SickSec 🇲🇦 🇵🇸
@OriginalSicksec
Followers
6,414
Following
327
Media
240
Statuses
2,805
SRT Member | I love GraphQL | Hackerone Ambassador 🇲🇦 | Tweets are my own | Riichi #Mahjong Player Master Tier | see before DM :)
Morroco
Joined March 2018
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
AU-1
• 392321 Tweets
#TopsxLolanexZeeNunew
• 112520 Tweets
#ユーフォ3期
• 103331 Tweets
VIVITE X LINGORM
• 87070 Tweets
#VivitexEveandBoyxLingOrm
• 85562 Tweets
えーちゃん
• 46792 Tweets
ML IN OSAKA
• 41983 Tweets
北九州記念
• 34633 Tweets
ラジオNIKKEI賞
• 33546 Tweets
差し入れ
• 27101 Tweets
アフター
• 17585 Tweets
#bbclaurak
• 17323 Tweets
夏越の大祓
• 14985 Tweets
全国金賞
• 10977 Tweets
オフトレイル
• 10299 Tweets
Yay, I was awarded a $8,250 bounty on
@Hacker0x01
!
#TogetherWeHitHarder
IDOR Big IDOR - UUID based
25
27
458
After 3 months of hacking on Airbnb BBP in
@Hacker0x01
, here are the stats:
- Ranked 10 on the Leaderboard
- Earned 69K in bounties
- Secured Rank 2 for 2024
- Bounties ranged from 2K to 22.5K. Excited for the challenges and rewards in the next 11 months!
35
9
415
2022 was a fantastic year for me! I earned a massive 100K+$ in bounties, including a huge 60K$ from a single program in Q4. I also achieved Rank 1 in Uber bug bounty program and reached the top of the leaderboards, earning Rank 1 on 🇲🇦H1 2022.
#hackerone
#bugbounty
29
10
359
Yay, I was awarded a $8,250 bounty on
@Hacker0x01
!
#TogetherWeHitHarder
Another ATO ✌🏼
Happy new year, Everyone <3
17
6
260
I'm happy to announce that I have achieved a small milestone which is Rank 1 in 🇲🇦 on the Q4 Leaderboard at
@Hacker0x01
1 Target --> 17K$ Bounties and more to come
22
6
256
I finally got some time to make a blog about URL shortners misconfiguration for fun and profit
Feedback is more than welcome
#bugbounty
#infosec
#bugbountytips
6
80
249
Yay, I was awarded a $6,940 bounty on
@Hacker0x01
!
#TogetherWeHitHarder
ATO, you should know the program ✌🏼
23
9
235
0
68
219
Quick tactic for Critical Bug
#bugbountytips
Add '_profiler' in your path `target/_profiler` if 200 OK
Check for `Symfony` in the body if OK
You can see logs and env and database credentials
and any request cookies
#retweet
if you like it :)
#hackerone
#bugcrowd
#bugbounty
1
50
179
Hey Hackers 👋
I have created a small script to automate the workflow mentioned in
by
@m4ll0k
I would love to hear some suggestions to the tools name
#bugbounty
#hackerone
#bugcrowd
N.B: Some of his tools used in the gist are still private
5
69
182
If your repeater tab is not like this
then you are doing something wrong x)
#Burpsuite
#Bugbounty
18
15
170
If you like Request Smuggling attacks make sure to check this and use
To Practice
✌️
Request smuggling is an amazing bug class! But I barely ever did more than running Request Smuggler. So I've analysed tens of reports and in this video, I'll break down the most common root causes and I'll give you some ideas for future research. Enjoy!
4
34
201
1
34
152
7
8
142
Dear Hackers
I made this tool To automate the process Based on
@hakluke
Talk regarding amass usage details in here
#bugbounty
#hackerone
#Recon
#togetherwehitharder
5
41
141
Yo, just wanted to shout out to the world that I'm now the top dog in Uber's Bug Bounty program for 2022. Big ups to the team at Uber for giving me the opportunity to flex my skills and keep their platform safe. Ain't no stopping me now!
#1
#BugBounty
#Uber
13
2
138
Hey hackers 👋
Celebrating 1K followers I just published another write-up of one of my findings showing the power of Waybackurls by the legend
@TomNomNom
Check it out here
#bugbountytips
@Hacker0x01
4
36
131
Thrilled to secure the
#1
spot on HackerOne's Moroccan leaderboard! 🏆 Reflecting on a year of hard work and fun challenges. Hats off to the formidable competition,
@Yukusawa18
,
@Yassineaboukir
&
@wld_basha
. Grateful for the learning and growth. Here's to more exciting bugs! 🚀
10
1
117
Hello Community 👋🤪
Wrote a small article to show how you can get your own Permanent
@Burp_Suite
collaborator and Hunt for SSRF and XXE
#bugbountytips
#burpsuite
#SSRF
#infosec
0
44
115
🏆 Delighted to announce reaching a major milestone: $100K in Uber bounties! 🚀 It's been a year-long journey of persistence and dedication. 🙌 Securing rank 1 in 2022/23, along with a solid 4th position on the Uber overall leaderboard, fills me with immense pride.
#BugBounty
22
0
116
Got my first critical/RCE in a public program with
@soufianelhabti
at
#hackerone
#togetherwehitharder
4
5
110
The most impressive triage time I have ever experienced
P1
shoutout to
@Bugcrowd
and
#Tal_Bugcrowd
6
0
106
Sup Y'all 👋
Coming up to you again with another writeup about an RCE I found with
@wld_basha
on The World largest Russian Company
#bugbounty
#hackerone
#infosecurity
3
43
101
😎
Spent 3 hours diving into Admin GraphQL queries on a bug bounty mission, crafting them for a regular user. Encountered null responses, initially thinking they were non-functional. Plot twist: I was wrong! Always double-check. 👀🔍
5
0
73
3
2
102
I was able to bypass OAuth using response manipulation using match & replace in
@Burp_Suite
#bugbountytips
#BugBounty
#hackerone
#intigriti
#bugcrowd
7
6
94
"Excited to share that
@wld_basha
and I have successfully uncovered an ATO OAuth bug on
@Hacker0x01
, earning a well-deserved $5,250 bounty! 🎉
#TogetherWeHitHarder
.
👏💻
#BugBounty
#Cybersecurity
"
7
1
95
Yay, I was awarded a $3,000 bounty on
@Hacker0x01
!
#TogetherWeHitHarder
One click account takeover
7
0
91
Hey Hackers 👋
I published my first writeup on
#medium
about an XSS using
@FindomainApp
More to come in the future waiting for permission to post them
0
34
85
How to get good at infosec / bug bounty & pentest ?
- Simply get your
@PentesterLab
- Do badge's and Note what you learned
- Add the learning to your To-Do list when Hacking
- You will definitely improve
Kudos to
@snyff
<3
#bugbountytips
#Pentesting
3
14
86
Want to check if
#Amass
Keys are working properly in your config ?
amass enum -list -config $PATH/toyourconfig.ini
#bugbountytips
#Owasp
#Amass
#Hackerone
1
24
77
How to be good at
#infosec
#bugbounty
Steps:
1 - Read & Practice
2 - Do step 1
3 - See step 2
0
5
73
I'm glad to team up with
@Yassineaboukir
To bring
@Hacker0x01
in Morocco
If you are interested in bug bounties make sure to sign up in
Happy to be selected as HackerOne ambassador representing Morocco 🇲🇦 alongside
@OriginalSicksec
We'll also be recruiting for Ambassador World Cup (AWC) 2024 soon, so let us know if you're interested. In the meantime, we invite all fellow Moroccan hackers to sign up for our club
17
15
188
4
3
75
6
4
75
I have joined
@SynackRedTeam
, Hoping for a great journey full of bugs and rewards
#bugbounty
#redteam
4
2
72
Exciting news! 🎉 We're setting up a Discord server exclusively for the
@Hacker0x01
community in the Morocco region. Join us to unleash your cybersecurity skills
- Send DM for more info
- Comment if you want opt-out
- Retweet for reach
19
20
70
@dccybersec
Subfinder -> Amass -> dnsgen -> massdns
This is my cycle for getting as much subs as possible
0
9
72
Spent 3 hours diving into Admin GraphQL queries on a bug bounty mission, crafting them for a regular user. Encountered null responses, initially thinking they were non-functional. Plot twist: I was wrong! Always double-check. 👀🔍
5
0
73
Hello Hackers 🤪👋
Anyone has Openredirect or XSS on Netflix
DM me
I have an Critical Escalation 🔥🔥🔥
#BugBounty
#bugcrowd
#infosecurity
3
4
68
I sent an IDOR UUID based to a big company demonstrating how to obtain the <UUID> along with the impact
If I get N/A'd I will blame
@rez0__
x3
4
2
71
Yay, I was awarded a $250 bounty on
@Hacker0x01
!
#TogetherWeHitHarder
Bruteforce subs -> found a 302 in /admin -> tested credentials (admin|admin) -> got in
Bounty is low since the panel is for testing not prod
4
4
61
I created a small blogpost on how to have a great mindset while doing bugbounty
feedbacks are more than welcome :)
#BugBounty
#bugbountytips
3
21
59
Hey Hackers 👋
I made a small write up about 2 XSS's that I found before anyone else using
@FindomainApp
Here :
#hackerone
#bugbounty
#bugcrowd
#XSSed
1
14
60
@silentgh00st
I had a similar finding but I was able to chain 4 bugs to ATO including an IDOR
4
0
59
Just put in a relentless 3-hour hustle into GraphQL like an absolute boss, sculpting a 566-line masterpiece Query with fragments nested 3 levels deep. 💻 All in the name of a Bug Bounty mission - and guess what? Mission accomplished, we've got PII for any order/user! 🔍🏆
0
0
58
@bxmbn
Luck is not a factor in bug bounty, choice of targets, time spent, techniques learned
that's based on your intelligence not luck
6
3
57
I had fun with
@Nasser29951043
Finding a sick LFI
Bypassed 3 security feature to reach this
✌🏼👌
#bugcrowd
5
0
56
Just remember whenever you use a public bb tool that helps you tremendously in your tasks and in a daily basis, make sure to give back to the creator/owner to help and encourage them to create more and dedicate more time into them
#bugbountytools
0
2
55
@nnwakelam
I did that and managed to secure first rank in 2022 and 2023 on Uber bbp with more than 130k bounties
3
0
55
Just scored a reward of 10 € at
@intigriti
, check my profile:
#HackWithIntigriti
Road to 1M 😂😂
9
0
52
#BugBounty2020Goals
1 - Do more colabs with
@mashoud1122
&
@Skeletorkeys
2 - Make 100K in 2020
3 - Be more active in
@Hacker0x01
4 - Do some writeups about my finding
5 - Learn some android / IOS stuff
1
4
49
I think I'm gonna wait 30 days after the log4j release,
just to give time to developers to fix and be sure that I will get a bounty for it, instead of scanning the whole internet and causing damage :)
9
1
46
@hunter0x7
Also check the response for additional parameter
/users/me ==> Response {"userID":"123"}
Try /users?UserID=122
0
6
44
Earthquake in Morocco 6.8
This is a tough one
Prayers Everyone <3
6
1
43
@thedawgyg
Hey Dawg
I recommend using this instead
it has better features ;)
You can test it here
pass:demo1234
1
10
43
Exciting news! To commemorate the introduction of
@OvercastASM
, The innovative Attack Surface tool designed for bbh and pentesters, we're offering 3 premium
@PentesterLab
- Sign up at
- Like & Retweet
- Follow
@OvercastASM
for announcement of winners.
1
17
43
I found almost 152K of valid emails of a private program via waybackurls is this a thing I can report ?
#bugbounty
#bugcrowd
#hackerone
#bugbountyhelp
5
3
37
Big shoutout to
@Bugcrowd
support
The response time is unbelievable, feels like chatting
Especially D-S
🍻
4
1
40
@h4x0r_dz
ffuf support multiple wordlist
ffuf -c -w HOST:hosts.txt -w ~/Wordlist/words.txt -u HOST/FUZZ -mc 200
✌️
3
8
38
2
6
38
Great video by Ben
So much covered in one video ✌️
0
2
38
Excited to hit that follow button for h1_analyst_bernard on Twitter [Link me]
🚀! This triager is setting some serious goals:
🔥 Lightning-fast triage skills
💡 Nailing those CVSS updates with crystal-clear explanations
👔 Always bringing the utmost professionalism and
2
0
38
First time
I reported a potential issue that can cause problem and it was triaged and the team understood the potential risk
and working on a fix
#hackerone
#BugBounty
4
4
37
Hey 👋 Twitter
My friend has some serious health issues and I helped her setup a
#GoFundMe
Page
If you can help or re-tweet will be much appreciated
Here's her story <Her own words>
#fundraising
#charity
#dogood
3
16
35
Braces yourselves, I got awarded xxxx$ from OpenAI tweets are coming 👌
3
0
36
