FD

@filedescriptor

@0xReconless

Hong Kong

innerht.ml

Joined February 2014

996Posts 17KFollowers 34Following

You might like

@fransrosen

@albinowax

@disclosedh1

@bbuerhaus

@BRuteLogic

@garethheyes

@emgeekboy

@Th3G3nt3lman

@orange_8361

@Agarri_FR

@codecancare

@Yassineaboukir

@0xteknogeek

@MrTuxracer

@itscachemoney

FD reposted

PortSwigger Research

@PortSwiggerRes

Feb 19, 2024

The results are in! We're proud to announce the Top 10 Web Hacking Techniques of 2023! portswigger.net/research/top-1…

Top 10 web hacking techniques of 2023

Source: portswigger.net

FD

@filedescriptor

Sep 22, 2023

Google(Chromium) suddenly decided to pay me for a UI Spoofing bug reported 3 years that had been idle, and from reward potential to no potential to potential. Ok thanks?

filedescriptor's tweet image. Google(Chromium) suddenly decided to pay me for a UI Spoofing bug reported 3 years that had been idle, and from reward potential to no potential to potential. Ok thanks?

FD reposted

PortSwigger Research

@PortSwiggerRes

Feb 8, 2023

The results are in! We're proud to announce the Top 10 Web Hacking Techniques of 2022! portswigger.net/research/top-1…

Top 10 web hacking techniques of 2022

Source: portswigger.net

FD reposted

This #privacy audit looks like the first LeaveHomeSafe #pentest ever, way below commercial apps: Broken SSL validation, SD Card Leaks, 2FA Logic bypass, Screenshot leaks, several Face Recognition artifacts, etc. 7asecurity.com/blog/2022/07/l…

Open Technology Fund

@OpenTechFund

Jul 27, 2022

Serious vulnerabilities have been found in the Hong Kong government's LeaveHomeSafe COVID-19 app. @7aSecurity recently conducted a security audit that discovered numerous flaws that allow interception of the LeaveHomeSafe app and its backend servers. opentech.fund/news/7asecurit…

7ASecurity, OTF Red Team Lab partner, completes Blackbox Pentest and Privacy Audit of LeaveHomeSafe...

Source: opentech.fund

FD reposted

VXCON

@vxresearch

Jun 17, 2022

We are organising VXCON on 27 August. Please feel free to submit CFP. vxcon.hk

FD reposted

Trend Zero Day Initiative

@thezdi

May 18, 2022

Confirmed! Masato Kinugawa demonstrated a 3-bug chain of injection, misconfiguration and sandbox escape on Microsoft Teams to earn $150K and 15 Master of Pwn points.

thezdi's tweet image. Confirmed! Masato Kinugawa demonstrated a 3-bug chain of injection, misconfiguration and sandbox escape on Microsoft Teams to earn $150K and 15 Master of Pwn points.

FD reposted

‌Renwa

@RenwaX23

May 10, 2022

New writing about the story of 3 bug bounty reports in which I chain low severity bugs together for higher impact and less known browser tricks. Includes CSS injection, Self-XSS, Drag-Drop XSS, Cookie Bomb, Login-Logout-CSRF, and more... medium.com/@renwa/the-und…

RenwaX23's tweet card. Story of 3 bug bounty writeups which I use low bugs and chain them together for higher impact.

The Underrated Bugs, Clickjacking, CSS Injection, Drag-Drop XSS, Cookie Bomb, Login+Logout CSRF…

Source: medium.com

FD reposted

Ed

@EdOverflow

Apr 27, 2022

After 5 years of work, security.txt is officially an RFC. I am pleased to announce RFC 9116: rfc-editor.org/rfc/rfc9116. I would like to use this opportunity to thank those who made this possible. Thank you. ❤️

EdOverflow's tweet image. After 5 years of work, security.txt is officially an RFC. I am pleased to announce RFC 9116: rfc-editor.org/rfc/rfc9116.

I would like to use this opportunity to thank those who made this possible. Thank you. ❤️

FD reposted

HACxyk.

@Hacxyk

Apr 16, 2022

We found a way to spoof ENS domains and were awarded a $15k bug bounty by @ensdomains 👇Check out the write-up medium.com/@hacxyk/how-we…

Hacxyk's tweet card. TL;DR: We found a flaw that allowed us to spoof Ethereum domain names and received a $15k bounty.

How we spoofed ENS domains for $15k

Source: medium.com

FD reposted

PortSwigger Research

@PortSwiggerRes

Feb 9, 2022

The results are in! We're proud to announce the Top 10 Web Hacking Techniques of 2021! portswigger.net/research/top-1…

PortSwiggerRes's tweet card. Welcome to the Top 10 (new) Web Hacking Techniques of 2021, the latest iteration of our annual community-powered effort to identify the most significant web security research released in the last year

Top 10 web hacking techniques of 2021

Source: portswigger.net

FD reposted

Ed

@EdOverflow

Feb 5, 2022

New blog post: "What Bypassing Razer's DOM-based XSS Patch Can Teach Us" — edoverflow.com/2022/bypassing….

FD

@filedescriptor

Jan 20, 2022

Why do we need NFT on social media??

FD reposted

FD

@filedescriptor

Aug 11, 2021

Also function solve(obj, property){ if(typeof obj != 'function') { obj(property).innerHTML = '<img src=1 onerror="alert(`You win`)">'; } else { alert('You must try harder than that.'); } }

FD reposted

Luan Herrera

@lbherrera_

May 31, 2021

I've been meaning to create a blog for some time now, and I finally did it! For its first post I wrote about a vulnerability that allowed an attacker to leak the full URL of cross-origin redirects on Google Chrome, check it out! blog.lbherrera.me/posts/appcache…

lbherrera_'s tweet card. Leveraging AppCache's network section to leak the complete URL of cross-origin redirects.

AppCache's forgotten tales

Source: blog.lbherrera.me

FD reposted

The Daily Swig

@DailySwig

May 21, 2021

‘Soft skills are the most under-researched area of the bug bounty industry’ – ‘Reconless’ YouTubers (@0xReconless ) on filling a gap in infosec education portswigger.net/daily-swig/sof…

DailySwig's tweet card. One year after the launch of their ethical hacking video channel, Ron Chan, ‘FileDescriptor’, and ‘EdOverflow’ tell The Daily Swig about their approach towards inspiring and educating the hacker...

‘Soft skills are the most under-researched area of the bug bounty industry’ – ‘Reconless’ YouTubers...

Source: portswigger.net

FD reposted

Suraj

@PwnFunction

Apr 23, 2021

New Video! Binary Exploitation 0x02 Why you should Close Your Files youtu.be/6SA6S9Ca5-U

FD reposted

PortSwigger Research

@PortSwiggerRes

Feb 24, 2021

The top 10 web hacking techniques of 2020, by @albinowax with help from @filedescriptor, @irsdl, @Agarri_FR and the entire community portswigger.net/research/top-1…

PortSwiggerRes's tweet card. Welcome to the Top 10 (novel) Web Hacking Techniques of 2020, our annual community-powered effort to identify the must-read web security research released in the previous year. Over the past few weeks

Top 10 web hacking techniques of 2020

Source: portswigger.net

FD

@filedescriptor

Jan 19, 2021

Untrusted Types just got a new UI with better filtering options and features thanks to @ThomasOrlita! Check it out! github.com/filedescriptor…

filedescriptor's tweet image. Untrusted Types just got a new UI with better filtering options and features thanks to @ThomasOrlita! Check it out!

github.com/filedescriptor…

FD reposted

Ron Chan

@ngalongc

Jan 19, 2021

I have made a video to demonstrate how we can automate permission checks using my GitLab project "OpenAPI Security Scanner". Check it out! youtu.be/K65e5QRQ1tc Video editor: @wacms666

ngalongc's tweet card. Automating Permission Checks Using OpenAPI Security Scanner?

youtube.com

YouTube

Automating Permission Checks Using OpenAPI Security Scanner?

Source: youtube.com

Intigriti

@intigriti

Sam Curry

@samwcyo

Ben Sadeghipour

@NahamSec

JS0N Haddix

@Jhaddix

Gareth Heyes \u2028

@garethheyes

LiveOverflow 🔴

@LiveOverflow

Julien | MrTuxracer 🇪🇺

@MrTuxracer

shubs

@infosec_au

Luke Stephens (hakluke)

@hakluke

bugcrowd

@Bugcrowd

STÖK ✌️

@stokfredrik

H4x0r.DZ 🇰🇵

@h4x0r_dz

Yassine Aboukir 🐐

@Yassineaboukir

James Kettle

@albinowax

Harsh Bothra

@harshbothra_

InfoSec Community

@InfoSecComm

Farah Hawa

@Farah_Hawaa

Bug Bounty Reports Explained

@gregxsunday

HackerOne

@Hacker0x01

Suraj

@PwnFunction

Laughingx86

@Laughingx86

arshiya

@ALLPHAAA7

Hamzah Abdlmotalb Abdullah

@HAbdullah55817

miloin matheu

@khan70056

Hieu Programer

@HieuProgramer

DAli

@TheAliAbdollahi

Swoubfop

@Swoubfop02230

和一

@aishaofuaa

S1ren Head 🇵🇸

@S1renHead_

itsmeashu

@6173687561646d6

Kirolos osama

@ko27182

xploiterr

@_xploiterr

Gabli Mop

@GabliMop60212

maxi

@maxi_rch

Callme_Nafman

@kingladeyoo

sma

@sma_gggg

zzzzzz

@mynameisskool

White dragon

@W199621147

Omar Ahmed

@omarahmad1590

محمود

@ebn_salah

Alireza Nezami

@AlirezaNezami23

Azizullah Zafari

@AzizullahZ7961

Kai to Qiao

@wertikeo

David sharl

@DavidSharl404

777

@VAG33K

Macabely

@Macabely97021

Anupam Jaiswal

@anupamjaiswall

Sēn

@E1_Sec

stealth pointer

@stealthp0inter

Naman Patil

@TheZ3ntinel

saul

@0xCh3ckm4t3

Saumya Agarwal

@SaumyaTechBR

Sen

@senyksia

Gajendra

@gaj3ndra

PandyaMayur

@pandyaMayur11

SOJA

@soja_bang

zayne (zeyu) zhang

@zeyu1337

Shayan

@ShayanAlizadeh_

Isaiah

@Hacker_Ise

Mostafa

@mexic0x00

payIoad

@payioad0x13768

آدَم الفَقِي

@elfaqii

Mokhtar Wael

@mokhtar0x1

Lucy

@lucylovecode

Dark@Joker:~$

@ExploitNest

Omar

@hack3dby0mar

Armia Nessim

@im4x00

Editor4-Affair7

@EAffair752680

Corey Goldstone

@cgfromdc

Gareth Heyes \u2028

@garethheyes

LiveOverflow 🔴

@LiveOverflow

James Kettle

@albinowax

Orange Tsai 🍊

@orange_8361

@[email protected]

@SecurityMB

Soroush Dalili

@irsdl

$S1r1u5_'s profile picture. aham nityaṃ śiṣyaḥ, jagat mama guruḥ. {~hacker~} {founder @ElectrovoltSec, @HacktronAI}$

s1r1us

@S1r1u5_

$cffsmith's profile picture. Security @Google; @FluxFingers/@Sauercl0ud; previously V8 Security, Intern {Project Zero, @XI_Research}. Personal account. https://t.co/w9zosKSHdh on Bluesky.$