H-mmer

@Zeus_exe1 @intigriti Go through support. That's not even remotely acceptable time without any response.

Is it normal for a report to be stuck in "Pending" for exactly 4 months with zero updates from the program? @intigriti , I know some reports take time, but any advice on how to handle this kind of wait?🙏 #bugbounty

@fightazon Serves him right 😂

Bro really thinks he’s invincible 😭

@Zaddyzaddy @BugBunny_ai Would be nice to try this and see how well it really does without getting duplicates but the pricing is fucking ridonculous

About to drop 32 new @BugBunny_ai reports across bug bounty programs. Don’t hate the player, hate the game.

I'm not Nadler. Check the report again properly thank you very much. Report: 791357. @yeswehack #yeswehack

When you report that an unauthenticated attacker can tamper law-enforcement evidence via PUT and the triage team says "No CIA triad impact" @Hacker0x01 #bugbounty

@KHIZER_JAVED47 @OpenAI Codex gpt5.5 Cyber is soooooooo much better than Opus 4.7 and that's coming from a Opus 4.7 heavy user. Dunno wtf Anthropic did to make 4.7 this dog shit. 5.5 sweeps the floor with it.

Anyone using @OpenAI codex for pentesting / bugbounty / general cybersec workflows? Getting pretty fed up with Claude limits lately and thinking of switching. Got “trusted access” for Codex curious how it actually performs in real-world security use. Worth the move? Any tips?

@_riatre Have to agree. 4.7 was and is a complete fucking mess and 5.5 sweeps floor with it.

Unpopular opinion: codex is the best harness out there.

@zack0x01_ Roughly 2hours after sending it

finally my turn came 👀 how long it took to review your application !!

@CannaCollectz Winter Hail

Name this strain and get to be our seeds and buds permanents tester Good luck Only 5 winners Best names wins

@jeremie_strand @Dinosn Still got a lot more in-depth stuff planned. And honestly the best part atm is the SAST part of the framework

@Dinosn 40 specialist agents is wild. The exploit-chain builder is the really interesting piece though -- automated reasoning about how individual vulns compose into attack paths is where offensive security tooling needs to go.

Autonomous bug-bounty framework for Claude Code — 40 specialist agents, exploit-chain builder, writeup search, and live HackerOne/Bugcrowd integration. github.com/H-mmer/pentest…

@0x_ultra You could just fill the fucking Cyber Use Case form and use Claude for whatever you want.

fuck it, authorization letter generator Claude does not push back when reading one of these lol authorized.xultra.fun

@YourAnonOne Finnish Retirement Fund

@solrewards I need money

Tell me in 3 words why you need $500

@VivekIntel Give this a whirl: github.com/H-mmer/pentest…

Claude-Red: Turn Claude into a Red Team Operator with 38 Offensive Security Skills. 🤖💀 Prebuilt SKILL .md modules for SQLi, XSS, EDR evasion, exploit dev, OSINT & more — structured like real attacker workflows. AI is powerful, but garbage input = garbage output. Skills define capability. #RedTeam #AIsecurity #CyberSecurity github.com/SnailSploit/Cl…

@Zaddyzaddy @yeswehack How much you pay for the subscription. I'm not seeing any pay-as-you-go on bunny so where does the $13 come from. I'm fairly sure your total is higher

We spent $13 scanning this asset and were rewarded €2,000 on @yeswehack. Bugbunny keeps taking all the bug bounty rewards 😀

@ma1fan Insurance money guaranteed with shit security

I reported a critical vulnerability to a top-tier crypto exchange—an exploit that could allow an attacker to crack and steal wallet private keys within minutes. By all industry standards, this was a severe, high-impact bug. Yet, they initially offered me a measly $4,000 bounty. I refused to accept it and pushed back hard. After a prolonged back-and-forth, they spent ages escalating it to their leadership. Following endless rounds of "approvals," they finally added a whopping $1,000 to the offer, bringing the grand total to $5,000. I am honestly "moved to tears" by their generosity, considering an exploit of this magnitude is easily worth at least $50,000. Seriously, my advice is to avoid participating in Bug Bounty programs run by certain Chinese teams. It seems they would much rather risk getting drained for tens or hundreds of millions of dollars by actual hackers than pay a white hat a single extra cent for protecting them.

@4osp3l Give this a whirl: github.com/H-mmer/pentest…

@rikeshbaniya @claudeai @Gemini Give this a whirl: github.com/H-mmer/pentest…

haven’t done manual recon in a month. - @claudeai + burp mcp ; the backbone - @gemini ; local assessment pipeline #bugbounty #bugbountytips #aihacking

@MicahBerkley @AnthropicAI Fill the cyber use case form and your welcome

So @AnthropicAI is no longer allowing me to scan my own software for security vulnerabilities using Opus 4.7. This is a huge problem. Opus 4.6 this was never an issue. And respectfully Opus 4.6 was a beast at this. I'm really disappointed. Especially since I'm paying $200 month for this. I'm not going to use freaking Sonnet to do security work. @bcherny help us out maannn...

@VivekIntel Been building similar system for a while myself. Next thing would be to train the model in real engagements.

Building the 0-Day Machine: Autonomous Vulnerability Research with Claude Code & MCP. 🤖💀 blog.zsec.uk/bullyingllms/