Vladimir S

@RivalSec

AppSec | bug bounty hunter

Joined January 2015

51 Following

83 Followers

65 Posts

Vladimir S @RivalSec

28 days ago

Small win: a $4,500 bounty this week — and honestly it was low-hanging fruit The find was easy, but it came out of autobb, the recon automation pipeline I've been building. Always satisfying when your own tooling does the work. Open source here: https://t.co/pESGFpYsAP

0

0

0

0

18

Vladimir S @RivalSec

about 1 month ago

English writeup of autobb — my open-source perimeter recon pipeline for bug bounty. Recent: harvesting subs/links from saved responses, scope-wide DNS perms, TLS/CNAME/PTR enrichment, stale rescans, ffuf in the alert flow. https://t.co/nKb3CP7CnJ

0

0

0

0

45

Vladimir S @RivalSec

about 2 months ago

my blind XSS fired out of scope inside the target's outsourced SOAR/SIEM provider 💀 the cybersecurity company rewarded me directly first time ever. the payload finds its own way home 🎯 #bugbounty #blindxss #infosec

0

0

0

0

61

Vladimir S @RivalSec

2 months ago

🤖 Open-sourced AutoBB Analyst — autonomous #bugbounty agent. Vibecoded on a weekend amid the #AI hype. Doesn't just summarize scans — actually pentests targets via Claude Code, reports only verified findings, keeps its own wiki. https://t.co/AsRsVoZM2F #infosec #pentest

0

0

0

0

111

Who to follow

Priyansh Bansal

Verified account

Penetration Tester | Bug Bounty Hunter | Cricket | ICT Fan | Football | MUFC Fan | Red Devil🔴 | SRH Fan🟠

Rishabh Shrivastava

It's better to live your life imperfectly than imitating someone's else..

RivalSec retweeted

Critical Thinking - Bug Bounty Podcast

over 2 years ago

Freaking good redirect validation bypass payload: http://attacker[.]com\@test[.]com The backslash will be normalized to a slash by the browser and result in the OR. I see this issue a lot. (Obviously [.] is not a part of the payload, it prevents X from turning it into a link)

3

169

23

114

28K

Vladimir S @RivalSec

over 2 years ago

I am pleased to announce that I have received the OSWE certificate from @offsectraining 🙌 #oswe https://t.co/FHinMH2bCs

0

12

1

1

4K

Vladimir S @RivalSec

over 2 years ago

Sent my OSWE report I hope everything is ok 😅

RivalSec's tweet photo. Sent my OSWE report I hope everything is ok 😅 https://t.co/WCxkhmyZ8l

0

0

0

0

186

RivalSec retweeted

Luke Stephens (hakluke)

over 2 years ago

Share one tool that you've created and explain what it does 👇

38

79

21

69

40K

Vladimir S @RivalSec

over 2 years ago

@hakluke 🔎 Check out PathBuster, the powerful web path scanner! 🚀 Scan multiple hosts simultaneously, prevent false positives with the -ac argument (automatic calibration of filtering) 🎯 https://t.co/7ryZS0IKh8

0

1

0

0

73

Vladimir S @RivalSec

almost 3 years ago

If you want to build some bugbounty automation - check out mine autobb project, maybe it will suit your needs. https://t.co/26dHU1vGhs #bugbountytip #bugbounty

0

0

0

0

121

Vladimir S @RivalSec

over 3 years ago

Checkout my alternative to the @pdnuclei passive mode. I created it because of: 1) nuclei process raw: request - false positives 2) nuclei process dsl matchers - most of takeover templates not work at all 3) sometimes nuclei fires non-existent matches https://t.co/QSp87IVbuc

0

0

0

1

205

Vladimir S @RivalSec

over 3 years ago

I found new service vulnerable to subdomain takeover. Check out my write-up: https://t.co/5vaa1BD575 #bugbountytip #BugBounty

0

0

0

1

0

Vladimir S @RivalSec

over 3 years ago

I got almost $1k for one found phpinfo file 🤯, because that file leaked some very sensitive environment variables. Always carefully check all the information you find #bugbountytips

0

0

0

0

0

Vladimir S @RivalSec

over 3 years ago

I just pwned RedPanda in Hack The Box! 🧐https://t.co/GsM1U6eGpE #hackthebox #htb #cybersecurity

0

1

0

0

0

Vladimir S @RivalSec

over 3 years ago

Finally, the second time I passed the exam and received my OSCP certificate, it was a difficult path, primarily due to the fact that I am a Russian citizen. At this time AD set was more difficult, I even couldn't find initial foothold, but made all standalone targets #oscp

0

0

0

0

0

Vladimir S @RivalSec

almost 4 years ago

The most difficult thing for me in passing the #oscp certificate is payment. I couldn't pay with Turkish MC, I only found one crypto startup on blackhat forums that makes suitable virtual cards. All these sanctions are hitting people who are already against Putin.

0

0

0

0

0

Vladimir S @RivalSec

almost 4 years ago

i fail ( maybe something wrong with my reports...

0

0

0

0

0

Vladimir S @RivalSec

almost 4 years ago

Just now I've send a report for pen-200 #OSCP exam (first attempt). I totally did full AD set (40 pt) and 2 non privileged reverse shells (20 pt), with labs report (10pt) I must pass it 😅

1

0

0

0

0

Vladimir S @RivalSec

about 4 years ago

Today I received a residence permit in Turkey for one year, I don’t know what will happen next, but I don’t want to go back to Russia.

0

0

0

0

0

Vladimir S @RivalSec

about 4 years ago

Traditional Russian food in Turkey “syrniki” 😋

RivalSec's tweet photo. Traditional Russian food in Turkey “syrniki” 😋 https://t.co/O7Lko9LAEc

0

1

0

0

0

Last Seen Users on Sotwe

Trends for you

Most Popular Users