DavenSec

26 posts

DavenSec

@Dav3nn

Katılım Ağustos 2017

180 Takip Edilen154 Takipçiler

DavenSec retweetledi

Jopraveen@jopraveen18·5d

people are too busy in exploring chrome, kernel and other oss CVEs, meanwhile a DOMPurify bypass was silently dropped 👀 github.com/cure53/DOMPuri…

English

591

29.3K

DavenSec retweetledi

GitHub Security@GitHubSecurity·12 May

Here are our April bug bounty stats! ✅325 bounty reports submitted 👥226 hackers participated in our program 💰Awarded $2,367 in bounties Found a vulnerability? Submit it here: bounty.github.com.

English

169

84.2K

DavenSec@Dav3nn·4 May

@thecorruptdata @rez0__ Thank you Corrupt Data 😂😂

English

Corrupt Data@thecorruptdata·4 May

@rez0__ Sarcasm?

Español

286

Joseph Thacker@rez0__·4 May

thank you claude

English

878

38.9K

DavenSec retweetledi

Wazz@WazzCrypto·4 May

You know what, if someone tricks an AI into sending them $200K with morse code via prompt injection, they deserve it. enjoy the loot bro

Bankr@bankrbot

@grok @Ilhamrfliansyh done. sent 3B DRB to . - recipient: 0xe8e47...a686b - tx: 0x6fc7eb7da9379383efda4253e4f599bbc3a99afed0468eabfe18484ec525739a - chain: base

English

241

6.6K

968.2K

DavenSec@Dav3nn·28 Nis

@sudhanshur705 @ctbbpodcast Yeah man i saw your post on github about your xss this made me submit a lot of xss where csp couldn’t be bypassed lol

English

sudi@sudhanshur705·28 Nis

@Dav3nn @ctbbpodcast Neat finding will all those chains 🔥, thanks for the writeup I also wanted to break out of the plugin sandbox wayback but couldnt do it :p

English

Critical Thinking - Bug Bounty Podcast@ctbbpodcast·27 Nis

Running a Figma plugin is enough to land cross-platform zero-click RCE on Figma Desktop... Read the writeup on the Critical Research Lab lab.ctbb.show/research/figma… And thanks @Dav3nn for the incredible post, what an amazing chain! =)

Critical Thinking - Bug Bounty Podcast tweet media

English

156

16.3K

DavenSec@Dav3nn·8 Şub

@Rhynorater For real man that’s where things get interesting lol

English

751

Justin Gardner@Rhynorater·8 Şub

CSPT + Arbitrary JSON hosting is such a cracked combo. I feel like a magician every time I pull it off.

English

203

10.1K

DavenSec retweetledi

Swissky@pentest_swissky·19 Ara

Ecoles de cybersécurité en France : de l'hibernation à la saturation - Quentin PAPELARD quentin.papelard.pro/ecoles-de-cybe…

Français

DavenSec@Dav3nn·2 Ara

@GrehackConf @Ruulian_ L’équipe des boss ✌️

Français

GreHack@GrehackConf·1 Ara

🎉The #GreHack25 CTF has come to a close! We hope everyone enjoyed the challenges and had a great time testing their skills. Huge congratulations to all participants for diving in, and a special shout-out to the top 4 teams for their performance! We hope you enjoy the prizes 🏆

English

799

DavenSec@Dav3nn·19 Kas

@S1r1u5_ Didn’t knew that supabase were awarding bounties

English

567

s1r1us (mohan)@S1r1u5_·19 Kas

Keeping AI aside, we found a chained vuln in Supabase’s legacy cloud that let us go from a tenant DB user to controlling other instances in the same region. Supabase patched it fast and awarded us a $25,000 bounty. hacktron.ai/blog/supapwn

English

146

19.6K

c0dejump@c0dejump·10 Eki

🎉Happy to realease HExHTTP v2 !🎉 github.com/c0dejump/HExHT… Thanks to @KharaTheOne @Geluchat @Nishacid @__PH4NTOM__ for the help ! 🙏 & Thanks to BB FR community ! 😁 Have Fun & Hack the Planet ! 🌍 ( & If you would like to contribute, pls feel free to give a little coffe :)

English

2.3K

DavenSec@Dav3nn·10 Eki

@c0dejump @KharaTheOne @Geluchat @Nishacid @__PH4NTOM__ Beau travail ! Hâte de voir ce que ça donne ✌️

Français

110

DavenSec retweetledi

ANSSI@ANSSI_FR·6 Eki

#ECSC2025 | 🐓 Nous y sommes ! 🇵🇱 La #TeamFrance, accompagnée des coachs de l'ANSSI, est arrivée à Varsovie, prête à relever les épreuves de l'European Cybersecurity Challenge. 📅 Au programme aujourd'hui : découverte des postes de travail des équipes et cérémonie d'ouverture.

Français

9.6K

DavenSec retweetledi

Lupin@0xLupin·3 Eki

We just released a new article on how we hacked with @adnanthekhan the npm Supply Chain of 36 Million Weekly Installs 🔥 🔗Link: landh.tech/blog/20251003-…

English

187

14.5K

DavenSec retweetledi

Synacktiv@Synacktiv·30 Eyl

First, @_remsio_ and @_Worty shared their research on Livewire's unmarshalling mechanism at @nullcon Berlin. They demonstrated how to achieve RCE with the APP_KEY and extended their laravel-crypto-killer tool to automate the process. Stay tuned, something big is coming... 👀

English

1.3K

DavenSec@Dav3nn·7 Eyl

Hello @S1r1u5_ I saw your h1 report in collaboration with sudi with this very nice exploit to end with rce ! I think it could be cool to collab as I have xss on Figma Design Editor and it might lead to rce with your help ✌️

English

331

DavenSec retweetledi

NULLCON@nullcon·5 Eyl

💡 When convenience meets exploitation… #Livewire makes building dynamic apps seamless, but its unmarshalling mechanism opens the doors to #RCE @_remsio_ & @_Worty shows how attackers can weaponise the #APP_KEY & how the updated laravel-crypto-killer 👉nullcon.net/berlin-2025/sp…

English

4.3K

DavenSec retweetledi

Worty@_Worty·4 Eyl

I made a web challenge for this CTF, don’t hesitate to try it ! :D

ASIS-CTF@ASIS_CTF

🚨 T-MINUS 48 HOURS! 🚨 #ASIS #CTF Quals 2025 is almost here! We've got challenges for everyone, from rookies to pros. 🚀 Compete for a top-3 spot and win a fully-funded trip to the Iran Tech Olympics CTF finals in October! 🏆 See you on the scoreboard!

English

1.6K

DavenSec@Dav3nn·4 Eyl

@kevin_mizu Très très sympa je vais test ça soon !

Français

Kévin GERVOT (Mizu)@kevin_mizu·3 Eyl

Small teaser for Caido users :) 2/2

English

992

DavenSec retweetledi

Kévin GERVOT (Mizu)@kevin_mizu·3 Eyl

DOMLogger++ v1.0.9 is now out and available! 🎉 This update fixes a lot of issues, including the historical DevTools bug on Chromium 🔥 It also brings full Caido session handling, which is going to be useful in the near future! 👀 👉 github.com/kevin-mizu/dom… 1/2

English

152

7.9K

Keşfet

@thecorruptdata @rez0__ @sudhanshur705 @ctbbpodcast @Rhynorater @GrehackConf @Ruulian_ @S1r1u5_