To my rabbit, whom I follow.

Joined October 2019
What are your legal opinion on this kind of research/attempt in supply chain attacks? It is... good faith hacking because he is reporting it to affected bounty parties. or Crime due to harvesting AWS credentials. ??
My side of the Story of Hacking CTX and PHPass Modules sockpuppets.medium.com/how-i…
2
2
It is...
19% Yo! Good faith hacking.
81% Damn! It is Crime.
26 votes • 14 hours
💀
Whitehat satya0x reported a critical vulnerability in @wormholecrypto on Feb 24 via Immunefi. The bug was quickly patched, no user funds were affected, and satya0x received a $10 million payout from Wormhole, the largest bounty payout on record. medium.com/immunefi/wormhole…
1
Jester retweeted
Multiple bugs chained to takeover Facebook Accounts which uses Gmail. ( $42k ) ysamm.com/?p=763
41
440
7
1,966
Man is born free but everywhere he is in blockchains.
1
3
No need to exploit 0-days and send phishing emails when you can access company's internal camera through shodan and see employees typing their password. ✨
2
Jester retweeted
My colleagues @seanyeoh and @devec0 found some phenomenal vulnerabilities in Cloudflare Pages. I highly recommend you read about their adventures in pwning CI systems. There's a lot to learn from their research. blog.assetnote.io/2022/05/06…
4
94
6
279
Jester retweeted
Thank you to all the people that watched my presentation at NahamCon on Finding 0days in Enterprise Software. The slides for the talk can be found here: drive.google.com/file/d/14OF…
5
156
2
562
Jester retweeted
Hello all, Here are the slides for the Bug Hunters Methodology Application Analysis v1: docs.google.com/presentation… #NahamCon2022
44
268
8
727
GIF
In #Java, two entirely different URLs may be considered equal. Sometimes. Why? DNS. It's always DNS. Well, Java works this way: "Two hosts are considered equivalent if both host names can be resolved into the same IP addresses". Let's dig (no pun intended!) a little bit deeper 🧵
34
369
68
1,348
Show this thread
Jester retweeted
At @assetnote, we found some critical vulnerabilities in VMWare Workspace One UEM. MDM solutions often are exposed to the external internet. Thousands of large enterprises were affected by these vulnerabilities. Read about the bugs we discovered here: blog.assetnote.io/2022/04/27…
10
92
3
290
Unsafe .Net Deserialization in Windows Event Viewer! This is a by-product of my research. Has confirmed with MSRC that this didn't cross any security boundary, but I guess it could still be another fun #LOLbas or Defender Bypass.😆
19
543
12
1,610
62,204
I have created two mind-maps for Android and iOS security checks #BugBounty #bugbountytip #infosec #Pentesting #Security #android #iOS #CyberSecurity #redteam #cysiv
18
255
4
650
Jester retweeted
In April, I hosted a challenge on @intigriti . But, the bug I mistakenly made made the challenge much easier, so I decided to host a revenge challenge on my own. Are you ready for playing the hard mode? aszx87410.github.io/xss-chal…
6
11
1
62
Show this thread
Jester retweeted
Replying to @TechEmails
The Instagram curse: Water everywhere, yet always thirsty.
871
1,666
170
22,462
The coolest way to learn reverse engineering is modding your favourite games and apps, second is malware reversing.
1
1
2
Jester retweeted
average api consumer vs average web etiquette ignorer
105
1,641
172
9,689
Jester retweeted
This great article prompted me to continue my search for an updated universal ruby gadget! After a lot of digging I managed to chain two together to create a new RCE gadget that works on Ruby 2.0-3.2: devcraft.io/2022/04/04/unive…
New post - Ruby Deserialization - "Gadget" on Rails. In this blog post, we discuss finding a new RCE gadget in latest Rails (7) framework extending the work of @elttam @wcbowling. Ft. @iamnoooob @rootxharsh httpvoid.com/?p=Ruby-deseria…
2
62
1
193