rafa

check out my latest research (Exploiting HTTP Parsers Inconsistencies): rafa.hashnode.dev/exploiting-htt…

@busf4ctor @monkehack @adnanthekhan @rez0__ @xssdoctor Thanks bro, let's go 2026!

Here are the top collaborators I have hacked with in the last few months who helped earn over $100k in bounties. I highly recommend following them :) - @monkehack - @adnanthekhan - @rez0__ - @xssdoctor - @rafabyte_ I hope I didn't forget anyone 😅

Made a small and fun research about a technique to leak iframe contents, check this out: blog.bugport.net/auxclickjacking

Things you must read to slowly step up your client-side game AuxClickjacking by @rafabyte_: blog.bugport.net/auxclickjacking

Had an awesome time hacking alongsite @busf4ctor and @monkehack at the H1-3120 Live Hacking Event in Amsterdam by @Hacker0x01, partnered with Salesforce!

Amsterdam brought the 🔥! @salesforce + #H13120 = one incredible Live Hacking Event 🇳🇱 Security researchers tackled AI challenges head-on—finding vulnerabilities, sharing insights, and shaping the future of secure innovation. #HackForGood #AISecurity #TogetherWeHitHarder

@mchklt @Hacker0x01 @salesforce lol, many people say that

@Hacker0x01 @salesforce Is that elliot from mr robot ?

If you ever need help with a bug, you can always count on our community! 🫂

@niemand_sec @Hacker0x01 Nice meeting you as well!

@rafabyte_ @Hacker0x01 Nice to meet you :)

I’m very pleased to share that I was invited by @Hacker0x01 to participate in the Live Hacking Event H1-468 in Sweden, with all expenses covered under the Platform Performer recognition!

@Arl_rose @Hacker0x01 It was nice to meet you too =)

@rafabyte_ @Hacker0x01 Great to meet you in person!!

Unbelievable exploitation journey documented in a thread in the # critical-thinkers on the CTBB discord. Shout out to @rafabyte_ for finding the solution, and @TomAnthonySEO for doing WORK. Assists: @joaxcar, Balint, @J0R1AN, @kevin_mizu @7urb01, and yours truly, among others.

@ctbbpodcast U rock guys, thx for sharing

@rafabyte_ Thanks to @rafabyte_ for this amazing research! Go and give him a follow and then read his full write up here: rafa.hashnode.dev/exploiting-htt…

Mad props to @rafabyte_'s debut security research on "Exploiting HTTP Parsers Inconsistencies" explaining how to bypass Nginx ACL Rules with Node.js, Flask and Spring Boot. Here's a 4 step guide based on his 5 months of research on how to exploit this.

The results are in! We're proud to announce the Top 10 Web Hacking Techniques of 2023! portswigger.net/research/top-1…

@b3hlulll Thanks

My research (Exploiting HTTP Parsers Inconsistencies) now has a dedicated page on HackTricks! book.hacktricks.xyz/pentesting-web…

@hashnode Thanks for sharing 👾

Dreaming of becoming a hacker, but ended up settling for centering divs? Bring back the spark with @rafabyte_’s explanation of vulnerabilities within HTTP parsers across various web technologies ✨ 🔗 rafa.hashnode.dev/exploiting-htt…

@insertScript Now anyone can send a PM to me

@rafabyte_ I can't send you a PM right now but I want to inform you about something regarding your blogpost

check out my latest research (Exploiting HTTP Parsers Inconsistencies): rafa.hashnode.dev/exploiting-htt…

@ShuntIsReal @RenwaX23 30k reposts, 300k likes

@RenwaX23 Novel, short XSS payload <script>eval(name);</script> #bugbountytips #BugBounty #infosec #CyberSecurity #Bounty

CTF Player vs Bug Bounty Hunter

@CipherNewz Thanks =)

@rafabyte_ Excellent

@BlasterX24 Thanks!