
/home/toxicat0r
@toxicsolution
OSCE3 | OSED | OSEP | OSWE | OSWA | OSCP | BSCP | CCNA | Bug Bounty Hunter | Security Researcher
Bạn có thể thích
HTTP/2: The Sequel is Always Worse by @albinowax portswigger.net/research/http2
I earned $1800 for my submission on @bugcrowd bugcrowd.com/toxicat0r #ItTakesACrowd API takeover (customer data exposed). Several small bugs resulted in one big final payment :)
I earned $600 for my submission on @bugcrowd bugcrowd.com/toxicat0r #ItTakesACrowd Administrator privileges to their API :)
I earned $450 for my submission on @bugcrowd bugcrowd.com/toxicat0r #ItTakesACrowd IDOR exposed customer data. Changed the HTTP method from PUT to GET, shortened down the URL, and finally changed the user ID :)
I earned $300 for my submission on @bugcrowd bugcrowd.com/toxicat0r #ItTakesACrowd IDOR in a private program ;) Got another $150 for no rate limiting as well 🥳
Just bought myself a couple of new IoT cameras. Not sure if I should laugh or cry :)

BendyBear: Novel Chinese Shellcode Linked With Cyber Espionage Group BlackTech unit42.paloaltonetworks.com/bendybear-shel…
Important Update


Accessed the computer system of a facility that treats water for about 15,000 people and sought to add a dangerous level of additive to the water supply reuters.com/article/us-usa…
9 exploits published today with my name on them. Super happy about that, but also worrying that some WP plugin developers really don’t care about security. They ignored my requests until I contacted the WP plugin security team directly.
CVE-2021-3156: Heap-Based Buffer Overflow in Sudo (Baron Samedit) blog.qualys.com/vulnerabilitie… via @qualys
New campaign targeting security researchers @google blog.google/threat-analysi…
Don't forget to add "Password2021" to your wordlists.
I have report from Microsoft about SolarWinds hack, including IoCs. Excerpts in this thread: "Microsoft security researchers recently discovered a sophisticated attack where an adversary inserted malicious code into a supply chain development process.... 1/
Hey @S1lky_1337 - fun machine :) Good find regarding the authentication bypass. Interesting case.

Stumbled across this awesome tool yesterday. Perfect for OSINT, bug bounty hunting, and so on. Search across a half million git repos 💯 grep.app
"Sent torsdag kveld fikk VG inn en rekke tips fra lesere som hadde blitt logget inn på andres profiler når de forsøkte å logge seg inn via ID-porten, en felles innloggingsløsning til offentlige tjenester." direkte.vg.no/nyhetsdognet/n…
United States Xu hướng
- 1. George Santos 9,634 posts
- 2. Prince Andrew 40.8K posts
- 3. No Kings 298K posts
- 4. #askdave N/A
- 5. Duke of York 17.6K posts
- 6. Louisville 5,300 posts
- 7. #BostonBlue 1,107 posts
- 8. Gio Ruggiero N/A
- 9. Norm Benning N/A
- 10. Zelensky 85.9K posts
- 11. Rajah N/A
- 12. Teto 19.2K posts
- 13. Andrea Bocelli 25.1K posts
- 14. Arc Raiders 7,824 posts
- 15. #DoritosF1 N/A
- 16. Strasbourg 30.2K posts
- 17. #iwcselfieday N/A
- 18. Max Verstappen 11.5K posts
- 19. #SELFIESFOROLIVIA N/A
- 20. Chandler Smith N/A
Bạn có thể thích
-
Soumyani1
@reveng007 -
Sm4rty.xyz 𝕏
@Sm4rty_ -
error4o4
@error404sec -
SecHawk
@sec_hawk -
Abhishek Karle
@AbhishekKarle3 -
Fatin Sirat
@fatinsourav1 -
T0t0r0
@T0t0r04 -
Tanmay
@blackk_hawkkk -
SplinterSec
@splint3rsec -
AbdeRaouf 🇵🇸
@abderaoufzx -
Ashiqur Emon
@Ashiqur_Emon78 -
Steffen
@devourer_stf -
0xPratyaksh
@mr_fr3qu3n533 -
Abhigyan
@MrAbhigyan -
pedro bart
@pedrobart01
Something went wrong.
Something went wrong.