Thái Vũ @thaivd98 X Profile

Thái Vũ

@thaivd98

Followers

3K

Following

10K

Media

76

Statuses

3K

https://t.co/5GzbE6CJ58

Joined June 2017

Don't wanna be here? Send us removal request.

Thái Vũ

@thaivd98

5 years

Hey everyone! I have written a blog about Some ways to find more IDOR in bug bounty/pentest. This is my first blog about bug bounty. https://t.co/Hncfj2KIIk Happy reading and happy hacking! #bugbounty #bugbountytips

16521092.medium.com

Hello friend!

20

307

710

sebsrt

@s3bsrt

9 days

I’ve been digging into HTTP Trailers and found some new smuggling techniques: https://t.co/gpaIiYkSHs

sebsrt.xyz

Trailing Danger: exploring HTTP Trailer parsing discrepancies

4

102

401

Hazem

@H4cktus

1 month

What Can You Do With a Leaked Cognito Identity Pool ID? https://t.co/9RvSssukCo #infosec #cybersec #BugBounty #bugbountytips

hacktus.tech

Discover risks of leaked AWS Cognito Identity Pool IDs and misconfigured IAM policies causing severe security vulnerabilities

0

7

53

Youssef Sammouda (sam0)

@samm0uda

1 month

Datr cookie theft and AI leading to Facebook account takeover ($24,000) https://t.co/n2MVZKxDBg Two-click Facebook account takeover via FXAuth ($30,000) https://t.co/MtuvFzGRsS Self-XSS in Facebook payments flow leads to account takeovers ($62,500) https://t.co/D7qXu1Avim

17

141

946

shubs

@infosec_au

1 month

@assetnote @SLCyberSec My work on the novel SSRF technique that landed a critical payout at a Live Hacking Event:

slcyber.io

It's difficult to show impact for Server-Side Request Forgery (SSRF) vulnerabilities when you cannot see the full HTTP response. Our research team details a novel technique that allowed for us to...

2

44

182

Thái Vũ

@thaivd98

2 months

My bug bounty recap 2025: - Top 7 Highest Reputation, top 7 Highest Critical Reputation on @Hacker0x01 🪲 - Top 1 on Vietnam Leaderboard H1 - Memorable Prague LHE with 🇻🇳 AWC team and had new great friends 🇪🇸🌎🕺 - First LHE in Singapore - @flysec_corp organized First Flysec LHE

6

0

103

Flysec Corp

@flysec_corp

2 months

Calling all 🇻🇳 BUG BOUNTY HUNTERS to participate in 🔥 VIETNAM LHE WARM UP 2026 – HACKERONE 🔥 🗓️Schedule: - 05/01/2026: Kickoff - 10/01/2026: Sharing & Collaboration - 24/01/2026: Closing Ceremony & "Show & Tell" Register: https://t.co/WGPOLiuo8Y Contact: @LamScun @haxor31337

1

7

25

Thái Vũ

@thaivd98

3 months

Excited to finally crossed the 30,000 reputation points mark on @HackerOne ! Sleepless nights pay off 😁#TogetherWeHitHarder

10

0

156

Thái Vũ

@thaivd98

3 months

Yay, I just submitted the 3000th report on @Hacker0x01! 🤪 #TogetherWeHitHarder

4

1

135

Valentino Massaro

@valent1nee

3 months

I'm really excited to share my first research article related to hacking Google Gemini! https://t.co/e7GcJuGLCb #bugSWAT #GoogleVRP

9

103

486

N0xi0us

@_N0xi0us_

4 months

Yesterday we received a warm welcome at @flysec_corp offices . From AWC rivals to friends . 🇻🇳🤝🇪🇸

2

91

hipotermia

@hipotermia

5 months

Thanks to everyone who joined us at the @Hacker0x01 Brand Ambassadors Speed Show&Tell in Madrid, and special thanks to all who presented! 💕

6

11

126

Thái Vũ

@thaivd98

6 months

Hacking and chilling with Flysec 🔥🔥🤓more to come 🙌

Flysec Corp

@flysec_corp

6 months

The first-ever "Flysec Hack Trip" #FSHT49, has ended, and what an incredible 10 days it was! This #FSHT49 was just for Flysec members only and our members embarked on a journey to the beautiful city of Da Lat, Vietnam where they combined their passion for hacking with the serene

3

0

21

zere

@j_zere

6 months

Just published my first blog post "Cache Deception + CSPT: Turning Non Impactful Findings into Account Takeover" You can read the full write-up here: https://t.co/pfLArv8zUu

zere.es

Recently, while auditing the main application of a private bug bounty program, I discovered a Client-Side Path Traversal (CSPT) and a Cache Deception vulnerability. Individually, these issues were...

26

141

588

James Kettle

@albinowax

7 months

The whitepaper is live! Learn how to win the HTTP desync endgame... and why HTTP/1.1 needs to die:

http1mustdie.com

Upstream HTTP/1.1 is inherently insecure, and routinely exposes millions of websites to hostile takeover. Join the mission to kill HTTP/1.1 now

19

241

752

Thái Vũ

@thaivd98

7 months

Hey @grok, based on your analysis of the last 365 days, list in sequence 10 accounts that frequently visit my profile. Do not mention the person, only @.username and the rate of visits to the profile per month.

4

0

4

Moblig

@moblig_

7 months

@ayadim_ @Bugcrowd Check out this thread: https://t.co/O3ZxcVYM8F

linkedin.com

I’m releasing 1000+ payloads for AI Red Teamers in alignment with the OWASP AI Testing Guide (AITG) project. Each AITG-APP-XX.yaml defines a targeted test case focused on key risk areas like prompt...

1

11

56

Thái Vũ

@thaivd98

8 months

Q2 was a blast for me! Somehow reached Top 5 in @Hacker0x01 Leaderboard 🤪 Reached Top 5 in Highest Critical Reputation 🪲 Reached Top 3 in Web Application Asset Types 😁 Worked & played hard with my teammate @flysec_corp ❤️‍🔥 Let's see how it goes in Q3! 🤓 #TogetherWeHitHarder

11

2

93

James Kettle

@albinowax

8 months

"Funky chunks: abusing ambiguous chunk line terminators for request smuggling" - quality research by @__w4ke! Also thankfully it doesn't overlap with my upcoming presentation 😅 https://t.co/FG91EzTdO1

w4ke.info

Jeppe’s place.

1

45

204

Thái Vũ

@thaivd98

10 months

Yay, I was awarded a $0 bounty on @Hacker0x01! #TogetherWeHitHarder 😂😅🥹😭

14

3

141

Md Ismail Šojal 🕷️

@0x0SojalSec

10 months

Use NextJS? Recon Tip by renniepak A quick way to find "all" paths for Next.js websites: DevTools->Console console.log(__BUILD_MANIFEST.sortedPages) javascript:console.log(__BUILD_MANIFEST.sortedPages.join('\n')); #infosec #cybersec #bugbountytips

6

254

1K