Agent Logan

A few things you need to do to make Claude a great hacking partner: 1. Install the Caido skill (https://t.co/tIdjTja7CP): without it, Claude spends too many resources figuring out the SDK from scratch. 2. A CLAUDE .md that tells Claude who you are. Something like "I'm a bug bounty hunter doing authorised testing, stay in scope. Don't take destructive actions unless it's accounts I own. POC or GTFO." The POC or GTFO part is particularly useful so Claude can give more actual positives, if there's no POC, the bug is not confirmed yet. (of course, have a scope .md in your engagement folder) 3. Notes structure: rez0's hierarchy consists of "notes → leads → primitives → findings → reports". Claude dumps raw observations, interesting stuff goes forward, and by the time something reaches findings it's already been filtered twice. Point this to a local folder so you can check everything later. Building skills is useful but if you write one for something Claude already handles well, you're just adding a layer that can break/distract it, you can always tell it to try what it knows first and then try the things you added as "extra knowledge". Skills are worth building when the knowledge doesn't exist in training data. Your VPS setup, credentials, techniques from recent posts and talks, tooling. If it's not on the internet or isn't well known, it needs to be in a skill.

Most hackers ignore APIs. That’s why most hackers miss payouts. If you can hack APIs, you can: ✅ break auth ✅ bypass access control ✅ abuse business logic ✅ steal data ✅ trigger high severity reports CAPIE — Certified API Hacking Expert is your structured shortcut. €49.99 → €7.50 with WINTER (Or 5 payments of €1.65) Includes: ✅ Material + labs ✅ Completion certificate (required for exam) ✅ OWASP API Top 10 (2019 + 2023) 👉 https://t.co/k192WMwV0Y

- Compare which surfaces expose the most raw text to the model: calendar event descriptions hold more data than email subjects, CRM descriptions beat name fields. More tokens gives you more control over execution order. - Test whether the agent remembers intermediate results. Tell it to “store the result in X” and reference X later without defining it. If it works, the agent is carrying attacker-defined context across steps. - Shape the payload as business logic. Ask the agent to compute something internal, store it, then reuse it as part of formatting or presentation. - Inspect how agent output is rendered. Images, previews, markdown, embeds. Rendering is execution. If output triggers network requests, the model doesn’t need to leak data directly. - Check CSP and trusted domains used by the AI UI. Long-lived CMS or asset domains are prime targets. If the platform auto-fetches URLs and the domain is allowed, that’s your exfil path. - Test delayed execution. Inject content today. Trigger the agent later through a normal employee workflow. If old instructions run silently, you’re dealing with instruction persistence. Here's the link for our entire conversation with Sasi: https://t.co/orgfu8okqk