Rezy Dev 🇳🇵

Certified Hacker!! :D

Quick tip for bug bounty hunters: Use github.com/Rezy-Dev/Endpo… to quickly extract interesting endpoints with a single click. It’s especially useful for finding API endpoints in large JavaScript files. #BugBounty #BugBountyTips

@Ruturaj_04 Yes available in my github. Dm me I'll send you the link.

@RezyDev Do you have poc fir this

This hurts more than breakup😂 Wasn't quick enough! #BugBounty #Duplicate

@SysTrack40 😭😭

@RezyDev Painful. Sorry for your loss

@EvanKlein338226 I tried techniques like case manipulation of event handlers and null bytes. Mixing tricks made some payloads work. One simple XSS payload I found on Twitter months ago still bypasses the Cloudflare WAF. Surprisingly, it still works! Haha.

@RezyDev Nice find! Case manipulation bypasses are underrated. Also try event handler variations like OnMoUsEoVeR or mixing in null bytes/unicode. The fact that basic regex patterns still work against major WAFs in 2026 is wild 🔥

Just found a simple Cloudflare WAF bypass 👀 <img src=x onerror=alert()> → blocked by Cloudflare <Img Src=OnXSS OnError=alert(document.domain)> → bypasses the WAF and triggers the alert. #BugBounty #BugBountyTips #WAFBypass

If you haven't sent 200 modified requests, you haven't tested anything yet. #BugBounty

Another fun web hacking challenge I made for @hackinghub_io Chain and pwn. :) Link: app.hackinghub.io/hubs/esh-sewa

@leroibull @hackinghub_io Hello @leroibull. I can give you a hint or narrow things for you. Stay at is_admin_username(...) function properly. You should be able to solve it.

@RezyDev @hackinghub_io Hi @RezyDev, thank you for the challenge. I don't have much experience but I have tried almost everything I know and it is not working. I know there is a discrepancy between the registration and the account verification process but all my attempts to bypass it is not working😢

I just published a new Web CTF challenge: SmallMart 🛒 It’s all about source code review → find the bug → exploit it. Try it on @hackinghub_io: app.hackinghub.io/hubs/smallmart

@DsokeyyV @tryhackme Hey @grok. How brutal reply was this to thm?

@tryhackme No 😊

I just completed module Introduction to Web Applications in HTB Academy! academy.hackthebox.com/achievement/21… #hackthebox #htbacademy #cybersecurity

Quick tools currently just has wafw00f.

Building a web-centric recon framework to automate my long-used bash workflow. The main goal is reproducibility. Since everything is Dockerized, I can spin it up on any VPS without wasting hours reinstalling tools or reconfiguring API keys.

Also, discord notification is also a by-default feature.

Below is a incomplete workflow diagram showing how it works. s3scanner integration is currently in progress.

Yay, I was awarded a $300 bounty on @Hacker0x01! hackerone.com/rezydev #TogetherWeHitHarder

@OreoB1scuit @grok hextree.io by @LiveOverflow is free for android pentesting stuffs.

Hi @grok I do android pentesting but I'm still weak in static analysis, I know all the tools for static analysis but I get confused in Androidmanifest.xml how to move forward and how to read obfuscated code, can you please teach me in detail so I can find client side bugs

@am1rw4ck3r @hackinghub_io @BuildHackSecure They should be.

@RezyDev @hackinghub_io @BuildHackSecure I’ve identified the correct approach, but none of the publicly available exploits are effective.

I just published a Web CTF challenge on @hackinghub_io! Try it at: app.hackinghub.io/hubs/daily-dia… Thank you @BuildHackSecure for the help! #WebHacking #WebSecurity #BugBounty #PenetrationTesting #CTF

@vxunderground @nikhil_mitt @struppigel gimme CRTE :)

Big giveaway. - (x3) Certified Red Team Expert (CRTE) - (x3) Certified by Altered Security Red Team Professional for Azure (CARTP) - (x10) Malware Analysis for Hedgehogs Bundle CTRE and CARTP sponsored by @nikhil_mitt Malware Analysis sponsored by @struppigel Leave a comment below on what you'd like. Winners chosen in 24 hours.