Forbidden403 (@40rbidd3n) - Twitter Profili | Zamantika Mersobahis Locabet

Forbidden403 retweetledi

James Kettle@albinowax·18 Mar

I've just submitted my latest research to Black Hat USA! This one has been cooking since last June, can't wait to share it with the world... in fact I'm quite excited just to see the community reaction to the title reveal.

English

18

22

396

15.2K

Forbidden403 retweetledi

Jenish Sojitra@_jensec·26 Şub

✨ Launching Clawned.io - free, community, no signup Stop blindly installing OpenClaw skills like Maniac. My friend mass-installed OpenClaw skills for a client project last month. Two days later his AWS bill exploded. A skill that looked totally legit was quietly stealing his credentials the whole time. Together we built Clawned Paste any skill → scanned against 60+ threat patterns in under 2 seconds. 6,500+ skills scanned so far. 1 in 5 flagged something. Stop trusting SKILL.md files blindly.

English

6

31

142

10K

Forbidden403@40rbidd3n·25 Şub

@theXSSrat Glad you found it interesting XD

English

0

1

22

The XSS Rat - Proud XSS N00b :-)@theXSSrat·25 Şub

Always love reading how people tackle these! Good job mate!!

Forbidden403@40rbidd3n

Just published my write-up for @Intigriti challenge 0226 by @d3dn0v4 Stored XSS & CSP bypass. A nice example of how client-side rendering + JSONP can break strict CSP Read it here: 40rbidd3n.medium.com/intigriti-chal… #bugbounty #infosec #xss #ctf

English

1

3

9

1.2K

Forbidden403@40rbidd3n·24 Şub

Just published my write-up for @Intigriti challenge 0226 by @d3dn0v4 Stored XSS & CSP bypass. A nice example of how client-side rendering + JSONP can break strict CSP Read it here: 40rbidd3n.medium.com/intigriti-chal… #bugbounty #infosec #xss #ctf

English

3

7

70

4.7K

Forbidden403 retweetledi

zhero;@zhero___·19 Kas

second research on Astro, a shorter paper than usual, which led to CVE-2025-64764 (w/ @inzo____): Unlocking Reflected XSS in the Astro framework zhero-web-sec.github.io/research-and-t… all applications using the Server Island feature are vulnerable

zhero;@zhero___

release of our new paper (w/ @inzo____) which resulted in CVE-2025-64525: Astro framework and standards weaponization from path-based middleware protection bypass to potential SSRF & XSS + full bypass of CVE-2025-61925 on @astrodotbuild zhero-web-sec.github.io/research-and-t…

English

6

39

299

20.5K

Forbidden403 retweetledi

zhero;@zhero___·13 Kas

release of our new paper (w/ @inzo____) which resulted in CVE-2025-64525: Astro framework and standards weaponization from path-based middleware protection bypass to potential SSRF & XSS + full bypass of CVE-2025-61925 on @astrodotbuild zhero-web-sec.github.io/research-and-t…

English

12

82

347

52.1K

Forbidden403@40rbidd3n·15 Eki

@jaymiee__ @chux13786509 Thanks a lot. appreciate it 🫡

English

0

23

Forbidden403@40rbidd3n·14 Eki

Just published my write-up for the Intigriti's October challenge by @chux13786509 🕵️‍♂️ → @40rbidd3n/intigriti-challenge-1025-badc6a24caf9" target="_blank" rel="nofollow noopener">medium.com/@40rbidd3n/int… #bugbounty #infosec #CTF #writeup #bugbountytips

English

2

4

39

3.3K

Forbidden403@40rbidd3n·14 Eki

@chux13786509 Really glad you liked it, was such a fun challenge🔥

English

0

1

27

chux@chux13786509·14 Eki

@40rbidd3n Great writeup! 💪 You found the good parts and solved it in the best way

English

1

0

2

323

Forbidden403 retweetledi

Jenish Sojitra@_jensec·27 Ağu

Is most Pentest companies are scam? Just saw a $30k Pentest report with 8 informative findings and only valid findings were missing cookie flags, rate limit on apply account and origin check.

Max Yaremchuk@0xw2w

@_jensec My go-to program pays hefty sums for the yearly security assessment by an elite pentest team, and they always file informatives in the pentest report, while I find serious bugs in the same spot. I wish the team had given me the source code under nda and pentest right instead..

English

27

13

270

38K

Forbidden403@40rbidd3n·12 Tem

Just got a bounty from @Apple for reporting a security vulnerability Grateful to be recognized through the Apple Security Bounty program #BugBounty #Apple

English

0

6

58

Forbidden403@40rbidd3n·24 Nis

@daoud_youssef جربتها فكرة جميلة ان تعمل فقط border كنوع من alert غير مزعج لكن مرات تطلع false positive حتى على توتير بسبب head method ولانه في 403 responses لايكون x-frame-options لذا اضفت هذا condition if (client.status!==403 && upper.includes("X-FRAME-OPTIONS")!==true) يجب التحقق حتى من csp

0

12

daoud youssef@daoud_youssef·23 Nis

the link of the extension addons.mozilla.org/en-US/firefox/…

Alsanosi@01alsanosi

Big thanks to @daoud_youssef for his incredible extension, Click-jacking! It played a crucial role in helping me uncover a vulnerability on HackerOne. Daoud's contribution to the cybersecurity community is invaluable. #bugbountytips

English

3

8

74

6.4K

Forbidden403@40rbidd3n·5 Tem

@pranshux0x @bxmbn @Bugcrowd I agree

English

0

2

67