
Patrik Grobshäuser
4.9K posts

Patrik Grobshäuser
@ITSecurityguard
Security Research @ Assetnote https://t.co/RmFwv6ItrQ https://t.co/VCPfgTLLBN https://t.co/qylqwXgc9I https://t.co/uwZdquCB7l
Offenburg Katılım Ocak 2013
302 Takip Edilen31.6K Takipçiler
Sabitlenmiş Tweet

I finally let Claude do my pentest this week. Full 5-day engagement, zero human input. Here's what the client got: 😏
clawd.it/posts/10-repla…
#bugbounty #pentesting #AI #cybersecurity #infosec #claudeai
English

Pre-Auth Remote Code Execution in ServiceNow! (CVE-2026-6875)
New research from @hash_kitten of the @SLCyberSec security research team is out 👀 😏 👇
slcyber.io/research-cente…
PS: this might not be the last one 👁️👁️ 😉

English

@bug_dutch @intigriti San Sebastian is the most beautiful city!
English

Last couple of days I had the pleasure to redeem the prize I won 🥇 during the last Live Hacking Event organised by @intigriti
It was a nice culinairy trip to San Sebastián, bug bounty does bring you to some places😋 #1337UP1125



Basque Country, Spain 🇪🇸 English

new research out! 🚢
We took apart CargoWise Webtracker, the customer portal in one of the most widely deployed logistics platforms in the world.
Hardcoded keys, forged sessions, and a path all the way to pre-auth RCE. full writeup below.
👇🏻
slcyber.io/research-cente…
English

@ZackKorman well you seem to be a bit sour because you haven't made it to this years cybersecurity-excellence-award.com ?
English
Patrik Grobshäuser retweetledi

@0xdef1ant Absolutely my bad @0xdef1ant is the source!
English

@ITSecurityguard oh come on, if you're gonna repost, at least credit me
English

@ZackKorman It wouldn’t change a thing, instead of one disastrous Ivanti vulnerability per week we would get two
English

Was it always the plan to create AI-automation out of the reports hackers sent through Bugcrowd?
Frans Rosén@fransrosen
@caseyjohnellis I think there is quite a big difference here, Casey. He created something out of knowledge that he and his team collected themselves. No terms were changed during that ride. Was it always the plan to create AI-automation out of the reports hackers sent through Bugcrowd?
English

@lennaert89 @Jhaddix ah no I am talking about new accounts, first submission the chances of those striking gold
English

@ITSecurityguard @Jhaddix If I combine out of scope, non applicable and informative I get to about 60% of submissions
The other 40% obviously still contain the duplicates, and those are valid findings.
And of that 60% not everyone is "just throwing everything" some of them are new, still have to learn etc
English

@lennaert89 @Jhaddix What’s the number on intigriti?
English

@ITSecurityguard @Jhaddix Im pessimistic at times but 99.9% is quite the overstatement here 😂
English

@Jhaddix The "Mythos" of the miracle researcher that comes out of nowhere and miraculously pops a shell is exceptionally rare. 99,9% of submissions are of people throwing everything at you, don't read the scope, are ignorant of learning or just plain malicious trolls.
English

@ITSecurityguard This is not a shade question... just wondering...
Let's say a new researcher finds a bug today and submits it. A priority researcher finds the same bug tomorrow, and it gets triaged immediately. Does the new researcher get duped off of someone who found the bug after them?
English

@mdisec there are items that can be shipped worldwide :)
English

I reported 4 critical 0-day to a vendor one of the leading companies in its sector.
They paid me $500 amazon.com gift card, which turned out it can only be used at Amazon US 😂
Rewards have never been my motivation for reporting issues. When I started doing this work, bug bounties did not exist. Responsible disclosure was simply the right thing to do, and I still see it that way.
But you never ever gonna get any high quality findings from a seasoned researchers. Never.
English

Stop blaming AI slop for what bug bounty platforms did to themselves.
👇 wrote down some thoughts about the state of triage
clawd.it/posts/14-to-ka…
English









