Alp @alp0x01 Twitter profile

Last Seen Profiles

@bokeplokalmalam

@Simply_Mosdef

@elriness

@OverbyNina

@LavaHotDeals_US

@MissPNA_

@SheilaG2024

@minhistu

@mpvusa

@alwaysfnatic

@willjamison_22

@brandan_buck

@hghspdtna

@toomanypeacheSS

@JchristophCALVO

@VmaniakJ

@PeteBoeh

@NEARCrowd

@bokeplokalmalam

@dominatrxmommy

@EUA_VAKFI

@sotwecom

@ibubohay2

@busby966

@pettymo2

@JN4510

@N4pCat

@milesdevinc3

@jj_surtees

@j_al44

@WadaljabelEsam

@MikeGore2

@Tortor1473857

@WYLIAES

@chitter_s2

@NuriaBarreraBel

Alp

@alp0x01

3 years

Finally, I was awarded a $1,925 bounty on @Hacker0x01 ! It's my first report and first bounty! 😍

43

9

424

Alp

@alp0x01

3 years

The full story of my #bugbounty journey! Doing this since May 2021. and in this month I earned total of $19,750 (almost $20K :c) I don't like clichés, but you should never give up when doing this job. I remember not sleeping for 2 days when I'm a beginner. Thanks @Hacker0x01 !

25

30

384

Alp

@alp0x01

5 months

Bug Bounty Tips: Thing you must try if you encounter a phone number verification mechanism on a web application. I was working on a web application that forces new suspicious accounts to verify their phone number and learned how to use a phone number on multiple accounts.

9

61

361

Alp

@alp0x01

29 days

😭😭

31

12

346

Alp

@alp0x01

2 years

Just found and submitted my first Twitter vulnerability at @Hacker0x01 . It's bedtime for me.

7

0

236

Alp

@alp0x01

2 years

Yay, I was awarded a $16,748 bounty on @Hacker0x01 ! #TogetherWeHitHarder #bugbounty

HackerOne profile - alp

Security & Finance -

hackerone.com

7

3

238

Alp

@alp0x01

2 years

Hello all! I released a new write up about bug bounty. Click below link to read it and enjoy! #bugbounty #bugbountytips @Hacker0x01 @Bugcrowd

5

73

212

Alp

@alp0x01

3 years

Some programs on HackerOne is really sucks. I’ve reported a stored xss issue that program. And then he gave me $150 and marked as resolved. Look at the rewarding formula. It’s a big company in the world and imagine them just gives $23 for stored xss. LMAO. @Hacker0x01 @NahamSec

30

21

201

Alp

@alp0x01

5 months

@ekimpanahi samimiyetsiz kendini komik ve sempatik sanıyo

0

193

Alp

@alp0x01

3 years

I just published a new write-up at Medium! How I found a IDOR issue in 5 mins? Please ask through direct message if you have any question about bugbounty or information security! Have a great day y'all. :) #bugbounty #infosec #hackerone #bugbountytips

6

53

180

Alp

@alp0x01

3 years

I was awarded a $3,000 bounty on @Hacker0x01 . Every little effort counts in the long run.

9

5

168

Alp

@alp0x01

3 years

Yay, I was awarded a $ 1,000 bounty on @Hacker0x01 . This is the funniest bug I've ever seen lol. I'm also on the Discord server, feel free to ask your questions regarding bug bounty! Invite link: #bugbounty #hackforgood #infosec

7

17

170

Alp

@alp0x01

2 years

Yay, I was awarded a $5,750 bounty on @Hacker0x01 ! #TogetherWeHitHarder #bugbounty

HackerOne profile - alp

Security & Finance -

hackerone.com

14

3

154

Alp

@alp0x01

3 years

I was published my first writeup about #bugbounty . It's just 2 min read time.. 🙂 #togetherwehitharder #infosec @Hacker0x01

Information Disclosure via External Live Chat Service

Hi folks!

infosecwriteups.com

8

26

146

Alp

@alp0x01

3 years

Yay, I was awarded a $2,000 bounty on @Hacker0x01 ! Well deserved this reward after 23 hours lol. This is a reminder we have a Discord community about bug bounty/infosec! Join us now. :') Invite link: #bugbounty #informationsecurity

4

13

141

Alp

@alp0x01

3 years

Yay, I was awarded a $2,000 bounty on @Hacker0x01 ! #TogetherWeHitHarder Write up soon™️ Also, we have a Discord community about bug bounty. Feel free to join us and say hi!

8

7

139

Alp

@alp0x01

2 years

I just caught a shiny badge on @Hacker0x01 😁

2

1

133

Alp

@alp0x01

2 years

🧵If the target uses Adyen as a payment provider: 1- They should have a proxy endpoint that shares your payment info via Adyen. 2- It must be sent as base64, so decode it and find out the "value" field. Add a minus behind that field's value and repeat it. Here's the response:

6

26

130

Alp

@alp0x01

3 years

2021 was a great year for me! A turning point for me. :) - Started #bugbounty in May 2021 and earned $20K+ in 5-6 months! - Got the Clear Verified on @Hacker0x01 . - Now I intern at Watson Group. - I made great friends like @EkinBayer4 and @aporlorxl23 .

6

4

119

Alp

@alp0x01

5 months

Many people think that bug bounty is too easy and they can find valid bugs instantly. When they can't find anything, they quit. Check out this guy's repeater tabs lol. It probably took at least 1 day to examine and add all those repeater tabs there. So don't ever give up. 🙌

Hussein Daher

@HusseiN98D

1 year

Successfully bypassed a SSRF WAF by using a combination of IPV6 + Unicode. Payload for Metadata instances: http://[::ⓕⓕⓕⓕ:①⑥⑨。②⑤④。⑯⑨。②⑤④]:80 Check images for response difference between 169.254.169.254 and the above payload I shared 🔥 #bugbounty #infosec #waf

56

523

2K

1

8

107

Alp

@alp0x01

3 years

Yay, I was awarded a $1,000 bounty on @Hacker0x01 ! 🙏 #TogetherWeHitHarder

4

1

98

Alp

@alp0x01

2 years

Yay, I was awarded a $3,000 bounty on @Hacker0x01 ! #TogetherWeHitHarder #bugbounty

HackerOne profile - alp

Security & Finance -

hackerone.com

7

1

96

Alp

@alp0x01

5 months

It pays off ✍️ @Hacker0x01 #BugBounty

Alp

@alp0x01

5 months

Bug Bounty Tips: Thing you must try if you encounter a phone number verification mechanism on a web application. I was working on a web application that forces new suspicious accounts to verify their phone number and learned how to use a phone number on multiple accounts.

9

61

361

2

7

96

Alp

@alp0x01

3 years

Yay, I was awarded a $2,000 bounty on @Hacker0x01 ! #TogetherWeHitHarder If you have any questions regarding the bug I'm always available on our Discord server. Invite Link: #bugbounty #bugbountytips

6

4

92

Alp

@alp0x01

2 years

Yay, I was awarded a $2,500 bounty on @Hacker0x01 ! #TogetherWeHitHarder #bugbounty

HackerOne profile - alp

Security & Finance -

hackerone.com

4

1

85

Alp

@alp0x01

3 years

Well deserved bounty. 🤌🤑 #bugbounty @Hacker0x01

4

86

Alp

@alp0x01

2 years

My first bug was approved at Bugcrowd in Twitch's program. Wait for me Bugcrowd :') #bugcrowd #bugbounty #infosec

9

1

85

Alp

@alp0x01

3 years

Yay, I was awarded a $1,500 bounty on @Hacker0x01 ! #TogetherWeHitHarder

HackerOne profile - alp

Security & Finance -

hackerone.com

2

1

79

Alp

@alp0x01

2 years

3K rep crossed on @Hacker0x01 😴

6

0

84

Alp

@alp0x01

6 months

@h1_analyst_layla is the worst HackerOne triager I've ever seen. We managed to have a stored XSS and account takeover there but the triager closed it as a duplicate of an informative report. Imagine an employee working in a global company who does not do their job diligently.

Alp

@alp0x01

6 months

After some teamwork with @KuiilSec , we managed to bypass it! 🎉 especially, bro did a good job here 🤠 @KuiilSec

5

3

57

14

3

74

Alp

@alp0x01

2 years

It's been a long time since I saw such words at @Hacker0x01 . Now, time to go back hunting at H1.

5

2

74

Alp

@alp0x01

3 years

Yay, I was awarded a $250 bounty on @Hacker0x01 ! #TogetherWeHitHarder @discord 🤩

5

0

67

Alp

@alp0x01

7 months

I just published "Rate Limiting: What It Is And Why It Matters in Bug Bounty". -- #bugbounty #bugbountytips

Rate Limiting: What It Is And Why It Matters in Bug Bounty

Hey folks!

infosecwriteups.com

2

14

69

Alp

@alp0x01

3 years

Yay, I was awarded a $1,000 bounty on @Hacker0x01 ! #TogetherWeHitHarder - I shocked to this notifs after wake up lol.

4

0

63

Alp

@alp0x01

5 months

3⃣— That was a weird response. So, I decided to dig more into this endpoint by adding my phone number to multiple new accounts. After five verifications, my phone number was no longer available for new verifications. Then, I remembered a vulnerability that found by @securinti .👇

1

8

62

Alp

@alp0x01

3 years

Yay, I was awarded a $ 4,500 bounty on @Hacker0x01 . I was shocked after saw these notifications, lol. This is a reminder we have a Discord server about bug bounty! Hurry up, and join us! Invite link: #bugbounty #hackforgood

2

54

Alp

@alp0x01

4 months

Don't give up when your report is closed as a duplicate. 🙋‍♂️ #bugbounty

3

1

57

Alp

@alp0x01

6 months

After some teamwork with @KuiilSec , we managed to bypass it! 🎉 especially, bro did a good job here 🤠 @KuiilSec

Alp

@alp0x01

6 months

Looking for an XSS payload to bypass Akamai. if you want to collaborate or just want to share one my dms are open

4

0

23

5

3

57

Alp

@alp0x01

3 years

Yay, I was awarded a $1,500 bounty on @Hacker0x01 ! #TogetherWeHitHarder

8

1

54

Alp

@alp0x01

7 months

It took too long but finally managed to disclose it!

publiclyDisclosed

@disclosedh1

7 months

X (Formerly Twitter) disclosed a bug submitted by @alp0x01 : #hackerone #bugbounty

1

12

82

4

1

55

Alp

@alp0x01

5 months

5⃣— Impact: Attackers can easily bypass the phone verification mechanism with one fixed phone number. Example payload: +13334445555;ext=1 +13334445555;ext=2 +13334445555;ext=3 and more... Thanks for reading! If you enjoyed reading it, I'd love to get a like, RT, and follow!

2

1

55

Alp

@alp0x01

3 years

Yay, I was awarded a $300 bounty on @Hacker0x01 ! #TogetherWeHitHarder I love fast teams. #bugbounty

6

2

53

Alp

@alp0x01

3 years

Hey guys, happy new year! What's your first bug found in 2022? Let's discuss this in this tweet! I found a business logic bug on the premium subscription feature. #bugbounty @Hacker0x01

7

2

44

Alp

@alp0x01

4 months

Keep hunting even on vacation lol

2

1

41

Alp

@alp0x01

2 years

I earned $2,500 for my submission on @bugcrowd #ItTakesACrowd #bugbounty

alp0x01 on Bugcrowd

View alp0x01’s researcher profile on Bugcrowd, a platform and team of experts connecting organizations to a global crowd of trusted security researchers.

bugcrowd.com

0

38

Alp

@alp0x01

7 months

lol

Alp

@alp0x01

7 months

morning routine with @still

1

0

21

3

1

38

Alp

@alp0x01

3 years

I just crossed 500 rep on @Hacker0x01 ♥

4

0

36

Alp

@alp0x01

3 years

no comment about this...

4

1

35

Alp

@alp0x01

3 years

Yay, I was awarded a $250 bounty on @Hacker0x01 ! #TogetherWeHitHarder Tip: Always check notification function for IDOR. 🥳

0

1

35

Alp

@alp0x01

6 months

GG.

Alp

@alp0x01

7 months

I just published "Rate Limiting: What It Is And Why It Matters in Bug Bounty". -- #bugbounty #bugbountytips

2

14

69

1

36

Alp

@alp0x01

3 years

Yay, I was awarded a $200 bounty on @Hacker0x01 ! #TogetherWeHitHarder

3

0

33

Alp

@alp0x01

2 years

Just found a cute kitty at McDonald’s 🫣😻

2

0

30

Alp

@alp0x01

2 years

Thanks for this cool swag, @ArifGurdenli . :) Really liked it. Let's make more secure all the websites at @bugbounterr . #bugbounty #swag #bughunting

1

2

30

Alp

@alp0x01

3 years

Yay, I was awarded a $500 bounty on @Hacker0x01 ! #TogetherWeHitHarder 🙂

HackerOne profile - alp

Security & Finance -

hackerone.com

3

0

32

Alp

@alp0x01

2 years

This made me sad

4

1

32

Alp

@alp0x01

5 months

ngl, it's been a long time since I've seen a message like this 🙌 now will wait for my beers to be delivered to me 🤣

1

3

31

Alp

@alp0x01

2 years

We were on the stage with @xzemit42 and @tanselcetin_ in 2022 at the Turkey leaderboard of HackerOne. Let's see what will be happening this year. I hope to we can work harder than the previous year in 2023. Thanks to @Hacker0x01 team for creating such a platform. #hackforgood

1

29

Alp

@alp0x01

9 months

After a journey with a broken arm, managed to complete this year with a 12-month streak at @Hacker0x01 . This year, earned a total of $xx.xxx. Currently, trying to get started own business by creating a brand. Let's make the internet more secure in 2024. 🥳

Alp

@alp0x01

2 years

We were on the stage with @xzemit42 and @tanselcetin_ in 2022 at the Turkey leaderboard of HackerOne. Let's see what will be happening this year. I hope to we can work harder than the previous year in 2023. Thanks to @Hacker0x01 team for creating such a platform. #hackforgood

1

29

0

30

Alp

@alp0x01

3 years

Cute babies 🥰

todayisnew

@codecancare

6 years

Thanks for the kindness to my new little Hacker, she loves them both just like me :) @Bugcrowd @Hacker0x01

17

10

335

1

0

27

Alp

@alp0x01

2 years

I wish you all a happy new year with your family and loved ones. Let's make the internet more secure in 2023. 🥳🎄

0

27

Alp

@alp0x01

8 months

I just hit a new milestone and earned the golden bug hunter badge in Discord. Let's go!

2

1

27

Alp

@alp0x01

2 years

In March, I submitted 56 vulnerabilities to 11 programs on @Hacker0x01 . #TogetherWeHitHarder

2

0

25

Alp

@alp0x01

2 years

Another nice Twitter interaction circle. 😁

0

24

Alp

@alp0x01

5 months

btw, sorry for the confusion. the final request was this:

0

1

24

Alp

@alp0x01

3 years

Yay, I was awarded a $350 bounty on @Hacker0x01 ! #TogetherWeHitHarder

HackerOne profile - alp

Security & Finance -

hackerone.com

Alp

@alp0x01

3 years

Always recheck other endpoints after main report is resolved. 🥳 #bugbounty #hackerone #togetherwehitharder

0

2

21

2

22

Alp

@alp0x01

3 years

Sent the first submission on Bugcrowd and no response for 10 days. Cool @Twitch 👌

2

0

22

Alp

@alp0x01

5 months

4⃣— I tried to add ";ext=1" at the end of the phone number and execute the request. And instead of a 422 Unprocessable Entity error, a 204 No Content status code was returned! Noticed that OTP code was successfully sent to my phone number. Then, I managed to verify it.

1

2

23

Alp

@alp0x01

6 months

Looking for an XSS payload to bypass Akamai. if you want to collaborate or just want to share one my dms are open

4

0

23

Alp

@alp0x01

3 years

Always recheck other endpoints after main report is resolved. 🥳 #bugbounty #hackerone #togetherwehitharder

0

2

21

Alp

@alp0x01

1 year

I just published a bug bounty write-up. "Did you know you can earn bounties using Discord?" Thanks for reading and for your time in advance. #bugbountytips #bugbounty

Did you know you can earn bounties using Discord?

Hi folks. This is Alp. I haven’t been here for a long time (again). I remembered that I have a Medium account. As you can see in the title…

infosecwriteups.com

1

3

19

Alp

@alp0x01

5 months

They fixed the issue without saying anything and the report is still in informative state 😃

Alp

@alp0x01

6 months

@h1_analyst_layla is the worst HackerOne triager I've ever seen. We managed to have a stored XSS and account takeover there but the triager closed it as a duplicate of an informative report. Imagine an employee working in a global company who does not do their job diligently.

14

3

74

2

1

21

Alp

@alp0x01

7 months

morning routine with @still

1

0

21

Alp

@alp0x01

8 months

@seranjk @bosunatiklama @aardabayram Adamlar bu destekleri zaten işten çıkarılmadan önce de alıyorlardı

1

0

18

Alp

@alp0x01

5 months

1⃣— I tried to create an account on the app with a VPN. The app detected it as a suspicious registration and forced my account to verify a phone number. I typed my phone number and clicked on Send button. Here's the request:

2

0

19

Alp

@alp0x01

5 months

2⃣— I repeated the request and received an SMS code successfully. Then I tried sending the request after changing the `phone_number` parameter value to null to see if I could bypass this. It returned an error saying "Phone number has been verified on too many accounts".

1

0

18

Alp

@alp0x01

1 year

@gusholderhaber 😭😭

0

17

Alp

@alp0x01

3 years

Bug is about Authorization Bypass and i have limited permission for disclose this.

0

18

Alp

@alp0x01

2 years

Bug is bug 🫡

publiclyDisclosed

@disclosedh1

2 years

Krisp disclosed a bug submitted by @alpthebugkiller : - Bounty: $100 #hackerone #bugbounty

0

3

37

0

17

Alp

@alp0x01

3 years

I don't think it's a real Cloudflare WAF, lol. #bugbountytips #bugbounty #xss

1

5

17

Alp

@alp0x01

3 years

FINALLY, FINALLY, FINALLY!!!!!!!! #bugbounty #infosec #hackerone

0

1

16

Alp

@alp0x01

1 year

HackenProof

@HackenProof

1 year

6

38

265

1

16

Alp

@alp0x01

10 months

We remember you with respect. 🫡

0

16

Alp

@alp0x01

2 years

The 2023 is finally here! 🎉

2

0

15

Alp

@alp0x01

3 years

Yay, I was awarded a $250 + $100 + $50 bounty on @Hacker0x01 ! #TogetherWeHitHarder #bugbounty

8

1

14

Alp

@alp0x01

3 years

@mtmsl1219 @Hacker0x01 Yes, our Discord server. It's sounds a joke but no, we're learning the bug bounty by supporting each other. Feel free to join us.

1

0

13

Alp

@alp0x01

2 years

Get the "x-api-key" and try sending a request to URL in the response via the x-api-key header: The secret key is valid if the response status is not 401. Now you can perform critical stuff on their private environment via Adyen API. () #bugbountytips

2

3

12

Alp

@alp0x01

10 months

@0xJin bro noticed it after 29 days 💀

2

0

14

Alp

@alp0x01

3 years

Hey guys, I got some direct messages about bug bounty and IDOR. We have a Discord community server about bug bounty and information security. So I wanna invite who excited to learn and chat about #bugbounty / #infosec . If you wanna a invite link please send a DM. Thanks :)

Alp

@alp0x01

3 years

I just published a new write-up at Medium! How I found a IDOR issue in 5 mins? Please ask through direct message if you have any question about bugbounty or information security! Have a great day y'all. :) #bugbounty #infosec #hackerone #bugbountytips

6

53

180

1

13

Alp

@alp0x01

3 years

@semihelitas @mdisec @EmirKarsiyakali .zip demiş.. kaybettin.

0

13

Alp

@alp0x01

3 years

@Hacker0x01 @NahamSec Program is

1

0

12

Alp

@alp0x01

2 years

@hogrbe You were right…

0

11

Alp

@alp0x01

3 years

lol you’re definitely right

Pomme

@pxmme1337

4 years

Yeah sex is cool but have you ever had your report triaged

6

29

228

0

10

Alp

@alp0x01

3 years

Yay, I was awarded a $50 bounty on @Hacker0x01 ! #TogetherWeHitHarder Mini bounty but bounty is bounty. 🥲

0

11

Alp

@alp0x01

2 years

Bug Actors: - Axios - Adyen Adyen doesn't handle negative values, so it will give an error with status code 422. Axios gives details of the error with the headers used in the request due to status code 422 from Adyen.

1

0

10