Justin Gardner
@Rhynorater
Christian | Full-time Bug Bounty Hunter | Host of @ctbbpodcast | Advisor @CaidoIO | 4x LHE MVH | 🗣️ English, 日本語 | ♥️ @mariahchan_ ♥️
Potrebbero piacerti
All my current bug bounty knowledge is gone. Here's how I get it back and make $100k in the first year: First, I've got to learn the basics. For this, I will make sure I understand at a high level how the components I'm working with function. I'll need to understand...
My NahamCon talk is running right now! Hop on in! You'll wanna see this case study on implementing AI in a manual hacking workflow. youtube.com/watch?v=e0OFTg…
youtube.com
YouTube
NahamCon 2025 Winter Edition: Day 2
Get hyyyyype
We're getting started with the second day of #NahamCon2025 in a few hours as @Rhynorater delivers our opening keynote with "Is It Time to Integrate AI as a Manual Hacker?" YouTube.com/NahamSec
The syllabus and pre order for the 2nd expansion to TBHM: “From Zero to [BAC] Hero” by @the_IDORminator is up! arcanum-sec.com/training/tbhm-… Check it out! Class should be live before the holidays 🫶
![Jhaddix's tweet card. [On Demand] TBHM Expansion - From Zero to [BAC] Hero](https://pbs.twimg.com/card_img/2002544404561641472/3uNT_vKD?format=jpg&name=orig)
Super excited to give this talk tomorrow as the Keynote for Nahamcon! This is a case study on how I attempted to integrate AI as a manual hacker - do we have the tools to make it cost effective and useful? Or is the tech not quite there yet?
In 48 hours, @Rhynorater will take the stage to deliver the opening keynote at #NahamCon2025 winter edition with "Is It Time to Integrate AI As A Manual Hacker?" at 9:30 AM!
Nowadays, working #xss vectors that rely only on a meta tag and don't require user interaction are rare. Here's one that needs no user interaction and no user-supplied URL fragment: the meta tag navigates to #x, firing its own onbeforematch handler. jsfiddle.net/pfa4z3rm/
HUGE NEWS! We partnered with @CaidoIO to deliver an even bigger, better learning experience. More labs. More skills. More learning. 🚀 Follow us to stay tuned for the launch!
Been working on this for the past few months and wanted to talk about it so much! Really excited that at @hackinghub_io we've partnered with @CaidoIO to bring teaching labs. You can read about it here caido.io/blog/2025-12-1… . It's been a really interesting experience taking our…
Have used this trick a couple times - very good stuff.
Anchor/area tags can leak page URLs (origin, path, query, post-click fragment) by using href="#" with the ping attribute pointing elsewhere. Works in Chrome and Safari (Firefox disables ping by default). storage.googleapis.com/nowaskyjr/ping…
New episode is out! - youtu.be/6JZsoJnqSxE In this episode we’re joined by Sasi Levi from Noma Security to talk about AI and Agentic Security. We also talk about ForcedLeak, a Google Vertex bug, and debate if Prompt Injection is really a vuln.
youtube.com
YouTube
GeminiJack and Agentic Security with Sasi Levi (Ep. 152)
An excellent read
Today, we’re releasing watchTowr Labs’ @chudyPB’s BlackHat .NET research, owning Barracuda, Ivanti and more solutions. Enjoy the read as Piotr explains a new .NET Framework primitive, used to achieve pre- and post-auth RCE on numerous enterprise appliances.…
Super sick new swag in the podcast swag store. Tell your family members to get this for you for Christmas! S3cr3t S4nt4 is exclusive to 2025 Christmas! ctbb.show/swag
⏰ It's CHALLENGE O'CLOCK! 👉 Pop an alert before Monday the 22nd of December 👉 Win €400 in SWAG prizes 👉 We'll release a tip for every 100 likes on this tweet Thanks @renwaX23 for the challenge 👇 challenge-1225.intigriti.io
truuuue
I stopped doing calls/meetings in business when my first child was born not because I had a perfect productivity system but because I had no other choice when you become a parent, your calendar becomes fiction. every call you schedule is a gamble. so the worst thing you can do…
Bug bounty burnout is inevitable... I learned this the hard way, cycle after cycle. Here are 5 things I do to prevent burnout: 👇
Another banger from Nowasky. I wonder if this can be used for DOMClobbering/querySelector hijacking...
A page can have only one <html> and one <body>. If you define more, their attributes are merged into the first. This can be used to split #xss vector attributes across multiple tags, as some sanitizers may not account for attribute merging. jsfiddle.net/n9j4w1zp/
United States Tendenze
- 1. Spurs 41.6K posts
- 2. Cooper Flagg 10.3K posts
- 3. UNLV 2,324 posts
- 4. Chet 8,791 posts
- 5. #Pluribus 15.5K posts
- 6. Randle 2,545 posts
- 7. Christmas Eve 181K posts
- 8. #PorVida 1,560 posts
- 9. Mavs 5,946 posts
- 10. #WWENXT 11.3K posts
- 11. Skol 1,538 posts
- 12. Rosetta Stone N/A
- 13. Keldon Johnson 1,253 posts
- 14. Yellow 58.3K posts
- 15. #GoAvsGo N/A
- 16. Nuggets 12.1K posts
- 17. #VegasBorn N/A
- 18. Scott Wedgewood N/A
- 19. Cam Johnson N/A
- 20. ArmaLite Rifle N/A
Potrebbero piacerti
-
Brett Buerhaus
@bbuerhaus -
Frans Rosén
@fransrosen -
publiclyDisclosed
@disclosedh1 -
Julien | MrTuxracer 🇪🇺
@MrTuxracer -
James Kettle
@albinowax -
Sam Curry
@samwcyo -
Yassine Aboukir 🐐
@Yassineaboukir -
dawgyg - WoH
@thedawgyg -
Geekboy
@emgeekboy -
Joel Margolis (teknogeek)
@0xteknogeek -
todayisnew
@codecancare -
Th3g3nt3lman
@Th3G3nt3lman -
Hussein Daher
@HusseiN98D -
Patrik Grobshäuser
@ITSecurityguard -
ProjectDiscovery
@pdiscoveryio
Something went wrong.
Something went wrong.