0xn3va

I'm happy to share the third part of my LangSmith research, which targeted Agent Builder (Fleet). The post examines the agent's underlying architecture and the chain of vulnerabilities that led to user impersonation during agent execution. 0xn3va.gitbook.io/blog/2026/lang…

The first LangSmith research ended with a limitation: RCE on the Playground, but the Playground didn't have the secret needed to reach internal APIs. @0xn3va started pulling at the service architecture instead! lab.ctbb.show/writeups/chain…

New research just dropped on the Critical Research Lab! Big thanks to @0xn3va, come read it at: lab.ctbb.show/research/langs…

ICYMI: #bugbounty hunter @0xn3va joined our AMA and shared insights on why he hacks, his process for identifying bugs and advice for new hackers. bit.ly/3LIivXq

The AMA blog post with @0xn3va is out now! 📚🦊about.gitlab.com/blog/2023/10/0…

Special thanks to the @gitlab security team for having me on the GitLab Ask a Hacker AMA! It was great! youtube.com/watch?v=aJagtR…

❓Have you ever wanted to get in the mind of a hacker? Well, here's your chance during our Ask a Hacker AMA next week on September 8th. ✏️ Sign up and drop your questions here. bit.ly/3qNOChj

All my projects on the GitBook are available at a single URL 0xn3va.gitbook.io

Thanks @GitHubSecurity team for this insane swag 🤯 I appreciate it!

If you were looking for secure coding best practices in the form of specific requirements, take a look at my project Application Security Handbook which I released recently. Cheers ✌️ GitHub: github.com/0xn3va/applica… GitBook: 0xn3va.gitbook.io/application-se…

Using AWS IAM roles from GitHub Actions with OpenID Connect? Make sure you set a condition on the JWT subject in your trust policy! Read how we found vulnerable roles in the wild, including from the UK government! securitylabs.datadoghq.com/articles/explo…

I completely updated Content Security Policy (CSP) Cheat Sheet, check it out 0xn3va.gitbook.io/cheat-sheets/w… Subscribe to releases at GitHub to track all updates in my Application Security Cheat Sheets github.com/0xn3va/cheat-s…

Published a write-up about the vulnerability which could expose the access token of GitHub Staff. blog.ryotak.net/post/github-ac…

How do static analysis tools detect vulnerabilities in software? Learn more about the fundamentals of static analysis and security research, and challenge yourself with exercises in the first part of CodeQL Zero to Hero series by @BlazingWindSec github.blog/2023-03-31-cod…

I've updated my GitHub Actions security cheat sheets and added new cases that could lead to serious vulnerabilities, enjoy! 0xn3va.gitbook.io/cheat-sheets/c… github.com/0xn3va/cheat-s…

We found a way to disclose organization's secrets in GitHub and got access to part of GitHub itself. Checkout the blog: ophionsecurity.com/blog/access-or… #BugBounty #Vulnerability

[3️⃣] JWT Cheatsheet by @0x_n3va This cheatsheet is so incredibly complete 🤯 It covers EVERYTHING there is to know about JWT tokens! Reading through this will help you master the topic for sure! 💪 👇 0xn3va.gitbook.io/cheat-sheets/w…

For the last six months I have been researching Github Actions and not only, here you can find my notes✌️github.com/0xn3va/cheat-s… 0xn3va.gitbook.io/cheat-sheets/

Really nice swag arrived! Thanks @newrelic for this gifts, I appreciate it!