elSec
@adrielsec
Followers
4K
Following
236
Media
212
Statuses
6K
PGP: https://t.co/AKC6cJ3Bbk
nolocation.onion
Joined August 2009
Once it’s marked as resolved, I’ll drop the $$ details. Private program, no invite yet since it was reported straight to the company and later claimed on @Bugcrowd. Can’t share more for now. #BugBounty #bugbountytips #bugbountytip
1
2
99
Yay, I was awarded a $750 bounty on @Hacker0x01 ! YES, I'm also starting to hunt in H1 🧑💻 #TogetherWeHitHarder #BugBounty
6
3
192
1
0
3
Validated! Improper Authorization, escalated to ATO (account takeover) and then mass user data exposure via /api/user, concluding a Critical Severity 9.1. Ty @intigriti
#bugbounty #bugbountytips #bugbountytip
8
7
139
hardcoded credentials in javascript file xxxxxxx/static/js/main.xxxxx.chunk.js 🗣️ dp #bugbounty #bugbountytips #bugbountytip
10
13
213
Amanhã as 19:30 no discord da pirateship! @c4ng4c3ir0 🤝🏻 @Mariobrowww 🤝🏻 @stux_rs 🤝🏻 @ofjaaah 🤝🏻 @adrielsec Link no comentário abaixo.
5
4
32
It’s almost 2026 and this crap is still out in the open… DAMN!! #BugBounty #bugbountytips #bugbountytip
5
9
125
"we take your privacy and security very seriously" BULLSHIT! HAHAHAAAHAH
'123456' password exposed info for 64 million McDonald’s job applicants - @LawrenceAbrams
https://t.co/e8jd1QSAg8
https://t.co/e8jd1QSAg8
1
0
2
🕷️ 100 Web App Exploit Ideas for Bug Bounty Hunters 💥 IDOR on user profile update IDOR via email enumeration IDOR on subscription APIs Broken object-level authorization in API Reflected XSS in search bar Stored XSS in comments DOM-based XSS in JS-heavy pages Open
1
55
233
I think @Burp_Suite pro version is one of the most powerful content discovery engine's on the market to date for a very simple reason It can do both content and directory brute forcing ... recursively :o I know not everyone can fork out the subscription fee though :3 so I made
12
42
272
GitHub: https://t.co/LP95GynNGa Read the 🧵 and decide whether the tool makes sense for you 👇🏻
github.com
unleashed ffuf. Contribute to sw33tLie/uff development by creating an account on GitHub.
I've recently put more work into my ffuf fork, uff, and I think every ffuf user should at least give it a try - and maybe even switch to it. Here's why, in a #bugbounty 🧵
0
2
19
RCE in March, IDOR now in May. Bounties are coming in through study, method, and patience. Grateful to @crd0x49 for the content that accelerated my journey, and to @adrielsec for the steady support throughout. Let’s keep going! 💻
0
2
32
Macbook Air M2, Bateria 100%, 16GB de RAM e 256GB de SSD. R$6.5k leva embora, chama direct ✌️
1
0
8
🚨ID in the URL, parameter in the body is another account data change report, I typed the text of another subsequent report here, it must be sleep 🤣 I'm not going to delete the post, it'll be in context for the next one, which is on the body.
1
0
4
ATO via ResetPasswd Critical passwd reset flaw: after requesting a reset, I intercepted the POST with Burp and changed the parameter ID in the request body. I was able to reset another user's password without prior auth. Any user ID worked ✅ #bugbounty #bugbountytip #intigriti
6
5
163