putsi

Wrote a blog post about how to host private Burp collaborator instance. It also has some scripts to make it a bit easier and faster. teamrot.fi/2019/05/23/sel…

Modifying Burp Collaborator config file every time you need to host a new payload takes too much time. If self-hosted Burp collaborator could serve files from a web root directory like Nginx does, would you use it? (I’m gathering votes for a support case)

@0xd0m7 @Bugcrowd Bro you are a hero 🙏

@Bugcrowd @putsi

who is your hacker hero?

As promised, here's the first sneak peek into our new AI-powered features coming to Burp Suite Professional next month... 👀 🤫 First up, we have Explain This. #BurpAI #BurpSuite

The results are in! We're proud to announce the Top ten web hacking techniques of 2024! portswigger.net/research/top-1…

Spamming "hi" at every LLM: a thread.

Can LLMs find vulns? Here’s what Project Zero found googleprojectzero.blogspot.com/2024/06/projec…

I bet a song composed and performed by an AI will be a Top 40 hit during this year.

Video of the Keynote talk from last T2 infosec conference in history: 𝒮𝒴𝒮𝒯𝐸𝑀𝒮 𝒜𝐿𝒞𝐻𝐸𝑀𝒴. By @thegrugq. youtu.be/JYhIui542Xg

This is how tears look like under the microscope. Insane

The first two weeks of the Vision Pro were absolutely insane. Here are 13 examples that prove the Vision Pro is the best piece of tech ever invented. 1) Real-time 3D surgery twitter.com/Medivis_AR/sta…

Check out our new blog post! We hacked into Apple Travel Portal (yes, again!) using a 0-day Remote Code Execution exploit. Part 1 is live now, stay tuned for the follow-up on another RCE worth a total bounty of $40k! blog.projectdiscovery.io/hello-lucee-le…

The SSRF/auth bypass affecting Ivanti Pulse Connect Secure (CVE-2024-21893), is a great example of what can be achieved with a fully blind SSRF vulnerability (RCE). Read the @assetnote blog here which includes a reliable payload and generation steps: assetnote.io/resources/rese…

I've made $500k+ from SSRF vulnerabilities. Here are my tricks:

PortSwigger Web Security disclosed a bug submitted by @mattaustin: hackerone.com/reports/1274695 - Bounty: $3,000 #hackerone #bugbounty

Hackers, an important one. e.g.: we heard that CVSS "PR" is handled inconsistently (should be PR:None for self-sign-up). We're transparently listing a set of Detailed Platform Standards for consistency across programs. Need your help -- what to cover next? docs.hackerone.com/organizations/…

Web Security vs. Binary Exploitation

As promised: Here's the first $10,000 @Intel bug (aka CVE-2022-33942) that allows to bypass the authentication of Intel's DCM by spoofing Kerberos and LDAP responses. Exploit inside, enjoy 🥳 rcesecurity.com/2022/11/from-z… #BugBounty #security

Earlier this year, the Paranoids Vulnerability Research team  disclosed a critical remote code execution (RCE) vulnerability in @GoIvanti’s endpoint management product: yahooinc.com/paranoids/para….

CVE-2023-21939 - Code Exec - PoC gist.github.com/win3zz/308c656…

Here's a write-up on a Browser-Powered Desync bug that I discovered in the Azure CDN service known as Front Door. The entire concept is built upon the excellent research by @albinowax. Initially identified within the @intigriti program. blog.jeti.pw/posts/knocking… #bugbounty