Nagli (@galnagli) / X

Nagli

1,737 posts

Nagli

@galnagli

Hacker; Red Agent & Offensive AI at @wiz_io / @Google; $3,000,000 Bug Bounty Hunter and Live Hacking Events Winner.

Joined December 2019

Pinned
Nagli
@galnagli
Jan 22
Introducing my Bug Bounty Masterclass. 100% free. I've made $2,000,000+ finding security bugs. I spent the last year turning my methodology into a complete blueprint. 4 hours of video - foundations, reconnaissance, web proxies, hands-on challenges, and certification. Finish it
00:00
253K
Nagli
@galnagli
Oct 22, 2025
We found a way to access Max Verstappen's passport, driver's license, and personal information. Along with every other @Formula1 driver's sensitive data. It took us 10 minutes using one simple security flaw 🧵
2.9M
Nagli
@galnagli
Mar 24, 2023
The team at @OpenAI just fixed a critical account takeover vulnerability I reported few hours ago affecting #ChatGPT. It was possible to takeover someone's account, view their chat history, and access their billing information without them ever realizing it. Breakdown below 👇
00:00
708K
Nagli
@galnagli
Jul 29, 2025
I hacked a popular vibe coding platform with a simple, straight-forward logic flaw - allowing access to private applications . Here’s how I did it 🧵
382K
Nagli
@galnagli
Jan 29, 2025
Critical vulnerabilities doesn't have to be complex or have a CVE - @deepseek_ai publicly exposed their internal ClickHouse database to the world, without any authentication at all, and leaked sensitive data. No one is safe from security mistakes, follow along to learn more 🧵
318K
Nagli
@galnagli
Nov 21, 2023
Today I start a $50,000 bounties in 50 days #BugBounty challenge, I’ve been super unproductive lately with an average of 2 hacking hours a week. Will update the thread occasionally with my progress - everyone welcome to follow aboard and excited to be back at it.
142K
Nagli
@galnagli
Mar 17, 2023
Excited to announce that I just hit the $1,000,000 mark in bounties earned on @Hacker0x01! It's been an incredible journey traveling around the world to compete and collaborate with the best. Grateful for the opportunity and excited to see what the future holds! #BugBounty
96K
Nagli
@galnagli
Jul 11, 2024
One of my coolest bugs just got paid! Let's go & Onwards : ) #BugBounty
75K
Nagli
@galnagli
Mar 23, 2021
Ever find a phpMyAdmin login portal and default creds wont work? Try to access the /phpmyadmin/setup/ endpoint and you might be presented with authentication bypassed configurable admin panel. This got me a nice bounty on @synack. Ref: hackerone.com/reports/297339 #bugbountytips
Nagli
@galnagli
Oct 20, 2022
When fuzzing for SQLI always try "%22" as an injection payload, just stumbled upon MariaDB fork that wouldn't show any verbose SQL errors otherwise. redacted.com/path1/path2/' => 301 redacted.com/path1/path2/" => 301 redacted.com/path1/path2/%22 => 301 with SQL error #bugbountytips
Nagli
@galnagli
Apr 13, 2021
XSS payload to keep on your notes: <script>alert(1)</script> -> nginx block "><img src=x onerror=alert(1)> -> Wordfence block ax6zt%2522%253e%253cscript%253ealert%2528document.domain%2529%253c%252fscript%253ey6uu6 -> successful execution #bugbountytips #BugBounty
Nagli
@galnagli
Feb 6, 2023
Yay, I was awarded a $22,000 bounty for Remote Code Execution on @Hacker0x01! hackerone.com/nagli #TogetherWeHitHarder #BugBounty
hackerone.com
HackerOne profile - nagli
Hacker - https://www.galnagli.com
86K
Nagli
@galnagli
May 10, 2022
Yay, me and @m0chan98 got awarded a $64,400 bounty on @Hacker0x01! #BugBounty #TogetherWeHitHarder
Nagli
@galnagli
Jul 17, 2022
How to effectively study and get better doing #BugBounty A. Create a private Github Repository B. Start a clean README.md C. Keep up with Hacktivity / Twitter / Youtube D. Write notes (Without copy-pasting) I'm doing it for over 2 years and the ROI is amazing.