MdHak

208 posts

MdHak

@Hack1Tak

Javascript:alert(../../../etc/{{💣}})

Katılım Ekim 2024

122 Takip Edilen64 Takipçiler

MdHak@Hack1Tak·28 Şub

@0xkmikze Waiting for write up ❤️‍🔥👏

English

119

𝙠𝙖𝙢𝙞𝙠𝙖𝙯𝙚@0xkmikze·27 Şub

2026. AI this. AI that. And SQLi still exists. #bugbounty

English

181

4.6K

MdHak@Hack1Tak·24 Şub

@YShahinzadeh You fucked Google ❤️‍🔥🤘

English

YS@YShahinzadeh·24 Şub

two more bugs on Google triaged I have two more that I haven’t reported YET, but I’m finalizing them. one is critical, I believe :]

English

269

MdHak@Hack1Tak·24 Şub

@YShahinzadeh Nice ❤️‍🔥

English

YS@YShahinzadeh·23 Şub

It's time for sharing, this is not a simple write-up, we are sharing our methodology and reasoning, detailing how we approached and hunted the flaw, I hope you like it :] blog.voorivex.team/uxss-on-samsun…

Omid Rezaei@omidxrz

We got permission from the Samsung Security team to disclose this uXSS that we found in Samsung Browser, it was assigned a CVE (CVE-2025-58485) and patched. Here is the PoC, expect the write-up in the next upcoming days.

English

330

23.9K

MdHak@Hack1Tak·21 Şub

@omidxrz 🐗🐗

QME

200

Omid Rezaei@omidxrz·20 Şub

YS@YShahinzadeh

20 days ago I found a uXSS and reported, it got triaged now, I'll publish a blog post after fix and vendor permission, it's my first bug that I'm not happy with due to recent H1 situation 🖤

English

240

35.6K

MdHak@Hack1Tak·19 Şub

@uMdaliWethu @Bugcrowd Yeah I had similar experience as well. Very disappointing😔

English

XIII Lumiere@uMdaliWethu·18 Şub

The same report was triage after 7 minute's a day later it N/A my first worst triage experience @Bugcrowd

English

3.3K

MdHak@Hack1Tak·17 Şub

@Krevetk0Valeriy Cool 😂😂

English

171

Valeriy@Krevetk0Valeriy·16 Şub

You can buy a subscription to any AI service. But you can't buy experience or become a "senior security engineer". And yes, this is a report by a "security researcher" who couldn't even properly copy from LLM🤦‍♂️ And I feel sorry for managers who are forced to spend time on this.

English

215

25.1K

MdHak@Hack1Tak·16 Şub

@YShahinzadeh ❤️‍🔥❤️‍🔥

QME

168

YS@YShahinzadeh·15 Şub

New triage on Google, I asked for permission to publish the previous 12k ATO on Google VRP, I'll drop a blog post once they grant it (1) On top of that, I'm going to publish an OAuth 1-click ATO that I recently uncovered in a MAIN domain of a well-known company (2), stay tuned

English

490

15.5K

MdHak@Hack1Tak·30 Oca

@PsiphonConduit @imandastpak Thank you

English

Conduit@PsiphonConduit·28 Oca

Conduit is helping the people in Iran gain access to the internet & you can help! Download Conduit to your Android, MacOS, or Windows device and run your own Conduit station. This allows users in Iran to reach the internet despite the various blockages. Join the movement and help Iranians get access now! #IranBlackout #psiphon #InternetBlackoutIran

English

361

1.3K

45K

MdHak retweetledi

mhmd berro (badcracker)@badcrack3r·28 Oca

you can only win when your mind is stronger than your emotions

English

4.5K

MdHak@Hack1Tak·28 Oca

@voorivex ❤️‍🔥❤️‍🔥

QME

359

 یاشو@voorivex·28 Oca

هر یه نفری که بم وصل میشه یکی به جونام اضافه میشه، این کمترین کاریه که می‌تونم انجام بدم 🖤

فارسی

1.8K

34.3K

MdHak@Hack1Tak·26 Oca

@intigriti MdHak ;)

Indonesia

331

Intigriti@intigriti·26 Oca

name that hacker you see on every program's leaderboard 😂 👇

English

15.4K

MdHak@Hack1Tak·8 Oca

@morteza_pn چطور دوست داری بمیری؟

فارسی

مرتضی پناهیان ☫@morteza_pn·7 Oca

تنابنده ۲۰ میلیارد تومان برای پایتخت ۷ دریافت کرده. بایدم کالابرگ توهین باشه براش. رقم رو زیاد کنید برای ایشون.

فارسی

571

846

48.5K

MdHak@Hack1Tak·4 Oca

@marianmeyer0 ❤️‍🔥❤️‍🔥

QME

MdHak@Hack1Tak·4 Oca

@Mohamad_M110 امام زمان ظهورم کنه اول نسل شما حرومزاده ها رو نسل کشی میکنه

فارسی

Mohamad🟥 ‏‎☫ 🟩@Mohamad_M110·3 Oca

در روزگاری که با هلی برن شخص اول مملکت میدزدن، شیعه باید قدرت نظامی داشته باشه تا جان امام زمانش حفظ کنه.

فارسی

249

238

988

19.2K

MdHak@Hack1Tak·4 Oca

@khamenei_ir Fuck you son of a bitch 🖕🖕🖕🖕

English

Khamenei.ir@khamenei_ir·3 Oca

We will not give in to the enemy.

English

12.8K

49.6K

11.6M

MdHak@Hack1Tak·26 Ara

@coffinxp7 You're amazing

English

118

Coffin@lostsec_·25 Ara

If you don’t want to buy a punycode domain, this PoC is a simpler and more practical alternative.. youtu.be/Cj1sOFHDClM

YouTube

Abdelhy khaled🦅@cysky0x1

Hello everyone, 🧵Zero-click account takeover via Punycode email. One of the most critical and interesting vulnerabilities I’ve discovered recently leads to a full account takeover with zero user interaction. (1/7)

English

414

48.8K

MdHak@Hack1Tak·23 Ara

@Freyxfi 😂😂

QME

Frey@n7runr·21 Ara

Write-up on how to find criticals. Enjoy

English

153

12.7K

MdHak@Hack1Tak·19 Ara

@zseano @JonathanBouman @fransrosen @avlidienbrunn When 4 legends come to a program ☠️☠️💀

English

292

zseano@zseano·19 Ara

Shoutout to @JonathanBouman @fransrosen @avlidienbrunn for another great year of collaborations. Always a pleasure hacking alongside these legends , we’ve found some really really good crits this year and I get the feeling 2026 will be the same 🫣

English

125

11.4K

MdHak@Hack1Tak·19 Ara

@voorivex 😂😂

QME

1.2K

 یاشو@voorivex·18 Ara

این شخص ماه اخیر تقریبا ۱۵ هزار دلار بانتی زده، اصفهانی هم نیست، من دیگه حرفی ندارم

فارسی

463

31.8K

MdHak@Hack1Tak·18 Ara

@sherpayx @voorivex Bravo👏

Português

shervin@sherpayx·17 Ara

First RDP vulnerability after completing the GUTS class, found exactly one year after I started bug bounty hunting. On mega.nz, a broken access control flaw affected all group chats. By manipulating request parameters, a normal user could add admins. @voorivex

English

5.4K

Keşfet

@0xkmikze @YShahinzadeh @omidxrz @uMdaliWethu @Bugcrowd @Krevetk0Valeriy @PsiphonConduit @imandastpak