zpan
133 posts


Duplicate detection got a sibling today. Known issue matching is live in Studio Review.
Programs keep a list of issues they already know about. Match one and your report gets closed like a dupe. So the review now checks that list before you submit.
Tag your role model researcher in replies and I'll get you both access.
GIF
English

Yeay, I was awarded for my three valid submissions on
@HackenProof after three months with my AI system.
Keep hunting!
hackenproof.com #hackenproofed #bugbounty



English
zpan retweetledi

4 days ago we launched Jailbroken, a PRIVATE Discord community to learn AI red teaming and safety.
Since then:
- Over 250 security researchers joined
- Top resources have been collected
- People shared countless techniques and discoveries
Today, we've secured over 100B in FREE AI tokens for all the members.
If you want to join, drop a comment.

English
zpan retweetledi

Been wanting this to exist for a while, so I built it.
ProofOfRep, a reputation board for bug bounty programs and contests.
Report your unfair or dishonest experiences, with proof, and I'll manually review everything.
Hope it helps SRs focus on projects that actually take security seriously.
Still early. Let me know if this sucks or if it's useful. All feedback welcome.
proofofrep.xyz
English

@WhiteHatMage However, it's clear that you can't request a review of a duplicate, low-severity report.
English

I also have another theory about duplicates: some projects and platforms abusing nonsense slop submissions.
You disclose an e2e-proven exploit, but it gets marked as a duplicate because of the "root cause".
The slop report contains the vulnerable lines but no actual proof or has invalid claims.
With enough slop, you cover all the lines where a reasonable bug could exist. Then the project reopens the invalid slop submission, pays it as Low, and avoids paying the actual Critical.
That’s my worst nightmare. That shouldn’t happen ever.
WhiteHatMage@WhiteHatMage
I’d say that getting too many duplicates in old bug bounty programs is a sign that your hunting strategy needs improvement. Duplicates should be rare.
English

Everyone hitting $10k bounty on @HackenProof , is it mostly on Hyperbridge or diff program ? My feed is kinda full with $10k bounty post.
English
zpan retweetledi





