This might be my first negative bounty.
I ended up paying $13.50 to buy swag from the company's swag store after they gave me a discount code for reporting a bug to them.
Hey bug hunters!
Want a look at some of the top vulnerabilities ever found on
@Dropbox
?
They just released the last blog post I wrote before leaving. Enjoy!
#bugbountytips
Ever wanted your own copy of Burp Suite Professional?
This Saturday at 11:00am PST (6:00pm UTC) I'll be unveiling the d0nut 10K Challenge!
The first person to solve the challenge will receive a 1 year Burp Suite Professional license.
Stay tuned.
#bugbounty
#security
If example[.]com points to IP 1.2.3.4 and redirect to www[.]example[.]com but www[.]example[.]com doesn't point to anything (No A, AAAA, CNAME), try submitting your HTTP request to
http://1.2.3.4/
with a "HOST: www[.]example[.]com" header.
#bugbountytip
#bugbountytips
Im so sick and tired of meetings. There is no way meetings are this valuable to productivity.
When are you *actually* supposed to do anything??? The weekend???
If you don't feel like you understand the attack flow for an oauth CSRF, I made this diagram earlier while explaining part of it to someone. (In this case, the bug was that the state parameter was valid if it existed for *any* user).
#bugbountytip
#AppSec
#bugbountytips
In my opinion, if you're trying to get into bug bounties for web applications your first step is to learn how to build sites, not break them.
It will pay off so much more in terms of your ability to find bugs and you'll actually understand what you're doing this way.
Hey new bug hunters. Welcome to this fun, growing part of security.
Before you send a dm asking for help, please google your questions.
I, and others, are tired of receiving your copy+paste googleable questions. If you're not able to google at this stage, you will fail.
The d0nut 10k Challenge starts in 3... 2... 1...
GO!!!
I'll release a hint every 50 likes (or when I'm feeling generous :P)!
Now go forth and win that Burp Suite Pro license.
#bugbounty
#security
A sad realization that took me until last year to learn:
You’re seldom rewarded for working hard and long hours, but rather for working on the *right* high impact work.
Promotions and perf are easier to sell with a couple of notable projects, rather than countless smaller ones
I finally released my blog post on how I configured my Rust project to build quickly, deploy simply, and reliably test my code in environments outside of production.
#rustlang
#docker
@hashnode
I guess it’s a good a time as any to officially announce that I'll be joining
@Cruise
to work on their incredible offensive security team.
I’m super excited :D
Would y'all bug hunters want to see a live stream on the details of how OAuth works? (could be 1, 1a, or 2, or even some of the add-ons)
I feel like y'all need to learn this stuff.
Hey everyone!
This Tuesday, October 15th, will be my last day at
@Dropbox
!
It's been a really amazing 2 years and I truly am sad to go but it's time for me to move onto new challenges that align more with my current interests. Thanks to everyone that made work amazing :)
Piercing the Veal: Short Stories to Read with Friends
New blog post! I was asked to write about some of the SSRFs I've found in the past so I've done just that!
I'm pretty excited about this as it's my longest work yet.
#BugBountyTip
#infosec
Sadly today will be my last day at
@Cruise
. Despite learning so much about the offsec role, having plenty of good times, and working with smart people I've decided to move on to a more engineering focused role at
@GraplSec
!
Thanks to everyone at Cruise that made it special :)
Interested in learning about Android app exploitation? Tomorrow at 2:30 PST I'll be streaming myself reverse engineering an android app (with the first vulnerability I ever found) and writing an exploit to attack it.
See you there!
#bugbountytips
I'm shooting for staff this year. I'm 27.
I also bust my fucking ass every god damn day learning as much as I can and have been working in tech since highschool.
It's not a crazy idea.
One of the SSRFs I found recently was paid out today!
My friend submitted it since we were collaborating on the target together. Pretty proud of this one as it had a lot of impact.
$3k program max.
Yay, I was awarded a $5,300 bounty on
@Hacker0x01
!
#TogetherWeHitHarder
Found a vulnerability in a widely used (>1mil / week downloads) open source security library.
Yay, I was awarded a $1,200 bounty on
@Hacker0x01
!
#TogetherWeHitHarder
——
The vuln was an auth bypass I found 5 minutes after waking up using only my phone. No tools necessary :D
Definitely the laziest bug I found
Entirely unrelated to the news earlier today 😅 I also got my first CVE!
I usually hack on SaaS bug bounty targets, so I’ve never received a CVE before. I don’t really give the idea of “number of CVEs” much credence but I’m glad I can say I’ve got one now!
CVE-2023-6708
It was fairly difficult getting back into writing, but with the help of a couple of awesome reviewers I've finally released my latest blog post:
Eliminating Authorization Vulnerabilities with Dacquiri
I'm beyond happy to announce that Dacquiri 0.5.0-rc1 is officially released! 🎉 🥳 🎉
If you're a fan of
#rustlang
and
#security
, check dacquiri out!
Here are some of the highlights of this update:
Holy shit I think i just invented a new exploitation technique for a type of vulnerability. After the
#h165
event I'll do a write up on how to do it and share the tool you'll need to do it.
Thanks to all 10,000 of you for helping me finally hit 10k followers. It’s been a fantastic experience getting to educate and entertain so many.
I was trying to have something prepared to release the moment I hit 10k, but you’ll have to wait until this weekend.
Stay tuned.
I just learned about
@davidtolnay
's "Rust Quiz" and it is HUMBLING.
I've only answered 4 questions correctly so far (no hints! but definitely multiple attempts xD)
I don't understand why bug hunters never listen to me when I tell them this.
Maybe they'll listen to a much more esteemed hacker than myself.
Learn to build, then learn to break
Understanding how systems work is a competitive advantage as a hacker.
How do you get to this point?
Build.
Code a complex, modern application that relies on:
-> a database
-> caching/memory-store (redis)
-> message broker (rabbitmq)
etc.
Deploy it.
#typefully
Spent today working on a library for a problem that someone in a forum complained that they could only process 100k entries per hour.
My initial solution in Rust: 360k/hr
Further iteration: 2.9m/hr
Current version: 72.7m/hr
Here's my connection 100% maxed out
Yay, I was awarded a $5,300 bounty on
@Hacker0x01
!
#TogetherWeHitHarder
Found a vulnerability in a widely used (>1mil / week downloads) open source security library.
Just thought of this really cool
#bugbountytip
when talking with
@0xACB
today.
If you're testing for XSS on a site with a CSP, use burp's find+replace on the CSP reporting uri to point to a burp collaborator instance so you don't have to monitor dev tools for csp exceptions.
Do any of you have recommendations on how to improve in communication clarity and succinctness?
I'm so fucking tired of being misunderstood and misquoted in conversations. This happens both at work and in my personal life and it feels like I'm being gaslight constantly.
My partner showed me the new security humble bundle and then, unprompted, told me that I'd be a shill if I did a give away.
Like and follow for your chance to get a free humble bundle gift of $15. I'll pick the winner tomorrow 9pm PST.