CORSair
244 posts

CORSair
@Ret2Regret
Bug Bounty Hunter | Cybersecurity Student | Webapp Hacker | All Tweets and Reply’s are human generated by me | I Follow Back |
Side 3 Space Colony انضم Mayıs 2026
613 يتبع55 المتابعون

@NightmaresUwUL @Hacker0x01 Nice! I’m working on my XSS skills now. Working through #javascriptforhackers
English

Found again XSS Vuln 😈💸😝 I love XSS #fy #xss #vuln #hackerone #cybersecurity #security #hacking #hacker @Hacker0x01

English

@trashh_dev A todo app that withdraws money from your bank account and gives it to winrar when you don’t complete your tasks on time.
English

Two months of work,
found 4 bugs:
3 Duplicates
1 Informational
Plus received private program invitation on HackerOne!
#BugBounty #Cybersecurity #Infosec #HackerOne


English

My Achievements in the First Half of 2026 ✨
I started learning Cybersecurity in December 2024 with strong passion and clear goals. Just 1.5 years into this journey, consistency and discipline have taken me further than I imagined.
Highlights from the first half of 2026:
- Guided over 50+ people into Tech and Cybersecurity
- Built my personal brand (gabbytech) across X, LinkedIn, and YouTube
- Attended my first physical tech event Osun Tech Fest
- Spoke at multiple virtual tech webinars and preparing for my first physical talk in July
- Formed a major collaboration with @silverpenydr to train over 600 students and professionals in Cybersecurity
- Launched my first FREE Cybersecurity Cohort with over 300 students onboarded
- Grew my X account to 6,000+ followers
YouTube channel at 570+ subscribers
- LinkedIn at 288 connections
This is just the beginning.
Grateful for the journey so far and excited for what the rest of 2026 holds.
2024 2026


English

@0day_ninja You need a progress bar that quickly goes to 99% and then hangs for the remaining waitTimer to complete.
English
CORSair أُعيد تغريده

Since V8 had heap sandbox, Chrome renderer RCE usually means chaining 2 bugs
Today we bring the Spear of Longinus
1 bug, 100% success, no heap spray, found in 40+ major versions, arbitrary renderer read/write + V8 sandbox escape
Our CVE-2026-6307 writeup nebusec.ai/research/v8-cv…
English
CORSair أُعيد تغريده

Beginner Tip: Don't stop testing after getting a "403 Forbidden".
A 403 often means:
• Another HTTP method might work.
• The API endpoint may behave differently.
• A different user role could access it.
• A related endpoint might be missing the same check.
Sometimes a 403 is the beginning of the bug—not the end.
#BugBounty #BugBountyTips #AppSec
English

@donsteve__ Lets connect! I’m a cybersecurity student spending lots of time hunting bugs and ethically hacking.
English
CORSair أُعيد تغريده

IDOR tip: test for web cache deception as well, while testing idor
1. View /api/invoices/123 test .css .js through User A
2. Repeat as User B with same URL + same format headers
3. Change only Cookie/Auth
If B gets A's 200 from cache, report.
#AppSec #BugBounty #Pentesting #WebSecurity #CloudSecurity
English





















