Hammad 🇵🇰🇵🇸
@Hammad7361
Followers
3,804
Following
122
Media
103
Statuses
971
Explore trending content on Musk Viewer
U STEAL MY HEART 1STMEET
• 121918 Tweets
重陽の節句
• 86346 Tweets
昭和99年
• 67165 Tweets
WHERE DO WE GO
• 61541 Tweets
高市さん
• 57000 Tweets
BTS is 7
• 53960 Tweets
Official MV
• 51180 Tweets
Yusuf Tekin
• 44767 Tweets
バースデー
• 44087 Tweets
Good Monday
• 38777 Tweets
#CDTVライブライブ
• 37360 Tweets
LINGORM CHEFPOM
• 21296 Tweets
ジャミル
• 20680 Tweets
フルサイズ
• 18388 Tweets
gelinlik
• 17142 Tweets
神ちゃん
• 14510 Tweets
PIERROT
• 10769 Tweets
Pinned Tweet
Finally today I achieved P1 Warrior Level 1, In Sha Allah soon I'll achieve P1 Warrior level 2 😍 Thanks
@Bugcrowd
#ItTakesACrowd
#bugbounty
Keep pushing yourself to achieve your goals and one day you will 🫡😎
35
9
230
Found another SQLi on
@Bugcrowd
's private program
#ItTakesACrowd
#BugBounty
#bugbountytips
#bugbountytip
Tip: Use this payload 0'XOR(if(now()=sysdate(),sleep(15),0))XOR'Z
In the value of every parameter and check if response delays according to the provided time in payload
26
185
685
Reported my 3rd P1 on
@Bugcrowd
Thanks
@RelentlessT7
for the fast Triage 😍
#ItTakesACrowd
Tip: Used this payload /0'XOR(if(now()=sysdate(),sleep(10),0))XOR'Z/ in the URI Path.
#BugBounty
#bugbountytips
#bugbountytip
#infosec
22
92
347
Wow the fastest Triage on
@Bugcrowd
I have ever experienced.
Triaged in 4 minutes 🫣😍
Tip: payload used in POST request parameter (SELECT*FROM(SELECT(SLEEP(10)))a)
#bugbounty
#bugbountytip
#bugbountytips
#SQL
#infosec
#bugcrowd
#ItTakesACrowd
9
49
269
Started my journey in BugHunting from Nov 2021 and here is my 2022 report:
-Earned $12600 in total
-Submitted 130 reports
-74 Duplicate
-29 Rejected
-27 Accepted
#BugBounty
#infosecurity
@Bugcrowd
#ItTakesACrowd
18
20
245
Another hit! Let's hope it gets accepted 🙌🏻
Bt the way Is it just me or everyone facing Slow Triage experience on
@Bugcrowd
from last week?
#bugbounty
#infosec
#infosecurity
#bugbountytip
#bugbountytips
Tip: site.tld/xyz/xyz/xyz/?path=../../../../../../../../../etc/passwd
17
14
243
This week was very exciting for me.
Reported my first P1, Thanks
@Bugcrowd
for an Amazing platform.
#ItTakesACrowd
#BugBounty
#infosec
#bugbountytips
#bugbountytip
12
11
213
Happy Ramadan to everyone 🌙✨
and thanks
@Bugcrowd
for being such a great platform
#bugbounty
#bugbountytips
#ItTakesACrowd
#infosecurity
Tip: If you find any SQL Injection in a target, send me the target I will give you more SQLs😂
17
13
214
Spent 8 hours straight on
@bugcrowd
to identify these 😮💨
let's see how it goes👀
#bugbountytips
#bugbounty
#ittakesacrowd
#infosecurity
Tip: always try to find places where you are able to store values and test them for Stored XSS
14
10
201
Al-Hamdulillah All Triaged got Accepted ☺️ Thanks
@Bugcrowd
for providing opportunities
#Ittakesacrowd
#bugcrowd
#bugbounty
#infosec
15
3
198
Al-Hamdulillah reported 2 more SQLi on
@Hacker0x01
#bugbounty
#SQL
#informationsecurity
Tip: take some time to hunt on other platforms also 😉
19
6
186
Reported my 2nd SQLi on
@Bugcrowd
#ItTakesACrowd
Hope its not dup it will be my first Accepted P1 on Bugcrowd 🫣
#BugBounty
#bugbountytips
Tip: You always not get error using a ' (single quote).
See the thread below How I found and confirmed it
19
30
189
Al-Hamdulillah 😍
SQLi everywhere 😅 3 Triaged 1 Triaged -> Duplicate
on
@Bugcrowd
#bugbounty
#bugbountytip
#bugbountytips
Tip: Don't just fire the payloads blindly, try to understand the application where the request is interacting with the Database and then go for it !
13
13
187
Al Hamdulillah made some nice bounties before my exams so that I can focus on studies but new invitations are distracting me from studies😂
Thanks
@Bugcrowd
for providing good programs to hunt
#bugbounty
#ItTakesACrowd
#infosec
Bugcrowd always send good invitations on my exams 🥹
8
3
178
Eid Mubarak to everyone 🌛
First Exceptional report on
@intigriti
BBP program
let's see how it goes 💪🏻
I don't hack for free
#bycottVDP
#BugBounty
#infosec
14
7
186
That's really amazing 👏🏻 Trim_Bugcrowd is Triaging submissions even on Sunday 🫣
#BugBounty
@Bugcrowd
#infosec
#infosecurity
12
5
171
After alot of duplicates I was awarded my first bounty of 2023 on
@Bugcrowd
#ItTakesACrowd
#BugBounty
14
6
160
When you are addicted to hacking 😅
Hunting during exams, found 3 RXSS on
@Bugcrowd
#ItTakesACrowd
#BugBounty
#bugbountytips
#bugbountytip
#infosec
Tip: Didn't found anything to test on this subdomain from any source but found a juicy path using
3
25
162
Al-Hamdulillah for everything❤️. Getting my hard work paid off! Thanks
@Bugcrowd
for the opportunities you provide!
#ittakesacrowd
#bugbountytip
#bugbountytips
#bugbounty
#infosecurity
Tip: Master 1 vulnerability type and keep learning more n more of it, +make notes of it too
12
6
167
Halfway done for August, not spending much time this month. Sometimes, you need to take care of your health too ✌️
Thanks
@Bugcrowd
#Ittakesacrowd
#BugBounty
#infosec
#infosecurity
18
4
165
Does anyone know why getting empty 0 size files while downloading the .php files from a Directory Listing? when .php files have size on Directory Listing?
#bugbountytips
#bugbountytip
#BugBounty
36
9
158
Everyone should hunt on different platforms also,
I usually hunt on
@Bugcrowd
but sometimes I hack on
@Hacker0x01
also when I am bored
Reported 2 SQLis on Hackerone 1 Got Duplicated and other Got Triaged Al-Hamdulillah 🥰
#BugBounty
#bugbountytip
#infosec
9
3
146
Took me 13 min to bypass the fix and report the XSS again on
@Bugcrowd
#ItTakesACrowd
#BugBounty
#infosecurity
Lets see how it goes 😅
6
1
146
In June I submitted 11 vulnerabilities to 4 Programs doing only little hacking on
@Bugcrowd
and earned some Good bounties $$$$
#bugbounty
#ItTakesACrowd
#infosec
12
4
132
Just discovered a new CVE
Severity: Medium
Bug type: RXSS
#BugBounty
#bugbountytips
#infosecurity
Shoot me a DM for collab if anyone is interested
Note: You should know how to find targets using specific service
7
2
140
First P1 of 2023 on
@Bugcrowd
#ItTakesACrowd
#bugbounty
#bugbountytips
Tip: used ' (single quote) in POST request parameter and got this MySQL error after that gave it to by
@r0oth3x49
and successfully fetched the Database
7
20
138
This month I am trying to get on monthly Top 10 Leader Board on
@Bugcrowd
let's see how it goes 🙂
#bugbountytips
#bugbountytip
#Bugbounty
#infosecurity
see the (🧵) below for tip:
10
5
133
Was unaware that P3 level XSS are OOS and got -1😂
Then escalated it to P2😉
@Bugcrowd
#bugbountytips
#bugbounty
#infosecurity
#Ittakesacrowd
Tip: Always upgrade your XSS to P2 atleast,
Steal session cookie, Update password/email or other sensitive information. DM if you can't😂
5
7
129
Yay I was awarded my first bounty on
@Hacker0x01
#BugBounty
#infosec
It was a Stored XSS but they set the severity to Medium because it required 1 user interaction according to them. Even though it was triggering on Admin-role and it was possible to takeover Admin-role.🫤😂
14
4
126
The program is slow but it's worth hunting it !
I hope will be able to climb monthly leaderboard first time😂 on
@Bugcrowd
#bugbounty
#infosecurity
#ittakesacrowd
12
3
123
In the previous month, I worked a lot to get my name in the monthly leaderboard, and successfully, I secured the 5th rank, but that made me too much restless. Had decided to rest this month, but some programs are just love ❤️
#bugbounty
#infosec
#Ittakesacrowd
@Bugcrowd
13
0
122
Al-Hamdulillah hard work payed off!
Secured 5th rank in P1/P2 and 9th rank in P1/P2/P3/P4 in April's Leaderboard on
@Bugcrowd
@codingo_
#Ittakesacrowd
#bugbounty
#bugbountytips
Tip: "Don't be a Jack of everything and King of nothing."
Master 1 vulnerability type atleast
13
0
117
19 Reports pending on
@Bugcrowd
and Just found a Stored XSS with help of ChatGpt cuz I don't know about these languages very much like Python etc
Tip: Use AI to get help in things you don't understand or don't know
#bugbountytip
#bugbountytips
#bugbounty
#infosec
#infosecurity
5
1
118
Missed so many opportunity because I checked the new scope very late and the program also didnot made any announcement😥
It will be a duplicate rain on XSS😂 But SQLi got Triaged🫰by
#Tal_Bugcrowd
within 15 min of submitting
#bugbounty
#infosec
@Bugcrowd
#ittakesacrowd
13
1
116
Hi Bug bounty hunters!
I am first time going to analyze the JS files to find security vulnerabilities e.g Finding endpoints/parameters/secret data/info leak anything.
I have 0 experience in this. Can anyone share some tools/tips to do so?
#bugbountytips
#infosec
#bugbounty
7
10
116
This type of feeling is different🤩 Thanks
@Bugcrowd
for every opportunity
#ittakesacrowd
Program Resumed 11:04
Reported 8 Stored XSS
Program Closed again 11:09
Program Owner Be like: I should not have resumed it😅
#bugbounty
#infosecurity
#infosec
8
1
111
3 Triaged remaining 5 are yet to be Triaged😉
@Bugcrowd
#BugBounty
#infosecurity
But not satisfied with severity it should be P1 as I'm able to takeover other researcher's account. Since Stored XSS doesn't require user interaction & ATO without user interaction is P1
@codingo_
?
9
1
109
Resolved? No problem 😜 Bypassed both reports and Alhamdulillah Triaged
@Bugcrowd
#bugbounty
#bugbountytips
#ItTakesACrowd
#infosecurity
Tip: Use ` ` back quotes when () parantheses are blocked
6
8
99
Al-Hamdulillah, even having a very busy routines managed to secure some programs on
@Bugcrowd
#bugbounty
#bugbountytips
#infosec
Tip: For stored xss, when you store input somewhere, do check page source of every page bcuz sometimes your payload executes on other paths
7
2
103
Al-Hamdulillah😍 The preparation of getting my name on April's Top 10 Leaderboard is going very well. Thanks
@Bugcrowd
for every opprtunity
#Ittakesacrowd
#BugBounty
#infosecurity
7
0
92
Thanks
@bxmbn
for motivating me that I can find something juicy during my exams and I scored my highest bounty of all time on
@Bugcrowd
#ItTakesACrowd
#BugBounty
11
1
90
Al-Hamdulillah, now I am Top 250 worldwide on
@Bugcrowd
#ItTakesACrowd
#BugBounty
#infosec
#infosecurity
Next goal to get in Top 200 😎
8
0
93
Yeeeet😬 Hope it get Accepted long time I have not submitted a P1 bug 😂
@Bugcrowd
#bugbounty
#infosec
#infosecurity
3
3
89
6
2
88
My frist accepted vulnerability on
@intigriti
Many more to come 😉
#bugbounty
Hey
@intigriti
send me some good private programs haha 😆
7
3
84
1
0
85
12
3
85
Al-Hamdulillah I am Ranked 5th [ P1 , P2 ] & 6th [ P1 , P2 , P3 , P4 ] in July Leaderboard on
@Bugcrowd
#BugBounty
#infosecurity
#infosec
7
1
82
Another hit found another SQL injection and is now pending for program review on
@Hacker0x01
#bugbounty
#infosec
3
2
80
#2023goals
#infosec
#BugBounty
My Goals for 2023 🎉
- Reach 1000 reputation points on
@Bugcrowd
(current points 331)
- Reach P1 Warrior lvl 4
(current lvl 1)
- Earn $50k bounties in Total
(current $12k)
- Buy a New House🏡
- Buy my Dream Bike😂
6
3
76
Al Hamdulillah secured the Top 10 monthly leaderboard in May also 🥳
Thanks
@Bugcrowd
for the opportunities
#Ittakesacrowd
#bugbounty
#infosecurity
4
0
77
Back after a long break 😂
I earned $300 on
@Bugcrowd
#ItTakesACrowd
#bugbounty
#bugbountytip
Tip: Always try to bypass resolved reports. also take a break it really worth.
0
4
68
When a program doesn't reward bounty for Low and Medium 😏 Just escalate your bug to High or Critical 😉
#BugBounty
#infosecurity
@intigriti
1
0
67
Weekend Triage by
@RelentlessT7
🥳 Best ASE on
@Bugcrowd
#Ittakesacrowd
#BugBounty
#infosec
#infosecurity
2
3
67
Satisfaction level 😮💨 time to take some break and rest
Thanks
@Bugcrowd
for great opportunities
#Ittakesacrowd
#BugBounty
#infosecurity
#infosec
5
0
65
Failed to exploit them using SQL-Map then tried
#Ghauri
from
@r0ot_h3x49
and by using simple commands, successfully fetched the Database😀
Everyone should hunt on different platforms also,
I usually hunt on
@Bugcrowd
but sometimes I hack on
@Hacker0x01
also when I am bored
Reported 2 SQLis on Hackerone 1 Got Duplicated and other Got Triaged Al-Hamdulillah 🥰
#BugBounty
#bugbountytip
#infosec
9
3
146
0
14
65
Good Bye
@2023
. It was a great year with alot of experiences ✨
1. I don't hunt much but earned more than in bounties from 2022 💰💰💰
2. Learned alot from twitter 🧑🏻💻
3. Completed many of dreams with the help of Bug Bounty🙌🏻
4. Got Married✌🏻
#bugbounty
#infosec
#HappyNewYear2024
4
0
64
6
0
62
Some ASEs are headache😮💨
Even you write a detailed POC they will not able to reproduce🙂
#BugBounty
#infosecurity
This type of feeling is different🤩 Thanks
@Bugcrowd
for every opportunity
#ittakesacrowd
Program Resumed 11:04
Reported 8 Stored XSS
Program Closed again 11:09
Program Owner Be like: I should not have resumed it😅
#bugbounty
#infosecurity
#infosec
8
1
111
9
0
61
Thanks
@Bugcrowd
for this amazing swag "bugcrowd gaming mat" Looks Cool with my setup 🙌🏻🔥
#ItTakesACrowd
#BugBounty
3
0
61
The beginning on
@Hacker0x01
was very bad when I didn't had much experience in Bug Bounty and made my profile Signal (-1)😂 Time to start hunting on Hackerone also and building my profile😇
Wish me luck🥺
1 Triaged on BBP
1 Triaged on VDP
#bugbounty
#togetherwehitharder
#infosec
3
1
59
Joining
@Hacker0x01
was a good decision at least getting something better than nothing
#TogetherWeHitHarder
#bugbounty
#infosec
Why the severity is set to Low can anyone from hackerone explain?
Target have Low in CVSS section so it means if I find critical it will be still low?
5
1
55
I was awarded $250 for my submission on
@Bugcrowd
#BugBounty
#bugbountytips
#ItTakesACrowd
@x_shebi_x
@XSaadAhmedX
@osamaavvan
Finally its accepted 😂🙌🏻
8
4
54
After 2 months of Triaged report I was awarded $$$ on
@Bugcrowd
#ItTakesACrowd
#bugbounty
Reward range was $100-$750 for P3 and they choosed to pay $100 😂, Submitted them 1 more XSS will have to wait 2 months again to get that $100 again 😂
4
2
53
🧵(1/1)
Scenario I faced:
First got 302 So I put ' and got 200 OK
I confirmed like this
No value --> 302 Response
' --> 200 OK
'' --> 302
''' --> 200
'''' --> 302
''''' --> 200
Then I gave it to SQL Map to confirm
2
10
49
Now I have to wait 2 months again to get rich 😂💰
#ItTakesACrowd
#BugBounty
@M7arm4n
#bugbountytips
Tip: Don't waste your time in this BBP
Hunt other programs instead! 🫤
2
1
51
0
3
48
@akita_zen
@Bugcrowd
I usually put %20'"><details open ontoggle=alert(1)> but if I get any WAF I then try sending half of payload to check which is blocked and try bypassing it
2
3
44
When you report a bug and Company immediately disable the feature causing that issue. Thank God I had made the PoC just before the feature was disabled.
@Bugcrowd
#ItTakesACrowd
#BugBounty
#bugbountytips
#bugbountytip
See the (🧵) for tip.
3
3
43
What the hell is going on
@Hacker0x01
? First report is Triaged then duplicate from a report made after me? Is it a joke?
#BugBounty
#infosec
@bug_vs_me
11
1
41
In January I submitted 14 vulnerabilities to
@Bugcrowd
, 12 Vulnerabilities to
@Hacker0x01
, 4 vulnerabilities to
@intigriti
and 1 vulnerability to
@HackenProof
#bugbounty
#infosecurity
4
0
35
Note: [ I will upgrade to latest top variant of any brand, Apple , Dell , Lenovo , Hp etc ]
Your suggestions would be appreciated
@hakluke
@badcrack3r
@h4x0r_dz
@OriginalSicksec
@0x_rood
@fattselimi
@Masonhck3571
@codecancare
#bugbounty
#infosec
#infosecurity
Hello guys,
I want to upgrade my Laptop, what are your recommendations? Is there any benefits to move from Windows to Mac ?
Rn I have Dell Inspiron 5515.
My requirements:
I want to do automation stuff
Load heavy files
Multi tasks
Plus, that damn Burp that cosumes a lot of memory
7
0
17
17
0
34
Al Hamdulillah ♥️, First time qualified for a Bugcrowd MVP Program 🙌🏻 Thanks
@Bugcrowd
for an amazing platform
#swag
#MVP
#ItTakesACrowd
#infosec
#bugbounty
1
1
32
Only way to overcome this issue is all bug hunters should unite to not hunt on VDPs , they will automatically turn their programs into BBP when they will need to pay platforms without getting submissions.
I have seen VDPs turning to BBPs when they were not recieving submissions.
Agreed 👍
Bug bounty platforms
@Hacker0x01
@Bugcrowd
@intigriti
…… should stop accepting VDP programs for companies that worth billions
#bugbountytip
#bugbounty
#infose
11
14
100
0
3
34
Hello Hackers,
Can anyone tell how can I extract all the scopes of all bug bounty + VDP programs ( Private and Public) that ai have in my account?
@ajxchapman
@GodfatherOrwa
@h4x0r_dz
@HusseiN98D
@Masonhck3571
#bugbountytips
#bugbounty
3
0
25
Share your tips. It will help every bug bounty hunter in the community who see this post🙌❤️
#bugbountytips
#bugbountytip
#infosecurity
#infosec
@h4x0r_dz
@hakluke
@garethheyes
@GodfatherOrwa
@OriginalSicksec
@badcrack3r
@bxmbn
@zseano
@codecancare
@Jayesh25_
Hi Bug bounty hunters!
I am first time going to analyze the JS files to find security vulnerabilities e.g Finding endpoints/parameters/secret data/info leak anything.
I have 0 experience in this. Can anyone share some tools/tips to do so?
#bugbountytips
#infosec
#bugbounty
7
10
116
3
0
25
Refelcted XSS through redirecting parameter on
@Bugcrowd
#ItTakesACrowd
#bugbountytip
#bugbountytips
Tip: when you see any parameter that redirects you to some path e.g redirectUrl/returnPath, try injecting javascript:alert(1) and send the request which sends you to this path
1
4
21
3
0
21
Is there any way to check our target's all subdomains list that are using a specific technology e.g like HSTS,Wordpress,SQL ?
I am using Wappalyzer but it will consume alot of time to check each single domain
@GodfatherOrwa
@naglinagli
@zseano
@codecancare
@h4x0r_dz
@hakluke
5
4
19
Who is Adam-bugcrowd ? anyone know do he have twitter? I want to do friendship with him 😂
#bugbounty
#bugcrowd
@Bugcrowd
@Masonhck3571
you might know
3
0
20
Tip: Stick to 1 program and go deeper and deeper as you can. Do find bugs manually cuz scanner found nothing in this program and I did. 🙃
0
2
18
Hello guys,
I want to upgrade my Laptop, what are your recommendations? Is there any benefits to move from Windows to Mac ?
Rn I have Dell Inspiron 5515.
My requirements:
I want to do automation stuff
Load heavy files
Multi tasks
Plus, that damn Burp that cosumes a lot of memory
7
0
17
I closed the program after reading that 😂
They believe their site is built like people will not fall for such attacks?
#BugBounty
#infosec
#shit
💩
4
0
18
6
0
17
Thanks to
@imranHudaA
and
@iambouali
for this opportunity ❤️
Yay I was awarded my first bounty on
@Hacker0x01
#BugBounty
#infosec
It was a Stored XSS but they set the severity to Medium because it required 1 user interaction according to them. Even though it was triggering on Admin-role and it was possible to takeover Admin-role.🫤😂
14
4
126
2
0
15
A quick question for Triagers:
1 XSS on and is vulnerable and both main domain and subdomain have different IP addresses:
hosted on IP 111.222.333.44
and
hosted on IP 111.222.888.00
New/Different report
46
Duplicate report
25
1
2
13
Tip: Think out of the box. This asset was not listed in In-scope but it had an impact to In-scope asset 🫡
2
0
9
0
0
13
Please
@Bugcrowd
@codingo_
do something about the triage team. They marked my valid **HTML INJECTION** report as Not Acceptable
@XSaadAhmedX
@osamaavvan
#bugbountytips
#BugBounty
7
1
11
Amazing finding 🫡. Must read !!!
We played around with this for a while, until we tried something that worked:
By adding a CRLF character at the end of an already existing victim email address during registration, we could create an account which bypassed the JWT and email parameter comparison check!
5
39
344
0
3
12
@phayeesan
@Bugcrowd
No I haven't any idea when I started just struggled hard didn't gave up and continued learning and applying everything learned from all available sources.
1
0
11