gIA Bui
@yabeowHacker @ https://t.co/SWjSiEaOeG | My opinions are my own
Similar User
@starlabs_sg
@vcslab
@testanull
@jkana101
@nghiadt1098
@hi_im_d4rkn3ss
@l0cpd
@linhlhq
@ducnt_
@cookiehanhoan
@thaivd98
@c0nc4nh0
@LamScun
@KMA_Akai
@mr_r3bot
Wormable Substack XSS: blog.calif.io/p/wormable-sub… It must have been years since the last time a wormable XSS was found in a major social media website. This beautiful type confusion XSS attack vector is a gift that keeps on giving. But most of all, @samykamkar is our hero!
We analyzed a LockBit v3 variant, and rediscovered a bug that allows us to decrypt some data without paying the ransom. We also found a design flaw that may cause permanent data loss. This is a joint work with @cPeterr Enjoy! blog.calif.io/p/dissecting-l…
Our founder went to the White House meeting the National Security Council to discuss cybersecurity for Vietnam. Report: blog.calif.io/p/a-trip-to-th…
Painful. This needs to be punished harder. It decreases the trust in platforms like H1 and in the long run could hurt opportunities for serious reporters hackerone.com/reports/2298307
Internet Bug Bounty disclosed a bug submitted by @_tint0: hackerone.com/reports/2326194 - Bounty: $4,660 #hackerone #bugbounty
New blog post: in a recent engagement, we turned a simple XSRF in Argo CD to a shell with cluster admin privileges. No fix is available. We recommend hosting Argo CD on an isolated domain. Details: blog.calif.io/p/argo-cd-csrf
Slides of our talk at AI Day 2023 on improving AI safety with red teaming: drive.google.com/file/d/1hfxDzA… These fascinating topics are new to us. What we knew came from helping AI clients red-team and defend their products and infra. Hope to learn more from everyone! CC @lcamtuf
A little good news to share! And we're still hiring: * Offensive Security Engineer: offsec.calif.io * Software Engineer: docs.google.com/document/d/1CK…
Please share with the best hackers you know! We’ll reward USD 2,000 in cash for each person you refer that is accepted and stays with us for 6+ months.
Pretty cool testimonial from @AnthropicAI If you're into hacking AI models, we're hiring! docs.google.com/document/d/1SJ…
In a recent engagement, we encountered a target running CraftCMS, and discovered a Remote Code Execution vulnerability that allowed us to compromise the target. blog.calif.io/p/craftcms-rce CC @yeuchimse
RED ALERT: Calif hackers are en route to the US. Keep tight of your money, bitcoins, or AI model weights!
After we published a PoC for CVE-2023-38646, Metabase contacted us asking for the full payload. Today they confirmed that we actually found a new vulnerability: github.com/metabase/metab…
Reproducing CVE-2023-38646: Metabase Pre-auth RCE blog.calif.io/p/reproducing-… CC @peterjson @testanull
My hacker team @calif_io is rapidly expanding, recently adding a winner of multiple Pwn2Own awards, a bug bounty hunter in Top 10 of Bugcrowd's All-Time Leaderboard, and an ex-Cloudflare system engineer that may have crashed some parts of the Internet :) calif.io/company
![[Hacker + lover of bash] I Don't know how to hack but i know how to pwnd!](https://pbs.twimg.com/profile_images/1176789748322643968/bEReriMR.jpg)
United States Trends
- 1. Dodgers 49,9 B posts
- 2. Lakers 38,1 B posts
- 3. #DWTS 74,6 B posts
- 4. Chandler 39,6 B posts
- 5. Dylan Harper 1.571 posts
- 6. Duke 38,2 B posts
- 7. #kaicenat 4.664 posts
- 8. Ilona 12,9 B posts
- 9. Joey 27,4 B posts
- 10. Sasaki 8.950 posts
- 11. Matt Allocco N/A
- 12. Cooper Flagg 5.060 posts
- 13. Ohtani 7.064 posts
- 14. Soto 25,8 B posts
- 15. Beal 7.223 posts
- 16. #IslamabadMassacre 399 B posts
- 17. Glasnow 2.972 posts
- 18. Suns 18,9 B posts
- 19. Kershaw 1.710 posts
- 20. Buehler 1.319 posts
Who to follow
-
starlabs
@starlabs_sg -
VCSLab
@vcslab -
Janggggg
@testanull -
jkana101
@jkana101 -
Đào Trọng Nghĩa
@nghiadt1098 -
Thach Nguyen Hoang 🇻🇳
@hi_im_d4rkn3ss -
l0cpd
@l0cpd -
Lê Hữu Quang Linh 🇻🇳
@linhlhq -
Nguyen The Duc
@ducnt_ -
Harry Ha
@cookiehanhoan -
Thái Vũ
@thaivd98 -
Trung Le (con cá nhỏ)
@c0nc4nh0 -
LamScun
@LamScun -
Akai 🇻🇳
@KMA_Akai -
Quang Vo
@mr_r3bot
Something went wrong.
Something went wrong.