chivato
@SecGus
Followers
5K
Following
3K
Media
242
Statuses
3K
full-time bug bounty hunter
Lisbon, Portugal
Joined April 2015
Yay, I was awarded a $18,000 bounty on @Hacker0x01! Don’t normally post these, but proud of this one ☝️ #TogetherWeHitHarder
14
6
330
Vibe coding is crazy man. Met a 12yr old making $600k a month with his vibe-coded SaaS he started 4 months ago. I asked how he built so fast. He said he just made a design-doc in GPT and fed it to Cursor with Sonnet-4 and it worked first try. His goal is to get to $2M a month
671
680
17K
Madrid: el jueves 11 de septiembre por la tarde organizamos un "Speed Show & Tell", abierto a quien quiera presentar. Plazas limitadas, toda la info y registro aquí 👉
0
8
32
MODERATOR: Are you willing to commit to NOT raise the sales tax? MIKIE SHERRILL: I'm not going to commit to anything right now. On Nov. 4, vote NO on Mikie Sherrill. ❌
43
113
397
The security research community in Europe and the Middle East just got even stronger. Say hello to these new HackerOne Brand Ambassadors: 🇦🇿 @AzeriumD34132 (Azerbaijan—new club!) 🇧🇪 @dropn0w & @hgreal1 (Belgium—new club!) 🇩🇰 @mthirup (Denmark—new club!) 🇮🇹 @Al7eX91 &
8
12
81
That's a wrap for H1-6102, it was a pleasure meeting all the new faces (@bsysop @monkehack etc). Thanks to @salesforce & @Hacker0x01 for an amazing event out it Sydney!
3
2
71
We won the H1 Ambassadors World Cup again! 🇪🇸 🧵A thread about our journey during the finals, the experience in Dubai, and a quick trip to Oman ⬇️
14
16
256
THE FULL DOCUMENTARY: Louis Theroux’s “The Settlers” (2025) Essential Viewing! Modern Israel’s foundation exposed - Settlers from around the globe seizing land, pushing an expansionist agenda that still drives unrest today.
150
5K
12K
the og bb scam
In 2015, Google accidentally listed its domain for sale. A former employee noticed and snatched it up for just $12. Google had no choice but to meet his demands. What did he ask for? Not $100,000. Not $100 million. Here’s what he actually requested:
0
0
4
marketing team needs a raise
☘️ Ever tried to 'Split the B'? Neither had we—until now! Happy St. Patrick's Day from the PortSwigger team! Watch as some of the team tries to master this techy twist on a well-loved tradition. Sláinte! 🍻 (Non-alcoholic beer was used in the making of this video.)
0
0
3
Guess who this was? I was talking about my great friend chivato aka @SecGus 😁
4
2
41
After observing the 1.5 Billion ByBit hack yesterday. Myself and @sammyaudits decided to dive deeper into all the bug bounties on top 10 centralized exchanges. What I've found is SHOCKING and Scary. Let's go through each one in the thread and callout the terrible and good
26
85
523
If anyone has a bypass requests with CSRF tokens on https://t.co/F8NgglY3bM I have an XSS going, 50/50 split
0
0
5
fans
1
0
4
"We take the security of our customers’ data very seriously." "At this stage we do not provide monetary benefit for bugs that are reported." 🤡
0
0
10