Brumens

1.2K posts

Brumens

@Brumens2

@yeswehack employee 🪖 | Bug Bounty hunter🐝 & coffee lover ☕ I'm a big fan of breaking into all sorts of things 🌐

In your system Katılım Mayıs 2021

504 Takip Edilen1.9K Takipçiler

Sabitlenmiş Tweet

Brumens@Brumens2·18 Ara

My talk at Ekoparty is out now in case you missed it! 👀

YesWeHack ⠵@yeswehack

Curious about advanced techniques to exploit SSTIs? 💉 At @ekoparty, @Brumens2 proved that "limitations are just an illusion", showcasing how to achieve RCE from SSTIs using payloads that bypass traditional constraints 👇 @BugBountyArg #BugBountyTips youtube.com/watch?v=FVm6wY…

English

Brumens retweetledi

YesWeHack ⠵@yeswehack·4d

Hey, hunters! We just dropped a new deep dive on code analysis 💡 Our latest hunter guide covers advanced techniques such as taint analysis and CodeQL, demonstrated with real tools against a real target 👇 #BugBountyTips yeswehack.com/learn-bug-boun…

English

sw33tLie@sw33tLie·2 Mar

bbscope v2 is out & bbscope.com is live! A free #bugbounty tool to pull scope from HackerOne, Bugcrowd, Intigriti, YesWeHack, and Immunefi. Store it all in PostgreSQL, track changes, query it, pipe it into your tools Thread on what's new👇

English

391

47.4K

Brumens@Brumens2·3 Mar

@sw33tLie Oh! Looks sweet, well done Sw33tLie ^^

English

229

Brumens@Brumens2·23 Şub

@NoobosaurusR3x @yeswehack Thanks & glad you liked the challenge! It's actually @zerodaygym that made it, all cred to him! :)

English

Noobosaurus R3x 🦖@NoobosaurusR3x·20 Şub

I just pwned the last Dojo at dojo-yeswehack.com/challenge-of-t… Man, that was nice :) Not very difficult, and I did learn stuff from it. That was funny AND interesting. Thanks @yeswehack and @Brumens2

English

447

CryptoCat@_CryptoCat·17 Şub

My writeup for the "RubitMQ" challenge by @Brumens2 (@yeswehack) 🐇 cryptocat.me/blog/ctf/month…

English

2.6K

Brumens@Brumens2·18 Şub

@_CryptoCat @yeswehack Always cool to read your writeups! ;)

English

Brumens@Brumens2·11 Şub

Create article written by @pwnwithlove !

YesWeHack ⠵@yeswehack

Did you know, XXE vulnerabilities can be chained with SSRF to reach internal services? 🤔 Our latest CWE deep dive explains the root causes and impacts of XXE bugs, and has numerous walk-throughs, including for blind, error-based and file upload-related techniques 👇 yeswehack.com/learn-bug-boun…

English

589

Brumens@Brumens2·21 Ara

@ryancbarnett @4ng3lhacker @BlackHatEvents Such a great research!

English

128

Ryan Barnett (B0N3)@ryancbarnett·20 Ara

Here is @4ng3lhacker and I’s @BlackHatEvents talk on Unicode handling issues 🤘 youtu.be/ETB2w-f3pM4?si…

YouTube

English

9.4K

Brumens retweetledi

Ryan Barnett (B0N3)@ryancbarnett·17 Ara

For those following along with @Brumens2, here are the @yeswehack DOJO labs link: dojo-yeswehack.com/learn/python-p…

Ben Sadeghipour@NahamSec

Alex @Brumens2 is taking on the stage and opening #NahamCon2025 Day 1 with "Python Pitfalls: Turning Developer Mistakes into Vulnerabilities" Join us now 👉🏼 youtube.com/live/xmRDR1etn…

English

1.2K

Brumens retweetledi

Ben Sadeghipour@NahamSec·17 Ara

Alex @Brumens2 is taking on the stage and opening #NahamCon2025 Day 1 with "Python Pitfalls: Turning Developer Mistakes into Vulnerabilities" Join us now 👉🏼 youtube.com/live/xmRDR1etn…

YouTube

English

4.4K

Brumens retweetledi

Ben Sadeghipour@NahamSec·11 Ara

Alex is basically part of NahamCon history at this point… he has spoken at every NahamCon so far 🐍🔥 This year he's back with a workshop packed full of real Python security pitfalls, PoCs, and hands-on examples that will make you look at your code (and other people’s code) very differently. 📆 December 17 ℹ️ Explore the lineup 👉🏼 nahamcon.com

English

130

7.1K

Brumens@Brumens2·12 Ara

@ryancbarnett Time for new payloads to be blacklisted ;)

English

Ryan Barnett (B0N3)@ryancbarnett·12 Ara

@Brumens2 🔥

Ben Sadeghipour@NahamSec

QME

762

Brumens@Brumens2·10 Ara

@garethheyes Thank you! That will be very useful!

English

191

$Gareth Heyes \u2028$

Gareth Heyes \u2028@garethheyes·9 Ara

Curious how AutoVader works in practice? The demo video is up. See automated client side bug hunting in action. 🎥

English

2.7K

Brumens@Brumens2·9 Ara

@NoobosaurusR3x @yeswehack Glad you liked it! :)

English

Noobosaurus R3x 🦖@NoobosaurusR3x·9 Ara

@yeswehack thx :) And thx to @Brumens2 of course.

English

Noobosaurus R3x 🦖@NoobosaurusR3x·9 Ara

@yeswehack Thanks for the fun ^^

English

215

Brumens@Brumens2·28 Kas

@ryancbarnett @akamai_research @xnl_h4ck3r Love to see it!

English

Ryan Barnett (B0N3)@ryancbarnett·26 Kas

@akamai_research contributed to the @xnl_h4ck3r "sus_params" dataset based on attack data we see. 👍 github.com/xnl-h4ck3r/GAP…

André Baptista@0xacb

If you need to generate a target-specific wordlist, make sure to check out @xnl_h4ck3r GAP extension. It will scan for sus parameters and generate you a complete wordlist with one click of a button. See it in action 👇

English

2.5K

Brumens retweetledi

YesWeHack ⠵@yeswehack·30 Eki

HTTP request smuggling vulnerabilities have been evolving like crazy in recent years! 🚀 We’ve published a guide to this in-vogue area of research, comprising detection, exploitation and mitigation tips 👇 yeswehack.com/learn-bug-boun… #BugBounty #BugBountyTips

English

130

6.1K

$Gareth Heyes \u2028$

Gareth Heyes \u2028@garethheyes·24 Eki

The best thing I've read in months. Outstanding research.

YesWeHack ⠵@yeswehack

Find the full article here ⤵️ yeswehack.com/learn-bug-boun…

English

27.5K

Brumens@Brumens2·24 Eki

@garethheyes Thank you very much Gareth!

English

1.5K

Brumens retweetledi

YesWeHack ⠵@yeswehack·14 Eki

Ever found someone else’s SIM card in your mailbox? 📱📫 It’s one of the wildest bugs @Wlayzz has ever found – and just one of several interesting insights he shares in our latest hunter interview. Watch his story now 👇 #YesWeRHackers #BugBountyTips

English

6.5K

Brumens retweetledi

YesWeHack ⠵@yeswehack·17 Eki

📢 New research from @Brumens2 is out! Learn how to detect & exploit syntax confusion in real web apps, how he turned an SSRF & blind file read into a full file read, and more besides 👇 yeswehack.com/learn-bug-boun…

English

4.5K

Keşfet

@sw33tLie @NoobosaurusR3x @yeswehack @zerodaygym @_CryptoCat @pwnwithlove @ryancbarnett @4ng3lhacker