sw33tLie
@sw33tLie
Followers
10K
Following
5K
Media
201
Statuses
2K
Web application hacker, 24yo. Top 30 @ https://t.co/wX0yr85Tzk https://t.co/ZI7a8oJJcQ https://t.co/LGYK7tMOGo
Lisbon - From 🇮🇹
Joined February 2019
Huge news! Our research just ranked #3 in @PortSwigger’s Top Web Hacking Techniques of the Year! 🎉. Biggest lesson: ever assume something isn’t exploitable—test it. Smuggling attacks are far from dead!. Massive thanks to my research partners @bsysop & @_medusa_1_ 🙌. #bugbounty
The results are in! We're proud to announce the Top ten web hacking techniques of 2024!
7
7
129
RT @albinowax: Sometimes people think they've found HTTP request smuggling, when they're actually just observing HTTP keep-alive or pipeli….
portswigger.net
Sometimes people think they've found HTTP request smuggling, when they're actually just observing HTTP keep-alive or pipelining. This is usually a false positive, but sometimes there's actually a real
0
21
0
To anyone working on desyncs here's my honest take after months of research on the topic: . good luck. #bugbounty.
9
4
105
Pro tip: You can view any past period by changing the end of the URL. For example this is march 2025:
bugcrowd.com
Bugcrowd's bug bounty and vulnerability disclosure platform connects the global security researcher community with your business. Crowdsourced security testing, a better approach! Run your bug bounty...
0
0
8
The new @Bugcrowd leaderboard is out! You can now see up to 100 top hackers and filter by country 👀 #BugBounty
2
3
43
vibe security is here.
We just shipped automated security reviews in Claude Code. Catch vulnerabilities before they ship with two new features:. - /security-review slash command for ad-hoc security reviews.- GitHub Actions integration for automatic reviews on every PR
1
0
19
Super glad to have collaborated on @albinowax’s research this year with @bsysop and @_medusa_1_. Funny enough, it all started with a random Slack DM that revealed a potential research collision with James, and things took off from there.
The whitepaper is live! Learn how to win the HTTP desync endgame. and why HTTP/1.1 needs to die:
8
6
112
You may want to check this out 👀.
TOOL RELEASE🔥🚀. Clear reports and good communication with the teams can make the difference in the outcome of your report, including the final bounty/bonus. To assist you in the reporting and communication, here is CrowdAssist ✨. @Bugcrowd compatible. 🧵👇. #BugBounty #AI
1
0
14
I won a thing 👀. Thank you to everyone who voted for me 🫶.
Kicking off the 2025 Bugcrowd Ingenuity Awards with our Community Leader of the Year, sw33tLie! ✨🤝. From mentoring new hackers to building lifelong connections, sw33tLie is the SUPERglue that keeps the Crowd thriving. 🦸♂️ Empathy, curiosity, leadership–this award says it all.
6
1
80
doesn't work anymore on Google but still works on with the same dork lol.
bing.com
Rising like a stone hymn in the heart of Kutná Hor
So, since the cat is out, apparently your shared ChatGPT chats aren’t as ”privat” as one would think:. Google dork:.Site:chatgpt. (.)com/share intext:loot. And Wayback has 10k+ links, web.archive(.)org/web/*/chatgpt.com/share/*. Time to crape and grep for loot. Edited since.
1
0
13
RT @albinowax: It's easy to bash vulnerabilities with logos but. I couldn't resist, say hello to :).
http1mustdie.com
Upstream HTTP/1.1 is inherently insecure, and routinely exposes millions of websites to hostile takeover. Join the mission to kill HTTP/1.1 now
0
89
0
This year’s lineup of talks at Bug Bounty Village looks amazing, so I just had to support it :)
PRE-ORDERS ARE LIVE! Grab your exclusive badge now and help support the village! We expect these to sell out. Pre-order online at Pickup only. No shipping. #BadgeLife #BugBounty #DEFCON33
2
2
36
Yes, I know. the lab hints at the vuln type, and the models are likely trained on PortSwigger solutions. But here’s the thing: I tested it on real bug bounty reports, too. And it works quite well. Better than you may expect :).
1
0
17
Many don’t realize they already have a powerful, fully autonomous, free hackbot on their computer. If you’re using Cursor, you’ve got it. Here's Cursor solving a @PortSwigger webacademy SQL injection lab! #bugbounty
15
30
257
this bug is kinda embarrassing in 2025 tbh.
🚨 CVE-2025-5777 - critical 🚨. Citrix NetScaler Memory Disclosure - CitrixBleed 2. > Insufficient input validation leading to memory overread on the NetScaler Management . 👾 @pdnuclei #NucleiTemplates #cve.
2
0
26
this is much closer than I expected 🧐.
Do you think autonomous hackbots will significantly reduce your #bugbounty income within the next 5 years?.
1
0
5
Do you think autonomous hackbots will significantly reduce your #bugbounty income within the next 5 years?.
10
4
39