Hazem
@H4cktus
Followers
2,987
Following
292
Media
158
Statuses
1,118
Lead Offensive Security Engineer @cyrextech | PT bug hunter
Joined January 2017
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
Haitian
• 601618 Tweets
Springfield
• 434078 Tweets
LINGORM NEW SERIES
• 298184 Tweets
Hill
• 289146 Tweets
Tyreek
• 265283 Tweets
Yunes
• 176341 Tweets
PS5 Pro
• 159268 Tweets
PlayStation
• 134726 Tweets
Sony
• 121538 Tweets
كادش
• 71217 Tweets
ZEEPRUK IN NY
• 65588 Tweets
Labour MP
• 51763 Tweets
#الكويت_العراق
• 49738 Tweets
バーレーン
• 48244 Tweets
chappell
• 45506 Tweets
Maiduguri
• 41937 Tweets
Prevención del Suicidio
• 34296 Tweets
最終予選
• 29365 Tweets
Día Mundial
• 28074 Tweets
Campeche
• 23756 Tweets
Daniel Barreda
• 21415 Tweets
Swalwell
• 20772 Tweets
レダーヨージロー
• 18083 Tweets
ゲーム機
• 15601 Tweets
اليابان
• 15143 Tweets
Fang Fang
• 13144 Tweets
Switch 2
• 13011 Tweets
Bernstein
• 13008 Tweets
60fps
• 10005 Tweets
As 2023 comes to a close, I'm thrilled to share my milestones for the year:
- Surpassed 100k in bounties on
@Hacker0x01
, with over 100k earned solely in 2023.
- Reached 4.5k reputation, gaining 3200 of it in just the last few months of the year.
- Ranked second in the Turkish
32
12
287
Yay, I was awarded a $15,000 bounty on
@Hacker0x01
!
#TogetherWeHitHarder
I don't usually tweet such things but that's a new milestone for me :)
last week I focused on a single program for 2 days and ended up with 4x critical, 1x high, and 1x medium.
28
12
277
Believe it or not, this laptop from 2013 is the reason I am where I am today, and I will always be grateful for it haha
Despite its really poor condition, I'm amazed it still functions!
I discovered my first bug around 2018 using that laptop and it was also the device I used
8
9
237
In August, I earned approximately $50,000 on
@Hacker0x01
, and can finally say that I'm 1 report away from crossing the 3k reputation. Here are the details:
📨 Total Reports: 24
✅ Validated: 22
⚠️ Severity: 2L / 2M/ 8H / 12C
💰 Bounties: $50,830
29
9
197
CSRFs are dead? Well, I don't think so 😄
@emre_selim8
and I were awarded $3000 for exploiting a CSRF vulnerability that compromised an entire organization on
@Hacker0x01
.
Happy hacking, everyone :)
12
9
197
We hacked
@Hacker0x01
's Hai back in Feb with
@rez0__
, Well definitely disclose it once they fix it ;)
8
5
185
I published my first blog post discussing a bug that I had tweeted about a few months ago.
As this is my first blog post, I would love to hear your feedback on it !
#bugbountytip
#infosec
#bugbountytips
#PenetrationTesting
10
46
169
What an event! Thrilled to have received the Eliminator award for scoring the best bug on a specific skill set from
@EpicGames
!
A huge thanks to
@Hacker0x01
for hosting this event. I hope to attend in person next time and meet this amazing community ❤️
#h1702
30
3
170
Yay, I was awarded a $3,000 bounty on
@Hacker0x01
!
out of scope subdomain takeover to full account takeover.
when you come across a bug don't hurry up and report it, chain it 🙂
#TogetherWeHitHarder
#bugbountytips
9
4
153
16
6
149
🧵 1/9
I'm often asked about my initial steps in game hacking engagements, whether for penetration testing or bug bounty hunting. My answer surprises some: "Tutorial." That's right. Let's dive into why this is the go-to for me.
#BugBounty
#PenTesting
#GameHacking
#bugbountytips
5
25
131
A new day, A new blog!
Note: This SSO login option was there for around a few months and I never bothered to test for such a bug thinking it would be duplicate or 90% wouldn't work
#bugbountytips
#bugbounty
4
42
129
And it's disclosed!
We hacked
@Hacker0x01
's Hai back in Feb with
@rez0__
, Well definitely disclose it once they fix it ;)
8
5
185
6
7
121
I've just hit a new milestone with a 4K reputation on
@Hacker0x01
! Astonishingly, nearly 3K of that has been earned in the past few months of 2023 alone, surpassing all my expectations. Time for 5k!
8
1
110
🎃 Unveiling the Arcane Art of Intercepting HTTPS Traffic in Desktop Apps & Games!
NOTE: This journey is fraught with challenges like SSL pinning - a hurdle I'll tackle in my next tweet. For now, let's master the basics.
⏪ Quick Recap: In my last thread, we explored bugs in
5
14
91
🔓 Mastering the Enigma of SSL Pinning Bypass for Desktop Apps & Games 🕹️
🔄 A Brief Recap: We've scaled the lower slopes—setting up proxies and redirecting traffic with finesse. Yet, SSL pinning stands as the daunting gatekeeper. It's our mission to deftly pick this lock,
1
14
89
It's raining bounties adjustments in
@Hacker0x01
's hacktivity page rn
What a lucky day to wake up on 5-10k bounty out of no where 👀
4
2
82
Achieved a 12-month streak on
@Hacker0x01
! This year was incredibly challenging as I juggled a full-time job, university studies, and consistent participation in bug bounty. I guess I will take a long break lol
5
0
74
My non geek gf decided to surprise me in my birthday , well , I’m speechless that she came up with these ideas especially for the cactus hoodie and the hacktus shirt 😅
8
1
69
Unfortunately, my UK visa was rejected, so I’ll be attending this LHE virtually—again! :')
Looks like no in-person LHEs for me this year, haha.
Would have loved to meet you all there!
8
0
70
🎮 Diving Back into Games-related Bugs!
1. Daily Rewards? 🗓️
Although we talked about it last time, this specific one can have a lot of attack vectors. Ever wondered if you could trick a game into giving you daily rewards early? Turns out, you often can. It's as simple as
2
7
66
I believe this was one of my first AI-related engagements on
@Hacker0x01
with Snapchat's new txt2img and img2img models back in 2023.
It was a really fun engagement; I never imagined a day where I would be getting paid to make some weird AI prompts 😝.
7
0
63
@Jayesh25_
Nice one
@Jayesh25_
!
Bombon has some pretty good blogs about these kinds of bugs here if anyone is interested.
3
9
55
A new blog about how me and
@dreyand_
were able to takeover an organization using a few seemingly harmless bugs.
Please let me know if you encounter anything while reading, would love such feedback :)
#bugbountytip
#infosec
#bugbountytips
#BugBounty
2
16
56
Hacktivity page on
@Hacker0x01
got another update where it shows if the report was a collaboration or not 👀
2
0
54
This year is flying by, and in the few months that I worked as a BH part-time, I managed to accomplish a lot more than I had in the previous year. I'm excited to join the 2k club on
@Hacker0x01
:)
My 2022
#BugBounty
report card:
- Did bug hunting for 3 months\
- passed 1200 rep with over 22 impact and 7 signal
- Made ±20k from 3 programs.
- Joined
@cyrextech
as a penetration tester
- Got accepted in Synack
#bugbountytips
1
0
49
2
3
52
Diving Back into Games-related Bugs! , especially, cards related games!🕹️💻
it's been a while since I tweeted about these kind of flaws, so here we are adding 3 more common bugs I see in games into the list ;)
In the landscape of online games, particularly those involving cards
3
6
52
My 2022
#BugBounty
report card:
- Did bug hunting for 3 months\
- passed 1200 rep with over 22 impact and 7 signal
- Made ±20k from 3 programs.
- Joined
@cyrextech
as a penetration tester
- Got accepted in Synack
#bugbountytips
1
0
49
I'm finally Clear Verified
@Hacker0x01
!
It took that long due to an error occurred in h1 email logs but finally, it got sorted out.
I'd like to thank
@Arl_rose
for helping me out on this matter.
6
0
47
I actually disclosed this because the chats are funny lol
1
1
48
Got some great feedback from a
@Hacker0x01
private program!
Such comments have the same motivation feeling as getting a bounty for me 😄
3
0
46
Everytime I get this notification I get excited thinking that one of my bugs got paid 🙃
@Hacker0x01
5
0
36
More of Games-related Bugs!
If you prefer to read with markdown enabled, I got you ;)
Exploring Chests or Boxes: Unraveling the Secrets 🎲
In the digital realm of gaming, chests and boxes are akin to Pandora's Box, each unveiling unique rewards and
0
4
38
What a quarter! However, with uni starting tomorrow you will not see me again till the end of this year 🥲
@alicanact60
5
0
38
Thanks for the new update :P -
@Hacker0x01
@jobertabma
I was duplicated of a report that was submitted after me and just noticed it thanks to the new update.
2
1
37
when you think that you picked a nice fresh program and then they hit you with duplicates only.
#bugbountytips
#infosec
#bugbounty
#bugbountytip
1
0
35
This is the first time I rank first on the Turkish leaderboard for this quarter
@Hacker0x01
, which I have to say, pretty competitive leaderboard it is thanks to people like
@alicanact60
and
@P3ntestoR
😅
Hope it will last till the end of the quarter !
7
0
34
My first in person Live Hacking Event gonna be
#1337UP1023
!
Thanks
@intigriti
,
@IntelSecurity
for the invitation.
See you all in Lisbon 🇵🇹 “ if my visa process went smoothly lol “
3
1
29
When I decide to work with a new target, I tend to send in just one report to begin with. I like to see how they manage their program first. If I like what I see, then I'm all in and put all my time into that program.
2
0
27
DALL·E 3 magic! 🎨 I used it to visualize my blog post at . Where I made it look like a bug climbing out of a subdomain as if it's taking it over and dropping ASP cookies on my keyboard as if it's sharing it.
0
2
26
I won’t be removed from all of these programs if i were banned from h1 lol , I hope
@Hacker0x01
will be able to fix this clear issue soon enough.
3
0
26
Lmao was it necessary to create such POC? it was obv that you had a bug no need to prove it in such way
1
17
151
4
0
24
@alicanact60
@oz9un
AC:H as the attack requires the hacker to have at least 1 laptop which is hard to get with this current economy.
2
1
25
I love such comments, when the program appreciates the amount of time and effort you had to make to come up with such a report :) - feels better than bounties lol
0
0
23
Invited to a program where is the only scoped asset, and it redirects to for operations, would you test or consider it out of scope? keep in mind that is just a static page
#BugBounty
6
0
21
unpopular opinion:
@Hacker0x01
should stop removing programs from researchers' thanks page if the researcher left the program or the program got closed
2
0
20
In November, I submitted 18 vulnerabilities to 2 programs on
@Hacker0x01
.
#TogetherWeHitHarder
1
0
20
@securinti
I got 200-300$ " I don't remember " for an admin panel bypass that affects the in scope org, and was told that it was found via an OOS asset and they are being " generous " for offering a bounty for that.
2
1
18
@Jayesh25_
I’m thinking it’s time for Jayesh to do a shift career from a bug hunter to an influencer already.
2
0
18
Does
@instagram
have an actual support team instead of these stupid bots they keep forwarding me to ? After 10 years of using their platform they disabled my account for no reason lol
20
0
6
@Hacker0x01
@Jayesh25_
@X
@Jayesh25_
is one of the most talented and humble hackers I've ever worked with, besides this huge milestone he is about to hit the top 10 on HackerOne all time soon as well! waiting for another post from
@Hacker0x01
on that and maybe a hacker interview 👀
2
0
15
@exploit_msf
@Hacker0x01
Amazing !
securing multi millionaire companies for free.
I really hope these 644 0$ bugs will cover your expenses in life :D
2
0
14
@intigriti
There is no sanitization of the user input which may lead to XSS, you can craft an XSS payload that can extract the credit card number from the HTML response, and send it to the attacker's server.
1
0
14
In October, I submitted 11 vulnerabilities to 6 programs on
@Hacker0x01
.
#TogetherWeHitHarder
1
0
15
6/🤝 For all the beginners out there, VDPs can be a stepping stone that prevents quick burnout and keeps the passion alive. Let's change the narrative and encourage every step of the journey, big or small!
#InfoSec
#HackerJourney
0
0
15
We are hiring again
@cyrextech
!
If you know someone who might be interested, please let me know ;)
#hiring
#job
0
1
14
I think it's time to normalize that privileges required should be set to none when you can sign up easily under 1 minute.
#bugbountytips
#infosec
#bugbounty
#bugbountytip
0
2
14
1/📊 First things first, let's take a look at my personal journey in the realm of infosec, as depicted in the attached chart. I began my
#hackerone
journey in 2019, and it offers an interesting perspective on VDPs vs. paying programs.
1
0
14
5/🌟 Moral of the story: Starting your
#BugBounty
career with VDPs isn't a step back. It equips you with invaluable experience, teaches effective communication with triagers, helps you craft impactful reports, and most importantly, bolsters your confidence in your abilities.
1
0
14
@Jayesh25_
@Hacker0x01
Collaboration is undoubtedly beneficial. It motivates you and increases your commitment because you're not working alone and need to align with your partner. However, the crucial aspect of collaboration is choosing the right collaborator, which is often the most challenging part.
1
0
13
@Hacker0x01
I started working on the new scope the program provided 7 mins after announcing it, was a small scope that's why it took 2 days max. got a bit lucky there :)
0
0
11
@bxmbn
It’s that time of the year again.
You’re pointing at Peter as if he has a say in who gets invited and who doesn’t , and as many fellow hackers already told you that, it’s not just about skills and it will never be.
I wouldn’t like to invite someone to a LHE who will keep
0
0
11
Was a really lucky finding ngl !
1
7
40
0
0
11
@cyrextech
- Met and collaborated with cool hackers such as
@monkehack
,
@samm0uda
" make sure to give them a follow! -
- Got to know and learn from some other cool hackers such as
@pmnh_
,
@0xGodson_
,
@0xDexter0us
,
@0xDexter0us
,
@kazem721
,
@equat0rium
,
@_N0xi0us_
, etc
3
0
11
@cyrextech
@monkehack
@samm0uda
@pmnh_
@0xGodson_
@0xDexter0us
@kazem721
@equat0rium
@_N0xi0us_
make sure to follow these as well
@rs_loves_bugs
,
@Bubby963
,
@dreyand_
,
@bendtheory
,
@iustinBB
,
@ryotkak
,
@ArmanSameer95
!
0
0
11
@intigriti
Unfortunately, we cannot add you to the original report as this report contains additional information that we cannot share with you. This may include personal information or additional vulnerability information that shouldn't be exposed to other users.
1
0
11
Team
#Turkey
is going to the next round !
Well played other teams, was really nice competition 🔥
That's a wrap for Round 1 of the
#AmbassadorWorldCup
! Congrats on an incredible round of teamwork. 🙌
Take a look at the stats! 📊
👨💻 239 hackers
🪲 262 valid bugs
💰170 bounties awarded
🤑 $515K in bounties paid (so far)
See the full recap here:
3
29
174
1
0
11
@renniepak
@hgreal1
@hgreal1
restored my stolen NFT account in no time and he didn't ask for anything in return. He also saved my friend
@monkehack
when his crypto wallet got stolen.
3
1
6
@ilhan_mercan
@Hacker0x01
Can't we spice it a bit more? hiding the program name and showing it alongside the bounties " if set to public " in the profile hacktivity page the same way as it's being done with reports to public programs -
@ilhan_mercan
2
0
10