Patrik Grobshäuser

4.9K posts

Patrik Grobshäuser banner
Patrik Grobshäuser

Patrik Grobshäuser

@ITSecurityguard

Security Research @ Assetnote https://t.co/RmFwv6ItrQ https://t.co/VCPfgTLLBN https://t.co/qylqwXgc9I https://t.co/uwZdquCB7l

Offenburg Katılım Ocak 2013
302 Takip Edilen31.6K Takipçiler
Matt Brown
Matt Brown@nmatt0·
The European mind can't handle Home Depot...
Matt Brown tweet media
English
8
2
85
4.8K
Floerer
Floerer@bug_dutch·
Last couple of days I had the pleasure to redeem the prize I won 🥇 during the last Live Hacking Event organised by @intigriti It was a nice culinairy trip to San Sebastián, bug bounty does bring you to some places😋 #1337UP1125
Floerer tweet mediaFloerer tweet mediaFloerer tweet media
Basque Country, Spain 🇪🇸 English
6
0
27
2.1K
Patrik Grobshäuser
Patrik Grobshäuser@ITSecurityguard·
new research out! 🚢 We took apart CargoWise Webtracker, the customer portal in one of the most widely deployed logistics platforms in the world. Hardcoded keys, forged sessions, and a path all the way to pre-auth RCE. full writeup below. 👇🏻 slcyber.io/research-cente…
English
1
10
54
3.9K
Patrik Grobshäuser
Patrik Grobshäuser@ITSecurityguard·
He's using Mythos to breach NSA Systems btw.
Patrik Grobshäuser tweet media
English
6
3
125
4.6K
Zack Korman
Zack Korman@ZackKorman·
Easy way to be better at your cybersecurity job: Remove all vendors that have these stupid fake awards. They're showing that they're willing to lie to you, and you should believe them. Don't believe me? Screenshot taken from a Delve customer.
Zack Korman tweet media
English
35
15
168
18.9K
Patrik Grobshäuser retweetledi
def1ant
def1ant@0xdef1ant·
me getting gaslit by claude for the 17th time today
def1ant tweet media
English
3
16
100
5.1K
Patrik Grobshäuser
Patrik Grobshäuser@ITSecurityguard·
@ZackKorman It wouldn’t change a thing, instead of one disastrous Ivanti vulnerability per week we would get two
English
1
0
7
800
Zack Korman
Zack Korman@ZackKorman·
I feel everyone is talking about cyber risk with very little input from cybersecurity. For people in cyber, I want your take: How good or bad would it be for cyber if an open-weight no-guardrails Mythos-level model released tomorrow?
English
170
11
224
61.8K
Patrik Grobshäuser
Patrik Grobshäuser@ITSecurityguard·
Was it always the plan to create AI-automation out of the reports hackers sent through Bugcrowd?
Frans Rosén@fransrosen

@caseyjohnellis I think there is quite a big difference here, Casey. He created something out of knowledge that he and his team collected themselves. No terms were changed during that ride. Was it always the plan to create AI-automation out of the reports hackers sent through Bugcrowd?

English
0
0
13
4.2K
Lennaert
Lennaert@lennaert89·
@ITSecurityguard @Jhaddix If I combine out of scope, non applicable and informative I get to about 60% of submissions The other 40% obviously still contain the duplicates, and those are valid findings. And of that 60% not everyone is "just throwing everything" some of them are new, still have to learn etc
English
1
0
0
92
Patrik Grobshäuser
Patrik Grobshäuser@ITSecurityguard·
@Jhaddix The "Mythos" of the miracle researcher that comes out of nowhere and miraculously pops a shell is exceptionally rare. 99,9% of submissions are of people throwing everything at you, don't read the scope, are ignorant of learning or just plain malicious trolls.
English
5
0
3
2.5K
JS0N Haddix
JS0N Haddix@Jhaddix·
@ITSecurityguard This is not a shade question... just wondering... Let's say a new researcher finds a bug today and submits it. A priority researcher finds the same bug tomorrow, and it gets triaged immediately. Does the new researcher get duped off of someone who found the bug after them?
English
11
3
90
8.8K
Mehmet INCE
Mehmet INCE@mdisec·
I reported 4 critical 0-day to a vendor one of the leading companies in its sector. They paid me $500 amazon.com gift card, which turned out it can only be used at Amazon US 😂 Rewards have never been my motivation for reporting issues. When I started doing this work, bug bounties did not exist. Responsible disclosure was simply the right thing to do, and I still see it that way. But you never ever gonna get any high quality findings from a seasoned researchers. Never.
English
10
4
179
34K
ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ 🛡️
There is a fundamental flaw to the argument that LLMs are "just" doing next token prediction. It's true that they are, but they're not predicting tokens of random text! They’re predicting the next token of THE ANSWER to what was asked. I created a demo to illustrate this.
ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ 🛡️ tweet media
English
75
14
150
16.9K