Olivia
Online
Jacob
@larsencyber
Offensive Security Managing Consultant at @CyberCX | Threat Researcher
Australia
Joined September 2023
340 Following
78 Followers
75 Posts
Pinned Tweet
@trace37_labs @Hacker0x01 It is such a difficult situation to be in as a hunter. I value doing everything by the rules, but in circumstances like there where the platform is creating risk, not mitigating it, direct contact to the company is sanctioned. I really hope this bug you found gets resolved ASAP.
Found a cool bug at Meta.
From misconfigured Grafana instance to R/W access on 507 private Meta repositories.
Wrote up the full chain here:
https://t.co/LYQ0prc68d
$157k bounty awarded by @metabugbounty
@_naaash_ Nice work, I find basically an identical bug to this, same techniques and method.
@hakluke The tax changes definitely makes small businesses and startups reconsider where they are based. Honestly sad, hopefully it doesn't pass.
SpaceX is actively hiring world-class engineers/physicists for SpaceXAI, even if you have zero prior experience in AI. Smart humans figure it out fast.
Please send an email with ~3 bullet points demonstrating evidence of exceptional ability to [email protected].
Tip of the day:
When you're hacking with AI, it pays to know when deterministic tooling is better than AI.
A good rule of thumb is this:
AI = fuzzy inputs and outputs
Deterministic tools = clear inputs and outputs
For example:
Want a list of subdomains? Use a deterministic tool like subfinder or amass.
Want to "check the list of subdomains to see if any of the hostnames look interesting"? use AI.
The real magic happens when you combine them.
@Zaddyzaddy @BugBunny_ai @Hacker0x01 You should probably validate by human first before submitting. I'd be curious what your accuracy % rate is. A lot of the platforms are complaining from being spammed by AI validated bugs that haven't been reviewed by humans.
I was hoping to compete in Pwn2Own with a Firefox full-chain entry, but unfortunately it was rejected. I’ve reported the vulnerability to the Mozilla team.
@ggwhyp Wow, incredible work. Can't wait for the writeup.
@caseyjohnellis Jeez people Photoshopping XSS.. that is so pathetic
@caseyjohnellis Second thought - how about prioritised triage for submissions which contain a PoC video? Or even enforcing videos for P3 and above?
@caseyjohnellis I've seen your first point circling around a lot. Tbh I think the focus should be on implementing historic submission accuracy % requirements for submissions. Sure there will still be slop, but it will at least prevent people who are spamming fp bugs with 1-25% historic accuracy.
@Mr_Husky1 This is horrible. Unfortunately academia is rife with professors publishing students papers as their own as the "main author", offering only "editor" or nothing at all to the student. When I first saw this it made me realise academia is a complete scam.
@3ugman You should try change the user's email to an existing user's email and see if it is possible to do an account takeover or similiar.
@3ugman Marked as informative because there is no security impact. A user with a valid session can change their own email? Even despite the UI not permitting it, there is no clear risk or impact.
@termireum Try use alterx to create intelligent target specific subdomain permutations.
Trends for you
Most Popular Users
Elon Musk 
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.7M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
60.9M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers