Patrik Grobshäuser

I finally let Claude do my pentest this week. Full 5-day engagement, zero human input. Here's what the client got: 😏 clawd.it/posts/10-repla… #bugbounty #pentesting #AI #cybersecurity #infosec #claudeai

if you've ever had to decompile hundreds of JARs/DLL just to find the 38 that actually matter we built something for that 👀 Hyoketsu filters vendor dependencies out of your target before you even open your decompiler. 🪿 hash-matched against tens of millions of files. 👇

AI is making CEOs delusional

@blwiertz @techeurope_ NRW Verbot jetzt

Berlin, get ready for 50.000€ in Prizes @techeurope_ is back on 25 & 26 of April with Big Berlin Hack #2, bringing together >300 builders for a weekend 👇 Register Now

There is an ongoing malware campaign for CVE-2026-20841 Repositories on Github, descriptions were updated ~1 hour ago with links to malware: SHA256 is 3200b7d6a42fc8d2bf213cd17b1bd6f0fc76c4f626330ec6fb0a3f9a0ef9e00e

"Worst she can say is no" Her:

@hitman9264 @rez0__ @Bugcrowd @Hacker0x01 @thebinarybot has the game ever started?

@rez0__ @Bugcrowd @Hacker0x01 @thebinarybot @ITSecurityguard Wow so the game is over for us 💀☠️

Everyone is talking about using Claude Code for bug bounty and pentesting but no one is talking about the findings ? 🤔 Is anybody finding got accepted as valid issue on @Bugcrowd @Hacker0x01 or any platform. @rez0__ @thebinarybot @ITSecurityguard #BugBounty #bugbountytips

@deadvolvo Interesting! My initial thought was to include all of them (~10,717), but I settled on the ones that are unredacted, were rewarded / are resolved.

@ITSecurityguard Did that about a year back. Created a detailed RAG with all public reports. Didn't need a MCP for it, but I found back then it didn't add value like a detailed MDs would, but maybe things have changed since then?

Added 3,600+ publicly disclosed HackerOne reports that paid a bounty to the MCP. 👇 github.com/PatrikFehrenba… This should help Claude to decide where to focus on, what attack surface was looked at before, and where new vulnerabilities could be 👀 (in theory 😏)

@piquopiquo I am spending more time on improving the tooling vs. actually hunting for bugs. The next step is to ship a knowledge base with novel techniques so the AI gets a feeling of what I am after vs. what it thinks is a critical bug 😐

@ITSecurityguard How much did this help you in finding vectors? Thank you for this, Patrik!

@0xw2w Not trolling! Just trying to figure out how BB- people actually work with AI. How much guidance is too much? Where's the line between getting results and getting results you wouldn't have found on your own?

@ITSecurityguard Not sure if trolling but I'll reply. It imitates what I do by following methodology/decision tree. Oversimplified: an intelligent fuzzer lost by default, but we show it the way. Intelligence helps because otherwise you'd need millions of if statements to account for uniqueness

I think we don’t thank infosec influencers enough for somehow persuading half the hacker community that AI can't find bugs. They are making sure there's minimal competition in the field of AI-assisted security testing. True MVPs

@0xw2w Why aren't more people talking about this part? "proper plan, infra, context management, token efficiency, decision/fp tree" Is it the "secret sauce"? Is this enough to replace your entire Bug Bounty persona?

Prompting “find all the bugs, make no mistakes” to a non-security-oriented agent without a proper plan, infra, context management, token efficiency, decision/fp tree, and materials is indeed a reliable signal that AI can’t hack

@Mashhood0x99 have you tried: lock.cmpxchg8b.com/rebinder.html?

However, I’m currently failing to exfiltrate any data. I also tried accessing 169.254.x.x metadata endpoints the server seems to attempt resolving them since the response takes 10+ seconds but I haven’t been able to retrieve any useful data yet.

Hi @TeslaTheGod @thedawgyg found SSRF in the app through an integration with an external service GitHub.Application takes a user controlled URL along with bearer token in the request, the backend makes a request to user-supplied URL My webhook gets hit, confirming SSRF. Any tips

@snakeyesV1 thats great! What was your setup?

@ITSecurityguard x.com/snakeyesv1/sta…

I didn't want to be the boomer that hates on AI so I actually tried it. Claude still sucks at finding bugs. But it's pretty good at remembering mine. h1-brain - MCP server that feeds it your full HackerOne history so it knows what you hacked, what you missed, and what paid off 🦆

@HouranyIbrahim You can sync them without Claude, anonymize them or just share the skill that you used to find them with Claude

@ITSecurityguard From my brief reading it looks cool, but is it safe to share my private reports with Claude? And do I need to get the green light from the company first before doing so? These questions came to my mind and I'd love to share them with you.

New series on using Claude for bug bounty 👀. sync your hackerone reports, cross-referencing past findings against new targets etc. The actual workflow, not the LinkedIn fantasy. Feedback from AI-maxers always welcome ❤️ clawd.it/posts/11-teach…

@stokfredrik more files means more tokens burned on context before you even ask a question, I think the difficult part here is to get the right balance and only provide claude what is absolutely necessary.

@stokfredrik It's the same trick everywhere: context window stuffing. There's no actual persistent neural memory — you write things down in structured files, and the AI reads them at the start of each conversation. The fancier the file organization, the more "memory" it appears to have.

@stokfredrik Spoiler: So far, it hasn't found anything, wasn't creative, wasn't useful, wasted a ton of tokens and repeated things that we've ruled out before. It's a headstart for sure, but I don't see the magic yet

@stokfredrik Understood, the entire idea of the blog is to try out what people promise me will work 😃 I wanted to know if Claude gets useful when it can read your full HackerOne history. So I built an MCP server that syncs your reports to local database and wrote up how I actually use it.

@_mkahmad Give it a try! Would love to hear if it helps you finding more bugs

@ITSecurityguard thanks for sharing!