harisec
@har1secInterested in web security, bug bounties, machine learning and investing. SolidGoldMagikarp
Similar User
@malcolmx0x
@uraniumhacker
@Yassineaboukir
@emgeekboy
@akita_zen
@streaak
@ngalongc
@jon_bottarini
@Zombiehelp54
@armaancrockroax
@Paresh_parmar1
@iamnoooob
@BugBountyHQ
@princechaddha
@smiegles
Recraft's new model, unlike typical diffusion models, can handle math and geography - a surprising capability for an image generator. I wrote an article about abusing this functionality to leak its system prompt (using only generated images). invicti.com/blog/security-…
A 12,600$ Bounty and a Software Supply Chain Attack that could have impacted millions 🤯 Let me share you those 2 stories in this article ! 🤟 Link in the thread 🧵
reminder that the bcrypt hash function ignores input above a certain length! so if you do bcrypt(username || password) for some reason, a sufficiently long username will make it accept any password. to fix this you can sha256 the input first.
Okta allowing login bypass for any usernames with 52+ characters is insane Official Security Advisory: trust.okta.com/security-advis…
Okta allowing login bypass for any usernames with 52+ characters is insane Official Security Advisory: trust.okta.com/security-advis…
This is a well-written article about CVE-2024-38821 — a critical Spring authorization bypass vulnerability. The blog post provides a clear explanation of filters and handlers workflows. deep-kondah.com/spring-webflux…
I just wrote a blog post about Analyzing WordPress hack access logs with #NotebookLM @raiza_abubakar invicti.com/blog/security-…
The saga of a full-read SSRF vulnerability in Exchange: ❌ 2021: Reported by me - low impact, no fix. ❌ 2023: Reported by @chudyPB - the issue doesn't require immediate servicing. ✅ 2024: Quiet patch by Microsoft. No CVE, no bounty, and only after 3 years customers are safe.
My talk on finding security vulnerabilities by combining classical symbolic reasoners with modern-day LLMs: Recording: youtube.com/live/yOzqdhYou… Slides: docs.google.com/presentation/d… I gave this talk yesterday at the 2024 Static Analysis Symposium in Pasadena, California. Finding…
NOOOOOOOO WHAT HAVE I DONE?! 😱😰 Claude just rm -rf'ed off this mortal coil 😭 RIP, my fren 🫶🪦🫶
The record of my talk at DEFCON is finally out! Go check media.defcon.org/DEF%20CON%2032… to see a few surprising bugs I found in my bug bounty career :p #bugbounty
working on a bug bounty website that has to do with recon looking for ~10 people to beta test it and try to hack it too before full release better if you actually do recon when bb hunting please DM me if you're interested 🙏🙏 ty
1 Bug, $50K+ in bounties: how Zendesk left a backdoor in hundreds of companies #bugbountytips gist.github.com/hackermondev/6…
Vercel pricing is absolutely insane, it blows my mind Data transfer starts at $150/TB with 1TB included Hetzner gives 20TB free, and then it's €1.19/TB So 20TB on Vercel is $2850, on Hetzner it's free (included with VPS) And then you have to pay extra per request? Perhaps…
Canvas opens in a separate window, allowing you and ChatGPT to work on ideas side by side. In canvas, ChatGPT can suggest edits, adjust length, change reading levels, and offer inline feedback. You can also write and edit directly in canvas.
I've created cspbypass.com A site where you can search for known CSP bypass gadgets to gain XSS. Now it contains some example data but I'll try to update it with some usefull data over the next weeks. If you have some CSP bypasses to share, feel free to reach out!
Remember CVE-2024-4577, the PHP-CGI RCE bypass? Actually, the Best-Fit 'feature' also impacts non-CJK codepages such as locales in the Americas, Western Europe, Oceania, and more! @_splitline_ and I will share these cool findings at @BlackHatEvents! 🔥 Let's make argument…
Aside from TPUs running hot today, five things from Notebook HQ: 1) Thanks for all your feedback on AOs so far. I’m copy pasting everything into a Notebook so I can listen to a Deep Dive and search it later. We’re going to launch some immediate tweaks to make it less repetitive,…
BREAKING 🚨: Google’s NotebookLM could let users build custom chatbots from notebooks. If you already had high expectations from NotebookLM, you must raise them even higher! Here is why 👇 Disclaimer: All mentioned features here are WIP 🚧 h/t @bedros_p
Deep Dive is now my favorite podcast. The more I listen the more I feel like I'm becoming friends with the hosts and I think this is the first time I've actually viscerally liked an AI. Two AIs! They are fun, engaging, thoughtful, open-minded, curious. ok i'll stop now.
United States Trends
- 1. Brian Kelly 5.474 posts
- 2. Gators 9.077 posts
- 3. Louisville 4.775 posts
- 4. Feds 32,7 B posts
- 5. Nuss 2.975 posts
- 6. Stanford 7.959 posts
- 7. #UFC309 34,3 B posts
- 8. Billy Napier 1.448 posts
- 9. Mizzou 3.861 posts
- 10. Lagway 3.850 posts
- 11. Brohm N/A
- 12. Nebraska 8.501 posts
- 13. Tyler Warren 1.915 posts
- 14. #MostRequestedLive 3.988 posts
- 15. Heisman 13,1 B posts
- 16. Ron English N/A
- 17. #Huskers 1.281 posts
- 18. Moura 6.716 posts
- 19. Raiola N/A
- 20. Chris Wright 11,5 B posts
Who to follow
-
mohammed eldeeb
@malcolmx0x -
Uranium238
@uraniumhacker -
Yassine Aboukir 🐐
@Yassineaboukir -
Geekboy
@emgeekboy -
Akita ZeN 🇦🇷
@akita_zen -
streaak
@streaak -
Ron Chan
@ngalongc -
Jon Bottarini
@jon_bottarini -
Mahmoud Gamal
@Zombiehelp54 -
Armaan Pathan
@armaancrockroax -
Paresh
@Paresh_parmar1 -
Rahul Maini
@iamnoooob -
BugBountyHQ
@BugBountyHQ -
pwnmachine
@princechaddha -
Olivier Beg
@smiegles
Something went wrong.
Something went wrong.