Leandro Barragan
@lean0x2f
A.K.A. none_of_the_above | Offensive Sec Researcher | http://x2f.me | http://swordbytes.com | Building the best autonomous pentester @ http://xbow.com
You might like
This week, Disclosed. #BugBounty H1-65 Singapore & H1-468 Stockholm winners, new H1-Elites, Google’s AI VRP, YesWeHack wins EU tender, new programs, tools, write-ups & videos — and more. Full issue → getDisclosed.com Highlights below 👇 @tiktok_us & @okx H1-65…
It's out!! You can now watch @djurado's and @niemand_sec talk: "Prompt. Scan. Exploit - Ai's Journey Through Zero-Days, and a Thousand Bugs". Learn more about @Xbow and autonomous hacking. You can watch it in our Youtube channel exclusively: youtu.be/y_aQQmDMaY4. Enjoy!
youtube.com
YouTube
Prompt. Scan. Exploit - Ai's Journey Through Zero-Days And A Thousand...
Enterprise security products don’t need to be secure (or even good at all) to be sold like hotcakes. 61B market cap and a myriad of vulns. No one cares about that other than people like us, this is as old as time :(
I just noticed CVE-2025-25257 and had a giggle. Not because it's yet another Fortinet remote bug. But because it's a SQLi, in a WAF product. The irony...
I discovered how to use CSS to steal attribute data without selectors and stylesheet imports! This means you can now exploit CSS injection via style attributes! Learn how below: portswigger.net/research/inlin…
Legba v1.1.0 is out! 🥳This is a major release that required a significant amount of (human) effort, bringing several key improvements that deserve individual attention. 🧵👇
I had the pleasure of working at the company this genius founded in 1996 (!). He and a handful of others shaped the spirit of the Argentinian hacking scene, sharing their knowledge and infecting us with curiosity.
-=[ PHRACK PROPHILE ON Gera ]=- phrack.org/issues/72/2#ar… That’s the whole tweet…
"XBOW isn’t here to replace pentesters or researchers; it augments teams. By removing routine burdens from penetration testers, it frees them to explore frontier vulnerability classes and the application-specific bugs that matter most." xbow.com/blog/xbow-on-h…
Xbow concludes its HackerOne & Bug Bounty efforts. It was a nice playground to hack live, real-world targets. Our pentest customers are already benefitting from all the experience we harvested :)
A new chapter for @Xbow. We're concluding our primary mission on Hacker1, so it will no longer be competing on the leaderboard. The platform was a critical step in our journey: an invaluable, large scale, live-fire range for developing and improving XBOW. xbow.com/blog/xbow-on-h…
Lot of people asked me about the models XBOW is using. This and Albert's blogpost about alloys may answer some of your questions (alloys here: xbow.com/blog/alloy-age…)
I have no idea who the GUI designers were for NERV but they needed a huge raise
(completely unrelated to my recent posts)
XBOW's architecture is incredible: a coordinator spins up multiple "solver" AIs that each hunt for specific vulns on different endpoints. Each uses isolated attack machines so if the target tries to counter-attack, it can't reach XBOW's main systems.
OpenAI hasn’t open-sourced a base model since GPT-2 in 2019. they recently released GPT-OSS, which is reasoning-only... or is it? turns out that underneath the surface, there is still a strong base model. so we extracted it. introducing gpt-oss-20b-base 🧵
Wandering through DEFCON someone yelled at me “hey it’s Mr False Positives!!”. Sadly, I was slightly too slow on the uptake to reply “That’s right, first name ‘Zero’”
Tomorrow, 10:00 AM @ #defcon33 @djurado9 & @niemand_sec break down how we built XBOW. Hear about the journey, the challenges, and the most impressive bugs we've found, straight from our top researchers.
Gotta admit it’s so fun to hang out by the booth and suddenly see a high sev that XBOW just found scroll by in real time
I’m the proud first buyer of evilDoggie, the car-hacking interface from @GastonAznarez and @ogianatiempo (@faradaysec). Can’t wait to put it to work!
United States Trends
- 1. #HardRockBet 3,448 posts
- 2. #AskFFT N/A
- 3. Mason Rudolph 2,512 posts
- 4. Merino 14.8K posts
- 5. Arsenal 220K posts
- 6. Tottenham 69K posts
- 7. Klay 40.5K posts
- 8. #ARSTOT 9,396 posts
- 9. Great for 60 N/A
- 10. Trossard 9,634 posts
- 11. #COYG 5,005 posts
- 12. Aaron Rodgers 5,488 posts
- 13. Good Sunday 83.4K posts
- 14. Emanuel Wilson N/A
- 15. Thomas Frank 2,026 posts
- 16. Full PPR 1,391 posts
- 17. Sean Tucker N/A
- 18. Ja Morant 18.7K posts
- 19. #sundayvibes 7,444 posts
- 20. Josh Jacobs 1,812 posts
You might like
-
mohammed eldeeb
@malcolmx0x -
Niemand
@niemand_sec -
Tanner
@itscachemoney -
todayisnew
@codecancare -
William Bowling @[email protected]
@wcbowling -
André Baptista
@0xacb -
m0chan 🏴
@m0chan98 -
Hx01
@Hxzeroone -
zonduu
@zonduu1 -
Ian Carroll
@iangcarroll -
spaceraccoon | Eugene Lim
@spaceraccoonsec -
Jenish Sojitra
@_jensec -
Rahul Maini
@iamnoooob -
Jonathan Bouman
@JonathanBouman -
Valeriy
@Krevetk0Valeriy
Something went wrong.
Something went wrong.