Mehdi @silentgh00st Twitter Profile | Xstalk

Mehdi

@silentgh00st

🚀 Cofounder @ Bleetz - Future Digital Payment Solution 🥷Cyber Security Engineer 🔴 Synack Red Team Member 💻 Node.js enthusiast ... --------------- OSCP-CRTO

2KPosts 5KFollowers 1KFollowing

Similar User

@bxmbn

@GodfatherOrwa

@3nc0d3dGuY

@RahmatQurishi

@0x0_root

@ReconOne_bk

@Hammad7361

@Sin4Yeganeh

@TakSec

@gonzxph

@siratsami71

@bug_vs_me

@lu3ky13

@therceman

@FaIyaZz007

Pinned

Mehdi

26 Feb 2023

Here is short writeup on how I managed to access 200k+ of PII data by exploiting a simple vulnerability and accessing admin dashboard! 📌Thread📌 1. I created an account with a simple user and one endpoint caught my attention (it was /api/v1/session)

Tweet Image 1

Tweet Image 2

Mehdi

17 Oct

Hey @GoogleVRP @google ❌️🆘️🚨 Someone is exploiting your SMTP servers or maybe some vulnerabilites in the mailing functions, and sending random phishing emails from : mailer-daemon@googlemail.com the Mail Delivery Subsystem.. I have received 3 of them so far with a facebook…

Tweet Image 1

Tweet Image 2

Tweet Image 3

Tweet Image 4

Mehdi Reposted

Mehdi

9 Aug

Thrilled to release my latest research on Apache HTTP Server, revealing several architectural issues! blog.orange.tw/2024/08/confus… Highlights include: ⚡ Escaping from DocumentRoot to System Root ⚡ Bypassing built-in ACL/Auth with just a '?' ⚡ Turning XSS into RCE with legacy code…

Mehdi Reposted

Mehdi

1 Aug

I just Published - A Comprehensive Guide to Manually Hunting SQL Injection in MSSQL, MySQL, Oracle, and NoSQL (MongoDB) - nav1n0x.gitbook.io/a-guide-to-man… I tried to explain everything I could. Let me know your opinion and suggestions, if any. I will keep updating the article whenever I…

Tweet Image 1

Mehdi Reposted

Mehdi

8 May

Had an awesome time on the pod last week talking full-time bug bounties with @joaxcar Johan recently decided to take 3-months unpaid leave to try bug bounty hunting full-time. Here's his 10 step roadmap.

Tweet Image 1

Mehdi

23 Mar

#bugbountytips Tip of the day: The frontend JS codes are not revealing all backend endpoints. Sometimes backend have many other hidden endpoints that were created for internal testings.. and are not even used in the main app. What to do? : FUZZ for endpoints with GET/POST...

Mehdi Reposted

Mehdi

14 Mar

Hi everyone! Here it's my write-up for a postMessage vuln I found in a BBP: - why postMessage() and how can lead to a vuln. - when is jQuery really vulnerable and exploitable. - chain this issue with CORS to get a 5X bounty. medium.com/p/ec8f709f6dc4 #bugbountytips #xss #domxss

Tweet Image

PostMessage Misconifg & Is jQuery Really Vulnerable? ( from out-of-scope to P2 with 5x reward )

Source: https://t.co/9U8tSbVjOZ

Mehdi Reposted

Mehdi

25 Jan

The story of fresh water 📹 The Water Rooms twitter.com/Earthlings10m/…

Mehdi

24 Jan

#bugbountytip If you want to scan for hosted web apps in cloud providers like (Azure, AWS...), You can use @securitytrails subdomains search feature under the main domain of 'Azurewebsites[.]net or amazonaws[.]com or whatever cloud provider .. #Recon - #bugbounty

Tweet Image 1

Chief Operating Officer @Vulncure | Bug Hunter | 🖊️ Tester
🤝 Committed to infosec education.
📬 Open for DMs

Abhishek Meena - {🔥}

@aacle_

Cyber_Security_Researchers || 0SINT || Digital Forensics System Analysis / incident Response II Pwn || @GHOST_3xP10iT || 0ld Accounts Suspended @0xSojalSec ||

Md Ismail Šojal

@0x0SojalSec

20 | Ethical Hacker | Building R Protocols | Speaker | 30+ talks | Secured Google, Apple, LinkedIn, UN, AWS, WeWork, Zoho, Medium & more | Posts are personal :)

Renganathan

@IamRenganathan

Penetration Tester @CyberARLLC | Cybersecurity

"ولكنَّ المطلبَ البعيد هوَّن عندي كلَّ مشقةٍ وضنى!"

محمود شاكر

elsherifX00

@elsherifX00

M.S. Student @ Virginia Tech

Rizky Ramadhana

@rizcoder

Now.Coding(text)=!answer

Arshiya

@arshiyaiha

z

@z80162300

хела

@ihe1la

Un1verse

@7Un1verse7

Hossein

@H13ossein_e

I am a chosen generation
A special and iconic person👌

Lover of tech related services💡

Peculiar simdi

@simdimiles56917

eJPT | OSCP | Comptia Security+ 🇪🇹

Null

@Kodinull

Daemon

@Daemon7210071

E. M. VENOM

@E_M_VENOM

Cyb3r Wolf

@cyb3rwolf420

alternative digital lifestyle in the underworld of the Internet | INTP | بَاحِثَة |

⋆ ˚｡⋆ k|-|4w!4w1r3d˚｡⋆

@khawlawired

groot

@null0x0byte

Into Comput3rs and hunting bugs :)

abs3nce

@Absence4244

Ainsley

@TheythoretiASe

Aliriza

@A11r1z4

Messi and Man City fan

Zane

@MCFCzane

HACKER By Soul Bug-Bounty Hunter @Hacker0x01 & @Bugcrowd

Vishal Gupta

@HackerxTommy

Security Enthusiast | Bug Hunter | noob Programmer

no0x0001

@no0x01

1576 exf

@ic23a3

b3ludan

@0xb3ludan

m0theki110x

@o72092

Security and Privacy are just Myths!

Bhavy Seth

@secseth_

Bug Hunter
{
"intigriti" : "loukoumpetit",
"hackerone": "secloukouum"
}

loukoumpetit

@loukoum_petit

#Hacker
#Bug_Hunter

sibao nick

@auto0maton

Software Engineer || I call 0 and 1 to order

exe.elon⚡

@exeelon

Solving problems in operations, IT, and cyber. Dad x2 Formerly @goldmansachs, #bridgewaterassociates, @foursquare, and a few others.

Henry Beaudin

@henrybeaudin

Huy Nguyen

@HuyNguy03889789

CyberKeeper

@cyber_keeper

A teenage boy trying to become a Hacker

Raduanul Rohan

@Gr3yG05T

SRI RAM

@SRIRAM___57

I am just a naughty girl looking for someone to talk to. Will you talk to me, Daddy? https://t.co/23i5o1j875

Bella Summers

@Bella_Summers18

Ashek-Alahi

@mdashekalahi35

Web Security | Bug Bounty Hunter

Aman Hasan

@Aman_Hasan01

naseregypt67

@naseregypt67

3bdo_u3

@u3_abdo

Try t0 R00t

@try2r00t

Araf Rubayed

@ArafRubayed

Information security enthusiast with a huge interest in modern technologies.

Rayen Messaoudi

@r4yenmessoudi

Entusiasta em criptomoedas.

''A maioria das pessoas associa dinheiro a prazer imediato. Para mim, ele deve ser acumulado para proporcionar liberdade''
#bitcoin

Barreto d="⚡

@Renato_Cripto

Bug Hunter | CTF-Player | Chess nerd | boxing
"If you tolerate everything, you stand for nothing."

0xBarbarossa

@0xBarbarossa

WeedSeed

@NgururiJoseph

e- infotechnology

@EInfotechn67751

Kürşat.

@Kursat_hk

Young life

VƐÑ⁴⁷

Daniel

@Danielven47

Official X account for Francisco Sánchez Jr.
Associate Administrator of the @SBAgov.
Retweets and mentions are not endorsements

Francisco Sanchez Jr.

@SBA_Francisco_

Sa9lo

@S49L0

th3n00bb0y

@RiykSnmePN

Sagar dhakal

@wormhole_1L

Katlego Koloane

@kol20198

We make learning web hacking and security easier. Online systems, code review, videos & courses that can be used to understand, test and exploit bugs!

PentesterLab

@PentesterLab

Entrepreneur, Hacker 🇱🇧🇨🇮

@WebImmunify
23th/270000 BugCrowd Hacking Platform

Hussein Daher

@HusseiN98D

CEO, CISO, Trainer, Hacker, and Speaker.

@arcanuminfosec

AI + hacking + sec leadership.

ex:BuddoBot-Ubisoft-Bugcrowd-Fortify-HP-Redspin-Citrix.

Jason Haddix

@Jhaddix

Hacking the Planet! - Full-time bug bounty hacker 🇦🇷 https://t.co/dMI1g4s8Gv

zonduu

@zonduu1

Director of Research at PortSwigger aka Burp Suite. Find my research, tools & contact details at https://t.co/vP6UbGmvl3

James Kettle

@albinowax

The leading provider of crowdsourced cybersecurity solutions purpose-built to secure the digitally connected world...Unleash Ingenuity™

bugcrowd

@Bugcrowd

Christian | Full-time Bug Bounty Hunter | Host of @ctbbpodcast | Advisor @CaidoIO | 3x LHE MVH | 🗣️ English, 日本語 | ♥️ @mariahchan_ ♥️

Justin Gardner

@Rhynorater

Cyber_Security_Researchers || 0SINT || Digital Forensics System Analysis / incident Response II Pwn || @GHOST_3xP10iT || 0ld Accounts Suspended @0xSojalSec ||

Md Ismail Šojal

@0x0SojalSec

Hack the Planet

H4x0r.DZ

@h4x0r_dz

20 | Ethical Hacker | Building R Protocols | Speaker | 30+ talks | Secured Google, Apple, LinkedIn, UN, AWS, WeWork, Zoho, Medium & more | Posts are personal :)

Renganathan

@IamRenganathan

product at @stripe. tiny angel investor. led @wagonhq (acq by @box) and @hyperpublic (acq by @groupon). i reply to good cold emails.

Jeff Weinstein

@jeff_weinstein

The King Of Memes Coming For His Realm

Hasbulla

@hasbulla_main

JavaScript for hackers: Learn to think like a hacker. https://t.co/e0aNEbEDk5

Gareth Heyes \u2028

@garethheyes

The Web3 Neobank Tailormade For Telecom Settlements.

Zeebu

@zeebuofficial

Roni Carta alias Lupin. Co-Founder of Lupin & Holmes. R&D. Red Teamer. Bug Hunter. Musician 🤘

Lupin

@0xLupin

Programmer | Exploit Dev | Code Breaker | Backdooring Everything I Break!

Claes Spett (.PrØÐiGy)

@J3rge

Those who can, do. || $1M+ in *annual profit* from SEO and social media. || Sorry, I don't have a course to sell you.

Alex Groberman

@AlexGroberman_

Professional redteamer and malware development enthusiast ! I will share some tips and experiences. Look at my work here : https://t.co/cxLBvW7pcI

OtterHacker

@OtterHacker

I make games.

@SpaceStationSV (N64), @warthegame (steam), @LearniaApp, @GuideApp__, Coming soon: @PlentifulGame

Also: gta3, Vice, SA & IV

🕊️ for 🇵🇸

Obbe Vermeij

@ObbeVermeij

WPBeginner is the largest unofficial #WordPress resource offering WordPress tips, tricks, and tutorials. Run by @syedbalkhi part of @awesomemotive family.

WPBeginner

@wpbeginner

c2/malware/rickroll enjoyer | oop non-enjoyer | oscp crto bscp cartp | pentester @RhinoSecurity

chebuya

@_chebuya

https://t.co/0ztuqrKrtu | https://t.co/EHlJ0ouSlH

etozheques

@etozheques

Infosec | Managed by @rootxharsh @iamnoooob | Research for @pdiscoveryio

HTTPVoid

@httpvoid0x2f

(un)professional hacker | part of @0xud2, https://t.co/aKL2j2fXq3 and https://t.co/JyJKHL5O9Y

xyzeva

@xyz3va

Internal tech industry emails that surface in public records. 🔍

Internal Tech Emails

@TechEmails

Cleansing The Timeline With Pokémon. I don’t own any media.

PokémonHttps

@PokemonHttps

Daily Dragon Ball post 🐉 | All Credits to Akira Toriyama | Fan account

Dragon Ball Daily

@DBZdaily_

Philosopher King

Nayib Bukele

@nayibbukele

Offering one way trip to Iran for anyone who thinks America is not the greatest country in the world. | PARODY ACCOUNT!

Patrick Bet-David - CEO of Valuetainment (Parody)

@notPBD

Lead Cosmos Security Engineer @zellic_io,
CTFer @SuperGuesser,
Prev: Android Vulnerability Research @dfsec_com

Faith 🇧🇩🇦🇺

@farazsth98

We set The Standard in registered agent and business formation services. Got 10 minutes? Your business is ready. 🔗 https://t.co/p1ZluAcO8M

Registered Agents Inc

@REG_Agents_inc

2024 Paris Olimpiyatlarının kazananı Rahatlik ve Sadelik.
TUR🇹🇷

Yusuf Dikec

@yusufdikec

Father, Real Estate, SaaS founder of @octatech_io and sometimes Bug Bounty Hunter/Security Researcher.

Eduardo Nuri

@eduardo_nuri

Adversary Simulation @SpecterOps | Previously @Rapid7 & @Protiviti

Nick Powers

@zyn3rgy

Web App (mostly) Hacker @NetSPI | Cybersecurity Educator | Content Creator | Ex-Brit | Links: https://t.co/04RRExvxXj (he/him) 🇺🇸

BFF of @illyrian598

Tib3rius

@0xTib3rius

Cutting-edge security research by @SonarSource to educate the world about code security across all software.

We're also at @SonarResearch@infosec.exchange 🦣

Sonar Research

@Sonar_Research

President & CEO @ycombinator —Founder @Initialized—designer/engineer who helps founders—YouTuber—San Francisco Democrat accelerating the boom loop—e/acc

Garry Tan

@garrytan

Infosec and specifically web guy. CTF player The Flat Network Society. Bug Bounty Hunter & Researcher - securing the Internet :p
🇫🇷🇫🇷🇫🇷🇫🇷🇫🇷🇫🇷🇫🇷

Blaklis

@Blaklis_

Electric vehicles, giant batteries & solar, AI & robotics

Tesla

@Tesla

Brad Mugford. Domain Investor.

https://t.co/u4uIV81xcc

DataCube

@datacubecom

Domain Management Platform at https://t.co/VVz2oCyXdE

Epik LLC

@EpikLLC

Red Team | Offensive Tool Dev | Malware Dev | OSCP | OSEP

Octoberfest7

@Octoberfest73

📊 Your home of Expected Goals.

The xG Philosophy

@xGPhilosophy

Security researcher and bug bounty hunter. https://t.co/ybndhjqZ5z | https://t.co/ALWTKTdgwc | 🇪🇸

godiego

@_godiego__

Wise Business account and Wise Platform — for businesses without borders.
Learn more: https://t.co/7eGN7qGxQo

Wise Business

@WiseBusiness_

160+ countries. 40+ currencies. Money for here, there and everywhere.

Wise

@Wise

xAI

@xai

Our main product, Dorki, is live at https://t.co/Pt1j4OaROO, and our Attack Surface Management (ASM) platform is coming soon! 🚀🚀

Attaxa

@attaxapty

للتواصل: من داخل المملكة 1966 من خارج المملكة 966920002814+ Ministry of Hajj & Umrah

وزارة الحج والعمرة

@HajMinistry

digital disobedient, foreign agent 🏴

Amadon

@amadon

All the best watch content right in the palm of your hands!

TheWatchBusiness

@TheWatchB

Don't hate me 'cause I'm beautiful.
I like breaking shit.
Red Teamer & Pen Tester.
Cat lover.
NetExec maintainer.
CPTC Director & AppDev Team Lead

Marshall';--🐼🍌

@MJHallenbeck

Hacks for beer. FOSS, infosec and privacy. Chaotic good. Head of Security Testing at @visma

Joona

@joohoi

Nathan Blondel

@slowerzs

The #1 theme page for founders and entrepreneurs turning their dreams into reality. Post on founder, business, marketing, self improvement.

Founder Mode

@Founder_Mode_

ʸᵃˢˢⁱⁿᵉᵍˢⁱᶠʰ

@yassinek3ch

Chatbot Arena: Open Platform for Crowdsourced AI Benchmarking. Free Chat and Vote at https://t.co/azF9dwf43Y. Officially graduated from @lmsysorg!

lmarena.ai (formerly lmsys.org)

@lmarena_ai

Security Engineer, Penetration Tester, Security Researcher, Bug Bounty Manager @ Zoom - ALS Survivor, so far.

Roy Davis

@Hack_All_Things

Hacker and bug bounty hunter mostly focusing on client-side security. h1-702 Vigilante, h1-65 Eliminator, AWC23 Best New Hacker

Matan Berson

@MtnBer

Ethical hacker - HackerOne Clear - Microsoft MVR

tedix

@tedixh1

United States Trends

1. Jake Paul 1,04 Mn posts
2. #Arcane 233 B posts
3. Jayce 52,8 B posts
4. Good Saturday 26,7 B posts
5. #SaturdayVibes 3.211 posts
6. Serrano 249 B posts
7. #saturdaymorning 2.148 posts
8. #PlutoSeriesEP5 141 B posts
9. AioonMay Limerence 117 B posts
10. Pence 82,5 B posts
11. Vander 17,2 B posts
12. #SaturdayMotivation 2.101 posts
13. maddie 21,5 B posts
14. Caturday 7.599 posts
15. WOOP WOOP 1.437 posts
16. John Oliver 14,5 B posts
17. Fetterman 37,3 B posts
18. Father Time 10,9 B posts
19. He's 58 1.154 posts
20. Rizwan 8.847 posts

Who to follow

Something went wrong.

Something went wrong.