タズ

6.9K posts

タズ banner
タズ

タズ

@ChrisCz_

Web App Pentester & Bug Bounty Hunter 🐞 | Breaking apps so you don’t have to | Probably drinking coffee while hunting bugs ☕ |

Katılım Haziran 2013
205 Takip Edilen106 Takipçiler
Sabitlenmiş Tweet
タズ
タズ@ChrisCz_·
Created my first browser extension called RepoAlltheThings while learning web development. More details linked below: github.com/ChrisCZ2/RepoA…
English
0
0
1
114
タズ
タズ@ChrisCz_·
@yeahbutnahbut You're legitimately and legally obligated in any self hosted or through third party security research platform to wait until they respond and gave you the green light. Anyone that has sent reports knows it this. I've sent some in the past that have been open for 35+ days.
English
1
0
0
78
John Carroll
John Carroll@yeahbutnahbut·
Loving the framing of the dogpile gang. guy finds flaw, guy email's security, guy emails some others guy waits, guy drops it publicly and it's him getting all the shit. not Reframe, the people ignoring the security and support emails that have legal obligations to protect the information they hold oh you didnt buy linked in premium to run around begging staff for a response, oh you could have done all these other things SECURITY@ SUPPORT@ dickheads. citing putting the users at risk but not thinking far enough to assume that data has already gone
impulsive@weezerOSINT

if you've ever used Reframe to get sober, your private journals, your craving logs, what triggered you, how bad it got, your name, your email, all of it is sitting in a database that anyone can read without logging in i unzipped the app and found a database key in a config file. thats it. thats all it took 357,939 users exposed. disclosed april 7, no response

English
8
2
36
10.1K
タズ
タズ@ChrisCz_·
@weezerOSINT @hot_labor @ZackKorman @rez0__ You can easily tweet if anyone knows how to contact the ceo and dev team of the product since theres a vulnerability that effects hundreds of users. No disclosure/showcase of how theres a vulnerability until you are talking with them. Thats best course of action.
English
1
0
1
41
impulsive
impulsive@weezerOSINT·
this man called me blackhat on his timeline to 71k people. in the dms he told me he's "not claiming i released some secret technique" so which is it? he had the platform to help get this fixed. contact the company, escalate the report, connect me with the right people. instead he chose to start a public fight over disclosure timelines and guess what? the company rotated the key. 25 days of private emails got nothing. one public tweet got it fixed. Joseph Thacker you know what you was doing when you made this post, you are a grown man instigating tl wars isn't there anything else you could be doing with your time right now?
impulsive tweet mediaimpulsive tweet media
English
19
5
182
32.7K
タズ
タズ@ChrisCz_·
@rez0__ if this happens i might come back to gpt. after couple versions have been awful for hacking and asking secuirty questions. hopeful this graph right.
English
0
0
0
315
Joseph Thacker
Joseph Thacker@rez0__·
> For context, GPT-5 missed 40% of vulnerabilities. Opus 4.6 reduced that to 18%. GPT-5.5 brings it down further to just 10%. holy crap. lol. i guess i'm gonna sign back up for pro.
XBOW@Xbow

Anthropic’s Mythos raised the bar for AI vuln detection but kept it invite-only. GPT-5.5 is OpenAI’s answer, and it’s open to all. We had early access. Ran the benchmarks. Blackbox GPT-5.5 already beats whitebox GPT-5. Best pentesting model we’ve tested. Read our analysis: bit.ly/48OX7v6

English
22
6
162
21.1K
タズ
タズ@ChrisCz_·
As someone that prefers being a manual bug bounty hunter if you arent using AI in your workflow somewhere you'll be left behind. Whether its claude,cursor, or Gemini at least use one AI you like.
English
0
0
0
259
タズ
タズ@ChrisCz_·
This person is painfully dumb. She manipulated a point dexter to assassinate foggy because he was going to exposes her for her crimes. She deserves to die and hows is it a hatred of women when she is a vile person?
Mal • ✩。 • ˚@ItsKarenPage

Vanessa being murdered is another classic example of killing a prominent female character in order to further a man's story. It's sick and twisted. Vanessa deserved better, regardless of how you feel about her. It's baseless misogyny coated as a plot device. STOP KILLING WOMEN.

English
0
0
0
27
タズ
タズ@ChrisCz_·
@efaav I took the cursor pill 🤣
English
0
0
0
44
Faav
Faav@efaav·
Took the claudepill 🧧
English
1
0
10
1.2K
タズ
タズ@ChrisCz_·
@xssdoctor @Jhaddix This is reassuring to me after months of not finding anything. The self doubt of not finding anything will working another job 40 plus hours a week.
English
0
0
3
607
xssdoctor
xssdoctor@xssdoctor·
About a year and a half into my hacking journey, I was pretty bummed out. I had done so much work and learned so much, but I wasn’t finding any bugs. I decided to do something drastic, and I sent a discord message to a hacking legend, @Jhaddix
English
18
17
349
37.7K
タズ
タズ@ChrisCz_·
He's only doing this after other experienced hackers told him he's in wrong in his entitlement. Anyone thats has done a pentest for a company of any size knows the report is the talking power than the vulnerabilities you found.
Patrickbatman@hamidonsolo

I owe Hack The Box an apology. I was wrong for expecting a cert after scoring 100 points and having a Critical 9.8 validated on a real company through HackerOne. Clearly I should have spent more time on report formatting instead of finding actual vulnerabilities. My bad HTB. I'll do better. won't happen again

English
0
0
0
36
タズ retweetledi
Caido
Caido@CaidoIO·
🚀New plugin in the Caido Store! Introducing "RepoExplorer" by @ChrisCz_ Open files from a GitHub repository and inspect their contents directly inside the app. Check out more details: github.com/ChrisCZ2/RepoE…
English
0
9
44
2.9K
haley
haley@HaleyyPlays·
not gonna use this account anymore. dm for new one. ✌🏻
English
3
1
13
1.2K
タズ
タズ@ChrisCz_·
I love burp suite for long time but after being a full time @CaidoIO user for past year and a half the use on multiple machines and instances is amazing.
English
0
0
2
45
タズ
タズ@ChrisCz_·
@rez0__ Another item added to my protein intake thanks
GIF
English
0
0
0
34
Joseph Thacker
Joseph Thacker@rez0__·
my spin on this is called protein pudding: - scoop of whey - scoop of pb powder - 1tbsp cashew butter - chia sees - splash of milk (you want it thick) mix it. - fresh raspberries on top super filling, super delicious, super healthy.
Dan Go@CoachDanGo

This is the best breakfast for weight loss. It's 250g low-fat Greek yogurt, one scoop of whey protein, 100g frozen fruit, and a teaspoon of psyllium husk. I call it Glop, and here's why each ingredient matters:

English
3
0
14
3.7K
タズ
タズ@ChrisCz_·
@EdLatimore No you are correct the left is sub my guess is 12% and the left is 15-20% range he still has alot leaner than most people in the less than 20 percent range
English
0
0
0
217
Ed Latimore
Ed Latimore@EdLatimore·
I think it'll be obvious, but I want to preface this by saying I'm giving you a compliment. You have the opposite problem that most guys have. Most dudes underestimate their BF. You are clearly *over*estimating—and by a decent margin In the left, you are a bit leaner than 15%. On the right, you are nowhere near 25%. I might be wrong, but X will come in screaming if I am.
Peter@peterbill69

@EdLatimore Left is me at around 15% Right is me at I’d assume around 25% You can see I have a bicep vein not super apparent but it is there You can definitely have vascularity in the arms in the 20% range

English
86
4
1.3K
505.4K
the_IDORminator
the_IDORminator@the_IDORminator·
Hope everyone has a wonderful week! 👋🏻
English
4
1
60
3K
タズ
タズ@ChrisCz_·
@nmatt0 Its weird ever since I started learning and enjoying hacking in 2022 money was a secondary for me. I get some people started for that reason but you start to hate it security and get burnt out faster imo. I like being able to have on top 500 company without being employed.
English
0
0
1
307
Matt Brown
Matt Brown@nmatt0·
Hacking used to be for nerds. Then it became the latest get-rich-quick scheme promising a six figure salary with no required experience or passion. I predict we have seen the peak...
Zack Korman@ZackKorman

What’s cybersecurity going to look like five years from now? I know that’s a hard question, but I’ve been thinking about it a lot lately. Would be good to hear what others think. What roles won’t exist? What product categories disappear? What tech will be obsolete?

English
24
25
350
32.6K
タズ
タズ@ChrisCz_·
@Jhaddix The fact you given multiple different talks and resources in the security space for years for free worth the praise. Anyone that has met you knows you are genuine person. I guess you cant please everyone.
English
0
0
0
55
JS0N Haddix
JS0N Haddix@Jhaddix·
Just a reminder: I give away many of my tips tricks, research, and methodology via conference talks, podcasts, free workshops, webinars, blogs, here on Twitter, and via my newsletter Executive Offense. I’ve contributed code to many tools. I write and release tools myself, in FOSS. I have done this for 21 years. I never stopped. I just charge for classes now that are the ultimate curation of all those things. Updates? Yeah modern research and updates in charge for. I have a family, sue me I guess. Thanks to the two assholes who sent me dm dissertations on how I’m a sellout influencer and that real hackers release everything for free. Saying that my all my contributions are null and void for running courses. Really makes me want to keep doing it. These aren’t bots either, there are real people in the industry at real consultancies. That’s cool I guess. To be an asshole and meme 💯 of the time is in style. Better be sure that if I see you on the signup list or anyone from your consultancy… you are not welcome at Arcanum stuff. Gl and have a wonderful life 🤗
English
51
28
375
25.8K

Keşfet

@yeahbutnahbut @weezerOSINT @hot_labor @ZackKorman @rez0__ @efaav @xssdoctor @Jhaddix