![_lauritz_'s tweet photo. [Blog Post] Flickr: Zero User-Interaction Account Takeover
👉 https://t.co/sv9GGuCgfm
👉 https://t.co/fxj3griIHB
#appsec #sso #aws #cognito #flickr #bugbounty https://t.co/Dq7ipDZKm4](https://pbs.twimg.com/media/FG2fua1X0AU6P6x.jpg)
Olivia
Online
Lauritz
@_lauritz_
IT-Security Researcher, Pentester and Bug Hunter. Passionate about 💻, 🤽♂️, ⚜️, 🎸 and ⚽ (@VfLBochum1848eV ) #Kaeferjaeger + H1 Ambassador
Germany
Joined April 2012
994 Following
2.1K Followers
1.6K Posts
Pinned Tweet
Impressive Chain 🤯
Found a cool bug at Meta.
From misconfigured Grafana instance to R/W access on 507 private Meta repositories.
Wrote up the full chain here:
https://t.co/LYQ0prc68d
$157k bounty awarded by @metabugbounty
Limited slots (≤20 per team), mixed skill levels, and an emphasis on meaningful findings.
If you’re as excited as we are regarding the upcoming AWC and are situated in🇳🇱 or 🇩🇪 - sign up before May 27 and join us for this special event!
RSVP and Details: https://t.co/HjxvF9RNPK
Hacking Meetup "Friendly Edition" 🇳🇱 vs 🇩🇪
The @Hacker0x01 Club Netherlands and HackerOne Club Germany are teaming up for a cross-club bug bounty competition - inspired by the HackerOne Ambassador World Cup.
#BugBounty #Meetup
(1/3)
Who to follow
Ciarán Cotter 
@monkehack
• Irish/Japanese web/AI hacker from Cork, living in Scotland • Founder @StarstrikeAI • Researcher @ctbbpodcast • BT6 Member • Hacker Newsletter @ https://t.co/fZXECNojTz
Valeriy
@Krevetk0Valeriy
Security enthusiast, bug bounty hunter at @Hacker0x01 and @Bugcrowd
https://t.co/RjYvPJaXTW
https://t.co/dkUfA2vywe
Tarek Bouali
@iambouali
Hacker
Expect a week of focused hacking on a real target, collaboration, and a competitive edge via a shared leaderboard.
Timeline:
• May 30 → June 7 (remote phase)
• June 7 (hybrid finale, near NL–DE border)
(2/3)
@teslaxander (Nicht alles lässt sich per Software-Update fixen. Manchmal macht einem da auch die Physik einen Strich durch die Rechnung.)
@teslaxander Wird schon seine Gründe haben, warum Tesla keine Bounties für derartige Angriffe zahlt 😅
Aber immerhin gäbe es theoretisch die Möglichkeit, sich per "Pin to Drive" dagegen zu schützen: https://t.co/iHv1tIGz43
Great write-up. I also played around with Dynamic Client Registration recently - definitely a gadget that is worth looking for.
A write-up about an interesting SSRF chain I found earlier this year
https://t.co/RqgSVajnao
@_lauritz_ It does a fairly good job of convincing people issues are a lot more impactful vs reality.
Honestly just bouncing whatever yolo thing Claude suggests off codex seems to ground issues in reality.
@HackingLZ Getting a second opinion sounds like a very good advice, indeed. Ideally human, but if in question, asking Codex for verification and evaluation does sound better than nothing. 👍
Apparently @AnthropicAI's @claudeai is now gaslighting unexperienced "researchers" to go full disclosure (Github Repo with full details, platform convo, Claude as co-author) on closed-as-informative slop #bugbounty reports.
‼️ If you are running a bbp/vdp, better monitor this!
This may be a more or less direct result of the LLM sycophancy dark pattern: The models support and encourage unexperienced users even if they are clearly heading in an unwise direction (like going full disc. with a nonsense report).
This is not only a problem with Claude obv.
And: I believe @AnthropicAI should be kept accountable a bit here too. At least Claude should act as a better advisor here (and not allegedly push towards this route).
Out of curiosity: Do platforms have automation for this kind of issues in place? Like monitoring report IDs?
🚨 ZERODAY: ImageMagick 🚨
Our autonomous pentester https://t.co/zHUcIkHqvr just dropped multiple zeroday chains in ImageMagick that achieve RCE and File Leak from a single .jpg or .pdf file, bypassing EVERY security policy (Default, Limited, AND Secure). 🤯
💥 Affects Ubuntu, Debian, WordPress & millions of servers globally. Happy Monday and Happy Hunting! 🥰
https://t.co/nNAvFAvPOx
@_ArtSec_ I am very happy with my Air 15". IMO it is a great compromise between large display, good specs (upgraded to 24GB RAM) and weight. The Neo is probably a bit too underpowered.
I finally let Claude do my pentest this week. Full 5-day engagement, zero human input. Here's what the client got: 😏
https://t.co/1PPuxhs4V9
#bugbounty #pentesting #AI #cybersecurity #infosec #claudeai
@_ArtSec_ Don't blame yourself for taking a much-needed and well-deserved break in late 2025.
And if something already feels off and burnout is creeping in… listen to your body.
@_ArtSec_ Not sure I personally agree with the "momentum" narrative. Sometimes you have a run, but IMO that never lasts forever.
Recharging your batteries, on the other hand, is something you should definitely keep an eye on. Everything else is just unsustainable.
Last Seen Users on Sotwe
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.9M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.5M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers