I've done pentests against companies that run successful bounty programs and still found stuff. But does it mean that their bounty program is 💩? No. Hackers all have different minds, ideas, and creativity. That's actually the reason I recommend rotating pentest providers.
After months of testing, I’m finishing my own AI tool for vulnerability discovery. 💰 < $100/month (Claude-tier) 🤖 Autonomous (follows my pre-defined mindmap) 🐞 Finds basic bugs, already tested in bug bounties (3 bounties, 1 critical, 2 medium) It’s just a beta, lots of work…
I usually need to try a lot of combinations to bypass homemade signatures. For instance, some apps will let you download a PDF file using a SHA256 signature based on a combinations of the filename and the timestamp of the creation date, like aituglo_bill_2025.pdf-1753776875,…
github.com
GitHub - Aituglo/hashcrafter: A powerful *vibe coded* command-line tool for generating all possible...
A powerful *vibe coded* command-line tool for generating all possible combinations of text strings and testing them against specified hashes. - Aituglo/hashcrafter
As promised! Here's a root/SYSTEM-level RCE (aka CVE-2025-47812) affecting Wing FTP Server in versions before 7.4.4. Enjoy 🥷 #security #BugBounty
During a customer pentest, we went from anonymous Read-Only FTP access to full root-level remote code execution by abusing a string parsing discrepancy in Wing FTP's username handling. #security #BugBounty rcesecurity.com/2025/06/what-t…
I've recently put more work into my ffuf fork, uff, and I think every ffuf user should at least give it a try - and maybe even switch to it. Here's why, in a #bugbounty 🧵
CONTEXT-only injection No VirtualAllocEx. No WriteProcessMemory. We show how pure register-/stack manipulation can: Load a DLL with a pointer-only LoadLibrary call Spin up a remote thread via NtCreateThread that self-allocates & self-writes inside the target Chain APC-safe…
Had to focus on my main biz this month, so no bug bounty grinding... 😥 But past-me came through — got rewarded for a few older reports and even unlocked a Hacker Achievement from @Hacker0x01 for a vuln in @ASWatsonGroup! 🔥 hackerone.com/k0x #TogetherWeHitHarder
Loading a DLL into lsass.exe by editing a registry key value: github.com/Maldev-Academy…
📧 GraphSpy 1.5.0 is out now and brings a brand new Outlook Graph module! ✅Read emails in any folder ✅Send HTML-formatted emails directly in GraphSpy ✅Access shared mailboxes ✅Search for sensitive information like passwords 🔗Check out GraphSpy here: github.com/RedByte1337/Gr…
Yay! Just scored a $5,000 bounty on @Hacker0x01! 🎉💰 hackerone.com/k0x #TogetherWeHitHarder Seems unreal, but... another one, this time on a different app! 😆 This one was a bit trickier—a bypass of OTP leading to full account takeover. The flaw? In summary, the OTP could…
Yay! Just scored a $5,000 bounty on @Hacker0x01! 💰🔥 hackerone.com/k0x #TogetherWeHitHarder The bug? A mobile quiz app that awarded points when requests were sent in the right order with the correct answers. Once completed, the quiz disappeared from the UI—but the server…
💻🛡️In this blog post, Clément Labro explains how he developed a tool that lets you run Powershell without the various system protections. 👉 Discover this article on our blog: ow.ly/sLyH50V1Lzm #orangecyberdefense #cybersecurity #ethicalhacking #switzerland #PowerShell
Yay, I was awarded a $1,000 bounty on @Hacker0x01! hackerone.com/k0x #TogetherWeHitHarder Multiple Stored XSS vulnerabilities, exploitable in three different ways—plus one triggered via a PDF. 🔥
Stumbled upon a self-triggering XSS today - looks like someone tried patching it before (rediscovery?). Observation: When finding these, sometimes just opening a support ticket for “account review” lets the payload execute by someone else…
Yay, I was awarded a $3,000 bounty on @Hacker0x01! hackerone.com/k0x #TogetherWeHitHarder The vulnerability I discovered was a critical Remote Code Execution (RCE) that leads access to Domain Admin access in a billion-dollar revenue company. While the bounty is…
That's right, the hacker night is back for another year! 🔥 As every year, the outstanding HackerNight will take place 🙌 A night event where more than 100 hacking professionals will search for bugs and vulnerabilities in private platforms. For the registered hackers, who will…
reg.rootedcon.com
RootedCON
Top technology and information security event in Spain
🚀 Yogosha at @rootedcon 2025! From March 6th to 8th, we’ll be at RootedCON, one of Europe’s leading cybersecurity conferences, and we’re bringing something exciting to the table! We're thrilled to announce that we're organizing the 5th HackerNight with the RootedCON team.
United States Trends
- 1. Cal Raleigh 2,402 posts
- 2. Aaron Judge 9,445 posts
- 3. AL MVP 6,819 posts
- 4. #911onABC 2,321 posts
- 5. Shohei Ohtani 27.9K posts
- 6. ALL RISE 9,549 posts
- 7. Under Armour 9,115 posts
- 8. #internetinvitational N/A
- 9. Purdue 5,321 posts
- 10. RIP Beef N/A
- 11. Megyn Kelly 45K posts
- 12. Big Dumper N/A
- 13. #RepBX N/A
- 14. Blue Origin 12.7K posts
- 15. Nike 28.2K posts
- 16. #TNFonPrime 1,481 posts
- 17. Aden Holloway N/A
- 18. Senator Fetterman 24.8K posts
- 19. Curry Brand 7,572 posts
- 20. #LatinGRAMMY 38.7K posts
Something went wrong.
Something went wrong.