Mohammad

The one mentality you must have in life is that regardless of what is in front of you, you still must grind.

𝗧𝗶𝗿𝗲𝗱 𝗼𝗳 𝘂𝗽𝗱𝗮𝘁𝗶𝗻𝗴 𝗰𝗼𝗼𝗸𝗶𝗲𝘀 𝗶𝗻 𝗲𝘃𝗲𝗿𝘆 𝗥𝗲𝗽𝗲𝗮𝘁𝗲𝗿 𝘁𝗮𝗯? 🍪 Burp extension that auto-replaces expired cookies/headers — perfect for retesting old requests without manual copy-paste. 🔗github.com/0xbartita/Cook… #bugbountytip #bugbountytips #PenTest

@0xbartita 🔗 Advisory available on GitHub Security Advisories: github.com/laravel/reverb… 🔗 CVE Record: cve.org/CVERecord?id=C… 🔗 NIST NVD: nvd.nist.gov/vuln/detail/CV…

I and my friend @0xbartita responsibly disclosed a critical vulnerability in Laravel Reverb (CVSS 9.8/10), now patched and disclosed by the Laravel team. CVE-2026-23524: github.com/laravel/reverb… #bugbountytips #bugbountytip #CVE #Laravel #PHP #Reverb

🎯 Officially OSWE certified! Grateful for the grind, lessons, and late nights that led here. Huge thanks to @offsectraining for the great training. credentials.offsec.com/74832a62-7658-… #OSWE #AWAE #OffSec #OffensiveSecurity #Offensive_Security

@00xA7md On fire 🔥🔥🔥

Proud to have earned OSCP, OSWA, OSWP, and OSWE from Offensive Security Each cert was a new challenge and a sharpening of my skills Big thanks to Offensive Security for setting the bar high and inspiring specialists in the field #OffSec #CyberSecurity #Security #Hacking #Hacked

@spaceboy2O @mux0x they do not know that i can change the CPU register to AAAAAAAAAAAA...

Deep Link Hijacking to Full Account Takeover: A Complete Guide In this blog, I dive into how I exploited deep link vulnerabilities in Android applications to achieve full account takeover. Check it out here: @soliman_almansor/deep-link-hijacking-to-full-account-takeover-complete-guide-3074b7ba82e3" target="_blank" rel="nofollow noopener">medium.com/@soliman_alman…

@AliSayed199 كلسن الشوكولاته هتعزمني على قهوة 😂

@solimanalmansor بس القهوة احلى منها😂

انا بحب اصحابى الى دايما بيكونوا فاكرينى وقت السفر (صاحبى جالى شكولاتة و بن من الصين 😂)

@sec_jota @Hacker0x01 Awesome, Jota keep going!

I’m looking forward to hearing updates about one of my best bugs being accepted as critical 9.1. 🔥💸 I feel great! Hard work pays off. Happy weekend, everyone! 😃 #bugbounty @Hacker0x01

@richard_onyeka_ thanks, Richard

@solimanalmansor Awesome , Congrats👏

During a bug bounty engagement for a program with four distinct Android applications, I discovered that one of the applications exposes a deep link handler associated with the login functionality, utilizing the scheme `scheme://login?token=...`. Read the Comments ⬇️

4. Impact: Full Account Compromise. Tips: If the target offers multiple Android applications and a vulnerability is identified in one, it is advisable to investigate whether the same or similar vulnerability exists across the other applications.

3. With the stolen token, I successfully authenticated as the victim, leading to a full account takeover (ATO).

@omidxrz use Nox if you have no WSL installed on your machine, for better experience, use the emulator of the android studio. one more thing, use the google pixel devices

Is anyone here doing Android pentesting? I can’t use Genymotion anymore; it’s too unstable. Can you suggest an Android device for rooting, custom ROMs, and stuff like that?

@Richard_Onyeka_ HBD, Richard! wish you all the best

Officially 19……..

@joo_elsaka Well done Joe!

Deeplink bypass that worked with me payload :- `https://<button%20onclick=%22window.location.href='https:%2F%2Fevil.com'%22>Click%20Me</button>.com.cn`