Th3g3nt3lman
@Th3G3nt3lman
Followers
24,410
Following
742
Media
341
Statuses
2,502
Risin' up out of the flames like a phoenix, Strainin' to carry the weight of my brain like a genius..
Hashemite Kingdom of Jordan
Joined August 2016
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
ジャンポケ
• 61133 Tweets
オロルン
• 37952 Tweets
オロルン
• 37952 Tweets
#Aぇǃgroup
• 37755 Tweets
#CDTVライブライブ
• 36908 Tweets
ロケバス
• 28549 Tweets
ミクトランのコウモリ
• 25529 Tweets
シロネン
• 21163 Tweets
NUNEW JACKIE XX THIRD
• 18135 Tweets
契約解除
• 15238 Tweets
ハニトラ
• 13155 Tweets
吉本興業
• 13066 Tweets
すいちゃん
• 12884 Tweets
Suchmos
• 11704 Tweets
P1 of the day on
@Bugcrowd
:
1-
https://host
=>403 forbidden
2-
https://host/app
=>Redirect to corporate SSO
3-
https://host/app/main.js
=>IP:8005 and Api_key
4-
https://IP:8005/
=>
https://IP:8005/swagger/ui/index#/Admin
5- Use key in swagger=> Info Disclosure
#bugbountytips
12
293
951
Yay, I was awarded a $21,000 bounty on
@Hacker0x01
! For Unauthorized access to corporate portal.
Site=>302=>company SSO
Site/reports=>200=>product login page
Default creds=> Access
#TogetherWeHitHarder
37
69
675
I just published Multiple Information exposed due to misconfigured Service-now ITSM instances lead to 30K bounties
#Bugbounty
#bugbountytips
31
256
688
For CVE-2020-5902 i want to highlight other juicy stuff you can read other than /etc/passwd.
https://[host]tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/config/bigip.license
Also /config/bigip.conf
#bigip
#F5
5
193
541
Github Recon & Sensetive Data Exposures video for
@Bugcrowd
university is up
Hope it will be helpful for new BB hunters and adding more value for current ones, This is for the bug bounty community :)
#ittakesacrowd
#bugbounty
16
221
502
I just published My first Blog “How I got 5500$ from Yahoo for RCE”
27
157
474
This is a summary for what i discussed with
@NahamSec
in our latest
#twitch
stream about my recon process, that will be easier for you as you might mess some when you watch the video later on.
Thanks Ben, what you do for community is dope
#bugbountytips
15
146
465
Even bug bounty hunters deserve an unpaid leave sometimes 😅, Its been a really hard and stressful period the latest 3 months with the lockdown and bug bounty, recovery is always needed to stay healthy and focused, i need to take a rest for a while and leave computers .. 🙏
11
19
418
15 minutes of work, dealing with static code like github, searching for proper keywords leads to good results.
#bugbountytips
26
30
365
1st hacking event ever
#h12006
, 1st report, I was awarded a $13,700 bounty on
@Hacker0x01
! Thanks to
@paypal
💰
#TogetherWeHitHarder
14
12
335
There is a ton of bug bounty programs out there, its really simple logic, if u want money go and hack the ones that pay, if you hack for fun enjoy the vdp and swag programs.
Companies are free to define their rules and you are free to choose what suites you.
#bugbounty
#nodrama
8
37
308
Its been a month with no motivation for
#bugbounty
, every time i try i ens up on youtube watching how anaconda attacked the deer and how a brave monkey faught a big python 😂
22
12
289
Thread
#bugbountytips
:
Many companies use SSO like okta/onelogin to mange access to their important portals or use their own sso like "sso. company. com" for the same reason, as a bug bounty hunter your aim to find extra assets for the target specially ones no one found.
7
101
287
So I have been going deeply on Android hacking in the last week learning LOT of stuff, thanks to wizard
@_bagipro
blogs & and his service
@OversecuredInc
I got the 1st bounty (2k) for a working password i haven't found before using other tools,Try it & LEARN from it.
#bugbounty
6
39
247
Read almost a 100 page PDF to find an endpoint on a 404 response host, it downloads a jnlp file you open with java and gets login for the product, weak credentials, logged in, Full control as admin on almost 9k devices for the company, triaged as critical..
#bugbountytips
3
23
239
1) Amass one of the new target domains, nothing good
3) Search github and found a subdomain "k8s"
4) The site responded with K8s clusters names & details
5) Added the names to altdns wordlist, Run
6) 4 subdomains appeared & unauthorized access to K8s Dashboards 😅
#bugbountytip
5
75
236
This is gonna be awesome, if you want to know more about recon and being unique in attacking your targets ensure to join us tomorrow ;), Let's Get Ready To Rumble!!!
#BugBounty
#infosec
Check out who's coming on my stream this Sunday 😱I hope you're all as excited as I am!
@Th3G3nt3lman
has received a bunch of max payouts on different public programs on
@Hacker0x01
and I want to know he does it.
4
16
168
12
31
235
When you submit multiple critical/high bugs on a very nice paying program on
@Hacker0x01
and get triaged ..
#Bugbounty
6
18
226
Yay, I was awarded a $11,100 bounty on
@Hacker0x01
!
Github=>Creds=>Unauthorized Access 😎
#TogetherWeHitHarder
14
7
224
I just published “How i found an SSRF in Yahoo! Guesthouse (Recon Wins)”
23
122
233
Some companies rely on cloud services specially in that period for remote work, so when you look for credentials on github and similar services remember that 😉
examples:
"centrify. com" password
"service-now. com" password
You can try send_keys keyword also.
#BugBountyTips
3
68
225
CVE-2019-0708 | RCE on a big public program triaged on
@Hacker0x01
😬 i have never expected to find such a thing on bug bounty program ..
#togetherwehitharder
#bugbounty
6
19
225
For those who wants to master burp suite and want to get the best value of it, this is the training that you should attend, invest in yourself, with the best mentor ever
@Agarri_FR
#bugbount
#burpsuite
#infosec
9
53
215
Bug Bounty really changed my life , I Never forget who teaches me a lesson or give me a chance in his program or platform, appriciation goes to :
@Bugcrowd
@Hacker0x01
@h1_kenan
@jstnkndy
@rodoassis
@zseano
@yaworsk
@JoakimTauren
@leoniemela
You guys helpd me in my 1st steps😊
10
12
213
You find creds leaked on GitHub, gets full access to org okta instance with many apps, gets paid max bounty and P1, you recheck after 3 months and realize user changed only "number" in his password, and you got access again , closed as N/A, is that right or fair ?
#BugBounty
30
16
205
this is still one of the most unique techniques i have ever read about (RTRI).. thank you
@BugBountyHQ
#BugBounty
#Bugbountytips
2
64
195
Don't forget to see that stream, heard that
@codecancare
already automated the interview using AI, answers will be given to
@NahamSec
by his bot automatically while he is in other place hacking 😁
I'm back for one last interview this Sunday before I go on break next week! A lot of viewers have been asking for
@codecancare
as a guest. Well here's your chance to learn about his approach and to ask him your questions!
Sunday | 11:00 AM PDT
31
67
425
8
14
192
I am seeing a lot of valid credentials pasted on GitHub daily enough to compromise companies through 3rd party portals, such as :
"%.snowflakecomputing.com"
"%.atlassian.net"
and the list goes on (jfrog,slack,snow,okta)
Why it's hard to use private repos ? 😐
#BugBounty
4
43
181
Feeling happy working on a video module about "Using github in recon & find sensitive stuff" for
@Bugcrowd
university, alot of people spoke and wrote blogs about it, mine will be practical on a public target, sharing my way and my best submissions about it 😊
#ittakesacrowd
14
16
183
Dropped a critical to PayPal, Now i can have a nice holiday being sure its not a duplicate 😬
#Bugbounty
#Be_Unique
#PayPal
8
9
171
When you're looking for credentials on github and can't find anything with the known keywords try :
"Company name" send_keys or sendkeys ==> win 😎
4
51
177
-Got invited to a private program
-One of targets was a website with empty page
-Directory/file bruteforce results were zero
-Searched for the host on github
-Found an endpoint for a login page
-admin/admin 😐
- PII , CC details 😅
#BugBounty
8
15
181
Its not an easy, interviewing people, making videos, sharing knowledge, spending time for u, show love & follow those stars on twitter,youtube, twitch if you are not already:
@stokfredrik
@NahamSec
@thecybermentor
@JoakimTauren
@CristiVlad25
@farah_hawa01
#Bugbounty
#infosec
15
15
167
This amazing guy here just share knowledge and spend time to let you all become better hackers without expecting anything in return, not a lot of people do this, all respect ben 👍
I have been trying to make more original content lately so I set some time aside this week and made a quick video on "Setting Up Your Ubuntu Box for
#Pentest
and
#BugBounty
Automation". Check out the video here:
LMK if you want me to do a specific topic!
20
99
475
3
13
166
Looking at
#VirSecCon2020
and seeing
@NahamSec
with those amazing guys dropping knowledge with support of all "BB platforms" for a noble cause is just WOW .. no competition shit no marketing only for the community.
Thats the "True" meaning for
#togetherwehitharder
1
5
165
@intigriti
TIP:
1- check those dorks in github, you will always find somthing interesting
"Company name" language:python
"Company name" language:bash
2- keep monitoring js files for changes to find new endpoints
3- bruteforce and search for hiddin js files other that whats called in app.
5
50
148
I am happy and excited to share that I joined Legacy Technologies GMBH today as a Head of Cybersecurity working closely with a great team to to empower the company and its products in cybersecurity market.
Me and
@damian_89_
are teammates now 😉
14
2
139
This amazing guy helped me learning ton of stuff, his disclosed bugs in Starbucks, his blog and unique findings, a diamond in the big bounty community, here is his blog if u don't know it
#BugBounty
#infosec
I finally hit 10k followers the other day. Thanks for following me!
7
1
92
1
32
134
Report submitted as medium , the amazing team of paypal changed severity to critical 😬😍.. 3rd critcal in the last two months ..
#BugBounty
#togetherwehitharder
3
0
127
I am very glad i had the chance to participate in
#h12006
and collaborate with very nice people like
@_jensec
and
@MrTuxracer
, learning & speak to many other nice hackers, and also managed to get non duplicate bugs accepted, i would love to do that again in future
@Hacker0x01
1
2
130
Ok, this is a must watch and follow.. shubs blogs and tools helped me becoming a better hacker long time back, here is one example of unique approach he used with
@nnwakelam
success is not easy, hard work in background.
#BugBounty
I've recently started making videos to share all of the things I have learnt doing bug bounties over the years. I promise I wont hold back, and I plan to bring more transparency to bug bounty successes. Please share, like and subscribe!
11
210
694
4
36
127
Unpopular Thread :
@Alra3ees
is a very nice person and respectful human being, always been sharing tips with community, never disrespected anyone , proof is his profile, he made a mistake yesterday posting a profile and asking people to follow which appeared to be a parody
8
13
121
@intigriti
Dont trust SSO implementations, if you face a target with 302 redirect to SSO pick a wordlist and scan folders/files before redirect, you will find reachable stuff and data makes SSO useless.
3
19
107
So if you are having a trouble in any step during your recon open
@TomNomNom
github page, its like he predicted all the problems you might face and prepared a tool for it 😬
4
15
107
I've been working a alot lately with
@Hacker0x01
triagers "nochnoidozor" & "still" on multiple reports, i gotta say both were amazing and very supportive, dont know who you are in person but i really appreciate your work.
#BugBounty
11
4
104
Its amazing working with
@_jensec
on
@Hacker0x01
, unique & special way of thinking plus dropping crits.
#h12006
6
2
104
Last two days been busy submitting a lot of reports on
@Hacker0x01
and
@Bugcrowd
with friends collaboration also, i cant describe the pressure as a reporter, big salute for all triage team, liked it or not its really a hard job being between researcher and clients.
#BugBounty
2
0
100
My laptop died, and I need new one for penetration testing BB, I have never used MacBook and don't know if I will be able to easily use it, what's your suggestions guys for a good laptop? Price is not important I need a good one.
65
0
98
I have a lot of friends in the hacker/Bugbounty community, there is lot of amazing talents out there that I worked with, but if you have never collaborated with those two monsters you are missing a lot :
@damian_89_
(sharp & unique)
@restr1ct3d
(clever & special )
#BugBounty
7
1
98
inurl:fisheye AND inurl:changelog -site: -site:
inurl:crucible AND inurl:changelog -site: -site:
Lots of interesting fisheye/crucible code commits and reviews.
#bugbountytips
1
60
95
Thanks
@Bugcrowd
for this amazing gift, i really liked the coin and the awesome sticker.
#Ittakesacrowd
#OutHackThemAll
10
1
97
2
31
87
This guy literally copied pasted my disclosed report to snapchat😐 even my replies 😮 there is a sensitive data but actually no github token in this.. happy people are getting rewards but they should read and understand what they send.
7
5
84
@jobertabma
I made 13,500$ USD in
@Hacker0x01
my first year and 900$ in
@Bugcrowd
, very proud of it even though it looks like nothing comparing to others, but this helped me doing a lot of stuff and helped me putting my kid in good school , already mentioned that before :) so thank you
7
4
83
So , 2019 ended up with a very nice bounty from the amazing & professional paypal security team 😍.. thanks
@PayPal
@Hacker0x01
#togetherwehitharder
Dropped a critical to PayPal, Now i can have a nice holiday being sure its not a duplicate 😬
#Bugbounty
#Be_Unique
#PayPal
8
9
171
3
2
85
So now i open hacktivity to check reports and my son tries to catch the head, with all games he has he just enjoying this so much, told him this is
#hackerman
😂🤣
@Hacker0x01
1
1
81
I dont like to block anyone, but when you tell me you have a home because of
#BugBounty
and u need my help to hack for you to get the furniture i will block your whole family ! I am not ikea..
#BugBountyStories
12
2
84
Farah is really a nice person, and i am glad to be her guest.
#BugBounty
Hi! I'm extremely honored to announce that I'm going to be interviewing top hacker,
@Th3G3nt3lman
, for a video on my YouTube channel! If you've got any questions for him, let me know and I'll pick the most interesting ones!
20
13
167
2
4
84
Great interview with
@infosec_au
, One of the most intelligent, solid, unique and respectful researchers in this space .. a pure gentelman.
I can say I learned many stuff from shubham when I started my BB journey and still.. all the best my friend.
#BugBounty
#bugbountytips
Source code review and finding 0days are bug bounty areas that are particularly interesting to me. I couldn't find anyone better to talk about them than one of my authorities -
@infosec_au
. Enjoy the podcast!
5
52
238
2
6
90
My path to
#infosec
> Started using computers at 12
> Got into satellite receivers hacking at 14
> Went to jail for using internet through satellite Card on computer at 16
> Networks and VOIP specialist for many years
> Whitehat and hacking again at 29
> Security advisor now 😬
4
5
79
I earned 2,100$ for my submission on
@Bugcrowd
😬
#ItTakesACrowd
💃
-Got invited to a private program
-One of targets was a website with empty page
-Directory/file bruteforce results were zero
-Searched for the host on github
-Found an endpoint for a login page
-admin/admin 😐
- PII , CC details 😅
#BugBounty
8
15
181
5
7
74
Don't trust redirects, SSO & basic authentication, there is always something hidden out there to catch 😉
#BugBounty
2
16
77
This is not the first time i see this, bug gets triaged and payd within 30 minutes in
@Bugcrowd
..
No. 63 overall and still my 2018 target to be in top 50 😎
#ItTakesACrowd
#Edis_The_Octopus
👍
2
2
78
Hey
@NahamSec
,, what do you think about bringing the reason of our happiness, the clever mind behind
@Hacker0x01
the extraordinary
@jobertabma
to your live streams 😁 ? i am sure 100% no one will disagree :)
3
1
76
Anyone knows a girhub repo contains suspicious doc,docx,csv,xlsx,pdf files that can be modified and used for file upload XXE attacks ?
#bugbounty
7
21
72
Very proud of my achievements in my 1st event ever, and biggest achivment is getting to hack with julien, such an amazing event, thank you
@Hacker0x01
&
@PayPal
Wow, so
#h12006
was an incredible journey! I had the chance to collaborate with the super smart
@Th3G3nt3lman
and we managed to grab all the "Share the Load" bonuses 😎
Thanks
@PayPal
and
@Hacker0x01
for organising such an awesome event (again)
#BugBounty
1
2
67
1
1
71
📍Bug bounty hunters
|
|
| _ _ _ _ _ _ _ _ _ _ _ _ _ _
|
📍 Pornhub Program |
|
_ _ _ _ _ _ _ _ _ _ _ _ _ _|
|
|
|
📍 Naughty Taxi Driver Movies ¯\_(ツ)_/¯
2
9
69
When program don't appreciate your RCE, get another one and throw aliases in the server that all result in VI commands.
Watch them die slowly later 😬💃
#BugbountyAngrytip
3
3
71
Correction :
Github => "company name" language:python/bash send_keys
2
23
68
Bug Bounty Goals for 2018:
- Top 50 on
@Bugcrowd
- 200 reports on
@Hacker0x01
& top 10 all time in yahoo
- Making 100K in total
- Meeting in person friends like
@brutelogic
@tbmnull
@ngalongc
and BC & H1 Teams.
I am setting crazy goals, i want to challenge myself and do it 👍
10
2
63
As i was angry today because of the procedure of handling my report in
@Hacker0x01
, it worth to mention that
@NahamSec
stepped up and sorted the issue out of nowhere, true leader and a gentleman liked it or not 😊
7
0
69
Yay, I was awarded a $500 bounty on
@Hacker0x01
! Github=> sensitive data exposure
#TogetherWeHitHarder
3
0
62
Its not only about reward, but when the programs also thanks you alot for your risky findings you feel more happy, my best month so far in
@Bugcrowd
👍😬
#ittakesacrowd
2
1
66
In my way to thailand for vacation 🔥🔥 thank you
@Bugcrowd
&
@Hacker0x01
#phuket
#beach
#fullmoon
#partytime
#bugbounty
5
2
63
2 P1 bugs triaged in 10-15 minutes,
@Bugcrowd
is love 😘, this is encouraging you to hunt all night 💪
#Edis_The_Octopus
🐙
#ittakesacrowd
2
4
61
Light travels faster than sound. This is why some people appear bright until they speak..
0
8
61
Everything is beautiful about bug bounties until your tax department check your income and ask for their own bounties😅
#bugbounty
4
3
64
Z-wink creates a very nice content on his YouTube channel, easy to understand and implement for new joiners and old ones in BB community, nice efforts that deserves a follow :)
#BugBounty
0
9
58
Team determined this was a single, deprecated asset, which had no impact so 100$ bounty 🤭😬😂
CVE-2019-0708 | RCE on a big public program triaged on
@Hacker0x01
😬 i have never expected to find such a thing on bug bounty program ..
#togetherwehitharder
#bugbounty
6
19
225
8
2
63
Another milestone, number 39 overall on
@Bugcrowd
with 2.2 average security and i am going further 🔥
#ItTakesACrowd
#bugbounty
4
0
60
Pro Tip : a Lot of researchers when they find open redirect stops there, Always test for SSRF in same place, even if open redirect patched..
2
15
57
People are being threatened of losing their career for supporting on social media the innocent civilians in Gaza getting bombard in a savage & barbaric way.
The western media has blood on its hands for cheerleading this ethnic cleansing campaign.
#Gaza_Genocide
#GazaAttack
0
12
64
is there a well known solution for the problem of proxying android app ? I am able to get mobile browser traffic but not the apps .. been trying this for hours 🤯
#BugBounty
10
7
64