sumgr0

24.8K posts

sumgr0

@sumgr0

Pentester | Bug Bounty Hunter | #hackerone | #intigriti | #bugcrowd @[email protected]

Katılım Mayıs 2009

4.9K Takip Edilen5.4K Takipçiler

Sabitlenmiş Tweet

sumgr0@sumgr0·7 May

It just keeps getting better 😉 Thank you @intigriti ✌🏻

Intigriti@intigriti

Curious how to launch yourself into the top ranks of our quarterly leaderboard in only a few weeks time? @sumgr0 recently pulled this off, so we sat down with him to try uncover some of his secrets! 😏 Check out our interview: blog.intigriti.com/2021/05/07/bug…

English

sumgr0 retweetledi

Sahil Choudhary@sahilsince2000·3d

No jailbreak. No problem. 🔓 I built a tool that bypasses iOS SSL Pinning using OpenVPN + iptables — works with Burp Suite & mitmproxy out of the box. 👇 GitHub github.com/SahilH4ck4you/… #CyberSecurity #BugBounty #iOS #Pentesting

English

174

57.5K

sumgr0 retweetledi

shubs@infosec_au·3d

We got frustrated with dealing with vendor dependencies when reverse engineering large applications. @ITSecurityguard from @SLCyberSec’s Sec Research Team built Hyoktesu to solve this problem forever: github.com/assetnote/hyok… - releasing this today! Blog: slcyber.io/research-cente…

English

298

36.5K

sumgr0 retweetledi

Sahil Choudhary@sahilsince2000·3 Mar

Sun, sea & cybersecurity. Had a great time with you guys at Nullcon&seasides! #Nullcon #CyberSecurity #InfoSec #EthicalHacking #SecurityResearch #BugBounty #RedTeam #BlueTeam #AppSec #InfosecCommunity

English

1.2K

sumgr0 retweetledi

sw33tLie@sw33tLie·2 Mar

bbscope v2 is out & bbscope.com is live! A free #bugbounty tool to pull scope from HackerOne, Bugcrowd, Intigriti, YesWeHack, and Immunefi. Store it all in PostgreSQL, track changes, query it, pipe it into your tools Thread on what's new👇

English

391

47.4K

sumgr0@sumgr0·24 Şub

@ManasH4rsh Looking forward 👌

English

Manas@ManasH4rsh·23 Şub

We are launching a Hacker House in Noida. If you are in Delhi NCR, feel free to join us. We will have one target and multiple hackers working on it together. It will be a full night of hacking, brainstorming, and sharing ideas. #hacking

English

214

16.4K

sumgr0 retweetledi

Manas@ManasH4rsh·24 Şub

Hi everyone, Fill this form to participate in hacker house. Once we have exact no. Of people who can participate, we will invite 10 of you, in the first of many weekends. forms.gle/GFy11G16dDc3mb…

Manas@ManasH4rsh

English

1.8K

sumgr0@sumgr0·18 Şub

I’ll be at @seasides_conf from 19-21 February 2026. If you see the Bald and Long Bearded Guy come say Hi 👋 See ya ✌️

English

714

sumgr0 retweetledi

Sunil Yedla@sunilyedla2·17 Şub

I wasn’t active in Bugbounty since very long time but the amount of love and support the bug bounty community is showing towards the live hacking event is overwhelming ❤️ As I always say stay kind with each other 😇 @BugTroopers #lhe #bugbounty #iitr #bugtrooper #security

English

1.3K

sumgr0 retweetledi

Kapeka@kapeka0·12 Şub

HackerOne@Hacker0x01

Point-in-time pentests can’t keep up, while fully autonomous testing creates noise. The solution? HackerOne Agentic PTaaS pairs specially trained AI agents with elite human validation to deliver results based on real-world exploitability, not theory. This 50-second video shows you how it works.

ZXX

151

11.2K

sumgr0 retweetledi

H4x0r.DZ 🇰🇵@h4x0r_dz·12 Şub

Let’s be clear: @Hacker0x01 is using researchers’ work to train their AI and profit from it without consent. That’s not “innovation” — that’s exploitation. Our reports, our research, our time — turned into their product, while we get nothing. This violates client agreements. Vulnerabilities belong to the companies and the researchers — not HackerOne. Yet they’re monetizing it anyway. Layoffs, shrinking bounties, and now this? The platform is collapsing, and instead of fixing it, they’re squeezing the community that built it. Researchers made HackerOne. Programs trusted HackerOne. And now both are being treated like disposable data sources. If you’re a company, review your contracts immediately. If you’re a researcher, stop feeding them your work. HackerOne isn’t supporting the community anymore it’s exploiting it. And people are finally waking up. Many programs have already shifted to self-hosted , such as Salesforce. #BugBounty

BugBountyHQ@BugBountyHQ

Thread - My own opinion & this is to the Bug Hunters, What @Hacker0x01 is doing re AI, is essentially stealing “our work” “our research” for their own profitability. They are for sure breaking client agreements, wherein a clients data / vulns belong to the client. Not H1!!

English

232

15.2K

sumgr0 retweetledi

Ben Sadeghipour@NahamSec·10 Şub

n case you missed it, all of the talks from both conferences last year are posted on our website for free. Watch all 20+ talks here 👉🏼 nahamcon.com

English

159

sumgr0 retweetledi

Nagli@galnagli·6 Şub

I was targeted by a popular X phishing campaign after my @moltbook discovery that tried to steal my account - this time by impersonating a fake @TechCrunch reporter So I used @openclaw to investigate the attackers. Here's what I found 🧵

English

275

27.2K

sumgr0 retweetledi

$Gareth Heyes \u2028$

Gareth Heyes \u2028@garethheyes·2 Şub

Over the weekend I developed a major new feature for Shazzer: Teams! You can now share your vectors between team members and have your own fuzzing network. shazzer.co.uk/blog/shazzer-t…

English

1.5K

sumgr0 retweetledi

Jsmon - jsmon.sh@jsmonsh·2 Şub

Join the webinar on Feb 3, 2026, with Inderjeet Singh, (CEO of JSMON) for an exclusive session on securing modern apps. 📅 : Feb 3, 12:00 PM IST 🔗 Registration: form.typeform.com/to/YbXDBRxJ

English

375

sumgr0 retweetledi

Jsmon - jsmon.sh@jsmonsh·28 Oca

Just dropped a new Jsmon CLI walkthrough (Part 1). Learn how to scan any domain/website for: ✅ Recon & Threat Signals ✅ Leaked Secrets & PII ✅ API paths, URLs, emails, subdomains ✅ Clean, structured output you can act on Watch here: youtu.be/rRjEyXuTYc8

YouTube

English

sumgr0@sumgr0·26 Oca

@Toshusec_ Awesome! Congratulations man!

English

Toshit bharti@Toshusec_·26 Oca

@sumgr0 First TKO Thanks for planting the idea of subdomain takeovers in bsides ahmedabad hope meet again:)

English

142

sumgr0@sumgr0·26 Oca

#HappyRepublicDay

GIF

QME

196

sumgr0 retweetledi

Jsmon - jsmon.sh@jsmonsh·25 Oca

New blog from our research team: DOM XSS is not dead. A breakdown of polyglot payloads, real-world exploitation patterns, and what defenders should watch for. blogs.jsmon.sh/dom-xss-is-not…

English

4.8K

sumgr0@sumgr0·24 Oca

@Toshusec_ Shopify has implemented TXT verification, so it has become an edge case.

English

Toshit bharti@Toshusec_·24 Oca

@sumgr0 sir this is still vulnerable? over 20 min now its still loading

English

121

sumgr0@sumgr0·23 Oca

This is crazy and unexpected… thanks @galnagli

Nagli@galnagli

Introducing my Bug Bounty Masterclass. 100% free. I've made $2,000,000+ finding security bugs. I spent the last year turning my methodology into a complete blueprint. 4 hours of video - foundations, reconnaissance, web proxies, hands-on challenges, and certification. Finish it in a weekend and start hacking real-world applications 🐞

English

688

Keşfet

@ITSecurityguard @SLCyberSec @ManasH4rsh @seasides_conf @BugTroopers @Hacker0x01 @moltbook @TechCrunch