Harsh Jaiswal
@rootxharsh
Followers
22K
Following
5K
Media
171
Statuses
3K
Building @hacktronai | researching at @httpvoid0x2f | auditing at @cure53berlin | prev @zomato @vimeo @pdiscoveryio
Joined April 2015
Here’s our Apple RCE writeup!
I and @rootxharsh found and exploited a 0Day RCE in Apple's Travel Portal and were rewarded with $50K. Here's the write-up for that: https://t.co/zMpw2QOEvP
13
73
485
Always been fan of learning things on-demand. In context of security there’s so many concepts I didn’t know until I had to workaround/hack those.
Andrej Karpathy says you should learn AI depthwise, not breadthwise. Most education is breadthwise: watch lectures, memorize formulas, and trust you'll need it later. Karpathy flips this by learning "depthwise, on demand." What this means: Pick a project, start building, and
0
1
9
With the speed @S1r1u5_ is pwning these new browers, I do not think there should be any new browser coming from orgs who do not have heavily invested in browser development. I know this are just chromium forks. But people should be very careful using those for day to day
0
0
57
A few months ago, @rootxharsh and I gave a talk, sharing the slides here in case they’re helpful to anyone.
4
44
312
We’ve been doing a lot of AI enablement work lately at @ThisDotLabs, and it’s been amazing to see how quickly organizations are adapting. In one recent engagement, a follow-up survey showed that daily AI tool usage grew from 33% to 100%, and the share of people who felt
6
7
36
Hack so big that even @HacktronAI is affected. We use a service that use the affected backend.
3
3
59
The watchTowr Labs team is back, providing our full analysis of the Oracle E-Business Suite Pre-Auth RCE exploit chain (CVE-2025-61882). Enjoy with us (or cry, your choice..) https://t.co/ffDKb723N6
labs.watchtowr.com
We bet you thought you’d be allowed to sit there, breathe, and savour the few moments of peace you’d earned after a painful week in cyber security. Obviously, you were horribly wrong, and you need to...
5
137
384
Found an RCE in Google Web Designer :) Very similar to the CSS Injection to RCE found by Bálint Magyar. https://t.co/BpOJ4sfvNx
sudistark.github.io
Technical breakdown of a Remote Code Execution vulnerability in Google Web Designer via a malicious Video Ad Template abusing the NinjaShell API.
18
97
447
Hacktron co-founder Zayne posted on socials a few weeks ago go that their automated offensive security company needed a modern logo. We did our thing 🗣️
14
6
109
The opinion is inherently flawed. CTFs are great to develop problem solving, grinding, finding niche solutions of a particular problem. Which btw is one of the skill a good employer would look out for. Personally, Im from bug bounty background but anyone saying CTFs are time
Stop wasting time on CTF challenges. Learn Docker security, EDR evasion, network segmentation, SAML/OAuth flows, WAF configuration, and how to debug production incidents. You'll be 10x more hireable than someone who rooted 500 vulnerable VMs.
3
7
62
@S1r1u5_ @gumroad @HacktronAI @rootxharsh Interesting stuff! Love the way your team is building in public and sharing more than just marketing.
4
3
31
No Secrets. Just the Truth About Your Data. At deleteme we reveal everything the internet knows about you — the good, the bad, and the hidden. From social media traces to dark web leaks — nothing stays secret. See your full digital footprint and take back control of your
0
3
0
Securing @gumroad with Hacktron AI Three months ago, Hacktron was still early. @HacktronAI and @rootxharsh were finding 0-days targeting specific vulnerabilities on OSS software. Then we ran a full pentest-style scan on a big open-source project. The results were insane. 🧵
5
19
202
Whilst most companies launch with buzzwords. @HacktronAI launches with bugs. Co-founders Zayne, Mohan and Harsh present Hacktron: their first AI-powered pentest. Hacktron’s tagline is PoC || GTFO, anything else would be noise. Full intro and pentest report in link below.
5
11
69
How do devs use postman or like for testing/qa? Burp go brr brr.
0
0
1
Using an LLM as your *only* social life advisor? you’re just building an echo chamber with a better vocabulary than you.
0
0
4
!!! GET WELL QUICKLY SENATOR JOHN FETTERMEN AND REMEMBER JESUS LOVES YOU !!!
3
6
127
Last year I found a XSS bug in Google IDX here's a detail writeup about it. Hope you will enjoy it's kinda lengthy :p Shoutouts to @MtnBer for finding the original bug in Gitlab and @kl_sree @sivaneshashok for the required chains to complete the exploit. https://t.co/L3e5rCrUuy
sudistark.github.io
Technical breakdown of an XSS vulnerability in Google IDX Workstation.
12
86
366
Hacktron is the first company to be backed by @ProjectEurope_, and we're incredibly excited to be part of the it's cohort. From the day we met the Project Europe and @20vcFund team, we knew that they were the kind of people we wanted on our side. We had an oversubscribed
5
7
103