Websecs

@WisdomStoics Intelligent people build tools

@adxtyahq Himself?

someone sent 2.565 BTC to Satoshi Nakamoto a day ago 😭 crypto twitter is not real life

How to Clear your Aura & Rebuild Frequency: -Thread-

@thedawgyg @hiimanshu19x @Yahoo What public programs are you focus on right now?

I probably wouldnt have dedicated as much time to the @Yahoo bug bounty program as I did. By spending several years tied to the same program I made alot of money, but when they ended up fucking me over with Intigriti in Beligum 2022, it killed my motivation and desire to hack/hunt for over 3 years afterwards.

If you could go back to the very start of your security/hacking/bug bounty journey, what is 1 piece of advice you would share with yourself? #bugbounty #hacking #hacker #security

Do you remember when you joined X? I do! #MyXAnniversary

Don't be too nice. It breaks you.

"Never feel like youve made it" -Jack Dorsey

@JaySmithNotes Do you still involved in @accumulatehq project?

Fast dazzles. Slow frustrates. But in the long run, it’s not speed that decides survival, it’s trust. I’ve seen flashy systems collapse overnight and slower ones thrive for decades. Because people don’t bet on velocity, they bet on reliability. In blockchain, governance, or enterprise adoption… trust is the real benchmark. #Web3 #Leadership #Trust

@PapiTrumpo Lol

I KNEW IT!!!🤣🤣🤣

@akafaceUS @grok is this true?

Gavin Newsom would appreciate it if you didn't retweet this video of him apologizing for getting caught sleeping with his campaign manager's wife

Some examples from recent findings, but there are many more: •Code execution via WebSocket endpoints •SpEL injection & sandbox escapes •SSTI-based payload execution •SOAP abuse to RCE •Auth bypass → code execution •JS-based injection •Hidden upload endpoints + extension bypass What is really impressive is that we gave a starting URL and XBOW did the rest.

@Xbow Is there any open source close to XBOW implementation or architect?

Went hunting for geo-bypass. Found blind SQLi instead. /redacted/ + 'SLEEP' infused cookie = 15s nap. Logs don’t lie. Technical breakdown -> xbow.com/blog/xbow-geol…

This is how you can completely destroy your fear forever🤯‼️

@DearS_o_n Tweets link?

@rez0__ 132 vulns

"XBOW reported 1092 vulnerabilities on HackerOne in just a few months, including RCE, XXE, SQLi, SSRF, exposed secrets, and XSS." 😲😲😲

Real security is POC||GTFO – and XBOW agrees. We’re releasing technical deep-dives on cool findings from our journey to the top of the HackerOne US leaderboard. The first is a zero-day XSS in Palo Alto Networks GlobalProtect by @pwntester xbow.com/blog/xbow-glob…

@GlennB37392 @grok what movie is this?

@40sp3l What is apple bug bounty related to web?

Day 2 - Recon #APPLE : Wrote a script that takes a list of Apple-owned subdomains, visits each one, extracts all linked JavaScript files, downloads them, and scans for sensitive information such as API keys, access tokens, secrets, and internal API endpoints.

@40sp3l Bug on @Hacker0x01 ?

P1 : Unauthorized Access to Internal Analyst Data ( BOLA ) 📌Reported Submitted & Finger Crossed

@IGNIS_ratio So funny

ETH killers Ranked By How Dead They Are (2025 Funeral Edition 🕊️) 1- $EOS The OG ETH killer. Promised fast, feeless chain… ended up faster at losing relevance. Devs gone. Users gone. TVL lower than my checking account. Raised enough money to buy a small country. Spent it like a 19 yr old rapper in Miami. Now a literal retirement home for empty block producers Running on nostalgia and dust. 2- $TRON Where USDT goes to launder Copy-pasted ETH code lol* Feels like Craigslist for stablecoin transactions. Devs left??only degens and fake volume remain. Justin Sun still pretending it’s revolutionary. Smart contract activity = 3 dudes playing dice 3- $NEO “Ethereum of China… in 2017” Got banned harder than Facebook in China. Smart economy? More like smart cemetery. DApps? You mean dead apps. Every once in a while someone tweets “Is NEO still alive?” like Bigfoot sightings. Answer: Barely. 4- $ADA Decentralized Retirement Home 12-year whitepaper to say “Hello World.” Peer-reviewed its own funeral. Dev activity exists — somewhere in Charles Hoskinson’s ranch. Holders staking in peace tho 5- $DOT Parachain but No Passengers Built parachains. Forgot to build users. Lively Discord tho. Too bad no one uses the chain Kusama was cooler anyway. 6- $EGLD Witness Protection L1 Rebranded to hide Shame Subnet dreams → User reality = Discord giveaways only. Feels like a mobile game ad chain. 7- $ALGO MIT PhD powered chain nobody uses Tech flexed harder than Vitalik’s essays. Adoption flexed harder than myspace in 2025. Nobody’s first choice. Not even their devs. Feels like a startup pitch that never ended. 8- $XTZ – The Boomer Loves governance. Hates fun. DApps? Nah. Formal verification tho! NFT bros only alive on it because gas fees are 2 cents but i guess even they left. 9- $Avax Subnets…For What Exactly? Claimed ETH killer, ended up Avalanche subnet killer. Feels like AWS with extra steps. VC money dried faster than Blockbuster’s DVD sales. Alive… but lonely. 10- $S (FKA: Fantom) Andre Cronje’s Mood Swing Protocol Did numbers in DeFi szn. Then Andre rage quit. Then came back. Then quit again. Whole chain TVL held together by frog memes, prayers & witchcraft. 11- $SOL ETH Killer That Killed Itself 7 Times Fastest chain in history… at going offline (7 times btw). Rebranding from ETH Killer to Meme Chain Supreme. Somehow still surviving bc memes > tech. Honorable mention: Harmony $ONE Bridge Exploit turned Rugpull Simulator Got hacked so bad even Lazarus Group felt bad. TVL evaporated faster than Terra’s peg. Discord more active than the chain itself (red flag). TL;DR: ETH Killer = Marketing word for “Soon-to-be-dead L1 unless it finds a niche nobody cares about.” $ETH buried all of them… without even trying that hard.