newfolder @newfolderj Twitter Profile | Xstalk

newfolder

@newfolderj

Muslim Security Student -- NOT from OXFORD | HARVARD | MIT | IIT | IBA | NUST | LUMS | FAST | UET

151Posts 1KFollowers 232Following

Similar User

@zhenwarx

@moe1n1

@0xAwali

@lu3ky13

@ashketchum_16

@alp0x01

@haxor31337

@nihad_rekany

@PrettyRecon

@mamunwhh

@sheikhrishad0

$I¯\_(ツ)_/¯I \ (•◡•) / photo$

@BountyOverflow

@AkashHamal0x01

@CyCatz_Official

@3ncryptSaan

Pinned

newfolder

22 Nov 2022

None => Critical (10/10) Second Order Account Takeover : (attacker's VERIFIED email attached to attacker's UNVERIFIED email merged can takeover vicitm's VERIFIED account) H1 : Closing as Self Account Takeover (none). Me : Should I Takeover your Account? H1 : Sure! Me : BOOOM

Tweet Image 1

newfolder

4 May 2023

Just submitted my first Smart Contract Bug to the DeFi Protocol, big thanks to Owen, @pashovkrum & @gogotheauditor for their public audits.

newfolder

18 Nov 2022

Started testing program of 2017, out of 200 subdomains I chose the main app (which I always do) as it communicate with current API . After 2 days of testing after office for 3 hours a day, I was able to find 5 Crtx, 3 High, 8 mediums. All were related to API's I shared before

newfolder

15 Oct 2022

P1 in 1 minute for 4*$: user can invite members with “org-member” role only tried “org-xyz” = 400 Read JS files: tried “org-super-admin” & “org-owner” = 401 Bypassed: “org-owner<space>“ = 200 BOOOM

newfolder

2 Oct 2022

API Leaked all Users Secrets: /v1/org/users=403 /v1/org/admin/users=401 /v1.1/org/admin_id/users=200 (blank response) /v1.1/org/admin_id/users?FUZZ=FUZZ /v1.1/org/admin_id/users?Withrole=true 401(body unauthorised) /v1.1/org/admin_id/users?With[mail,credit_card,apikey]=true BOOM

newfolder

3 Jun 2022

Thounsand org users leaked /api/org/123 => leaked ORG_NAME only /api/org/123/* => 403 /api/org/123/users =>403 /api/org/ORG_NAME/users =>403 /api/org/@org_name/users => 500 /api/org/@org_name/users/attributes => blank response /api/org/@org_name/users/attributes/email => BOOOM

newfolder

17 Apr 2022

Organisation Users Complete Data leaked: /api/users => 403 /api/users/all => 403 (json) /api/users/all/name,email,data => 404 /api/users/all?FUZZ=FUZZ /api/users/all?fields=name => 200 ( LOW ) only name was queryable /api/users/all?access=all => BOOOM (email, credit_card etc)

newfolder

1 Mar 2022

In February what ever I submitted was loss, I have been removed from my University Final Year Project due to low maintenance of Credit Hours of our so called reputed HEC bcz I was busy with bounties. So far I would ( maybe ) repeat one more semester of degree👏.

newfolder

6 Jan 2022

Quick Account Takeover in a minute: Auth Implementation: After signup ,user change email to unsigned user, session refreshes ,email changed/confirmed to unsigned user. change to victim@x.com =>user exists change to "victim@x.com<SPACE>" or %20 =>200 ok victim id got 2 passwords

newfolder

2 Jan 2022

Able to access Million+ emails $: API Implementation: /organization/:id => only org name shown /organization/:id/users => 403 typical response /organization/:id/users?get=newfolder => 403 with response & error msg (auth) /organization/:id/users?get=users::metadata => BOOM

Tweet Image 1

Tweet Image 2

newfolder

24 Nov 2021

( chained "blocked user + Region based Authentication + Pass Reset Flaw to SECOND ORDER ATO") And Triager thought "Attacker would need access to victim's gmail account to perform Second Order Account Takeover." haha Closed N/A Reopened Critical 10 writeup coming Inshallah

Tweet Image 1

newfolder

6 Oct 2021

Alhamdullilah, I was awarded 4x$ bounty. Single API call could leak 1MILLION+ users private data I use these %03 %08 %10 %83 etc when I get 403 along with "403 in Api response". means we are beyond WAF but some regex/restrictions/auth-checks are stopping us to get Users data.

Tweet Image 1

Tweet Image 2

Tweet Image 3

Cyber_Security_Re-searcher || 0SINT || Digital Forensics System Analysis / incident Response II Pwn || @GHOST_3xP10iT || 0ld Accounts Suspended @0xSojalSec ||

Md Ismail Šojal

@0x0SojalSec

Alchemist ✨🧙‍♂️
Energy Master ✨
hacker 🌟 bugbounty hunter ✨
ptsd survivor ✨
Man of Faith 🌟

Akita ZeN 🇦🇷

@akita_zen

Building https://t.co/OrTb8I3xXe in Mornings, Nights at HackerOne (https://t.co/fn357xbB8E)

encodedguy - jsmon.sh

@3nc0d3dGuY

An ABAPer and a part time bug hunter :}

Moin Khan

@KuttaPaak

He4am

@h34am25656

Big Gem

@BigGemhacker

Hey there! Unfortunately, this was submitted previously by another researcher, but we appreciate your work and look forward to additional reports from you.

Khaled Samy

@khaleedsamy12

badmash jatt

@badmash1337

Penetration Tester | Bug Hunter | eWPTXv2 | top 2% ww on TryHackMe

Soliman

@solimanalmansor

Shahisnuta Nhemhafuki

@Shahisnuta45343

Shahisnuta Nhemhafuki

@ShahisnutaNhem2

S1ren Head 🇵🇸

@S1renHead_

JessicaBernal

@182paZnI6bDeG

Guardian of Bits and Bytes

Snoopi Genie

@SnoopiGenie

‏‏اللي ساسه طيب ماتغيره الظروف
والكفو كفو لو الزمن هد حيله.!!

abdurhman 💻 ( ;

@0xBawzier

RosyRose

@RosyRoseFz

⌛️

@ams_ghimire

Hulu Thida

@HuluThida37734

Shivam Patel

@ShivamPate20006

Aditya Yadav

@AdityaYada24080

Ethical Hacker | Penetration Tester | SRT Member | Yogosha | CTF Player | CNSP | CAPen

Nasur Ullah

@Spy0x7

عبدٌ يرجو النجاة

محمود

@ebn_salah

Klm

@erm_lyi

Discord: https://t.co/OvqTP8M003

Authoritarian Nation {"Follows Back!"}

@anantions

╪ͥ͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋╪ͥ͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏

╪ͥ͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͋͋͋͋͋

@eightninetenjq

Cybersecurity researchers and learner ✨

skypat

@skypat2

shahriarantorr

@1ncognitox_

Aman

@0x2374

Bug Hunter |
YouTube ( BugBounty POC's): https://t.co/fhIw5Aq1LJ…

0xSudip

@0xsudip

Security Engineer @Hellofresh
Married to Urwat Kalhoro

amin bohio

@amin_bohio

Freelance Full stack web & mobile developer | MERN stack | React Native | Flutter | React | Nextjs | Nodejs | Appwrite | Firebase

Ali Yar Khan

@Mr_Programmer14

Osman Fatih Ulusoy

@fulusoy97

Hi,I am a Freelance Web Pentester
self-taught since 2013.
In the future
I plan to take Certified CEH,,

My Beloved Cousin,Born at 2002

Hibban Cilacap - #MWIKebarongan2010

@zahidclp95

$9483q7R

@enigmaGlow

Abdelrahman Magdy

@abder_aahman

Cybersec. & Audit VP, Global CISO, Global Head MSS, Prof. Speaker, TV appearance, Top 10 UK security personality 2010, Compliance guru, AI, Followback Security.

Dr Gerhard Knecht, PhD

@GerhardKnecht

soXop

@saw_mj

Cybersecurity Consaltant | bug hunter

Kareem Alsadeq

@AlsadeqKareem

Subham Gaikwad

@subham_gai39571

r4inb0w-li0n

@anhdq201

Passionate Offensive Cybersecurity Enthusiast 🌐 | Bug Hunter 🐜 | Web Application Security | Network Pentesting | Python | THM TOP 1% | CTFs | Web Developer

spidy_idc

@1337Spidy

Cyber security enthusiast | Bug Bounty Hunting 🐞 | grep knowledge

Harshil

@0x_hollow

sarfaraz moin

@sarfarazmoin1

Rohit

@4RohitChaudhary

I am a nurse | cyber security researcher | bug bounty hunter | ethical hacker

LeBron

@LeBroncash

OSCP | Security Researcher | Web App & Network Pen tester | bug bounty Hunter |

Kiran Kumar

@Kiran_Death

A dreamy homo sapien.

Microhunter

@M1cr0hunt3r

Muhammad Imran

@imran_here4

ばぶにゃー

@432nourage

white_Rose

@JohnPau88931478

Mr.MK

@MrTmkumaran

Cyber Security & Programming
My YouTube: https://t.co/IjZAADcKdU
My Github: https://t.co/BqTX7bh1jd
My Farsi account: @ali_khalkhali1

Ali khalkhali

@ali_khalkhali0

Gamer 🎮 | Future Network Engineer

Jay Stan

@bars2bytes

Cofounder @hackinghub_io | Advisor @CaidoIO. I hack companies and make content about it. #NahamCon organizer. ex @hacker0x01🇮🇷

Ben Sadeghipour

@NahamSec

Bug bounty & VDP platform trusted by the world’s largest organisations! 🌍

Intigriti

@intigriti

Hack the Planet

H4x0r.DZ

@h4x0r_dz

MS Cyber 🇬🇧 | Work @BforeAI | @Bugcrowd Top 100 | Bug Bounty Trainer | Keynote Speaker | Professional Biker | @kong_sec 🇮🇳 | Own Views ≠ Employment

Aditya Shende

@ADITYASHENDE17

The leading provider of crowdsourced cybersecurity solutions purpose-built to secure the digitally connected world...Unleash Ingenuity™

bugcrowd

@Bugcrowd

Entrepreneur, Hacker 🇱🇧🇨🇮

@WebImmunify
23th/270000 BugCrowd Hacking Platform

Hussein Daher

@HusseiN98D

Largest InfoSec publication with 40k+ followers and 1M+ monthly views.

InfoSec Community

@InfoSecComm

the promptfather. christian. hacker. hobby jogger. principal ai engineer.

Joseph Thacker

@rez0__

Pentester | Bug Bounty Hunter | AI Red Team

Mike Takahashi

@TakSec

CEO, CISO, Trainer, Hacker, and Speaker.

@arcanuminfosec

AI + hacking + sec leadership.

ex:BuddoBot-Ubisoft-Bugcrowd-Fortify-HP-Redspin-Citrix.

Jason Haddix

@Jhaddix

Hacker, bug bounty hunter. Run a blog to better explain web application security.

Sam Curry

@samwcyo

#1 Amazon Security Researcher — https://t.co/oBCN9QjYlM

zseano

@zseano

Follower of Jesus | I hack stuff (legally) | Co-founder @boringmattress

Corben Leo

@hacker_

Tweet about Bug Bounty, Recon, Recon Tips and Attack Surface. Improve you Recon skills and find your first Bug 💪

ReconOne

@ReconOne_bk

Security Researcher

Ali Tütüncü

@alicanact60

Freelancer | Full-time #BugBounty | @Hacker0x01 H1-Elite | $1,500,000 Overall Bounties | ❤️ IDA Pro | Mobile Hacker

Julien | MrTuxracer 🇪🇺

@MrTuxracer

Co-founder, security researcher. Building an attack surface management platform, @assetnote

shubs

@infosec_au

Grzegorz Niedziela - a hacker who documents his hacking journey by creating and curating the best content about bug bounty and offensive security.

Bug Bounty Reports Explained

@gregxsunday

Dr, apparently. API Sec @traceableai, Lecturer & Hacker. #BugBounty hunter & #infosec YouTuber. APIs & Interlinked OffSec, PhD in AI+Sec @hacknotcrime. she/her

Katie Paxton-Fear

@InsiderPhD

HackerOne Top 20, Elite, Pentest Lead, Ambassador, MVH Title and Hacker Advisory Board • Digital Nomad • Aspiring Athlete.

Yassine Aboukir 🐐

@Yassineaboukir

vulnerability researcher;
pwn in public;

zhero

@zhero___

📃 Write-ups and Resources 🚀 related to Bug Bounty💲
#bugbounty #bugbountytips by @piyush_supiy 👨‍💻

𝕏 Bug Bounty Writeups 𝕏

@bountywriteups

Co-founder @truscova | Researcher at DFKI GmbH

Muhammad Hassan

@mdothassan

Roni Carta alias Lupin. Co-Founder of Lupin & Holmes. R&D. Red Teamer. Bug Hunter. Musician 🤘

Lupin

@0xLupin

Helping companies secure smart contracts and auditors get paid.

More than $1.5M+ rewarded to auditors.

Powered by @cyfrinAudits

Cyfrin CodeHawks

@CodeHawks

Microsoft for Startups Founders Hub removes barriers to building a company with free access to tech, coaching, and support you need to hit your next milestone.

Microsoft for Startups

@msft4startups

Resources | Resources | Resources

BBR - Bug Bounty Resources 🧵

@bbr_bug

🏆 Top 100 Ethical Hacker on @YesWeHack 🛡️
Synack Red Team
%3d, %26%2340%3b, ( <<%0a%0d%26lt%3B
$$ x=1 $$

Ahsan Shahid

@hunter0x8

Providing smart contract security audits.
Founder of @KeySecurityLtd

Reach out on Telegram https://t.co/hSoUTAeSOC

gkrastenov

@gkrastenov

Netlas.io

@Netlas_io

Web3’s Gamified Hiring Platform 🥷 Unlock Your Dream Job 4x Faster ⚡ Follow our intern @CalyptusCareers. Join the community: https://t.co/O7WEpvilM4

Calyptus

@calyptus_web3

Freelance whitehat. All things infosec.
Mostly hunting on Immunefi: https://t.co/duhUXSblzK

rootrescue

@rootedrescue

React Native Team

RNx ™ 🛡️

@auditx_eth

Securing web3 since 2020 | Over 250 audits conducted | Trusted by the largest protocols | Over 500 high risk findings | Lead auditor @bailsecurity

CharlesWang

@0xCharlesWang

Get Top 20 React & React Native News Weekly - 100% Free

🔺 80 News - 4 Mail /Month
🔺 Beginners 💛
🔺 @anis_RNCore - Trusted by Thousands, 1900-STAR Book

React20Bulletin 📨

@React20Bulletin

Independent Security Researcher | Smart Contract Auditor |
SR @SpearbitDAO | Top warden & lookout @code4rena

Akshay Srivastav

@akshaysrivastv

Lead Auditor for TrustSec || Web3 Security @RenascenceLabs || Lead Senior Watson @sherlockdefi 🎯

Book me through TrustSec 👉🏽 https://t.co/2qiSgdmqsh

HollaDieWaldfee

@HollaWaldfee100

Head of Trust Security, DM for booking |
Master of hand-to-hand audit combat |
C4/Immunefi/Sherlock VIP |
Hacked Embedded, IoT, iOS in past life

Trust

@trust__90

Marco Paladin

@paladin_marco

Full-time Smart Contract Security Researcher | Ex Cybersecurity expert in Web2

Todorov

@0xTodorov

Automated smart-contract auditing platform by @credshields

SolidityScan

@SolidityScan

Your long-term smart contract security partner | Founder of @HunterBlockSec

George Hunter

@GeorgeHNTR

Senior Watson @sherlockdefi | Helped secure ~$3 Billion TVL | https://t.co/qDPhH2ZBnM | https://t.co/kbiPdpKeLS

g

@gjaldon

Web3 Security Researcher & Co-Founder of @ZealynxSecurity
| https://t.co/M74HTI9HuO
| https://t.co/Y2cKfGF95q
| https://t.co/40zkcI7OTo

bloqarl

@TheBlockChainer

Founder: @TheSecureum, @TheTrustX
Researcher: @cantinaxyz @SpearbitDAO
Prev: PhD @PurdueCS

RajΞΞv

@0xRajeev

📡 Security @chain_risk |
🛡 Core Contributor @risk_layer |
🖥 Former auditor @QuillAudits_ai |
🔮 Interested in Tech & Science |

Sm4rty.xyz 𝕏

@Sm4rty_

Unapologetically Me.

@bytes032.xyz

@bytes032

blockchain dev & security
🏹🐛 @SpearbitDAO/@cantinaxyz
🖊️ blog @ https://t.co/fEaA2KTfnb
DM @cantinaxyz for audit

cmichel

@cmichelio

Triage @immunefi | Views are my own | Interested in Smart Contract Security | CTF's for @water_paddler/@thehackerscrew1 YT https://t.co/Qc6MuxtZw5

0xrudra

@0xrudrapratap

Hacker | Bug Hunter | Cooker | Top 3 P1 Warrior On https://t.co/dzFQH75OWj | https://t.co/TdLNCtmEGt | LevelUpX Champion | 10+ 0Days/CVEs

Godfather Orwa 🇯🇴

@GodfatherOrwa

Independent web3 security research

toastedsteaksandwich

@AshiqAmien

Secureum = Security + Ethereum
Founder: @0xRajeev
Discord: https://t.co/m9fMLfXhEU

SΞCURΞUM

@TheSecureum

Cybersecurity Engineer| Frontend Developer | Application Security Engineer | Red Teamer | Software Engineer |

Ishfaq Fariq

@ishfaq_fariq

Smart contract security audits @PashovAuditGrp
Angel investing @PashovCapital

pashov

@pashovkrum

Memes That Cause You Pain 💀 Powered by $REKT on Base 🔥 CA: 0x8972ab69d499b5537a31576725f0af8f67203d38

REKT

@rekt

Security Researcher at @xbow - Former @microsoft Activision Blizzard King - Bug Bounty Hunter https://t.co/l69MUUXLBA

djurado

@djurado9

Security Researcher | Lead Senior Watson @sherlockdefi | Zenith @code4rena

Adri

@0xadrii

Co-Founder @credshields | Building https://t.co/CQ9JKbgRwY
Ex Security Analyst @Hacker0x01 | @Derivdotcom | Team Lead @cobalt_io
Reach me out hi@shashank.co

Shashank | CredShields

@cyberboyIndia

Caido

@CaidoIO

Assetnote combines advanced reconnaissance and high-signal continuous security analysis to help enterprises gain insight and control of their evolving exposure.

Assetnote

@assetnote

webs3c is a community for web application security enthusiasts and professionals.

webs3c

@webs3c

#1 Hacker at BugCon LHE Mexico 2021 & 2022 | Top Ranked in H1 Mexico Leaderboard 2021, 2022, 2023 | Offensive Security Engineer | Tweets are my own

Moblig

@moblig_

Opinions are my own

d3fp4r4m

@defparam

You are the slave of your subconscious thought

Sahil Adeem

@SahilAdeem

Become a web3 developer today for free! ⚡️• Start your journey: https://t.co/OL7lVyhVZf 👩‍💻 | https://t.co/uI6kpLqzrP

LearnWeb3

@LearnWeb3IO

Application Security Engineer / bug bounty

Michael Blake

@Michael1026H1

Sharing the most interesting moments in history. History should not be censored

History Photographed

@HistoryInPics

X

@xh3n1

United States Trends

1. Kendrick 466 B posts
2. #AskShadow 15,6 B posts
3. $CUTO 7.104 posts
4. Luther 35,7 B posts
5. Daniel Jones 43,2 B posts
6. Drake 68,8 B posts
7. Wayne 47,8 B posts
8. Squabble Up 21,6 B posts
9. Kdot 5.371 posts
10. TV Off 28,8 B posts
11. MSNBC 167 B posts
12. Giants 74,9 B posts
13. Dodger Blue 10 B posts
14. Kenny 23 B posts
15. #TSTTPDSnowGlobe 4.892 posts
16. Reincarnated 27,6 B posts
17. Gloria 43,8 B posts
18. #AyoNicki 3.542 posts
19. NASA 66,9 B posts
20. One Mic 4.445 posts

Who to follow

Something went wrong.

Something went wrong.