Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Nagli Profile picture
Nagli
@galnagli
Hacker; Head of Threat Exposure at @wiz_io 🧙‍♂️; Building AI Hacking Agents; Bug Bounty Hunter & Live Hacking Events Winner
Mar 13 14 tweets 5 min read
RentAHuman -- the platform where "AI Agents" hire real humans for physical tasks - leaked its entire user database.

187,714 personal emails (at the time), all it took was few minutes, some tokens and one Claude Code command.

Here's how my AI attacker found it 🧵 Image I've been running my simple AI Attacker agent on new trendy AI platforms as soon as they launch in order to help them fix trivial risks, colleague of mine pointed me to a website called , a few days after I found @moltbook's database exposure.rentahuman.ai
Feb 2 19 tweets 8 min read
I gained complete access to @moltbook's database -The AI Agents Social Network - in under 3 minutes.

API keys of every agent. Over 25k email addresses. Private agent-to-agent DMs, and full write access.

Simply by browsing like a normal user.

Here's what happened 🧵 Image @moltbook The mega weekend hype about the platform got me curious to see how it worked, especially the following tweets from @karpathy and others calling it "genuinely the most incredible sci-fi takeoff-adjacent thing"

Jan 22 4 tweets 2 min read
Introducing my Bug Bounty Masterclass. 100% free.

I've made $2,000,000+ finding security bugs. I spent the last year turning my methodology into a complete blueprint.

4 hours of video - foundations, reconnaissance, web proxies, hands-on challenges, and certification.

Finish it in a weekend and start hacking real-world applications 🐞 Excited to see what bugs you all are going to find!

wiz.io/bug-bounty-mas…Image
Oct 22, 2025 16 tweets 5 min read
We found a way to access Max Verstappen's passport, driver's license, and personal information. Along with every other @Formula1 driver's sensitive data.

It took us 10 minutes using one simple security flaw 🧵 Image Together with @samwcyo and @iangcarroll - all 3 of us being avid Formula1 Fans, we were looking at the security of the whole ecosystem.

That's how we stumbled upon a severe vulnerability in a critical portal managed by the @fia, that was reported and fixed in <24 hours. Image
Jul 29, 2025 13 tweets 7 min read
I hacked a popular vibe coding platform with a simple, straight-forward logic flaw - allowing access to private applications . Here’s how I did it 🧵 Image As Vibe Coding Platforms are on the rise, I was intrigued with the question on how secure they really are, targeting @base_44 which was recently acquired by @Wix allowed me to access private applications of enterprises trusting their platform.
Jan 29, 2025 10 tweets 7 min read
Critical vulnerabilities doesn't have to be complex or have a CVE - @deepseek_ai publicly exposed their internal ClickHouse database to the world, without any authentication at all, and leaked sensitive data.

No one is safe from security mistakes, follow along to learn more 🧵 Image @deepseek_ai @wiz_io When facing the task of discovering vulnerabilities on a specific company, the first step is to identify the externally facing attack surface, and later exploiting potential vulnerabilities - in this case, the 2 steps combined all together.

It all starts with DNS Discovery!
Aug 16, 2023 10 tweets 4 min read
I've earned more than 5-figure bounties from sensitive links, sent via email, that were leaked without any user interaction. Surprisingly, the leaks came from the very security vendors that were supposed to protect the victims.

Curious how this happens? 👇

#BugBounty Image Major organizations globally use various tools to enhance their email security.

Two common approaches are passive and active detection of potential malware within incoming emails. Image
Mar 24, 2023 19 tweets 11 min read
The team at @OpenAI just fixed a critical account takeover vulnerability I reported few hours ago affecting #ChatGPT.

It was possible to takeover someone's account, view their chat history, and access their billing information without them ever realizing it.

Breakdown below 👇 @OpenAI The vulnerability was "Web Cache Deception" and I'll explain in details how I managed to bypass the protections in place on chat.openai.com.

It's important to note that the issue is fixed, and I received a "Kudos" email from @OpenAI's team for my responsible disclosure.
Feb 3, 2023 7 tweets 3 min read
Recently, I faced numerous challenges where I needed to bypass limited SSRF or overcome regex mitigations to increase impact and make a case for a report.

Spinning up a server to host a redirection header is time consuming and not-so-fun to do.

There's an easy alternative 🧵 While exploring some options online I've came across replit.com, their product offers a pretty easy way to just spin up a server with whatever technologies you'd like, and control the files and source code of your application.

#NotSponsored
May 31, 2021 7 tweets 4 min read
In this thread i'll provide alternatives to overpaid BB stuff offered on twitter.

1. Sign up to digitalocean.com (not through my referral link - choose any you want just for 100$ budget)

2. Select the 48$/month box

3. Enjoy 2 month of strong VPS

1/n
 #bugbountytips Should you buy a "Comprehensive Bug Bounty course"? There are definitely some good courses out there.
that said I wouldn't get any course from a personal without a clear proof on BB/PWN reputation.
and if you want to start and do it the right way, jump on this book as a start.