0xRAYAN @0xRAYAN7 Twitter profile

Pinned Tweet

0xRAYAN

1 month

I've started to enjoy working with Tailwind CSS and the React framework to build modern, mobile-responsive applications, and I ended up creating something like this.

1

0

6

Last Seen Profiles

@KieraJAllen

@bokeplokalmalam

@Linata_

@Nyan_03_06

@BinorRaja

@barbzforbernie

@Macadelic_22

@Gom8410Gomez

@A3zzzo

@lukand_dahl

@galery_basah10

@qYqf68Xg6o8d6t7

@usa_neko_maru

@PB9NwIID1516006

@jamescarey1967

@Icarus1nTheSun

@mirkomilito

@jimjr2037

@PecintaStwIbu1

@DiabloTraeluz

@singen_BTb

@CristianoTalk

@King_Lonnie_95

@AliTem35658

@konboku1225

@AmPurposed

@SaudiDesiGirl

@alixbugbug

@alto_nao

@itsKimbol

@Lemon898097153

@EricLee1481595

@bless586

@zarinaaleOK

@Haydenbarton_39

@adeny774

0xRAYAN

@0xRAYAN7

1 year

I hate recon but here a good tip : 1 - Get the company IPs range X.X.X.X/24 2 - Run nmap -p 80,448,8080 IP/24 -oN file.txt 3 - Use any IP extractor or API in case of automation or bash then save it on IPs.txt 4- run httpx -l IPs.txt -o final.txt 5 - run nuclei -l final.txt

8

322

1K

0xRAYAN

@0xRAYAN7

1 year

Recon is the key and below is a good tip created for you : 1 - Collect your target IPs range 2- Go to Censys search engine 3 - Run : ip=Target_range/XX 4 - Looking for a specific status code run this: ip=Target_range/XX and services.http.response.status_code=200

4

134

419

0xRAYAN

@0xRAYAN7

5 months

Recon Tools For Web Application Pentesting 🔎 #Proxy 1- Burpsuite 2- Zap proxy 3- Caido #Subdomain 1- subfinder 2- amass 3- dig 4- assetfinder 5- sublist3r 6- chaos (chaos.projectdis) #webspidering 1- gospider 2- gau 3- linkfinder 4- waybackurls 5- hakrawler 6- paramspider

3

105

409

0xRAYAN

@0xRAYAN7

1 year

Yay, I was awarded a $7,500 bounty on @Hacker0x01 ! #TogetherWeHitHarder

37

21

374

0xRAYAN

@0xRAYAN7

2 years

July and June it was an amazing month for me I managed to get more than 6000 € , happy hunting 🇸🇦🔥

24

19

321

0xRAYAN

@0xRAYAN7

6 months

🔍 Search Engines for Bug hunter & Security Pro : [ Recon is the key ] 1. - Dorks 2. - Servers 3. - Servers 4. - Mail addresses 5. - Attack Surface 6.

FullHunt | Expose Your Attack Surface

Discover, monitor, and secure your attack surface. FullHunt delivers the best platform in the market for attack surface security.

fullhunt.io

2

93

306

0xRAYAN

@0xRAYAN7

5 months

shodan dorks for recon : 1. :"*.target.com" http.title:"index of/" 2. :"*.target.com" http.title:"gitlab" 3. :"*. " http.title:"gitlab" 4. :"*.target.com" "230

2

101

287

0xRAYAN

@0xRAYAN7

2 years

The below code is vulnerable to which type of XSS ?

31

26

270

0xRAYAN

@0xRAYAN7

5 months

🔍 #BugBountyTip : Found a JS file that's hard to read? Try deobfuscating it at . Learn the obfuscation techniques used, as some methods might not be reversible by this tool. 🛠️ Key JS obfuscation techniques: - Reordering - Encoding - Splitting - Renaming

0

66

275

0xRAYAN

@0xRAYAN7

6 months

Here a good tip for testing a clinet side attack ( Post message ) : 1 - Using Post message trakcer by Frans( Epic one ) 2 - check If the Oirgin misconfigured then start test. 3 - test from dev tool direct no need for PoC , ( later on ) .

6

59

268

0xRAYAN

@0xRAYAN7

1 year

I earned $2,400 for my submission on @bugcrowd #ItTakesACrowd

14

6

235

0xRAYAN

@0xRAYAN7

8 months

Bug Bounty Tips: 1. Save JavaScript files for your target locally (e.g., main.js, app.js). 2. Upload to ChatGPT with a subscription. 3. Request: "Find potential security issues like DOM XSS, credentials leaks, or juicy endpoints." It's effective for analyzing JS.

3

30

211

0xRAYAN

@0xRAYAN7

3 years

السلام عليكم ، كتبت مقالة عن اختباري OSWE وتجربتي معا الاختبار اتمنى اكون وفقت في تلخيص بالشكل المناسب ، قراءه ممتعه 👍❤️

OSWE Exam Review 2022 🔥

Hi my name is Rayan Omair, today I’m going to walk you through OSWE course from my experience with offensive security during my study and…

medium.com

6

23

196

0xRAYAN

@0xRAYAN7

5 months

BugHuntingTips 🪿 SOME OF THE TOP XSS WAF BYPASS PAYLOADS :) CloudFlare WAF: <svg onload=alert& #0000000040document .cookie)> <svg/oNLY%3d1/**/On+ONLoaD%3dco\u006efirm%26%23x28%3b%26%23x29%3b> <Svg Only=1 OnLoad=confirm(atob("Q2xvdWRmbGFyZSBCeXBhc3NLZCA6KQ=="))> Cloudfront

0

37

200

0xRAYAN

@0xRAYAN7

2 years

Tips for my last P1 : 1 - Found dev portal for developing require Basic Auth 2 - search in GitHub "domain" docker 3- found a user try to pull the privite repository and passing the username:pass 4 - Decode Base64 Basic Auth 5 - Logged in and full access on all Prod

7

41

179

0xRAYAN

@0xRAYAN7

4 months

Testing web caching vulnerabilities with Akamai? Here are some key headers to use for testing : - Cache-Control: no-cache, no-store, max-age=0 - Pragma: no-cache - Expires: Wed, 21 Oct 2015 07:28:00 GMT - Vary: User-Agent, Accept-Encoding, Cookie - If-Modified-Since: Wed, 21

4

28

150

0xRAYAN

@0xRAYAN7

5 months

Yay, I was awarded a $5,000 bounty on @Hacker0x01 ! #TogetherWeHitHarder

HackerOne profile - 0xrayan1996

-

hackerone.com

8

0

119

0xRAYAN

@0xRAYAN7

2 years

السلام عليكم ورحمة الله وبركاته ، اليوم نشرت اول ثغره لي في مسابقة هاكر ون ممثلين السعوديه في الجوله الاولى، 🇸🇦 لاتنسانا من الريتويت والايك اذا عجبك المحتوى عشان نستمر 👍 Today I just publish my first finding in Hackerone World Cup 🔥

10

28

110

0xRAYAN

@0xRAYAN7

7 months

Yay, I was awarded a $2100 bounty on @Hacker0x01 ! #TogetherWeHitHarder

HackerOne profile - 0xrayan1996

-

hackerone.com

6

4

106

0xRAYAN

@0xRAYAN7

7 months

I learned something while doing a bug bounty : 1- Don’t stress your self after submitting the report, leave them . 2- No need for asking for update , the team will see it and evaluate your report . 3 - if you deserve something you will get it. Your health is matter !👌✅

3

9

95

0xRAYAN

@0xRAYAN7

6 months

Here explain for a bounty worth 2K : 1- Identified a GraphQL query that includes a user ID as part of the email parameter in a password reset function. 2- Discovered that my user ID is 2811. 3- After sending 6 requests to the endpoint, I was unexpectedly logged out. exploit .

5

8

91

0xRAYAN

@0xRAYAN7

3 years

الحمدالله اخير نجحت في الاختبار كانت تجربه حلوه🕷🤍 Thank you for the training and content @offsectraining .

Offensive Security Web Expert (OSWE) was issued by Offensive Security to Rayan Ahmed Omair.

Certified OSWEs have a clear and practical understanding of white box web application assessment and security. They’ve proven their ability to review advanced source code in web apps, identify...

www.credly.com

12

4

79

0xRAYAN

@0xRAYAN7

2 years

Just received 25 P1s submission coin ✌️Thank you @Bugcrowd for the amazing platform, Rank on the TOP 100 P1 warrior

4

1

78

0xRAYAN

@0xRAYAN7

1 year

Norway 🇳🇴 is the best ever 🥶

4

0

72

0xRAYAN

@0xRAYAN7

8 months

As part of source code series below the challenge of real finding that I found in Google Cloud - 2020 What are the security vulnerabilities in the source code ?

12

4

70

0xRAYAN

@0xRAYAN7

1 year

See you there ! I will be discussing some unique bugs. Topic : Hacking the Hackers Date and time : 13:40-14:20, 16 November, Briefing Stage 3

8

4

66

0xRAYAN

@0xRAYAN7

2 years

Just got a new Offensive Security credential via @Accredible for via @offsectraining

OffSec Certified Professional (OSCP) • Rayan Ahmed Omair • Cybersecurity Training Badges from OffSec

Home of digital credentials

www.credential.net

10

5

59

0xRAYAN

@0xRAYAN7

2 years

😅😅

6

11

54

0xRAYAN

@0xRAYAN7

1 year

Here we go ):

8

1

56

0xRAYAN

@0xRAYAN7

3 months

Here we go €€€€ Bug type : information discourse via ws:// due lack of auth flow

5

1

54

0xRAYAN

@0xRAYAN7

1 year

Yay, I was awarded a $1,000 bounty on @Hacker0x01 ! #TogetherWeHitHarder

HackerOne profile - 0xrayan1996

-

hackerone.com

1

48

0xRAYAN

@0xRAYAN7

7 months

I've spent 6 days with 3 hours daily on BBP and found only 2 bugs, which is frustrating. I think I need to level up on my skills. 😤

7

1

46

0xRAYAN

@0xRAYAN7

1 year

Building entire application with many features for automating exploit and reconnaissance process for web application 10% just done so far and a lot of work needs to be done .

5

0

35

0xRAYAN

@0xRAYAN7

2 years

☁️

2

1

35

0xRAYAN

@0xRAYAN7

8 months

@Jr0dR87 There are 2 security issue , 1- isAdmin set to false if not provided by the user meaning if the user put true during the POST request it will be changed - Never trust client - The password stored as plain text and not hashed in the DB in User class - using bcrypt

1

0

30

0xRAYAN

@0xRAYAN7

10 months

For source code review, follow these steps: 1. Set up a new Ubuntu VM on AWS. 2. Install source code tools ensuring support for API and custom signatures. 3. Develop a script integrated with AI chat (e.g., GPT) to scan the code 4. Implement Gitlab or Jenkins for CI/CD

2

5

29

0xRAYAN

@0xRAYAN7

11 months

It was incredible experience at @Blackhatmea witch is organized by @SAFCSP , I discussed today " Hacking the Hackers " I explained multiple techinuqes . Thank you for your attendance and the great experience so far 🙏🏻.

4

1

27

0xRAYAN

@0xRAYAN7

6 months

How did you miss this epic one @japzdivino @errorsec_ 😅 ? Congratulations to the reporter, it was really good.

publiclyDisclosed

@disclosedh1

6 months

HackerOne disclosed a bug submitted by xklepxn: #hackerone #bugbounty

5

21

157

3

1

28

0xRAYAN

@0xRAYAN7

5 months

I Just recorded a podcast with my brother @xcode0x discussing a source code approach. Hope you like it! لقد سجلت للتو بودكاست مع @xcode0x نناقش فيه مراجعة الأكواد البرمجية . آمل أن يعجبكم! #أمن_سيبراني

Cyberminds | EP 06 | Rayan Omair | Code review

حلقه جديده وشيقه عن موضوع مهم إلا وهو Code Review وكيف أكتشاف الثغرات في ال Web Applications مع الضيف المميز ريان عمير وهاذي بعض المصادر المذكوره :https://s...

www.youtube.com

2

28

0xRAYAN

@0xRAYAN7

1 year

Take me to the dark 🔜

0

27

0xRAYAN

@0xRAYAN7

1 year

I think these people are testing Linkdhin for XSS and send me invite. 😂

5

1

22

0xRAYAN

@0xRAYAN7

3 months

0

1

22

0xRAYAN

@0xRAYAN7

2 years

@Bugcrowd Tips for my last P1 : #bugbountytips 1 - Found dev portal for developing requireBasic Auth 2 - search in GitHub "domain" docker 3- found a user try to pull the privite repository and passing the username:pass 4 - Decode Base64 Basic Auth 5 - Logged in and full access on all Prod

1

10

18

0xRAYAN

@0xRAYAN7

2 years

To Riyadh 🌧️

3

0

12

0xRAYAN

@0xRAYAN7

1 year

CVE-2023-24488 ( XSS ) on Citrix everywhere !

1

0

15

0xRAYAN

@0xRAYAN7

2 years

Hi hackers,😁 You can use the below tool, one of the amazing tool when it comes to source code review assessment it’s going to save your time, It’s contain a huge databases with updated signatures for critical function in different programming languages.

GitHub - wireghoul/graudit: grep rough audit - source code auditing tool

grep rough audit - source code auditing tool. Contribute to wireghoul/graudit development by creating an account on GitHub.

github.com

0

4

13

0xRAYAN

@0xRAYAN7

1 year

I can say hunting on @Hacker0x01 l is better then studying a course . 🤡

1

0

14

0xRAYAN

@0xRAYAN7

6 months

كل عام وانتم بخير وصحه وسلامه والله يعيده علينا وعليكم بالصحه والعافيه 🌙 Happy Eid for everyone 🎉

1

0

14

0xRAYAN

@0xRAYAN7

3 months

This year, I feel like all my energy for hunting is gone. I can't spend much time or even hours on it anymore. 😅 I can see myself drifting away from everything related to computers. ):

5

1

13

0xRAYAN

@0xRAYAN7

1 year

@healthyoutlet @Hacker0x01 @healthyoutlet @Hacker0x01 .I'm reading your tweet and laughing to be honest , I'm reporting this ethicaly via HackerOne paltforme if I want to take advantage of this will not reported at all , The problem here if the there is another hacker found this.

4

0

12

0xRAYAN

@0xRAYAN7

2 years

@BhatAasim9 @theXSSrat @nav1n0x @ADITYASHENDE17 I have good things to try , it worth P3 you can reported , try to access ( /whoAmI ) , impact is : Exposed session identifiers on user detail object in the whoAmI diagnostic page

1

9

0xRAYAN

@0xRAYAN7

2 years

@3bdullaM9 السبب في وجهة نظري جو CTF يبغاله تكرس له وقت وتحل تحديات وتدخل HTB في تحديات كثيره CTF , يبغالها مجهود ومعا الوقت تتمكن منها ، بس الشخص الي شغال Bug bounty او PT كاعمل له ماعنده وقت لشيء ذا طبيعي محا يحل أسهل تحديات ممكن ، والسبب زي ماذكرت تحتاج ممارسه 👍

0

11

0xRAYAN

@0xRAYAN7

1 year

@0xbinhelal No actually you need to understand the scope and this technique works better than subdomain enumeration because you have the right subnet for the company , OOS happens if you submit domain or assets not belongs to the company . Or not mentioned in the scope.

0

10

0xRAYAN

@0xRAYAN7

2 years

@GodfatherOrwa @Bugcrowd Nice @GodfatherOrwa , how did you find the file path that you uploaded in order to be executed ?

1

0

9

0xRAYAN

@0xRAYAN7

1 year

Below is the best extensions I used in VScode : 1- Prettier - Code formater 2- Auto Rename Tag 3- Atom One Dark Them 4- MySQL ( authored by : cweijan) 5-SQLite

0

2

9

0xRAYAN

@0xRAYAN7

6 months

4- check the frames array and test ( ) direct instead of building the JSON from js file 5- if you find post message just try to find another endpoint that leaks something leading to ATO .

1

0

10

0xRAYAN

@0xRAYAN7

2 years

What the amazing experience that is hacking on @Hacker0x01 with @AMakki1337 and the rest of the Saudi team for the World Cup, so far learned a lot 🔥🔥

3

0

8

0xRAYAN

@0xRAYAN7

8 months

When writing a user model, note that some database schemas don't support validation for usernames, which might lead to XSS or other types of attacks when data is displayed on the frontend. Ensure to carefully validate all user input.

0

9

0xRAYAN

@0xRAYAN7

3 years

You can bypass Rate limit on login function by using my methodology below but this might be fixed in some cases .

1

7

0xRAYAN

@0xRAYAN7

6 months

@bxmbn 40% skill 50% private invite 10% luck

1

0

8

0xRAYAN

@0xRAYAN7

10 months

@ManasH4rsh Very simple <a > is anchor tag is used to create a hyperlink and the "aaaaaa" attributes are just part of the tag and will not effect the functionality but if you write it <aa> without space then this will not be a valid payload .

0

7

0xRAYAN

@0xRAYAN7

2 years

Bye Bye Jeddah , Welcome Riyadh my new place ☁️💖

4

0

7

0xRAYAN

@0xRAYAN7

1 year

@Hacker0x01 Nepal team on 🔥🔥

0

7

0xRAYAN

@0xRAYAN7

1 year

@bxmbn I’m agree with you to be honest but remember that in one day you was totally nope and you learn from these articles and public disclosure and people work ! It’s matter of given to the community as you took previously. And the technique you are using it’s not new to the community

0

7

0xRAYAN

@0xRAYAN7

6 months

@Bugcrowd Bug: PHP type juggling code: if ($_POST["userid"] == int($_SESSION["userid"])) Exploit: An attacker could send a $_POST["userid"] value with a numeric string followed by non-numeric characters, which would be interpreted as an integer, passing the comparison check

0

7

0xRAYAN

@0xRAYAN7

1 year

@GodfatherOrwa Thank you @GodfatherOrwa for always sharing valuable stuff to the community 👏🏽

2

0

6

0xRAYAN

@0xRAYAN7

8 months

@fortnit45007347 The subscription version is recommended for two reasons: it supports larger usage limits, capable for handling and analyzing extensive JavaScript files, and it offers an exclusive file upload feature, You can automate this process in Chat GPT 4 using their API Key

1

0

6

0xRAYAN

@0xRAYAN7

6 months

6- If the X-Frame-Options and CSP are correctly configured, identify another XSS vulnerability to target the affected post message domain and extract the sensitive data for account takeover (ATO).

0

7

0xRAYAN

@0xRAYAN7

5 months

@h4x0r_dz @ECCOUNCIL Certification is bullshit 👍

0

4

0xRAYAN

@0xRAYAN7

2 years

بأذن الله معكم 🔥🇸🇦👍👍

Abdulrahman Makki | عبدالرحمن مكي

@AMakki1337

2 years

للسعوديين او المقيمين بالسعودية وحابين يشاركو بمسابقة كأس العالم World Cup 2023 المقدمة من منصة هكر ون لإكتشاف الثغرات باسم السعودية, يتواصل معي على الخاص ورح يتم نشر تحديات غدا الساعة 7 مساءً في الدسكورد لإختيار المشاركين.

5

17

97

0

5

0xRAYAN

@0xRAYAN7

10 months

5. Set up Gitlab or Jenkins stages to execute your tools, generating final results in JSON. 6. Transform the JSON results into HTML format. 7. Implement your SMTP script as the final stage for email notifications, attaching the HTML file.

0

4

0xRAYAN

@0xRAYAN7

1 year

When building your application in .NET ASP Core , Below is the right and recommended pipeline for your middleware to be in place for your application from security perspective as well

0

5

0xRAYAN

@0xRAYAN7

1 year

@errorrsec Your are exceptional👏🏼❤️

1

0

5

0xRAYAN

@0xRAYAN7

2 years

@GodfatherOrwa Very easy bug when you read it , but difficult to find because the way you think is out of the box , Many of attackers they know how to exploit but don’t know how to search 👍

0

1

4

0xRAYAN

@0xRAYAN7

7 months

@Bugcrowd RCE 🎱

0

4

0xRAYAN

@0xRAYAN7

6 months

@akita_zen CORS is configured , but CSP and Iframe option is allowed across subdomain , in this case iframe will works fine to communicate with parent window .

1

0

4

0xRAYAN

@0xRAYAN7

2 years

@h4x0r_dz @IamRenganathan Yes it’s sandbox environment , they are smart enough to avoid such as this silly mistake

0

4

0xRAYAN

@0xRAYAN7

2 years

I like DANTE lab from HTB pro labs but confused little bit in some cases. 😅

1

0

3

0xRAYAN

@0xRAYAN7

11 months

🇸🇦🇸🇦

0

3

0xRAYAN

@0xRAYAN7

4 months

@_2os5 Bypassing the caching mechanism causes the server to serve all requests directly, without caching. If the application relies on caching for user roles during authentication, this can lead to server-side flaws like improper access control or information leakage. This approach also

0

4

0xRAYAN

@0xRAYAN7

4 months

@zhero___ @MiniMjStar @MiniMjStar Configure Akamai with a website, experiment with cache settings and configurations, and test different scenarios for web caching vulnerabilities etc , this will let find a uniqe finding then applied for all websites running a Akamai as catching for performance

1

0

4

0xRAYAN

@0xRAYAN7

2 years

@0x_rood @Bugcrowd the best to hunt and learn and earn 🏴 ,

1

0

4

0xRAYAN

@0xRAYAN7

8 months

Here is the fix code for the two findings mentioned , priv esc + logger

0

4

0xRAYAN

@0xRAYAN7

5 months

@Sin4Yeganeh How did you test the React code when the application consists solely of a main.js file or a misconfigured build during building the front end allowing you to view JSX?

0

3

0xRAYAN

@0xRAYAN7

6 months

@lu3ky13 It looks like you are brute forcing the code paramater , {"code":"11435104","password":"gDcE}!Mef;k8QFS","password_confirmation":"gDcE}!Mef;k8QFS"} No rate limit on the server ?

1

0

2

0xRAYAN

@0xRAYAN7

2 years

@hattan_515 @Bugcrowd @az7rb @aa_8989 @0xNasser_ @0xRaw ماشاءالله الله يوفقكم يارب وتجيبوا الاول 🌹🌹🏆

1

0

3

0xRAYAN

@0xRAYAN7