0xfxiii 🇬🇧 @0xfxiii Twitter profile

Last Seen Profiles

@nLYYNFDUQW0tRKl

@YufengXiaoUF

@IqBrum

@agjpwtm8888

@TomWassell

@JFacemaker

@youngmikky

@asp2210

@NegevIsAFag

@bokeplokalmalam

@dhyakr

@aur_herm

@salbsdhjad1

@Papuaviral1

@salbsdhjad1

@mistrrssma32566

@dihanrahian

@Draskia

@ZunaiBlatchl

@paixassss

@ArgyleStrength

@RUT_OFICIAL

@muhamadaly2919

@JovanStrange

@tonycsports

@discduothinks

@izaiaperezz

@CraiovaShake

@ChoppRosal

@JohnathinPatch2

@diepaul

@ashton_luck

@RMoscku36669

@maestro_fem

0xfxiii 🇬🇧

@0xfxiii

14 days

What do you do when you encounter an IIS Windows server? What is your next move? I remember seeing a tweet where someone found some juicy data just by doing a directory search, but I forgot to bookmark it. He used to wear a mask in his photos. Anyway, what's your methodology?

14

29

386

0xfxiii 🇬🇧

@0xfxiii

3 months

Swagger does this by asking your API to return a YAML or JSON that contains a detailed description of your entire API. Well Can't much but it was fun ! now moving forward partnership with @l00pzwastaken also add /swagger.yaml in your wordlist

11

31

324

0xfxiii 🇬🇧

@0xfxiii

4 months

Bug Hunting Day 2: Explored Injuction, Insecure design, Security Misconfiguration. Investigated 7 endpoints. Tried LFI, tested HTTP methods. (Failed) Began learning JavaScript. Encountered resistance in community engagement. Which leads @krishnsec to block me Ready for tomorrow

21

5

271

0xfxiii 🇬🇧

@0xfxiii

2 months

my mum think I have gone crazy ! well she is not wrong

21

14

245

0xfxiii 🇬🇧

@0xfxiii

4 months

Hunting Day 7 🏴‍☠️ Now I'm eligible for private programs on hackerone. 🏴‍☠️ Tackle some @PortSwigger labs (I'm going to complete all of them) 🏴‍☠️ Learn how to make good reports. 🏴‍☠️ Watched some bug Hunters talks 🏴‍☠️ Tomorrow is my interview wish me luck. Btw guys what is nuclei ?

23

10

214

0xfxiii 🇬🇧

@0xfxiii

3 months

Officially started with HackTheBox ! I'm tackling the starting point and man it's soooooo good. Tire 0 is easy until now

6

5

190

0xfxiii 🇬🇧

@0xfxiii

4 months

Hunting Day 10 : 🏴‍☠️ Today I write 2 articles on medium Please read 1. 2. 🏴‍☠️ Scored 37 points on hacker101 CTF 🏴‍☠️ Solved 10 labs on @PentesterLab 🏴‍☠️ learn shodan 🏴‍☠️ Namp and DNS records like NS,A,AAA,MX,TXT,CNAME I'm ill 🤧 now

16

17

189

0xfxiii 🇬🇧

@0xfxiii

3 months

Does anyone got some checklist ? I'm using but it's outdated

Bug-bounty/bugbounty_checklist.md at master · sehno/Bug-bounty

Ressources for bug bounty hunting. Contribute to sehno/Bug-bounty development by creating an account on GitHub.

github.com

3

36

174

0xfxiii 🇬🇧

@0xfxiii

3 months

Everyone sharing bountys and money but let me share this with you all. Yes I'm a fucking noob and you all can laugh on me. Go ahead

38

10

171

0xfxiii 🇬🇧

@0xfxiii

1 month

here if you are hunting for idors add these extensions Autorize : AutoRepeater : AuthMatrix : comment your fav ones, so I can add them xD #bugbountytips

GitHub - SecurityInnovation/AuthMatrix: AuthMatrix is a Burp Suite extension that provides a simple...

AuthMatrix is a Burp Suite extension that provides a simple way to test authorization in web applications and web services. - SecurityInnovation/AuthMatrix

github.com

3

37

158

0xfxiii 🇬🇧

@0xfxiii

4 months

Bug Hunting Day 1 Highlights: Selected a public target due to starting out. Discovered info endpoints in API, downloaded intriguing file. Explored Broken Access Control, Cryptographic failures. Studied @zseano 's PDF book, chatted with @golu_369 . That's it.

14

5

150

0xfxiii 🇬🇧

@0xfxiii

4 months

Bug Hunting Day 3 Exploited HTB Solarlab by @LazyTitan33 , struggled but succeeded. Began OSCP journey :) Syllabus Overview Lab OWASP A06:2021 practice JS on my website -> Shifted focus from small to large programs, paused UK govt hacking CTF was hard !!!

8

3

134

0xfxiii 🇬🇧

@0xfxiii

3 months

> personal opinion > The best was to learn SQLi is to learn SQL > I still fear Sqli though > Any suggestions how can I overcome this fear !

8

129

0xfxiii 🇬🇧

@0xfxiii

3 months

Help needed [🌲] I can successfully connect to ftp server with an anonymous login. And then able to download the files on my local host. But can't able to upload any files. So the impact is only read access so my question is should I report this ?

16

6

114

0xfxiii 🇬🇧

@0xfxiii

3 months

Completed Tier 0 now moving forward to Tier 1 > Takeaways from Tier 0 > Use Google for everything > Nmap basic scanning > Telenet, Ftp, smbclient > Database Discovery > I have used some tools which I have never used before.

4

6

110

0xfxiii 🇬🇧

@0xfxiii

12 days

my search ends here

GitHub - gmelodie/awesome-wordlists: A curated list wordlists for bruteforcing and fuzzing

A curated list wordlists for bruteforcing and fuzzing - gmelodie/awesome-wordlists

github.com

2

19

111

0xfxiii 🇬🇧

@0xfxiii

21 days

Companyname_db/

5

2

102

0xfxiii 🇬🇧

@0xfxiii

17 days

why is this so shit ?

19

3

101

0xfxiii 🇬🇧

@0xfxiii

4 months

Hunting Day 5: Updated my recon methodology. Scored 7 points on Hacker101 CTF Attempted XSS something is happening Engaged with pro bug hunters for insights. JS datatypes 50 common bug types. Analyzed CIA triad in offsec !! Appreciated @NahamSec 's video on mental health.

5

0

94

0xfxiii 🇬🇧

@0xfxiii

4 months

Hunting Day 13 🏴‍☠️ Completed all the OS command injection labs 🏴‍☠️ Done with Nmap scripts. 🏴‍☠️ Learn All about SMB enumeration net-bios, smb (so port 139,455 are my mates now) For net-bios wr can use nbtscan. 🏴‍☠️ I found 1 XSS (reflected) 🏴‍☠️ SMTP & SNMP is next. 🏴‍☠️ No CTF today

5

3

91

0xfxiii 🇬🇧

@0xfxiii

4 months

Hunting Day 8 🏴‍☠️ Reviewed 100 Cybersecurity Interview Questions (because of fear) 🏴‍☠️ Started @WebSecAcademy and solved 4 labs 🏴‍☠️ Worked on my blog 🏴‍☠️ Interview went well until the Active Directory questions (let's hope for the best) 🏴‍☠️ DOM XSS is a challenge ! 🏴‍☠️ No energy left !

10

2

89

0xfxiii 🇬🇧

@0xfxiii

4 months

Hunting Day 9 🏴‍☠️ Passive Information gathering done time for active 🏴‍☠️Google and GitHub Dorking 🏴‍☠️ Make my own hacking tool kit 🏴‍☠️ Will focus on server side bugs. 🏴‍☠️ Cyberchief 🏴‍☠️ I will hunt lot more after being confident where and what to look.

5

4

88

0xfxiii 🇬🇧

@0xfxiii

2 months

I'm learning JS the hard way

5

2

87

0xfxiii 🇬🇧

@0xfxiii

4 months

Hunting Day 18 🏴‍☠️ reported 1 low hanging bug 🏴‍☠️ Studying web application attacks 🏴‍☠️ Families myself with white, black and grey box texting 🏴‍☠️ Debugging page content by using (Firefox debugging tool) 🏴‍☠️ How much I try I keep on blocking with cloudflare 🏴‍☠️ Talk to great people.

10

3

82

0xfxiii 🇬🇧

@0xfxiii

4 months

Hunting Day 4: Submission deemed out of scope, yet valuable lessons learned. Attempted XSS, prioritizing comprehension over mere payload replication. Recon on big target, found cool URLs. Advancing in OWASP, moving to PortSwigger. Note to self: Read scope first. JS is Fun 🏴‍☠️

7

1

84

0xfxiii 🇬🇧

@0xfxiii

4 months

Hunting Day 11 🏴‍☠️ Today I seek for help from experts so I read more and more articles how they started. 🏴‍☠️ I gathering as much alive subs I can will go manually on all. 🏴‍☠️ now in active information gathering DNS enumeration with dnsrecon, dnsenum & nslookup 🏴‍☠️ Nmap is next

11

1

84

0xfxiii 🇬🇧

@0xfxiii

4 months

Hunting Day 19 🏴‍☠️ Spend a lot of time on learning 🏴‍☠️ Inspector tool 🏴‍☠️ Inspecting http response header & sitemaps 🏴‍☠️ URL based access control 🏴‍☠️ Method based access control 🏴‍☠️ After access control I will do IDORs 🏴‍☠️ Started learning more about APIs 🏴‍☠️ Skill issue fr

6

3

81

0xfxiii 🇬🇧

@0xfxiii

4 months

Hunting Day 17 🏴‍☠️ Completed Vulnerability Scanning, next Introduction to web application attacks (which I want to study) 🏴‍☠️ started Access Control cover all the models such as DAC,MAC,RDAC etc 🏴‍☠️ virtical privilege escalation. 🏴‍☠️ Checked 50 sites all are similar no luck today.

9

0

80

0xfxiii 🇬🇧

@0xfxiii

3 months

HackTheBox Tier 1 Completed. This was a bit hard for me but learn a lot Such as: > Web Exploitation > Sqli > Server side template injection > How to get LFI and RFI > S3 bucket 🪣 was so new to me > Uploading Shell scripts and getting the shell Moving to Tier 2 now !

1

3

77

0xfxiii 🇬🇧

@0xfxiii

4 months

Hunting Day 6 Finally I have closed my own report another oneis still open Thank you @zseano for providing your methodology to us. It gives a great understanding how hackers thinks. Can't able to play CTF I will be focusing on some bugs only Write some minor scripts.

4

0

77

0xfxiii 🇬🇧

@0xfxiii

4 months

Hunting Day 12 🏴‍☠️ I tried everything I learn till now did hard recon checked all js file (found absolutely nothing) but learn a lot. 🏴‍☠️ I learn all(most) of the nmap options today. 🏴‍☠️ Idk how but I completed Android CTF 🏴‍☠️ Tomorrow will be the end of information gathering NSE.

12

1

75

0xfxiii 🇬🇧

@0xfxiii

19 days

Wtf frey this blog is going wild

3

6

77

0xfxiii 🇬🇧

@0xfxiii

4 months

Hunting Day 25: 🏴‍☠️ I have 20 websites to check this week. All of them have different functionality 🏴‍☠️ played real world pentesting CTF was straightforward but stuck on Active Directory again. 🏴‍☠️ I'm glad I have tools like ssh2john and John the ripper 🏴‍☠️ I will make list of all

5

1

70

0xfxiii 🇬🇧

@0xfxiii

4 months

Hunting Day 29: > DOM tree > Burp intruder practice > JS code 🥴 practice in Firefox (you can use about:blank) for that > Identifying XSS payloads > URL%20encoding > Privalge escalation via XSS > I see HTTPOnly I run > nonce understanding > will grind on HTB from now onwards.

4

1

70

0xfxiii 🇬🇧

@0xfxiii

4 months

Hunting Day 21: 🏴‍☠️ Team reopened my report 🏴‍☠️ Dive into Https response header 🏴‍☠️ I also tried LFI a lot but no results 🏴‍☠️ I got some API keys again but same as always (dead keys) 🏴‍☠️ Bash course is almost done ❓ People can do privilege escalation with XSS ?

6

0

70

0xfxiii 🇬🇧

@0xfxiii

3 months

aaaah I will not sleep until I find a bug today or I will smash my pc

14

1

66

0xfxiii 🇬🇧

@0xfxiii

4 months

Hunting Day 23: 🏴‍☠️ Played reverse engineering CTF barely able to understand all the main debugging functions. Ghirda helped a lot 🏴‍☠️ Found something but not sure what to do 🏴‍☠️ Spend a lot of time bypassing 401/403 changing headers using fuzzing (no results for now) 🏴‍☠️Bad starting

2

0

67

0xfxiii 🇬🇧

@0xfxiii

2 months

Is there any way to bypass this encoding, everywhere I go I see this.

5

1

64

0xfxiii 🇬🇧

@0xfxiii

4 months

Hunting Day 27: > Some basic XSS > Manipulating API with curl and then doing the same behaviour with Burp. > I want to do more curl exercises from now onwards > I thought I finally found IDOR but when I look at the website the information was public all along stupid me.

3

2

64

0xfxiii 🇬🇧

@0xfxiii

12 days

Hey @coffinxp7 script kiddie do you want to join me live on discord ? Or on X space 🚀 well there are many others want to see your all false positives. @AyushSingh1098 that's a great idea to leave discord aside and invite the dude in space.

11

1

65

0xfxiii 🇬🇧

@0xfxiii

1 month

2

3

63

0xfxiii 🇬🇧

@0xfxiii

4 months

Am I crying ? Yes I am

15

1

59

0xfxiii 🇬🇧

@0xfxiii

4 months

Hunting Day 22: 🏴‍☠️ New toic discovered business logic Vulnerabilities 🏴‍☠️ Played CTF solved it under 1hr all thanks to metasploit 🏴‍☠️ Solver 1 lab and bought 1337$ jacket with just 1$ 🏴‍☠️ My all reports changed into informative (depression) 🏴‍☠️XSS is more than just copy pasting.

4

0

57

0xfxiii 🇬🇧

@0xfxiii

2 months

Wtf another duplicate What is happening today I'm doomed

12

0

56

0xfxiii 🇬🇧

@0xfxiii

4 months

Hunting Day 15: 🏴‍☠️ Finally starting with Vulnerability scanning 🏴‍☠️ Learn a lot about CVE/CVSS scoring and it's type but can anyone tell me the difference between CVSS v3.0 & v4.0 🏴‍☠️ Installed Nessus 🏴‍☠️ I found 50+ dead APIs again. 🏴‍☠️ Learning LFI now (with different approach)

5

1

54

0xfxiii 🇬🇧

@0xfxiii

2 months

I have a question. I came across a login page where I can perform brute forcing, as there is no rate limit. However, I am unable to find a valid username and password. Should I report it?

16

0

52

0xfxiii 🇬🇧

@0xfxiii

4 months

Hunting Day 28: > Idk why but I did some html,JS today > Some sensitive data exposure labs > Html injection I used to do href all over the place > I wish my user-agent xss works still (also tried in cookie 🍪 but that turned out to be an self XSS) > I found one outdated door 🚪

1

0

54

0xfxiii 🇬🇧

@0xfxiii

4 months

Hunting Day 20 🏴‍☠️ Completed access control labs 🏴‍☠️ My previous report turn out to be informative 🏴‍☠️ Enumerating and abusing APIs. 🏴‍☠️ Watched @InsiderPhD main app methodology video (helpful) 🏴‍☠️ When I see @d00xing on any program I leave that program immediately.

4

0

53

0xfxiii 🇬🇧

@0xfxiii

4 months

Hunting Day 24 🏴‍☠️ Spend a lot of time on CTF hydra took all the time when with -t 16 thread enum4linux can't able to help me this time 🏴‍☠️ I faced my fear today and started SQLi (so business logic error can wait) 🏴‍☠️ Solved 2 labs but understand everything. 🏴‍☠️ Scared of blind sqli

5

0

53

0xfxiii 🇬🇧

@0xfxiii

2 months

I am not ready for this ! at this point I will stop my recon and seek for some help or watch the latest video of @zseano .JS is your friend ! and this will study for a complete new bug that's it. that's how I live nowadays

7

2

52

0xfxiii 🇬🇧

@0xfxiii

2 months

No wonder

1

2

51

0xfxiii 🇬🇧

@0xfxiii

1 month

Just started with API hacking and I am loving it

5

0

50

0xfxiii 🇬🇧

@0xfxiii

9 days

That's why I don't talk to senior researchers.

3

51

0xfxiii 🇬🇧

@0xfxiii

27 days

I am already logged in lol what else you want

5

0

47

0xfxiii 🇬🇧

@0xfxiii

17 days

Thanks 😩

1

4

48

0xfxiii 🇬🇧

@0xfxiii

3 months

I'm back with Duplicates !

7

1

48

0xfxiii 🇬🇧

@0xfxiii

3 months

My Twitter circle is awesome 💯

7

1

44

0xfxiii 🇬🇧

@0xfxiii

1 month

Look at the service - . It's like gtfobins or lolbas, only for searching for public exploits for services. The interface is similar to those described above. Will be needed While : 👉 Playing CTF 👉 Exploiting 👉 Trying to get a certificate

1

6

44

0xfxiii 🇬🇧

@0xfxiii

4 months

Hunting Day 14 🏴‍☠️ SNMP Enumeration done and it seems SNMP is easily misunderstood and easily cause which can cause information leaks. 🏴‍☠️ Done will Information Disclosure Vulnerabilities 🏴‍☠️ I end up with GraphQL based CTF barely under it but somehow did it. 🏴‍☠️ Bash is love

3

2

41

0xfxiii 🇬🇧

@0xfxiii

2 months

Just started ! this is going to be a great journey

5

0

42

0xfxiii 🇬🇧

@0xfxiii

6 days

Huh ?

4

1

42

0xfxiii 🇬🇧

@0xfxiii

4 months

Hunting Day 16 🏴‍☠️ Completed Path Traversal. Learn new tricks to bypass the security. 🏴‍☠️ Starting learning bash covered till conditionals today. 🏴‍☠️ Done with Nessus moving towards NSE Vulnerability scripts. 🏴‍☠️ Hunting was slow as today I only got lots of 400 while trying LFI

5

1

40

0xfxiii 🇬🇧

@0xfxiii

1 month

Detecting SQL Injection in a Query

3

40

0xfxiii 🇬🇧

@0xfxiii

4 months

Day 30 of hunting: With these 30 days completed, I’ve met lots of cool friends. > I spent the whole day providing information and POC for my report and still got an informative tag! I know they will fix it if I check the same function again after some time.

1

37

0xfxiii 🇬🇧

@0xfxiii

2 months

Yet another duplicate Just woke up and this is the first notification I got, ruined my day.

5

0

34

0xfxiii 🇬🇧

@0xfxiii

4 months

Hunting Day 26: 🏴‍☠️0% learning today 🏴‍☠️ The amount of time I spend today in doing recon is crazy 🏴‍☠️ Big question have i found something > yes/no (have to figure it out) 🏴‍☠️ I have completed my checklist 🏴‍☠️ I'm really website docs for hrs now 4 more days on this. 🏴‍☠️ Lots of 403

0

35

0xfxiii 🇬🇧

@0xfxiii

3 months

This took me almost 3 hrs to fix > First my John is not updated in ubuntu have to build it from the source > Then the real problem occurred with evil-winrm > But the openssl::digest::digesterror took all the time. I reinstalled Openssl and Ruby. > That's why people use Kali.

6

0

32

0xfxiii 🇬🇧

@0xfxiii

5 days

It looks like @zseano will be launching his own bug bounty platform quite soon :)

1

0

42

0xfxiii 🇬🇧

@0xfxiii

10 days

wow yeah another duplicate lol

4

0

33

0xfxiii 🇬🇧

@0xfxiii

1 month

Race 🐎 Conditions: Vroom vroom, we're going turbo! Thanks to @WebSecAcademy for these awesome races 🏁

1

0

29

0xfxiii 🇬🇧

@0xfxiii

2 months

Well completed the introduction to SQL now I have that much knowledge to test endpoints manually. It was harder than I thought all those commands still runs on my head. Funny thing my name was <script>alert(42);</script> which makes error in sololearn api database so I changed it

5

0

28

0xfxiii 🇬🇧

@0xfxiii

17 days

Big brain 🧠 time

3

0

29

0xfxiii 🇬🇧

@0xfxiii

10 days

HAHA SORRY_1337_H4X0RS 🤣

1

28

0xfxiii 🇬🇧

@0xfxiii

24 days

Hey does anyone remember the name of that Chinese extension which gives the hidden directories path I forgot its name

4

0

28

0xfxiii 🇬🇧

@0xfxiii

2 months

Yeah, I'm looking after a bird 😀🕊️

2

1

27

0xfxiii 🇬🇧

@0xfxiii

2 months

Fml

4

1

27

0xfxiii 🇬🇧

@0xfxiii

2 months

this is my new twitter banner

1

0

25

0xfxiii 🇬🇧

@0xfxiii

9 days

@apartment07 You got a bounty in your pants ?

7

0

27

0xfxiii 🇬🇧

@0xfxiii

2 months

Someone please 🙏 teach me Active directory without this I can't survive

6

1

24

0xfxiii 🇬🇧

@0xfxiii

2 months

Dude, I really missed my chance to find a Broken Access Control vulnerability because, stupidly, I was testing with my main account. In the process, I couldn't log in for days. That happened almost a month ago, and now it seems like it was a bug all along

3

0

24

0xfxiii 🇬🇧

@0xfxiii

28 days

Please ask me cyber security related questions in DMs or here I would love to answer as this will help me.

6

0

25

0xfxiii 🇬🇧

@0xfxiii

4 months

Im afraid my path is coming to an end, Reverend

2

0

24

0xfxiii 🇬🇧

@0xfxiii

1 month

Life sucks

2

1

24

0xfxiii 🇬🇧

@0xfxiii

2 months

done with university.

5

0

22

0xfxiii 🇬🇧

@0xfxiii

29 days

I got scammed @Bugcrowd please DM

10

0

23

0xfxiii 🇬🇧

@0xfxiii

12 days

Lmao dude

0xfxiii 🇬🇧

@0xfxiii

12 days

Hey @coffinxp7 script kiddie do you want to join me live on discord ? Or on X space 🚀 well there are many others want to see your all false positives. @AyushSingh1098 that's a great idea to leave discord aside and invite the dude in space.

11

1

65

7

0

23

0xfxiii 🇬🇧

@0xfxiii

10 days

I am doing something wrong !

1

0

23

0xfxiii 🇬🇧

@0xfxiii

3 months

I am not very sure what just happen but these started reflecting when I put the payload in the form ! <script>alert(42)</script> does not give any thing I tried so I tried sqli+xss payload and this happen

8

1

23

0xfxiii 🇬🇧

@0xfxiii

1 month

I keep my vim simple

2

1

22

0xfxiii 🇬🇧

@0xfxiii

6 days

lmao yeah

2

0

22

0xfxiii 🇬🇧

@0xfxiii

17 days

@offsectraining there is nothing left to know now I'm going for CPTS have your ++ maybe after some years you will make another OSCP++ lmao who knows I lost all my respect towards offsec you guys were awesome but no more that old era ends with this so offsec(-ve)

2

0

21

0xfxiii 🇬🇧

@0xfxiii

12 days

lmao someone else was in the box ! before me and did all the work

2

1

22

0xfxiii 🇬🇧

@0xfxiii

27 days

Alright Reported 2 IDORs good day so far :) Now Back to learning some cool things

3

0

21

0xfxiii 🇬🇧

@0xfxiii

15 days

Hmm @Bugcrowd

1

0

22

0xfxiii 🇬🇧

@0xfxiii

2 months

well well can't able to see the logs but here I will fuzz a little bit then sleep and maybe you guys can add these path in your word list. see I am actually helping with my posts even if I am little bit drunk