Mustafa

@sibusisosishi @msftsecresponse Nice , congrats 🎊🎉, you should definitely write about it

@d3sca @msftsecresponse Me too forgot to write about it.

Got invited by @msftsecresponse to an exclusive, invite-only researcher experience at Black Hat USA 2026 in Las Vegas. Honored to be part of the security research community and excited to connect with top researchers and the MSRC team. #CyberSecurity #BugBounty #MSRC #BlackHat

@D0rkerDevil @msftsecresponse Congratulations man , see you in vegas 🫡

@d3sca @msftsecresponse I got it too

@Raihan35169899 @msftsecresponse Thanks @Raihan35169899

@d3sca @msftsecresponse congratulations

Huge thanks to @msftsecresponse for the bounty Had found a reeeeeaaalllllyyy coool bug in Microsoft. The chain on this one was wild. Can’t wait for the responsible disclosure to clear so I can drop the writeup. Get ready for the deep dive. #msrc #BugBounty #infosec #Microsoft

@bug_vs_me @msftsecresponse Thank you ❤️ , It was a high. buecause of the chain I enjoyed this one more than crits.

@d3sca @msftsecresponse Great congratulations 🎉, critical issue?

@drkshdw47 @msftsecresponse Thanks @drkshdw47

@d3sca @msftsecresponse Congrats

@KiPos_info @msftsecresponse I have done it before , it took like a week d3sca.medium.com/local-file-inc…

@d3sca @msftsecresponse dont get too excited. this was February 2025 and it is still unfixed/undisclosed

@msftsecresponse Thank you! Appreciate the recognition, more to come

@d3sca Impressive find! Congrats, Mustafa.

How to enumerate salesforce instances d3sca.medium.com/uncovering-the…

• أدعية ليلة ٢٧ لعلها تكون ليلة القدر ..

لأول مرة شيخ #الزين_محمد_أحمد يتلو بمقام خليجي و عراقي بديع من سورة النمل 💚🇸🇩

@asen_sec more surprising, the one you get paid for is the one you never thought you would.

It's surprising how many valid bug bounty reports you need to submit before you get paid on one

@intigriti ?userid=

Fill in the blanks 🤠 You know your target is super vulnerable if it uses ____

@rcx86 Pretty convenient as the url says bugs

why did hackerone think this is the right button for "inbox"?

الحمدلله حمدا كثيرا و ما توفيقي الا بالله عليه توكلت و اليه انيب Just got $$$$ from @EpicGames via @Hacker0x01. 💵🎉🎊 their team handled it fast and clean. #bugbounty #HackerOne #EpicGames

A Broken Access Control scenario no one has talked about before. Not a recycled bug. Not a misconfiguration. A new access control logic pattern with real exploitation impact. 🔥 Watch: youtu.be/X3oj-nx6580?si… #bugbountytips #bugbountytip #bugbounty

Cross-Site ETag Length Leak blog.arkark.dev/2025/12/26/eta… I just posted the author writeup for impossible-leak in SECCON CTF 14 Quals. As far as I know, this is a new XS-Leak technique! The ETag header can become a side channel :)

@roohaa_n Outcomes of a good program

The best informative report 😋 i ever had #bugbounty