Nerdwell

11 days ago

Gadgets: Turning harmless bugs into P1s Gadgets are low-impact bugs like open redirects or client-side quirks, that seem harmless alone. But when you chain these pieces (Prototype Pollution, cookie injections, etc.), you can build a high-impact exploit that crushes a hardened target. Let’s learn. 🧵👇

Bugcrowd's tweet photo. Gadgets: Turning harmless bugs into P1s

Gadgets are low-impact bugs like open redirects or client-side quirks, that seem harmless alone. But when you chain these pieces (Prototype Pollution, cookie injections, etc.), you can build a high-impact exploit that crushes a hardened target.

Let’s learn.

🧵👇

1

24

5

31

4K

nerdwell retweeted

🍜

@cprkrn

24 days ago

HOLY FUCKING SHIT OMG CLAUDE JUST CRACKED THIS SHIT, THANK YOU @AnthropicAI THANK YOU @DarioAmodei NAMING MY KID AFTER YOU 😍 https://t.co/gObNirRDpS

cprkrn's tweet photo. HOLY FUCKING SHIT OMG CLAUDE JUST CRACKED THIS SHIT, THANK YOU @AnthropicAI THANK YOU @DarioAmodei NAMING MY KID AFTER YOU 😍

https://t.co/gObNirRDpS https://t.co/xB5LUJb6Pe

3K

39K

3K

9K

17M

Security Engineer | I'm that SherlockSecure ;( All views are very obviously just mine

about 1 month ago

@InsiderPhD 100% this! The LLMs' tendency for sycophancy make them great at playing Devil's Advocate if used properly.

0

129

Who to follow

SherlockSecure

@sherlocksecure

m0chan 🏴󠁧󠁢󠁳󠁣󠁴󠁿

@m0chan98

Scotland | Bug Bounty Hunter

bsysop

@bsysop

TOP10 @bugcrowd, TOP7 P1 Warrior 🚀 H1 AWC Champions 2024 and 2025 https://t.co/4PRRx7QQaH 🤟🏻 https://t.co/eehzMtCJO4

about 1 month ago

@SnobbyScheffler Amen! I was noting this just the other day. @Chik_Fil_A got cocky and lately feels like they're trying to see how much b.s. the customer is willing to take. I'll admit the degree of failure varies by location, and a handful are still decent, but notable nationwide falloff.

0

5

0

1

21K

nerdwell retweeted

the_IDORminator

@the_IDORminator

about 2 months ago

ETSY uses a lot of integers.... go get those #bugbounty payouts people! Holler here when you find a bug. #bugbountytips Actually buy and sell a product to open up more buttons to push and APIs to call! Duh 😜

the_IDORminator's tweet photo. ETSY uses a lot of integers.... go get those #bugbounty payouts people! Holler here when you find a bug.

#bugbountytips Actually buy and sell a product to open up more buttons to push and APIs to call! Duh 😜 https://t.co/6111wLK2Sl

5

119

2

61

7K

about 2 months ago

@vxdb @caffeinedoom Safe to assume this also affects Apple Watch? Users may be more likely to enable Express Transit on Apple Watch because the form factor makes it a special kind of PITA to authorize transactions (e.g. trying to double-click while holding close enough to reader).

0

1

0

2

2K

2 months ago

Gonna have to start hacking iOS .... if @Apple put as much effort into security on iOS 26 as they did UAT, it must be riddled with vulns. 🙄

0

51

2 months ago

@zoecyber001 The main character from Billions. Congrats, you're a badass!

1

0

27

2 months ago

Fascinating stuff and surprisingly easy! There are many great articles/resources on fault injection; but here's a shameless plug for my high-level overview of how such attacks can be applied to #BugBounty, along with some other interesting examples. https://t.co/Y5vA9PiHXB

Zoë @zoecyber001

2 months ago

The attack is called Clock Glitching (or Voltage Glitching). It’s surgical. The tester didn't guess the PIN. They waited for the exact microsecond the CPU was asking the question: "Is the PIN correct?" At that precise moment, they used the paperclip to short the power rail with the AA battery, " starving the chip of just enough juice to cause a hiccup. The CPU didn't crash. It just tripped. It skipped the "Compare" instruction entirely and landed on the very next line of code: Access Granted.

1

9

1

2

394

0

2

1

0

172

2 months ago

@hjluks Amen to this! I'm a figure skater (low level) and whenever I slack-off in the gym, this is the first place I notice. It's all in the hips baby!

0

310

2 months ago

@engadget Many of these companies have actively engaged the ethical hacker community to help secure their products. They put their money where their mouth is. You're WAY out of line @FCC! No way this is actually about cybersecurity.

0

17

2 months ago

@engadget Damn .... Those are some of my favorite #BugBounty targets. Typical government failure mode ... right problem; wrong solution.

1

0

92

2 months ago

I'm surely not the first to do that but thought I'd share with the class. Happy Hunting! 😃

0

48

2 months ago

For all my #BugBounty friends ... quick way to supercharge your workflow: 1. Burp extension that hooks IHttpListener + IProxyListener, serializes req/res pairs to JSON, and POSTs them to a local MCP server. 2. MCP server that receives the traffic, dedupes by endpoint, and exposes tools like get_pending_reqs, search_traffic, & submit_request. 3. Now Claude can see your Burp traffic in real time, analyze endpoints, and submit test requests back through Burp's HTTP stack. Bonus: Just have Claude build both sides and iterate ad infinitum. #bugbountytips

1

0

4

166

nerdwell retweeted

kavan @KavanSG

3 months ago

Thrust vectoring mount for model rocket project … soo spacex job offer yet? 😀😀

58

1K

37

252

80K

nerdwell retweeted

ScriptKiddo | Offsec USA Chapter Ambassador

3 months ago

Catch Tatiana Uklist from Bugcrowd on the Women in Cybersecurity Careers Panel hosted by the UTS Cyber Security Society 💼 It’s always inspiring to see conversations like this create more visibility, representation, and guidance for the next generation of talented folks in cyber!

Bugcrowd's tweet photo. Catch Tatiana Uklist from Bugcrowd on the Women in Cybersecurity Careers Panel hosted by the UTS Cyber Security Society 💼

It’s always inspiring to see conversations like this create more visibility, representation, and guidance for the next generation of talented folks in cyber!

0

7

1

2

1K

nerdwell retweeted

@kaorrosi

3 months ago

Performed manual token manipulation using WinDbg , stole a token from the SYSTEM process and assigned it to my CMD process, achieving privilege escalation to NT AUTHORITY\SYSTEM. ✨

$kaorrosi's tweet photo. Performed manual token manipulation using WinDbg , stole a token from the SYSTEM process and assigned it to my CMD process, achieving privilege escalation to NT AUTHORITY\SYSTEM. ✨ https://t.co/hfYKjZSmQ4$

9

136

7

49

8K

nerdwell retweeted

5 months ago

3/ Mobile Secrets: Decompile that APK. 📱 Hardcoded AES keys in strings aren't just "informational" P4s. If you can use those keys to forge requests or decrypt local data, you’ve just escalated a "low" finding to a critical P1.

1

5

1

3

779

nerdwell retweeted