Cofounder @hackinghub_io | Advisor @CaidoIO. I hack companies and make content about it. #NahamCon organizer. ex @hacker0x01🇮🇷

California
I'm honestly still in disbelief... grateful to receive a $100k bounty from @meta. Feels surreal. Sharing this to show that with time and dedication, it's possible. This was my first and only submission to Facebook - something I've been chasing for a decade! 🙏 Big thank you to @metabugbounty!
540
439
12,011
1,067,917
After months of working on this, I’m excited to release my first bug bounty course on @udemy today! This is not a complete course just yet, but I will be regularly updating it with new content and labs! udemy.com/course/intro-to-bu…
159
400
3,302
1000 likes and I’ll start dropping write up’s again like I used to in the early days of my career.🤔
22
16
804
24,017
😱👀
142
57
1,611
139,179
I have THREE 1 month @PentesterLab vouchers left to giveaway. All you have to do is interact with this tweet (RT/like or comment) to enter. Good luck!
294
481
1,471
ok giveaway #2: 5 @shodanhq vouchers. you don't have to do anything other than liking this. No RT or tweet needed! I'll pick 5 winners next week!
73
78
1,431
33,470
Thanks for 50,000 followers! I’ve partnered with @eLearnSecurity to give back to the community! Three lucky winners will win an eLS course of their choice. To enter, all you have to do is like and reply to this tweet and follow eLS!
847
143
1,420
Replying to @NahamSec @Meta
For everyone asking - it was a server-side vulnerability on Facebook.com :)
32
11
1,385
104,683
If you ever wondered what it looks like when hackers find a cool bug.. here's a gif to explain it. (Featuring @0xteknogeek and @0xacb)
35
335
1,354
Bug bounty hunters: What’s your advice for someone who’s trying to make their first $100,000 in 2025? What should they do/learn? What should they avoid?
51
172
1,316
153,922
No bounty from @google for getting an RCE on google.com. I know there were some requirements for this to work and I wasn't expecting a $50,000 bounty, but wasn't expecting to "not meet the bar for a financial reward" at all. At least I can say I "RCE'd" google.
69
65
1,322
115,677
I'm going to share all my payloads and wordlist... all you have to do reply to this tweet!
1,418
163
1,176
I know I'm not a million dollar hacker, but I'm almost to $500K and half way there while keeping up with a full time job. Pretty proud of myself! 🙏🏽
57
32
1,056
#VirSecCon2020: A virtual hacking con hosted by yours truly and @thecybermentor with talks from @Jhaddix, @zseano , @stokfredrik, @erbbysam, @ChloeMessdaghi @ethicalhacker, @B3nac, @TomNomNom, @niden and @uraniumhacker. More info will be released soon on virseccon.com
19
372
1,021
I have hacked for almost 8 hours today with 0 findings. Do I recommend it? no. Will I do it all over again tomorrow? Absolutely!
42
72
944
74,470
Let's go! 💪🏽
27
13
944
33,335
I have worked at a leading bug bounty platform. Hacked companies like Airbnb, Apple, Snapchat, Department of Defense, PayPal. Currently enjoying day one of unemployment. Ask me anything?
189
59
914
Roses are red Violates are blue If you don’t want to learn how to Google Hacking isn’t for you 🤷🏽‍♂️
25
166
931
I'm excited to announce that I have started a new role at @Hacker0x01 as the head of Hacked Education to help create more content for hackers on #Hacker10! 🎉
90
44
886
I don't understand the hate and shade people throw at content creators. Can someone tell me what the fuck is the actual point in hating on people who are educating others for free?
86
49
872
Here are the slides from our talk at @defcon - "Owning the clout through SSRF and PDF generators". We'll probably write 3 blog posts on a few bug bounty examples soon! Also a big thank you to @daeken for being my partner in crime through this research. docs.google.com/presentation…
22
317
886
Here's 7 hours of 🔥 content from #VirSecCon2020 on hacking, web, Android, iOS, recon, bug bounty, OSCP/OSCE by @stokfredrik, @TomNomNom, @ChloeMessdaghi, @B3nac, @dawnisabel, @niden, @zseano, @d0nutptr, @ethicalhacker, @uraniumhacker, and @erbbysam. 🎥piped.video/B3Udl86Zu20
34
277
877
Roses are red Violets are blue If you don't want to learn stuff on your own hacking isn't for you #bugbountypoems
27
198
859
RIP twitter.
23
113
859
😱 📷 $500,000!This has to be the largest bounty on @hacker0x01!
29
43
835
77,984
Rapid7 asking me to remove an educational content from YouTube over the fact that used them as an example for publicly accessible swagger file.
53
96
801
206,368
Udemy course is officially under review 😬
40
29
822
Finally had the pleasure to meet @Farah_Hawaa 🥳
19
7
823
Making my Udemy course free for a few hours as a part of the @RedTeamVillage_ partnership. Enjoy. udemy.com/course/intro-to-bu…
64
187
805
I have a 6 month and a 3 month subscription voucher to @PentesterLab. Reply to this twee with a 🅿️ and I'll pick 2 random winners.
1,343
130
791
Final giveaway of the year🎁: 4️⃣Hand-On Web Exploitation (Course Only hhub.io/2024holidays) 3️⃣Shodan Codes 2️⃣Caido licenses 1️⃣Hands-On Web Exploitation (Certificate+Course Bundle) To enter drop a 🫶🏼and RT
597
603
800
81,551
My Udemy course is listed for FREE using the code 'FREEBLACKFRIDAY 'and then only $9.99 with 'BLACKFRIDAY23'. There’s a brand new update coming to the course in 2024! New labs, new videos and new challenges! 👀 udemy.com/course/intro-to-bu…
27
127
770
140,981
I have pushed 3 massive updates to my course since July to include more labs/videos on SSRF, RCE, ATO, 403/401 Bypasses, and more! 🧑🏽‍💻 👀 I'll give away two free vouchers to two people who retweet and reply with 'RCE' under this post! ℹ️ More info 👉🏼 bugbounty.nahamsec.training
358
339
790
71,369
Today I start my role as VP of Research and Community at Hadrian. 🥳
74
4
781
What are some endpoints that make you excited when it pops up while performing a directory brute force? Here are some of mine: /api/proxy /swagger-ui /demo /metrics
56
264
778
🚨 @Burp_Suite giveaway 🚨 2020 was a pretty rough year for a lot of people but I want to end the year on a good note. Reply with something you are grateful or proud of that happened in 2020 and I'll pick a random reply and send them a free Burp Suite license! 👇🏽
681
75
780
A group of us started to do this challenge for the entire month of November. Today was day 1. Feel free to join us if you’re up for the challenge. Will try and update this thread every night.
68
55
777
| ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄| Hack the Planet!! |____________| \ (•◡•) / \ / --- | |
21
92
736
Listen - no matter what you’re going through, I want you to know it’s temporary. Keep your head up and keep pushing through. You got this!
20
96
731
I have 2 PWK vouchers to giveaway! Two ways to win 1. Join my discord & react to the message posted in announcements. (discord.gg/DWGgpFpm) 2. Like and respond to this tweet with #nahomies Big thank you to our #nahamcon2022 sponsor, @offsectraining for making this happen.
457
109
733
RCE on Steam Client via buffer overflow in Server Info by @0xACB and vinnievan. Full report here: hackerone.com/reports/470520 ($18,000 bounty)
11
275
711
Alright - doing tomorrow’s giveaway earlier than expected: one 3 month @CaidoIO pro license. All you have to do is like this tweet to enter. I’ll pick a winner next week!
23
42
711
19,088
I'm beyond excited to announce this year's #NahamCon2021 with my amazing cohosts: @thecybermentor and @_johnhammond! We'll also have talks from @vickieli7, @stokfredrik, @zseano, @TomNomNom, @InsiderPhD, @Farah_Hawaa, @infosec_au and more! RSVP now! nahamcon.com
25
172
702
Do I clean up nice? 😏
45
5
676
SOC analyst friends, give me your best 3 advice, things to learn, or skills to have, for someone who wants to get into your field!
108
89
681
141,538
🚨 Doing a giveaway for my Blind XSS Masterclass Most people think they know XSS, until they meet blind XSS, the kind that fires where you’ll never see it. Same methods that helped me earn $250K+ from real reports. hhub.io/nahamsecbxss 🎁 Retweet and reply to enter.
386
371
721
77,622
Very cool write up on a journey to getting RCE through a number of different bugs by @XHackerx007 and @GodfatherOrwa: medium.com/@HX007/a-journey-… We made a FREE hub out of it for everyone to try: app.hackinghub.io/hubs/path-…
5
111
706
36,339
Excited to announce #NahamCon with @stokfredrik, @_johnhammond and @thecybermentor on Junst 13, 2020 with talks from @samwcyo, @TomNomNom, @snyff, @Jhaddix, @intigriti, @Jhaddix, @zseano, @defparam, @ChloeMessdaghi, @jcran, and more! Website will be live later :)
16
141
682
If you could go back to when you first started hacking on bug bounty programs, what advice would you give yourself?
81
122
671
235,963
🙏🏼🙏🏼🙏🏼
43
8
666
53,424
2.5 years later and I finally found a way to exploit this vulnerability I have been sitting on.
28
23
669
45,715
Not bad for a "content creator that only makes money from YouTube ads", huh?
35
11
667
38,569
We are bug bounty hunters ⁦ ⁦@securinti⁩, ⁦@Rhynorater⁩, ⁦@Arl_rose⁩, ⁦@Jhaddix⁩, ⁦@stokfredrik
17
47
643
30,426
I have a one year and a six month subscription to @PentesterLab for two people who reply with “#NahamCon2022” under this post. Will pick winners tomorrow.
1,203
97
638
If you're serious about hitting $100K in bug bounties this year, you need to master these vulnerabilities in 2025. 📌 XSS 🔥 📌 SSRF 🕵️‍♂️ 📌 Path Traversal 🛠️ 📌 Web Cache Deception 🏗️ 📌 Supply Chain Attacks 🚨 Read it now & level up 👇 nahamsec.com/posts/high-valu…
24
109
650
27,615
Lazyrecon: A script intended to automate your reconnaissance process in an organized fashion and creates an html report at the end! github.com/nahamsec/lazyreco…
16
278
639
I get asked how I manage a full time job, content, steam, hacking on top of my personal life. I’m going to answer this once and only once: if you have time to waste on YouTube/Reddit you have time to learn how to hack. I go to bed an hour later and wake up an hour earlier
30
138
649
This Friday is my last day at @Hacker0x01. The last 6 years were have been incredible. I learned a lot of valuable lessons and met a ton of amazing people. To celebrate I wanted to share the 6 things I learned from my time at h1. nahamsec.com/posts/6-valuabl…
53
63
644
We’ve got something cooking. 🧑‍🍳
24
24
620
78,334
Intel just paid a $100,000 bounty on @Hacker0x01 😱😱😱
27
213
622
Ready for defcon 😈
10
9
616
Udemy course is listed for FREE for the next 30 mins. Enjoy! udemy.com/course/intro-to-bu…
93
91
626
Introducing The 5 Five Week Program: A program designed to help you find your first vulnerability. At the end of the 5 weeks, I will be bringing someone onto my team to directly work with me on a pentest! piped.video/Z_Kk1zf16l4
22
99
613
78,696
There are time when I really don't wanna stream or make content, then I randomly get messages like this and remember why I started doing all of this in the first place. Thank you! 🙏🏽
12
18
626
What are some books you recommend to someone wanting to break into cybersecurity/hacking to learn the basics ⁉️ Would love to make this a thread on infosec book. Here are some of my recommendations 👇
66
145
608
115,932
Defcon with @_johnhammond, @ethicalhacker, @notshenetworks, @seclilc, and @securibee!
10
13
613
Check out @Rhynorater's blog post on CVE-2020-13379: Unauthenticated SSRF in Grafana! rhynorater.github.io/CVE-202… POC: /avatar/tesdt%3Fd=redirect.rhynorater.com%25253f%253b%https://nitter.app/t.co/tpG2O3i9Bj%252f169.254.169.254
9
227
601
I Became HackerOne's Latest Most Valuable Hacker (h1-702 vlog) 🎉 piped.video/gPzDJ9BXvgc
23
25
595
22,851
Really disappointed to see @Hacker0x01 do this. I also had a similar interaction with h1 about a month ago where they questioned my nationality and place of residence after 10+ on the platform.
I’ve been hunting on H1 for almost 3 years, ranked #18 in 2025, have always tried to contribute positively to the hacker community. I’ve earned around $500k in bounties and was on the road to $1M. Yet I don’t even have HSM, and I feel I haven’t been recognized as I should 1/4
20
52
628
90,355
I love seeing these types of success stories in our Discord. ❤️
8
18
616
23,549
Besides curl and sed/awk/grep, what are some of your most frequently used linux commands that you think will help with hacking? (not including tools like nmap, metasploit, etc)
177
93
590
184,801
It’s November and if you’ve been following me for a while you know that I do this challenge every year. Does anyone want to join me? 😩
60
39
579
Check out my latest video on "Creating Wordlists for Pentesting & Bug Bounty Hunting". I also showed how I use @DanielMiessler's SecLists, @TomNomNom's Waybackurls, or Google's BigQuery to create my own wordlists! LMK what you think of the video! piped.video/QGbTaxtEQlg
9
154
592
I heard you guys like wordlists.. Maybe I should make a video on how to create your own wordlists? What do you think? 🤔
45
28
596
"Recon is boring" of course it's boring when you're not finding anything 😂
21
43
591
I just realized I have some more @PentesterLab vouchers, thanks to @snyff for sponsoring the LLS stream. Drop a reply under this tweet and I'll pick 3 people and give you either a 3 mo, 6 mo, or 12 month subscription.
650
96
593
This is how you find every domain for a company! 👉🏼🎥 piped.video/yffOjRhvhZw
10
113
581
Just filed an RCE on a Google core asset 😏 let’s see if this will go as good my report with Facebook.
32
12
582
30,025
I haven't done this in a while, but my bug bounty course is free for the next hour or so. Use code "JUNE2022" to get it! udemy.com/course/intro-to-bu…
45
106
563
I Became A Million Dollar Hacker 😱 piped.video/YUZhRlssFy0
37
42
552
54,535
Udemy course for free. Part 2. Enjoy! udemy.com/course/intro-to-bu…
98
127
571
I have a one year @PentesterLab voucher for one random person retweeting and replying to this tweet with #nahamcon2023 :)
548
504
536
110,401
With #NahamCon2022EU coming up I think it’s only fair to giveaway a one year subscription to @pentesterlab to someone random responding to this tweet. 👇🏽
433
111
565
Alright twitter, help me out! I'm trying to make a good list of places to find swagger (or swagger.json). Here are few of my favorites: /swagger-ui/swagger.json /apidocs/swagger.json /api-docs/swagger.json /swagger-ui /api-docs /apidocs /swagger /v1/swagger.json
30
169
560
We just paid a $20,000 bounty through @Hacker0x01's own bug bounty program! 😱 hackerone.com/reports/745324
21
60
564
I start streaming again on Sunday. What company should we hack? 💪🏼
44
25
545
75,755
This is how a hacker (nojob) was able to find a vulnerability in @port_finance and collect a bounty worth over $600,000 through @immunefi's bug bounty platform! Thank you @HalbornSecurity for sharing their technical insight on this vulnerability! piped.video/7BTPf55CHiw
15
117
557
This is How a Simple IDOR Earned Me a Max Bug Bounty Payout 👉🏼 piped.video/Cw-hlmW89kA
5
74
570
24,190
This is what I shared yesterday from our discord. Massive congratulations to @javxfps for getting a a $25,000 bounty as his first one!
Yay, I was awarded a $25,000 bounty from @netflix on @Hacker0x01! First bounty ❤️ hackerone.com/javxfps #TogetherWeHitHarder
11
21
553
32,023
I said goodbye to my grandmother today. Hug your loved ones and remind them how much they mean to you.
59
8
546
I am mind blown by this! Another one of our Discord members just got their first ever bounty by reporting a critical on Netflix🤯.
9
12
548
25,928
Thread on educational content: 👇👇👇 This is coming from someone who sells a course. You really don't need anyone to teach you _anything_. Especially for bug bounties. The only thing you need in order to become successful is curiosity. To ask yourself "wtf does this mean" & 1/n
13
136
538
Matching with @Rhynorater
15
5
539
18,672
HTTP Request Smuggling Explained (with @albinowax) 🎥👉🏼 piped.video/QjPFjd8GJWY
5
90
559
48,954
Who's excited for @TomNomNom to be on Live Recon this Sunday? 🙋🏽‍♂️🙋🏽‍♂️🙋🏽‍♂️🙋🏽‍♂️
37
14
544
I’m officially a verified beg bounty hunter
34
4
525
This #NahamCon2025 talk has generated over $50,000 in bounties for @YShahinzadeh and a few other hackers: Puny-Code, 0-Click Account Takeover. 🎥👉🏼piped.video/4CCghc7eUgI
11
74
548
37,431
Found a pretty neat SSRF on @snapchat and thanks to ideas from @daeken @bbuerhaus, we were able to escalate it a bit. Technical details will be included in our talk @defcon and @BSidesLV (if it gets approved). Enjoy!
12
144
541