Ciarán Cotter

1.4K posts

Ciarán Cotter

@monkehack

• Irish/Japanese web/AI hacker from Cork, living in Scotland • Researcher @ctbbpodcast • BT6 • Newsletter weekly at https://t.co/KA5b2kY8ih

Edinburgh, Scotland انضم Mart 2021

603 يتبع5.1K المتابعون

تغريدة مثبتة

Ciarán Cotter@monkehack·3 Şub

Excited to launch this with @busf4ctor. We'll be posting some of our research over the next few weeks 😁 so make sure to follow. Really looking forward to seeing where this goes!

Starstrike AI@StarstrikeAI

Today, we (@busf4ctor and @monkehack), are launching Starstrike: an AI pentesting and research startup. We'll be releasing our first few research articles over the next few weeks, detailing several bugs that helped us net over $100k in total. Follow to ensure you don't miss them!

English

4.5K

Ciarán Cotter@monkehack·58m

@Random_Robbie Didn’t really dig into it yet. It’s quite locked down by default iirc

English

Random Robbie@Random_Robbie·59m

@monkehack How did you get on?

English

Random Robbie@Random_Robbie·12h

Any hardware hackers hacked the Facebook portal yet? Seeing it's EOL

English

463

Ciarán Cotter@monkehack·18h

@caffeinedoom @SynackRedTeam Agreed. I hack on Google partially because it’s like insurance if the big platforms die

English

529

Sam (caffeine)@caffeinedoom·18h

@monkehack Reminds me to the previous downfall of @SynackRedTeam :(

English

542

Ciarán Cotter@monkehack·23h

HackerOne and Bugcrowd are pentest shops these days, and bug bounty is increasingly becoming a smaller focus for them. Ultimately, though, they both still rely on the community of hackers to give their offerings any value - it’ll be interesting to see where this is all going.

English

4.8K

Ciarán Cotter@monkehack·18h

@wld_basha I see it more like, bug bounty catches what pentests miss. This just evolves into, catching what AI pentests and hackbots miss instead. When token costs go up, the pentests will be less thorough by necessity

English

401

ناضي كناظي@wld_basha·19h

@monkehack Bug bounty itself is just a pentest with artisanal effect😂, how I see it is, bug bounty will become like ecomm, once you get right product (a bug ai cant find) uou farm it as much as possible, and competition will be very high

English

554

Ciarán Cotter@monkehack·20h

🐵 MonkeHacks #95 Batting, Shifting Landscapes, Claude Code #bugbountytips #hacktheplanet #BugBounty monke.ie/p/monkehacks-95

English

881

Ciarán Cotter@monkehack·21h

Super proud of seeing many of my bug bounty friends and acquaintances launch successful startups lately. It’s super motivating, and I’m rooting for you guys 🫵

English

1.3K

Ciarán Cotter@monkehack·2d

@0xLupin 🔥🔥🔥

QME

292

Ciarán Cotter أُعيد تغريده

Lupin@0xLupin·2d

WE DID IT ! WE RAISED $5.9M PRE-SEED 🥳🎉🎉

English

406

33K

Ciarán Cotter@monkehack·10 Mar

@ThisIsDK999 The hackbots that are possible with local models is the floor of the industry, so I wouldn't say it's killed. But local models are improving all the time, so who knows where we'll end up.

English

421

Debangshu 🇮🇳🥷@ThisIsDK999·10 Mar

TL these days. No research, No new bug types, Only claude, LLM assisted vulnerability research Point and shoot omg claude just killed a 50Bn$ industry

English

3.2K

Ciarán Cotter@monkehack·10 Mar

@ThisIsDK999 Probably. Mostly I expect the average cost of a pentest to drop sharply. It's hard to judge pricing when the top stuff is "artisan" security research.

English

338

Debangshu 🇮🇳🥷@ThisIsDK999·10 Mar

@monkehack agree. also do you expect high-quality research/teams to be priced premium?

English

739

Ciarán Cotter@monkehack·10 Mar

Hacking, as a craft, is going to undergo a split. There'll be the experts, who've mastered their craft and will provide extremely high-quality hacking and research. Everyone else is in a race to the bottom. Software development and hacking are becoming mass-produceable.

English

3.3K

Ciarán Cotter@monkehack·7 Mar

You wake up in 2030. @rez0__ has turned himself into an LLM. You just earned $3,000 providing new context for the AI fleet. Your AIs are genius hackers. HackerOne and Bugcrowd have both been acquired by Cisco and turned into a unified "Cisco Managed Bug Bounty Platform". Cisco sends you a hoodie over the mail.

Pomme@pxmme1337

You wake up in 2016. You just earned a $3,000 bounty. Your friends all think you’re a genius hacker. Your online bug bounty mate tells you « this shit is forever, bro » HackerOne sends you a hoodie over the mail

English

7.7K

Ciarán Cotter أُعيد تغريده

N0xi0us@_N0xi0us_·26 Şub

Today I discovered that scammers are poisoning Google AI Overviews to display malicious data. While searching for an airline support phone number, the AI-generated result surfaced a scam number operated by fraudsters. Don't be lazy and double check the results 🫡

English

136

20.9K

Ciarán Cotter@monkehack·24 Şub

@hugopicanzo It was an In Person Challenge through HackerOne

English

Hugo Picanzo@hugopicanzo·24 Şub

@monkehack Was Hackerone LHE?

English

Ciarán Cotter@monkehack·23 Şub

🐵 MonkeHacks #94 Returning, LHE Experiences, VolumeLeak #bugbountytips #hacktheplanet #BugBounty monke.ie/p/monkehacks-94

English

1.8K

Ciarán Cotter@monkehack·23 Şub

@njcve_ Considering how many stupid ideas I have per day, some of them were gonna work eventually lmao

English

140

Nathan Jones@njcve_·23 Şub

@monkehack even for you, this is unreal. 🔥🔥🔥

English

220

Ciarán Cotter@monkehack·21 Şub

New week, new research. Classification attacks are a new method that wasn't possible before LLM-based systems, and they vastly expand the capabilities of limited data exfiltration channels.

Starstrike AI@StarstrikeAI

We took things further in hacking Gemini, and exfiltrated data via... volume settings! We also present a new technique for data exfiltration in LLM-based systems. Enjoy 🔥 Link in comments:

English

2.5K

Ciarán Cotter@monkehack·17 Şub

@AmirMSafari Not at the moment, I haven't done any due diligence that I'd need to do to release it and I don't really intend on developing it any further

English

274

AmirMohammad Safari@AmirMSafari·16 Şub

@monkehack Awesome! Is it available as open-source?

English

749

Ciarán Cotter@monkehack·16 Şub

I made a Chrome extension that lists all dev comments (in the HTML+JS) on websites and the results have been entertaining

English

114

4.5K

اكتشف

@Random_Robbie @caffeinedoom @SynackRedTeam @wld_basha @0xLupin @ThisIsDK999 @rez0__ @hugopicanzo