SysTrack

@ctbbpodcast @rez0__ This was a great episode. My Claude Leveled up

One of our most highly anticipated episodes, enjoy it! ...Let's learn how to train our Claudes :p ty @rez0__ Building Claude Skills as a Bug Bounty Hunter, part 1

@h4x0r_dz Some1 made $$$

OMG, what am I seeing here? 26 critical/high vulnerabilities in Google Chrome released at once? chromereleases.googleblog.com/2026/03/stable…

@RezyDev Painful. Sorry for your loss

This hurts more than breakup😂 Wasn't quick enough! #BugBounty #Duplicate

@xssdoctor @ctbbpodcast @rez0__

@SysTrack40 @ctbbpodcast @rez0__ nostarch.com/zero-day

We had to release this one before @rez0__'s brain started returning 429s. Everything you always wanted to know about using AI to help you hack. ...or is it you who's helping the AI? 👀 youtu.be/qTX9u-EsjmM

@Michael1026H1 That's a lot of bugs in a small space of time. Are YOU AI? Lol

Seeing a lot of fear mongering about 'required' use of AI in bug bounty. My approach hasn't really changed in the last couple of years, yet I'm sitting with 17 high / critical bugs from the last 10 days. Currently the only thing I use AI for in bug bounty is programming.

Got Chrome to redirect to abort() with my code execution poc testing... just about there for the real RCE payload 🤞🤞🤞

@Behi_Sec Listen to Synth Wave to make it not boring

Recon is boring. Reading the API docs is boring. Testing every single edge-case you know is boring. If you want to find bugs, do boring.

@h4x0r_dz Congratulations on completing step one. We are looking for AI experts to help us move our agency forward with AI implementation in investigations and protection. If you have the skills to get this far, you have the skills to go further.

Ctf

@Behi_Sec H1 for me

Which platform is the best currently? H1, Bugcrowd or Intigriti?

@HackingLZ I only figured out HOW to work because of LLMs.

Still waiting to meet the person who's actually working less because of LLMs. Everyone I know is just doing more. Faster PoCs, better R&D, RE goes quicker, all of it. nobody's clocking out early.

@k_firsov 100% agreed. Even still, with advancements in Claude, it may reduce the attack surface, but it doesn't mean there will be no attack surface or no requirement for human logic in guiding Claude. These industries are going through changes, but we can adapt to the changes

So much drama today, people losing their minds over this "new" feature from Anthropic, calling it the death of pentesting and bug bounties. Even stocks tanked for companies that have nothing to do with it. Why? Because most investors in this space don't know shit about security or what Claude AI actually dropped. We have been running vulnerability scans with various AI models, including Opus 4.6 for months already. This release is basically just a handy button to run what used to be a chain of prompts doing the exact same thing. Investors: Buy back in. Bug hunters and pentesters: relax and level up with it. Anthropic’s social media team: Bravo! This clickbait worked out!

@Random_Robbie I tried reporting stuff like that but it usually gets pushed back if you cant prove impact. Even theoretical impact gets pushed back in my experience.

Are people really reporting stupid shit like file paths and rate limit and no csrf and getting paid??? I only try to report impactful stuff myself. Lowest I go is xss and last night I reported some banking creds but don't really want to cause it didn't feel impactful

@my_stewpid @PeterSRWeb3 Appreciate that. None are disclosed yet and I haven't started writing things up publically yet. But maybe I'll start doing that.

@SysTrack40 @PeterSRWeb3 do you have links to your reports or write ups? I'd like to read

So many people jumping into bug bounties right now... I'm genuinely curious—what's the actual success rate? Like, what % of hunters actually land their first payout? Or consistently make money? Feels like 95%+ quit early with zero $$$ 😅 Thoughts? Stats? Your experience? 👇

@ctbbpodcast @Hacker0x01 Fair play for doing this lads. Great interview, and for me, even though I'm new, this clears up a lot. Hopefully puts an end to the drama.

We said we'd sit down with @Hacker0x01 to ask all the hard questions, and we did! In the episode below you'll find everything you wanted to know about whether or not your reports are being used to train LLMs, ToS changes, plans for the future and more! youtu.be/Pa4wWv_ONjM

@0xTib3rius Lol. Can I buy this demo video with resell rights on the video?

I am about to COMPLETELY disrupt the cybersecurity industry...💀💀💀 Presenting the Continuous Reasoning AI Pentester! Multiple AI agents running every security tool under the sun against your environment, at record speeds. Full pentests achieved in less than AN HOUR. Zero human input. One hundred percent success.

@h4x0r_dz Why is it a scam?

Looks like HackerOne’s (the scam bug bounty platform) security budget got hacked first. Critical bounties went from $25,000 to $15,000. Guess critical bugs aren’t that critical anymore. lol

@pxmme1337 @Hacker0x01 Didn't the overall payouts go up YOY though?

What is going on at @Hacker0x01 lately? Join the discussion anonymously and express your thoughts for free on url.bugbounty.forum/p/nIzf1

@spaceraccoon @infosec_au This is gold nice1!

ICYMI: I created an LLM-powered tool to detect CVEs before they're even published - and it's now powering vulnerabilityspoileralert.com. This is a simple GitHub page statically generated using vulnerability-spoiler-alert-action. Check out the backtest findings at github.com/spaceraccoon/v… and let me know what you think the hit rate is! I'm running this open-source vulnerability intelligence project using a personal API token, but maybe @AnthropicAI... or @OpenAI might want to support this? 👀