Tur.js @Tur24Tur Twitter profile

Pinned Tweet

Tur.js

1 year

1/ 🎉 Exciting news! Introducing ! A potent toolkit designed specifically for bug bounty hunters. Hosted directly on GitHub, it's accessible anytime, anywhere! 🌍🛠 (1/6)

19

229

650

Last Seen Profiles

@bego_blo

@_al3jmiq8

@bokeplokalmalam

@tuesday58033

@bokeplokalmalam

@Mehrdad_ml2

@peecypeck

@EleanorReese706

@SaketWahi11

@bokeplokalmalam

@McTaute8qOzYA

@funyatec

@Presheniayekan

@great_noking

@stwmaniax

@luluu7614

@Hebawnft

@Hijabbacol2883

@hrzwyly1

@nhainey1

@amalthecritter

@everylevelcoach

@FrostGallery

@f_h_raha

@bokeplokalmalam

@CenterPortugal

@saggyarmpit

@mahna313

@stwmaniax

@SanjayS35182082

@WanAsmr

@namzadebayram

@nickmccollum12

@VickTheGodd

@JennaMacgo26583

Tur.js

@Tur24Tur

2 months

@Naughty_Dog The 15th anniversary of Uncharted 2 is coming up on October 13, 2024! Any chance we'll see a multiplayer experience on PS4 or PS5? #Uncharted2 #Anniversary

1

1K

Tur.js

@Tur24Tur

2 months

@Naughty_Dog Uncharted 2 Multiplayer on ps5&ps4. #uncharted2 #ps3

1

0

952

Tur.js

@Tur24Tur

10 months

I've just developed my first @Burp_Suite Bambdas specifically to identify OWASP Top-25 Parameters potentially vulnerable to XSS, SSRF, RCE, SQLi, LFI, and Open Redirect. For easy code access, visit GitHub: #Bambdas #Java

8

171

679

Tur.js

@Tur24Tur

3 months

Bambda @Burp_Suite script searches through Burp history for JavaScript files, extracts hidden endpoints, and outputs the discovered endpoints to a text file. The script supports three different regex modes for discovery: High, Deep, and Custom, allowing you to add your own

11

94

475

Tur.js

@Tur24Tur

2 months

@Naughty_Dog @HBO @StreamOnMax #uncharted2

5

1

392

Tur.js

@Tur24Tur

1 month

@elonmusk AI = Absolutely Impressive moves!

0

1

358

Tur.js

@Tur24Tur

19 days

Just added a new feature to @Burp_Suite now you can hide your screen with a privacy overlay! Easily enable or disable it by pressing F12. #BurpSuite #BugBounty #Bambads #Privacy

8

339

Tur.js

@Tur24Tur

2 years

Blind Insecure Direct Object Reference (IDOR) On Instagram. Write-up: #bugbountytips #bugbounty #p2 #bugcrowd #meta

17

86

322

Tur.js

@Tur24Tur

2 months

@ShadyoFayx11 @Naughty_Dog @HBO @StreamOnMax I'm not sure why they don't care or listen. Maybe it's because they're just a game studio owned by Sony, @PlayStation and they do what Sony says. Currently, PlayStation 5 is suffering, and most players are disappointed. Sony Now is bringing some games from PS3 to PS5, and

1

0

280

Tur.js

@Tur24Tur

1 month

@realradec One of the greatest games ever made this masterpiece deserves a multiplayer revival on PlayStation 5! @PlayStation @Naughty_Dog #uncharted2

0

273

Tur.js

@Tur24Tur

1 month

@PlayStation I don’t get what’s fun about these new games. They should just bring Uncharted 2 Multiplayer to PS5 for its 15th anniversary on October 13, 2024! #Uncharted #uncharted2 #ps3

0

230

Tur.js

@Tur24Tur

12 days

Just extended Burp Suite beyond its traditional use by making it capable of disassembling and analyzing PlayStation 3 games ELF files with my first Bambad script, targeting the PowerISA-Altivec-64-32addr architecture! This could make Burp Suite more powerful for looking inside

8

17

229

Tur.js

@Tur24Tur

1 month

@realradec Nathan Drake & Alex Mercer

2

0

158

Tur.js

@Tur24Tur

3 months

I developed a Memory Scanner and Disassembler GUI tool for Playstation 3 using the Target Manager API. I used @iMoD1998 PS3 API for TMAPI in Python and made a GUI tool. Features include memory read/write, disassembly, and patching. Written in Python, with more features to come.

1

2

143

Tur.js

@Tur24Tur

1 year

Soon, I'll be introducing a new tool on : a new vulnerability scanner based on OWASP's top 25 vulnerable parameters. It's fast, user-friendly interface, and effortless usability. I'm confident you'll love it! Stay tuned for updates. : D #BugBounty

3

28

144

Tur.js

@Tur24Tur

1 year

Rapid-Hand! 💥 Inject a list of payloads into different parameters all at once, then export the output, encode/decode, and even open them all in a new tab. Supercharge your testing process and improve efficiency.

4

46

119

Tur.js

@Tur24Tur

9 months

If Burp Suite finds the bugs, Bambdas make them history! You can write Java-based Bambdas to create custom filters for your HTTP history. Explore a variety of Bambda scripts, some written by me and others shared by our community, at You can browse the

1

32

116

Tur.js

@Tur24Tur

8 months

@Burp_Suite Bambda Script, leveraging ChatGPT for accurate API endpoint prediction. Find the code on GitHub: Supported by both Burp Suite Community and Pro editions #Bambdas #bugbounty

0

28

109

Tur.js

@Tur24Tur

19 days

I’ve added glitch effects to @Burp_Suite Check out the code at Toggle the effects on or off by pressing F12. #bugbounty #burpsuite #Bambdas

0

1

104

Tur.js

@Tur24Tur

1 month

The PS3 had a special type of processor called the Cell processor, which is quite different from the x86 processor used in the PS5. This difference makes it difficult to directly emulate PS3 games on the PS5, as it requires a lot of processing power and complicated software.

Obsolete Sony

@ObsoleteSony

2 months

It's been 1363 days since the PS5 launched, and it still can't emulate PS3 games.

326

440

6K

1

0

97

Tur.js

@Tur24Tur

20 days

Just created a @Burp_Suite fade in/out effect! Works in both Community & Professional editions. Stop the effect by pressing F12. To run the script, switch to Bambda mode, paste the code, and click "Apply and Close." Script here: #BugBounty #BurpSuite

0

3

92

Tur.js

@Tur24Tur

1 year

Hope🪽 is tool designed to scan a list of URLs and identify potential vulnerable parameters, focusing on OWASP's top 25 vulnerable parameters. Link : Discover how it works.👇

1

28

91

Tur.js

@Tur24Tur

2 years

Thank you Meta Security Team For th bounty @fbsecurity @Meta @instagram @Bugcrowd More details will be shared Soon on my personal blog

7

1

90

Tur.js

@Tur24Tur

27 days

These images were generated with Grok AI! #AIArt #Grok

0

65

Tur.js

@Tur24Tur

1 year

Grateful to @Cloudflare 🌩️ for their outstanding bug bounty program! :) #bugbounty #hackerone

2

6

56

Tur.js

@Tur24Tur

1 month

@HRHMBNSALMAAN A leader who pushes for progress and innovation.

0

51

Tur.js

@Tur24Tur

2 years

CVE-2022-35646 I will share technical details soon on how to reject users' requests before they reach the line manager.

6

4

41

Tur.js

@Tur24Tur

1 month

@NickADobos

0

34

Tur.js

@Tur24Tur

2 months

@realradec Life with PlayStation: Discontinued in 2012. PlayStation Home: Shut down on March 31, 2015. We hope the PlayStation 3 lasts forever. #PlayStation #ps3

3

0

36

Tur.js

@Tur24Tur

1 month

@realradec The light that launched a thousand repair kits

0

35

Tur.js

@Tur24Tur

1 month

@haxor31337 Bug bounty platforms should be responsible for adding a warning message when researchers submit a report. The message could say: "Please note that this program also has a paid private program. Email us to request an invite."

1

0

32

Tur.js

@Tur24Tur

1 month

@h4x0r_dz Find vulnerabilities! get a certificate! (Printing costs not covered)

0

29

Tur.js

@Tur24Tur

2 years

Thanks @Bugcrowd for the challenge coins. #BugBounty #bugcrowd #P1

6

2

26

Tur.js

@Tur24Tur

1 month

@syper_shuvo @coffinxp7 @nav1n0x First, attempt to exploit the vulnerability manually, beginning with a UNION-based attack. Since this is an Oracle database, remember to specify a table in your SELECT statement. For a quick proof of concept, you can use the built-in table called "dual."

1

0

25

Tur.js

@Tur24Tur

1 month

@G0LDEN_infosec What happens in Vegas... gets responsibly disclosed

0

23

Tur.js

@Tur24Tur

2 months

@Naughty_Dog Could you bring back the multiplayer mode of Uncharted 2 for the PS4 and PS5?

0

1

21

Tur.js

@Tur24Tur

1 year

1k ♥️ A huge thanks to all of you Looking forward to sharing more thoughts, ideas, and conversations with this amazing community. #bugbounty

0

1

22

Tur.js

@Tur24Tur

1 year

Evidence • Screen Recorder Don't let a single bug escape unnoticed, Evidence is your reliable ally, capturing bugs as they happen. #BugBounty #bugbountytips #BugBountyzip

0

4

21

Tur.js

@Tur24Tur

10 months

I've also developed a similar tool in JavaScript, available at Bug Bounty Zip. You can use it at: #BugBounty References: OWASP TOP 25 Parameters Bambdas - the next big thing in customization

Bambdas - customize Burp Suite

Introducing Bambdas - customize Burp Suite directly from within the UI to tailor it to your personal testing workflow.

portswigger.net

0

3

18

Tur.js

@Tur24Tur

28 days

@realradec They should invest that money in developing and reviving the online multiplayer for classic PS3 games like Uncharted 2, Uncharted 3, and others, and bring them to the PS5. I believe that long-time players miss those days, and new players are excited to experience the nostalgic

1

0

16

Tur.js

@Tur24Tur

3 months

@cs @Meta @instagram Hey Adam Mosseri @mosseri Please look into this case. How can someone's username be swapped to another person? Review the support tickets and examine how this request was handled. This requires your investigation.

17

0

13

Tur.js

@Tur24Tur

2 months

@xMBGx Resistance: Fall of Man @insomniacgames

0

15

Tur.js

@Tur24Tur

1 year

I will not use Bandicam anymore! I am working on a tool for quick Proof of Concept (PoC) screen recording, similar to the one on HackerOne, but with some changes. #BugBounty 👇

2

0

13

Tur.js

@Tur24Tur

11 days

While writing this Burp Suite Bambda specifically the opcodes, I initially left it incomplete, feeling that no one would use it. However, I was surprised by the positive feedback and the memes people shared on Telegram, which really motivated me to continue. I may consider

Tur.js

@Tur24Tur

12 days

Just extended Burp Suite beyond its traditional use by making it capable of disassembling and analyzing PlayStation 3 games ELF files with my first Bambad script, targeting the PowerISA-Altivec-64-32addr architecture! This could make Burp Suite more powerful for looking inside

8

17

229

0

1

12

Tur.js

@Tur24Tur

2 months

@securibee Gwhwj466jwhwj.txt JajH47hwhio.txt Ahajh7177.txt

2

0

11

Tur.js

@Tur24Tur

8 months

Blind CSS Exfiltration: Stealing user data from unknown web pages via CSS. by @garethheyes

Burp Suite

@Burp_Suite

8 months

Last chance to join @garethheyes as he navigates the landscape of CSS exfiltration techniques... Hit the link below to watch him present "Blind CSS Exfiltration: Stealing user data from unknown web pages via CSS" - it kicks off at 3pm (GMT) / 4pm (CET).

0

2

25

0

2

11

Tur.js

@Tur24Tur

2 months

@AnthropicAI Sonnet 3.5 has been heavily censored recently; it wasn't like that last week. Now, even simple explanations are marked as dangerous.

1

0

10

Tur.js

@Tur24Tur

1 year

6/ 📢 If you've discovered a bug 🐞, have ideas for improvement 💡, or want to suggest new features, don't hesitate to reach out. Your input helps shape , making it the best it can be for the community. Let's collaborate! 🤝 (6/6)

GitHub - BugBountyzip/bugbounty.zip

Contribute to BugBountyzip/bugbounty.zip development by creating an account on GitHub.

github.com

1

2

11

Tur.js

@Tur24Tur

2 months

@MrTuxracer @SynackRedTeam @synack People forget years and remember moments

0

10

Tur.js

@Tur24Tur

10 months

Much appreciated, @Burp_Suite ! Excited to keep contributing and engaging with the community. 🎉

Burp Suite

@Burp_Suite

10 months

Next, we have another one of our winners @Tur24Tur with their Bambdas to identify potentially vulnerable OWASP top-25 parameters. 🎉 Well done - drop us a DM at @Burp_Suite to claim your #Bambdas t-shirt.

0

4

39

1

0

10

Tur.js

@Tur24Tur

1 year

Thank you all for your support! Tomorrow, a powerful new tool called Rapid-Hand 🤚 will be added to . 100% #javascript Get ready for an enhanced bug hunting experience! Stay tuned! Thank you! 🙌 #BugBountyZip #RapidHand

Tur.js

@Tur24Tur

1 year

1/ 🎉 Exciting news! Introducing ! A potent toolkit designed specifically for bug bounty hunters. Hosted directly on GitHub, it's accessible anytime, anywhere! 🌍🛠 (1/6)

19

229

650

0

1

10

Tur.js

@Tur24Tur

1 month

@PinkDraconian I think he means you can set a username using non-English characters, like Arabic letters or special symbols, because there's no server check. Also on Snapchat, there's a similar issue, and even though it might work at first, the account will likely be banned after a few hours.

5

0

8

Tur.js

@Tur24Tur

2 months

What would you like to see next? 1. New Script: A Burp Suite bambda Script that backs up your Burp history results using Dropbox. @Burp_Suite 2. New Script: A Frida Script for scanning App & mobile games memory ( Read / Write). @fridadotre 3. New Tool: A JavaScript scanner

1

10

2

3

5

4

0

7

Tur.js

@Tur24Tur

2 months

@gonzaloacs_ @AnthropicAI Yeah, unfortunately, I spent most of my message cap just trying to reassure the model that we're friends and it's safe. Despite that, it still considers my messages as dangerous. So, I had to start a new conversation and ask in a different style. Also, sometimes the output

2

0

6

Tur.js

@Tur24Tur

2 months

One of the best multiplayer games of all time had its servers shut down on Tuesday, September 3, 2019. I have been working for a month to revive the online multiplayer, but all my attempts have failed. I have managed to overcome several connection errors but am currently stuck

Radec

@realradec

4 months

I legit feel bad for anyone that never got to experience Uncharted 2 multiplayer back in its prime. PEAK PS3 multiplayer gaming fr

372

773

7K

1

0

6

Tur.js

@Tur24Tur

3 months

This happens every time: employees working in the support center, who handle "hacked account requests," can take over any account or swap usernames. My username was stolen. For the past two years, I had a special username. @meta , you should review the records to identify those

Chris Sullivan

@cs

3 months

A @meta employee has stolen my @instagram account and sold it to some rich kid for $14k. Working on it with Meta now. (RTs appreciated)

254

582

8K

2

0

6

Tur.js

@Tur24Tur

1 year

@hakluke Knowing how to code can help you better understand the inner workings of the systems you are attempting to exploit, which can be beneficial for identifying vulnerabilities and crafting exploits.

0

7

Tur.js

@Tur24Tur

25 days

@monkehack "Checklists are for pentesters, and pentesting approaches do not work in bug bounty" 💯

0

1

7

Tur.js

@Tur24Tur

27 days

@PlexDoll @realradec Uncharted 2 had one of the best multiplayer experiences, and you can still find videos on YouTube showcasing its gameplay. Unfortunately, the multiplayer servers were shut down in September 2019. The gameplay was incredibly fair, with everyone starting with the same weapons and

2

0

7

Tur.js

@Tur24Tur

1 year

Banking apps may detect Developer mode on Android, but you can bypass it using Lposed's IAMNotADeveloper 🚫 module. Check it out here: 🔗 #bugbountytips #bugbounty

0

1

7

Tur.js

@Tur24Tur

1 year

Using MidJourneyV5 @midjourney #ai #midjourney "Hackers Beware" Description: Create an image that features a hacker (represented as a shadowy figure with a hoodie) being caught in a trap (represented by a spiderweb on it). The background should feature a digital interface.

0

5

Tur.js

@Tur24Tur

17 days

@Bugcrowd The bugs that needed a bit of back-and-forth with the triage team before they were acknowledged

0

6

Tur.js

@Tur24Tur

2 years

2

0

6

Tur.js

@Tur24Tur

1 month

@syper_shuvo @coffinxp7 @nav1n0x If the WAF is blocking certain words in your payload, try using URL encoding, adding comments, or varying the case, such as "UniOn+SeLeCt." Good luck!

1

0

6

Tur.js

@Tur24Tur

19 days

@h4x0r_dz Thanks, much appreciated

0

6

Tur.js

@Tur24Tur

2 months

@h4x0r_dz @Bugcrowd Were you listening to this when you found the bug, isn't it?

0

5

Tur.js

@Tur24Tur

1 month

@PinkDraconian I was considering the possibility of a second-order code injection attack. It's possible that a series of special characters in usernames could have an impact in another endpoint, /page subdomain, or even another location of the web app For the Arabic letters in usernames could

1

0

6

Tur.js

@Tur24Tur

1 year

@3bdullaM9 صراحة انا مع استخدامي ل ChatGPT صار عندي حساس مثل حساس ال ABS بمجرد ما اشوف منشور احد الأشخاص على منصات التواصل الاجتماعي ، اعرف على طول انه ماخذه من ChatGPT أيضاً هذا موقع ممتاز يكشفهم

0

1

5

Tur.js

@Tur24Tur

2 months

@ScuderiaMasimo7 @Naughty_Dog I completely agree with you. The process would be very simple. For example, when you connect to the online multiplayer and join matchmaking, you search for players. After finding 10 players, there would be a vote to select a game mode, such as deathmatch, plunder, or elimination.

0

4

Tur.js

@Tur24Tur

7 months

من #يوم_بدينا..وتاريخنا شامخ.. ورايتنا لا تنكس.. ورأسنا مرفوع ثلاثة قرون والسعودية أصلها ثابت وفرعها في السماء 🌴🇸🇦 #يوم_التأسيس

يوم بدينا

0

5

Tur.js

@Tur24Tur

1 year

@krishnsec 💯 Education isn't something you can finish. - Isaac Asimov

0

5

Tur.js

@Tur24Tur

2 months

"Error connecting to the authentication server" partially passed. Still figuring out how to proceed to the lobby and download the game resources, which are already on my Amazon servers. #uncharted2 #uncharted #ps3 #uncharted4

0

4

Tur.js

@Tur24Tur

2 months

@ScuderiaMasimo7 @Naughty_Dog You’re absolutely right—the community is huge, and many game studios that have revived their older titles have seen great success. Reviving the online multiplayer for Uncharted 2 could indeed be a big hit. Ultimately, the decision lies with @evan_wells and @Neil_Druckmann , but

0

4

Tur.js

@Tur24Tur

2 months

@everestfuck @gonzaloacs_ @AnthropicAI I hope @AnthropicAI resolves this issue Otherwise, everyone will unsubscribe.

0

4

Tur.js

@Tur24Tur

1 year

@HackenProof Developing strong communication and problem-solving skills, staying up-to-date with the latest security trends and vulnerabilities, and always acting ethically and responsibly.

0

3

Tur.js

@Tur24Tur

2 years

Paramix is a command-line tool for modifying the parameters of a list of URLs from stdin and returns them in stdout. #BugBounty #BugBountytips

1

0

4

Tur.js

@Tur24Tur

2 years

@h4x0r_dz @hakluke I reported this issue in 2020 19 April, they closed my report as not applicable as well i provided two different ways to get the token };

0

3

Tur.js

@Tur24Tur

2 years

#BHMEA23

0

4

Tur.js

@Tur24Tur

2 months

@CDUB901 @realradec Nice to hear that! If you want to relive some of those memories, you can still play PlayStation Home. The online functionality has been restored. Follow @HomeHeadquarter and join their Discord server for events and updates.

0

3

4

Tur.js

@Tur24Tur

1 month

@syper_shuvo @coffinxp7 @nav1n0x Unfortunately, I'm no longer active in bug bounty hunting at the moment. However, I hope to return soon. In the meantime, I’d be happy to share some excellent resources created by the @PortSwigger team.

What is SQL Injection? Tutorial & Examples | Web Security Academy

In this section, we explain: What SQL injection (SQLi) is. How to find and exploit different types of SQLi vulnerabilities. How to prevent SQLi. Labs If ...

portswigger.net

0

4

Tur.js

@Tur24Tur

1 year

3/ 🔒 Privacy is paramount! All operations in happen client-side. No data ever leaves your browser, so you can use our tools with complete peace of mind. 🛡💻 (3/6)

1

0

4

Tur.js

@Tur24Tur

1 month

@albinowax Congratulations 🎉👏

0

4

Tur.js

@Tur24Tur

18 days

@GodfatherOrwa Congratulations Orwa

0

4

Tur.js

@Tur24Tur

11 months

I've just encountered an outstanding bug bounty platform that I believe sets a new standard in the industry. TrustLine 🔥

Trustline | ترست لاين

@TrustlineSec

11 months

التهديدات السيبرانية ماتوقف والمسؤولية الأمنية مشتركة 🛡️! في ترست لاين، نبني بيئة متكامله تجمع بين الهاكرز و الشركات من خلال منصة رقمية مبتكره 🌐. ابدأ الآن👇🏼 #الامن_السيبراني_للجميع

3

31

68

0

3

Tur.js

@Tur24Tur

1 year

2/ 🧰 What's inside the toolkit? Tools include UltraSoundSource Scan, OTP Generator, HTTPS adder, word removal and replacement, duplicate removal, endpoint and parameter extraction, and a multi-URL opener. 🔍🐞 (2/6)

1

0

4

Tur.js

@Tur24Tur

17 days

PlayStation is shutting down Concord on September 6 due to disappointing sales. Players who purchased the game will be fully refunded. After nearly eight years of development, the game still didn’t meet expectations. The community and I have also asked Sony to revive online

PlayStation

@PlayStation

17 days

An important update on Concord from Firewalk Studios:

0

2K

11K

1

0

4

Tur.js

@Tur24Tur

1 year

The journey doesn't end here! I'm planning to add more features like generating CSRF PoCs, creating basic Nuclei templates, and more functionalities for recon and Google dorks And improving Ultrasound source scan Stay tuned for these exciting updates! 🔜

1

0

3

Tur.js

@Tur24Tur

1 year

@Bugcrowd The Matrix: Reloaded Hacker 🌐💻

1

0

4

Tur.js

@Tur24Tur

2 months

@AayanSec @securibee Yes, sometimes I get excited about the output and need it immediately. I don't care about the name.😂

0

3

Tur.js

@Tur24Tur

3 years

@Bugcrowd 🔎 -> 🐛 -> 📝 = 💰

0

3

Tur.js

@Tur24Tur

2 months

@iRandomGuyChris @stefan52b @Naughty_Dog @HBO @StreamOnMax 💔

0

3

Tur.js

@Tur24Tur

1 year

@renniepak It depends on authentication and object guessability. If authenticated and objects/ids are unguessable and not leaked , the IDOR vulnerability may have limited impact.

0

2

Tur.js

@Tur24Tur

1 year

@icreatelife ✅💯 #midjourney #MidjourneyAI #ai