Mustafa Can İPEKÇİ
@mcipekci
Followers
7,006
Following
365
Media
72
Statuses
1,440
I'm an engineer from Turkey, who is interested with biotechnology, computer science and digital gaming. Proud father of three little devils. A.K.A nukedx
Izmir
Joined August 2010
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
Beşiktaş
• 446943 Tweets
Galatasaray
• 277888 Tweets
フランス
• 224947 Tweets
França
• 162478 Tweets
#SummerSlam
• 154881 Tweets
#BBNaija
• 135409 Tweets
Chelsea
• 129559 Tweets
#BJKvGS
• 109483 Tweets
Okan
• 101893 Tweets
Julien Alfred
• 101345 Tweets
Sha'Carri
• 91894 Tweets
#UFCAbuDhabi
• 61887 Tweets
16 MINUTOS
• 58442 Tweets
Lorena
• 50140 Tweets
Sporting
• 48719 Tweets
Rhea
• 46631 Tweets
Zaha
• 45694 Tweets
IVE AT LOLLAPALOOZA
• 42809 Tweets
Mami
• 41827 Tweets
Porto
• 41079 Tweets
Kemp
• 38262 Tweets
Umar
• 34850 Tweets
Femke Bol
• 29938 Tweets
Cory
• 27667 Tweets
#precure
• 26283 Tweets
Nelly
• 23976 Tweets
Liv Morgan
• 23257 Tweets
Maresca
• 19650 Tweets
Gabi Portilho
• 18552 Tweets
Dominik
• 18145 Tweets
Caicedo
• 15244 Tweets
杖と剣のウィストリア
• 15083 Tweets
Sterling
• 13740 Tweets
Toby
• 13711 Tweets
Mudryk
• 11518 Tweets
Lavia
• 10612 Tweets
Pinned Tweet
What an honour I'm selected as Rookie of the Year for 2020-2021 on
@SynackRedTeam
, I also achieved TITAN status on recognition for my first year!
Thanks so much for all the good experience and fun I had for the year.
15
6
124
In this year I made over 350k+ from bug bounties on various platforms. Mainly hunted on
@SynackRedTeam
so as a result huge part of it come from there.
On there this year I reported over 10 RCE's, 33 SQL Injection's, 79 XSS's and 131 various access control issues.
24
40
430
I'm proud to announce that with today's payouts I hit 1M$ all time earning combined from all platforms and external programs I participated. 3/4 of these earnings coming from
@SynackRedTeam
and rest on
@Bugcrowd
,
@Hacker0x01
and some good external programs :).
#BugBounty
51
18
388
Can you spot the vulnerability on the code block below?
I'll explain yet another interesting engagement on
@SynackRedTeam
, how I turned blackbox testing to whitebox one.
#bugbounty
#bugbountytips
1/8
21
81
345
I broke my personal record for total earning in 30 days on
@SynackRedTeam
. I broke my feet last month and then got covid, so didn't hunt till 17th of the Feb and after that I was able to check stuff. Since 17th to today, I earned total 72k which is my personal record.
#BugBounty
19
31
341
What a month it was on
@SynackRedTeam
, technically I'm almost 100k with pending ones but time is ended before they got triaged and paid out. There are 3 more vulns to be triaged, considering max payout is 3K per vuln on
@synack
, almost all of them were SQLis.
#BugBounty
26
26
341
Exploiting SQL injection vulnerabilities is all about your knowledge on target DBMS, reading documentations and using specific functions for the target DBMS will help you to escalate issues when automation tools can not exploit them. 1/n
#bugbounty
#bugbountytips
6
65
291
As of today I passed half million milestone on
@SynackRedTeam
with 200k of it on last 90 days. So far this month about to catch previous one too, we will see what is going to happen in next 10 days :).
#bugbounty
#bugbountytips
19
21
278
One of the reasons I love testing on
@SynackRedTeam
is, we regularly have an opportunity to test enterprise software used by Forbes 500 companies.
I will explain a RCE I found recently on the enterprise software
#bugbounty
#bugbountytips
1/n
9
69
277
It is good to leave when you do not feel it's not going to better anymore on the place you are working. As of today, I'm no longer active on
@SynackRedTeam
. I had amazing 3.5 years on there during my tenure, however all good things come to an end.
15
7
279
I will try to explain how I find out 4x SQLi recently on one of oldest
@SynackRedTeam
targets.
Target is active for years, which is one of my favorite ones and which I actively hack on.
On their recent updates, somehow enabled directory listing
#BugBounty
#bugbountytips
1/n
7
60
268
2022 was good for me, managed to get 500k$ total bounty which most of them from
@SynackRedTeam
and rest from collabs on
@Bugcrowd
for great LHEs we participated with
@bsysop
@sw33tLie
@codecancare
@dogwhohacks
and
@restr1ct3d
#BugBounty
13
12
263
As of this month I break one of the personal goals I set for my 2021 plans on bug bounty, I got total 57k of bounties on all the platforms in a month. While big chunk of it from
@SynackRedTeam
as 43.8k and about 1.5k in queue sums up 45.3k.
#BugBounty
35
7
259
Few months ago
@osiryszzz
and me discovered an interesting case of SQL injection on the
@SynackRedTeam
target which was black box testing.
During recon we noticed that there was an unrestricted file upload mechanism available to the any user.
#bugbounty
#bugbountytips
/1
15
64
240
I just noticed, I passed 100k$ earning as of this week on
@SynackRedTeam
since I start hunting at the end of July. It's truly amazing being part of it.
16
5
237
On recent engagements to the on program on
@SynackRedTeam
, I find out that target had error based SQL injection on LIMIT clause, it appears that DBMS was MariaDB 10.4.13 so it was limiting options to be used on the injection.
#bugbountytips
#bugbounty
1/5
6
58
226
Tonight, I had fun times on
@SynackRedTeam
target. Application was vulnerable to blind second order SQL injection but page was completely blank on all cases except when query resulted as error.
#BugBounty
#bugbountytips
/1
5
41
222
Today I received my hackerthrone from
@SynackRedTeam
for 2020-2021 recognition swag.
@SynackRedTeam
’s swag game is absolute best thank you so much! Specially to the
@ryanrutan
for making researcher experience there amazing!
12
9
221
We earned $50000 for our submissions on
@bugcrowd
for
#teamhunt2021
final stage
@bsysop
@sw33tLie
@restr1ct3d
@dogwhohacks
#ItTakesACrowd
#RetiredHackers
15
9
211
There are lots of claimed infosec experts do not know that authentication and authorization are not same things.
10
20
192
While testing targets, you must always check all results from your requests. I'll explain how I found out second order SQL Injection on one of recent engagement at
@SynackRedTeam
1/n.
#BugBounty
#bugbountytip
4
35
199
Yazmayayım, yazmayayım diyorum ama bizim Türk yazılımcıların keşke egosu kadar yazdıkları algoritmalarda bir korelasyon içinde olsa, son bir kaç ay içinde global firmaların Türkiye'de bulunan temsilciliklerine ait bir çok uygulamayı test ettik Synack üzerinde.
10
19
193
When you are doing code review on Wordpress plugins, always check the usage of esc_like and whereRaw for the SQL queries, if esc_sql is not used with esc_like, it will be 99% resulting with the SQL injection.
#BugBounty
#BugBountytips
0
29
187
I wanna share my recent experience on how I did achieve RCE on file upload thats not revealing path of the where it's actually loaded.
#bugbountytip
7
39
176
Top hunters do not share their methodologies ;p
The security research team at
@assetnote
discovered a pre-authentication RCE vulnerability through a cryptographic flaw in Citrix ShareFile. It's been assigned CVE-2023-24489. You can read the technical blog post here:
11
294
810
20
7
174
Another smooth run this month, again couldnt make it 100k on dashboard but with pending ones it is close to be! Thank you
@SynackRedTeam
for all these fun.
#BugBounty
#bugbountytips
What a month it was on
@SynackRedTeam
, technically I'm almost 100k with pending ones but time is ended before they got triaged and paid out. There are 3 more vulns to be triaged, considering max payout is 3K per vuln on
@synack
, almost all of them were SQLis.
#BugBounty
26
26
341
9
12
159
Howdy folks, I'm gonna detail how I find out login as any user on
@SynackRedTeam
engagement, which is a target alive for almost more than a year!
#BugBounty
#bugbountytips
4
19
150
I wanna share how I achieved RCE on one of recent engagements I was testing.
Target was using some in house application and observed that it used to copy files from UNC paths.
I started to try potential RCE payloads like && nslookup collaborator && but it was failing.
I
3
16
152
When testing application, if you want to verify potential SQL injection specially for integer value, do not directly do stuff like ' OR 1='1 but do mathematical comparisons.
#bugbountytips
3
44
144
Imagine you have these stats on H1 and able to get almost 50k followers on twitter for bug bounty tips yet able to sell Udemy courses :)
17
6
137
Very nice resource for SQL injection techniques instead of spamming random payloads shared on here, I suggest taking references on that resource for learning and mastering SQLi, most of them the ones I use and many others.
#bugbountytips
#BugBounty
3
32
134
I was taking some break on bug bounty since June for summer, last year was good I managed to get titan status on
@SynackRedTeam
again for second year in a row and invited to the Hacker Hangout Event in November, which will be a live hacking event. /1
8
13
136
Collaboration brings much more fun last night we found out interesting SQL injection on
@Bugcrowd
’s bug bash event, hopefully we can disclose more details later.
@bsysop
@restr1ct3d
@sw33tLie
@codecancare
#BugBash
#BugBounty
5
1
132
While exploiting SQL injection issues, knowing the capabilities of the target DBMS is key which is what I'm always saying. I will try to explain how to find tables with valid data on IBM DB2 targets .
#bugbountytip
1/n
7
28
128
@Bugcrowd
's P1 triage times are insane after Team Hunt's final phase started our team Retired Hackers (
@bsysop
,
@sw33tLie
,
@restr1ct3d
,
@rhyselsmore
and P3t3r_R4bb1t) dropped 14 P1's and all of them triaged in maximum 30 minutes and 9 of them already paid out, really amazing.
8
9
119
Lord give me the confidence of -4.29 signal guy who thinks he is a hacker when he is actually skid
10
6
120
Thank you
@synack
@SynackRedTeam
for the opportunity to working with
@malcolmst
@bamhm182
and
@0xteknogeek
on the PLUOT project, it was really interesting project and thank you so much for the great memorial gift for it!
7
0
118
Stuff we reported was highly critical such as SSRF, if one of the items we reported caught by bad person, it could be more than this breach. However as a team we decided to move on after such treatment.
An employee laughed to the accent of our member, now we are laughing :)
@toddmckinnon
My friends and I have reported multiple high/critical vulnerabilities to you using your bug bounty program. We were underpaid and treated like sh*t by your security team, acting like they know everything. I hope this misadventure will enlight you on the importance of GOOD hackers
6
19
383
2
11
113
I'm not sure if it's well known stuff but today I discovered something new for me during quite interesting engagement on
@SynackRedTeam
.
Target had Incapsula enabled on their system, so I find out origin IP thanks to .
#BugBounty
#bugbountytips
7
23
106
@Hacker0x01
@jobertabma
@martenmickos
As I know each year
#hackforgood
destination changes, first it was for COVID-19 then for supporting Ukraine.
As you know one of biggest earthquakes recently happened in Türkiye, per this tweet more than 17K lost their lives.
11
27
103
It appears that AWS finally killed subdomain takeovers via dangling EC2 IPs and they ban accounts once they reach certain amount of IP allocation.
#BugBounty
3
12
90
Omg done it! Finally completed
#h12006
CTF, had so much fun thanks
@bbuerhaus
and
@_superhero1
for their ideas! Thanks
@adamtlangley
and
@NahamSec
for such amazing journey with tons of rabbit holes!
#HackerOneHits100
5
2
92
Finally received my recognition swags for this year from
@SynackRedTeam
, kids loved both specially the Robomaster. Thank you so much for such amazing stuff.
#BugBounty
#swag
3
1
90
One of the fundamentals you need to exploiting issues you find is trying to understand what you have from the data you observed. On recent engagement with
@any1_0x01
we find out SQLi on target using KB_SQL which is uncommon and thats how exploited it 1/n
#bugbounty
#bugbountytips
3
17
89
Best bug bounty tip I can give, be polite and mannerful when you submitted an issue, I never had problem with triagers which couldn't be solved. When both sides make clear communications and respect each other, everything is always going smooth.
#bugbounty
#bugbountytip
4
10
89
Completed
@Hacker0x01
's Ambassador CTF as
#1
was really nice challenges out there, hats off the
@xEHLE_
for the exchanging ideas and
@adamtlangley
for another amazing set of challenges!
7
2
87
I just realized I got in to the top 10 for last 365 days on web applications category at
@SynackRedTeam
!
6
0
75
@Hacker0x01
@jobertabma
I'm not posting this for any bad intent but recently private payloads send to the programs on H1 is leaked by their employees with tools made by them.
Is there any agreement between programs for not exposing payloads sent by researcher?
6
7
73
Yay, I was awarded a $4,050 bounty on
@Hacker0x01
!
#TogetherWeHitHarder
program scope updated recently and they added new wildcard domain which was having unclaimed elasticbeanstalk profiles pointed leading subdomain hijacking.
5
3
67
Few days ago while testing a target, I come up with interesting endpoint during recon.
It was showing empty page but I was wondering why that file was there, after googling it appears that file was associated with some malware. 1/n
#bugbounty
#infosec
2
10
70
If you are considering to become full time bug bounty hunter, all I can suggest be sure you have enough savings for you and people who you are responsible for at least 2 years.
#bugbounty
🧵Full-Time Bug Bounty Hunter thread 🧵
I'm looking for people to jump in and give me their perspectives. This is all speculative and in US hyper inflated markets.
A Sr/Principle Security Tester in the US can command $150-200k salary in big markets (SFO, LA, NY).
👇1/x
43
107
577
4
11
65
Finally solved the CTF made for
@codecancare
's 100k by great evil
@adamtlangley
. It was so much fun and annoying!
7
1
58
Main reason MSSQL was generating error actually column in query was having integer datatype and most like query was using double quotes something like:
select title from news id="<integer value>"
So any none integer value used, application would give same error.
#bugbountytip
1
7
60
3
0
55
Bir çok Türk kardeşimiz özelden devamlı soruyor, bu alanda gelişmek için ne yapabilirim diye. Birinci ve en önemlisi meraklı olmalısınız ve test ettiğiniz ortamı olabildiğince öğrenmelisiniz.
2
3
56
I had few DMs about people mentioning they will keep reporting open redirects, below you can find the reason why you shouldn't report open redirects but try to escalate them, was good collab with
@Hxzeroone
on these ones and we have many waiting on triage.
#bugbountytips
Do not report open redirects without fully analyzing and seeing potentials of it. Thanks to random guy who reported open redirect, our report for full SSRF leaking client secret of integration claimed dupe.
Again: do not report open redirects
#bugbountytips
0
3
29
6
3
58
Leveled up to 0x04! via
@SynackRedTeam
, so far it's really great experience wish I didn't start looking for last 3 months but when I joined to the platform.
3
1
53
Find out one of the most interesting SQL injections I've ever crossed, application was using base64 encoded serialized php object for unauth users and it appears that they didn't sanitize value when processing.
Exploiting it manually was more fun.
3
1
53
So finally I converted payload to retrieve HEX values one by one to retrieve full content of the file 1+procedure+analyse(extractvalue(rand(),concat(0x3a,HEX(substr(load_file(%27/etc/passwd%27),1,1)))),1).
Which allowed me to show more severe impact on limited injection. 5/5
1
14
55
It was a pleasure to collab with you mate and it was one of the fun injections I had to exploit :)
I earned $10,000 for my submission on
@bugcrowd
#ItTakesACrowd
Thanks for the collab on the SQL injection!
@mcipekci
22
5
204
2
0
54
It was a great experience, really loved to teaming up with
@bsysop
@sw33tLie
@restr1ct3d
@dogwhohacks
and P3t3r_R4bb1t.
We made more than $120,000 in payouts, still waiting few of them to be sorted.
#RetiredHackers
#TeamHunt
#BugBounty
🚨ANNOUNCEMENT🚨
#TeamHunt2021
1st place winner: Retired Hackers🎉👇
@bsysop
@mcipekci
@restr1ct3d
@sw33tLie
@dogwhohacks
and P3t3r_R4bb1t
Runner-up teams👏🔥
Monstars, Tamil Pasanga, JJJ, Tess's Squad
Congrats & great work to every team! We're so proud of each player!🧡
8
2
77
5
1
49
Wow, looks like you can get CVE's assigned to you for DVWA , what kind of joke is this
9
4
50
Target was also behind Amazon WAF post based requests are easy to bypass as we can send large requests with many dummy data, however I find out bypass for get based SQLi with: OR%0A%0D8491831%0A%0DNOT%0A%0DIN%0A%0D(321231)%0A%0DLIMIT%0A%0D1--+a which allowed retrieving all data
0
7
51
@ReebootToInit5
First it's potential injection for insert query and you are using OR clause to exploit from what I see on the response, second it's on MySQL but you are using PostgreSQL function pg_sleep to exploit.
Ghauri is literally same as SQLMap with additional stuff done by the author.
4
2
50
We confirmed that it was vulnerable to the time based SQL injection but how we were going to exploit it was in the question.
I made a simple middleware proxy like PHP script such as we were able to exploit the issue. /4
1
4
49
Yay, I was awarded a $4,000 bounty on
@Hacker0x01
!, triaged in 10 hours and rewarded bounty that was awesome.
#TogetherWeHitHarder
2
0
46
Yay, I was awarded a $2,000 bounty on
@Hacker0x01
! Got invite to private program, checked potential targets, noticed that two high impact name subdomains pointing expired domain, registered it and got rewarded, all in few days
#TogetherWeHitHarder
5
1
45
Bug bounty tip do not use built-in user agents on third party tools and change them
#bugbountytips
@m0chan98
4
5
43
It appears that Microsoft Azure made some changes for profiles like AWS did on many services. Once profile dropped, it becomes available after approx. 3 days for claiming by other accounts.
#bugbounty
#bugbountytips
1
15
46
TIL, Chrome based browsers do not trigger onload/onerror or similar events for the tags that trying to fetch content via mixed resources but they still triggers XSS via onmouseover. This is not case for the Firefox.
#bugbountytips
#bugbounty
1
1
41
Yet another CTF from
@Hacker0x01
completed, second time in a row as first blood! Thanks
@adamtlangley
and
@Congon4tor
for all the fun.
2
1
39
Let's say parameter you are testing had value 230, change it to 231-1, 231'-'1 etc then check if page is actually returning same contents, this simple stuff will be more efficient and will not force DBMS to do heavy queries like the ' OR 1='1 cases.
1
4
40
Dmitriy is one of the top researchers in the scene, that's total loss for everyone.
2
1
39
Wow got my fastest time to report and resolve ever. Reported issue and in 13 minutes. It got fixed and bounty paid.
Basically, it was an IDOR revealing sensitive business client information to the unprivileged users.
1
0
39
So I went for using CASE statement with using ST_PointFromGeoHash function.
It was basically forcing query to generate error as result.
Full payload was something like this:
(CASE WHEN 1=1 THEN 1 ELSE ST_PointFromGeoHash(USER(),1)) /3
2
3
39
There is no out of scope for APTs
What's your unpopular cybersecurity opinion that gets a reaction like this?
374
88
465
1
0
35
Well finished
@Hacker0x01
's new ctf done by great
@adamtlangley
, it was fun to participate once again!
3
2
35
Just had amazing month on
@SynackRedTeam
got almost 20k in rewards, it's really good opportunity to be in there.
1
0
36
Remember
#BugBounty
is not easy money and 99% of these courses selling you already shared knowledge, do not fall on that traps.
This is your yearly reminder that ALL Udemy Bug Bounty courses are a waste of money.
The content you need is out there, completely for free.
Don't believe me?
Here is a list of the best Bug Bounty Ressources out there
🧵👇
#bugbountytips
#BugBounty
105
540
2K
1
5
35
Only thing I'm against when these people are not experts still getting lots of followers and selling these copy paste courses and many beginners sadly following them.
1
2
34
I earned $800 for my submission on
@bugcrowd
#ItTakesACrowd
, yet another subdomain hijacking :).
2
3
33
Ancak yazılımcı kardeşlerimiz daha güvenli ve stabil bir algoritma oluşturmak yerine, en iyi ekipmanı almalıyım en iyisi olmalı ki benim işim en iyisi olsun mantığındalar bu kafalar değişmediği sürece işler zor.
1
0
33
Yes, please reinvent SQL injections
1
1
35
What I'm trying to say, just keep thinking out of the box and believe in yourself. Do not rely on automated scans, do not run default configurations and create your own methodology. This will lead you to find more valid vulns.
3
1
33
I earned $1,800 for my submission on
@bugcrowd
#ItTakesACrowd
, yet another subdomain hijacking related with my previous tweet :). It was really fun case to track of.
2
1
34
I noticed recently I'm finding more account takeover and authentication bypass issues with altering responses sent by application, sadly it looks like many devs relying client side validations.
#bugbountytip
2
4
32
Of course this is case for parameters that had integer values, for strings you can try to concatenate like value is ABCD change it to ABC'+'D.
Most DBMS is supporting concatenate like this and it makes testing much easier.
1
2
32
Also shout out to all these mad lads helped me on the journey
@bugraeskici
@Hxzeroone
@bsysop
@sw33tLie
@codecancare
@restr1ct3d
@HusseiN98D
@dogwhohacks
and many others whom I missed!
9
0
33
Yazılımı geliştiren arkadaşı OSINT ile bulduğumuzda ise kendisi ne yazık ki "Junior" tabir edebileceğimiz birisi değil bu sektöre yıllarını vermiş biriydi.
2
0
31
The feeling of receiving callback on Out-of-Band RCE is priceless.
2
0
30