🙏🏻🤗
20
1
289
What do you use to automate API discovery?
I recently came across Akto- it’s an open source API security product which can do this & it also has 100+ security tests for bugs like IDOR and SSRF.
Try now:
GitHub -
5
78
287
Extremely happy to announce that I’ll be interviewing bug bounty hunter and zen monk
@akita_zen
for a video on my channel coming really soon! 🤩🤩 If anyone has any questions for him, drop them below 👇🏻
27
12
279
Super excited to be speaking at
#NahamCon2022
🥳
I’ll be sharing some insights/tips/rants about the other side of bug bounty. See you soon👋
7
20
272
Hi! I’m really excited to announce that I’ll be interviewing
@ChloeMessdaghi
, ethical hacker advocate and Founder of
@WomenHackerz
for my YouTube channel. Feel free to drop in any questions that you might have for her. ☺️☺️
17
20
263
Currently working on a video about JWT and it's attack types. I see JWT used in a lot of BB programs and I can see it getting used more frequently. Hopefully this will help a lot of newbies to understand JWT better! Let me know if you have any suggestions for the same! :)
11
10
256
So
@snyff
has generously offered to match my
@PentesterLab
gift so I’ll be giving away 4 of them in total. To enter you have to reply to this and tell me what kind of content you would like to see on my YouTube channel. I’ll be picking the 4 winners on 1st July☺️☺️❤️
219
31
261
NEW VIDEO 🚨
In this one, I am showing how I analyse some code snippets to find an IDOR vulnerability 🔍
Click below to watch:
6
44
252
I had such an amazing time speaking with
@NahamSec
for his show! Check this out if you want to get to know me and my journey a little more 😸🤗
Check out my latest Lazy Recon video where I interviewed
@Farah_Hawaa
about her bug bounty journey. We talked about mentorship, Javascript, creating content and more!
4
20
171
6
20
256
Everyone wants to know how to hack APIs😄
@hakluke
and I wrote this blog for
@detectify
on everything from setting up an API hacking environment to different bug types and fixes! 🐜 👩💻
#APIs
are everywhere.
tl;dr:
🔎 API vuln types
🚧 Mitigation techniques
🛸 Conspiracy theory
Check out this guide to hacking APIs in 2021 by
@hakluke
and
@Farah_Hawaa
⬇️
9
317
658
5
50
251
Ramadan Mubarak to anyone participating and fasting for the next month! 🌙 I wish you good luck and good health 😇😸
19
8
243
Super excited for this! 😄
NEW SHOW ANNOUNCEMENT🚨
@Farah_Hawaa
is joining the show for an introduction to some authentication flows in OAuth 2.0 followed by a demo of a few common bug types that can be found in them! RSVP🔗 Sponsored by
@AppSecEngineer
2
19
92
8
24
245
New video is up! This one’s about how to get your report triaged faster by following a few simple steps⏩
As usual, I’m sharing the insights I’ve learned from being a triager
@bugcrowd
Click the link below to watch the video
#bugbounty
#cybersecurity
4
37
241
To all the relatives & friends asking us to recover your accounts:
Please contact support because we genuinely can’t do anything about it and somehow we still end up feeling like a disappointment for not being able to help 🥲
9
25
234
Can we start a petition to start adding local snacks to swag packs? 👀
I would love to try snacks from different parts of the world 🥲
17
10
236
New VLOG!! 🎥
This is my first-ever vlog where I ended up touring the
@Bugcrowd
office & also met
@caseyjohnellis
15
12
231
Hi! The interview with
@akita_zen
is up on my channel! We talk about his
#bugbounty
methodology, avoiding dupes & he also shares some tips on finding subdomain takeovers and for beginners to get started! Grab a snack & click the link below to watch now!
7
39
223
I just bought the
@Raspberry_Pi
4 and lots of people on my Instagram wanted to see videos about it but I’m not really sure where to start 🤔
pls drop in some suggestions ⬇️
33
5
228
Happy new year Twitter fam 💗 I hope this year is better than last year for everyone 😸
I know I’m late but I was quite sick the past few days but I’m back now and there’s more content coming your way real soon 🥰🥰☺️
#HappyNewYear2021
9
2
217
New video is up 🥳 🎥
There are so many job families in
#infosec
to choose from when you start out! 👀
Click here & watch to find out a few!
6
19
219
Finishing up my next video on GraphQL. I’m so excited for this video and I can’t wait for all of you to watch it!! 🤩
P.S - A giveaway will also be announced in this video 🥰
16
5
215
What do you guys do to get your mind off of work post working hours?
I often find myself ruminating about work stuff even after I’ve decided to stop for the day 😅
P.S - “work” includes job/bug bounty/content creation
52
2
221
Eid Mubarak 🌙🌙
Wishing all of you who celebrate a lovely day with all your loved ones! 🤍🤍
21
2
217
Super excited to give a talk on hacking JWTs for the
@Owasp_DevSlop
show! Catch me live at 10:30 pm IST on 11th October on their YouTube channel🤩
📅October 11 ⏰10AM PDT / 1PM EDT
Meetup RSVP/Reminder🔗:
YouTube Live 🔗:
0
7
27
8
28
217
Bug Bounty Playbook 2 is great for learning post-recon exploitation techniques 🙌
It shows how to approach apps by analyzing their tech stack & you'll learn to create impactful POCs for bugs beyond OWASP's top 10!
Check it out here:
#sponsored
(but loved)
5
42
221
A new video is up! 📹
This one is about super-impactful clickjacking reports that were paid out 4-digit bounties by Twitter & Google. 💰
Watch the video to see what made them impactful:
#bugbounty
#infosec
#clickjacking
5
21
211
Diwali prep had made the city super colourful and I’m here for it 🎉
18
2
217
Made it to Ahmedabad for
@bsidesahmedabad
conference tomorrow! ✌🏻
If you see me, please come say hi 🙂
15
7
211
