root@rebcesp
3.2K posts
I am at the point where my bug bounty findings are 100% agentic. I am just pasting in the scope and letting the agent run. It can do full external tests for all kinds of environments. A few people already have access, but if you want to try it, comment/DM.
How does it work? 👇
English
root@rebcesp me-retweet
Royal Match is arguably the most successful mobile app ever created by a turkish company
$67,000,000/month
Insane
Jacob Rodri@jacobrodri_
Turkey in mobile gaming is insane: 2010: 3 turkish founders start an app studio called Peak Games 2020: They sell it to Zynga for $1.8B 2019: before the exit, Peak employees start another app studio (Dream Games) 2026: Dream Games is now valued at $4B They're built different
English
root@rebcesp me-retweet
@damian_89_ @thedawgyg Does RavenX-CyberAgent-v6.2 run properly on an RTX 3090 (24GB VRAM)?
English
@thedawgyg ravenx-cyberagent-v6.2,qwen3.6-27b-neo-code,gemma-4-26b-uncensored - for bug bounty hunting - extremly good, usually better then deepseek.
English
What models are you having the most success with right now? Regardless of what your working on.
English
@4osp3l Sometimes it can be useful to leverage Google-owned domains, such as Google Cloud Shell, and keep a server running there, ready to receive any requests or data you need.
English
@lonelysloth_sec to run models at home? your best bet is 2x 5090 at this price range I think, but you're just below the b200 price. then a good enough storage for the 1T+ models. keep in mind parameters are up only, sooner or later you'll have to run 5T+, maybe 10T+
English
If I wanted to spend 20K on a local LLM setup what should I do and what I could run?
I can't ask Claude to help me do it as it will sabotage me.
English
root@rebcesp me-retweet
¿Cuántos hispanos hay activos en el bug bounty hunting?
Es difícil no darse cuenta que la mayoría de los que participan son de EEUU, Europa o Sudeste asiático.
Me gustaría ver más paisanos hispanos en el web3 security research, podemos trabajar en algo sumamente interesante.
Español
root@rebcesp me-retweet
Claude code’s /security-review is just a Skill, and the whole prompt is in this repo
It’s p generic and imo you can tailor it to each repo to language you’re scanning to get better results
github.com/anthropics/cla…
English
Do you watch Netflix in your free time?
Try hackflix for security conference talks
h4ckfl1x.com
#cybersecurity #bugbounty
English
root@rebcesp me-retweet
root@rebcesp me-retweet
A Claude Code skill bundle for bug hunting and external red-team work - 51 skills, 15 slash commands, 574+ disclosed-report patterns curated across 24 vulnerability classes, plus enterprise identity + infrastructure attack matrices. github.com/elementalsouls…
English
root@rebcesp me-retweet
Criei uma ferramenta que:
- Coleta rotas, APIs, JS, DOM, screenshots, requests e responses
- Recebe diferentes usuários e compara o comportamento entre eles
- usa AI pra navegar pela aplicação interagindo como um usuário real
- Entende telas, fluxos, ações disponíveis e contexto real
- Guarda todo o contexto obtido em grafos de evidências
- Faz múltiplos agentes debaterem por turnos sobre como prosseguir
- Obriga cada agente a defender hipóteses com evidências reais. Eles tem 6 turnos pra convencer os outros que a ideia vale a pena. Cada um tem uma ""personalidade"" diferente
- Manda as hipóteses aprovadas pra agentes especialistas por classes de vulnerabilidade
- Usa skills de +10k linhas cada pra criar payloads, bypasses e validações de acordo com a aplicação
- Tenta explorar a vuln
- Se conseguir, volta pro debate pra pensar em possíveis chains com outras vulns
Até agora tá trazendo resultados legais!! quem sabe nao deixo publico essa brincadeira
Português
English
Acepte un proyecto inconcluso en aws react serverless no me guiaron ni nada, nunca había tocado aws para desarollar acepte el proyecto, muy duro al principio pero ahora que ya llevo más de 5 meses he aprendido un montón, sigo aprendiendo me gustó mucho.
Español
