szd

@0xLupin GG Roni !🚀

WE DID IT ! WE RAISED $5.9M PRE-SEED 🥳🎉🎉

@DoomerOutrun @EpicGames @Blaklis_ Mustach/10 as usual

Honored to receive the MVH award (Most Valuable Hacker) & the BIGGEST bounty Epic Games ever paid: $130,000! 🏆💰 Leaving the @EpicGames Live Hacking Event with a surreal win with my teammates with @Blaklis_ and Snorlhax. 🤯 My first LHE was with Epic in 2022, so this closes the loop perfectly. Having my parents there to see it meant the world. ❤️ Oh, and I beat Popeye at arm wrestling. 💪 What a month!

Did the night owls shake up our @TeamViewer #LiveHackingEvent rankings overnight? 🦉 See for yourself 👉 event.yeswehack.com/events/nullcon… Top spots are now occupied by @aituglo, @cosad3s and @v3rlust, but a few hours remain to climb the leaderboard. May the best hunter win! 👑 #NullconBerlin2025 @nullcon

@DoomerOutrun @Geluchat @n1nj4sec @Hacker0x01 Moustache/10

Hack in Milan : Went on a trip, found a few crits with the boys @Geluchat @n1nj4sec :D Check out the edit below. 📣 Nujabes - Feather Really great challenge by @Hacker0x01 can't wait for the next one !

@aituglo @yeswehack "no duplicates"... On your side 😁

Here it is, the story of the LHE from @yeswehack at LeHack aituglo.com/aituweek-50/

@DoomerOutrun @Hacker0x01 Quel BG 😁 Chaud pour une session de hunt live avec la commu FR.

I am now officially a @Hacker0x01 ambassador 🚀 French hunters, beginners or veterans : How about an upcoming hacker meetup ? What would you prefer ? (talks, hacking event, exploration/research...)

@Icare1337 See you there bro 😉

Here we go ! #leHack

@yeswehack @BitK_ @_leHACK_ Beer 4 Hints @BitK_?

Ready to take on #PayloadPlz? On June 27-28, @BitK_ challenges you to craft a single payload capable of breaking multiple web-based challenges 👀 🎉 Good news: this challenge isn’t just for @_leHACK_ attendees - it’ll also be open online to anyone who wants to give it a shot. Exclusive swag awaits the top 3 on site, as well as the online winner! More info: yeswehack.com/page/yeswehack… #YesWeRHackers #leHACK2025

@Hacker0x01 @AzeriumD34132 @dropn0w @hgreal1 @Mthirup @Al7eX91 Congratz Bro ! @DoomerOutrun Hâte de poncer à nouveau à tes côtés

The security research community in Europe and the Middle East just got even stronger. Say hello to these new HackerOne Brand Ambassadors: 🇦🇿 @AzeriumD34132 (Azerbaijan—new club!) 🇧🇪 @dropn0w & @hgreal1 (Belgium—new club!) 🇩🇰 @mthirup (Denmark—new club!) 🇮🇹 @Al7eX91 & @Ciper_942 (Italy—new club!) 🇱🇧 @hasansheet (Lebanon—new club!) 🇸🇪 @joaxcar (Sweden—new club!) 🇳🇱 @yoerivegt (Netherlands) 🇫🇷 @DoomerOutrun (France) 🇵🇹 @secgus (Portugal) 🇹🇷 @jusxing (Turkey) These ambassadors will fuel research, mentoring, and live events across the region. We’re glad they’re here! Check out the program: bit.ly/3lMs6lO #AppSec #EthicalHacking #H1Club

@jobertabma @NahamSec @stokfredrik @Hacker0x01 Szd

Hey hackers! We're running a beta for Hai for Hackers, our AI security agent. If you're interested, please reply with your HackerOne username (we will probably limit to ~100 hackers for now). After it's been enabled, you can start using it by clicking the Hai button in the top right corner of the app. It’s free to use (with a limited daily budget for now). It is like any other AI you’ve interacted with, with the added benefit that it has access to a whole bunch of HackerOne data, like reports and programs. We’re shipping improvements to Hai almost every day. Here are some neat use cases: - “take all the learnings from STÖK, jhaddix, and nahamsec's recon strategy and build one for me!” - “write a python script for a typical recon process” - “i need an XSS payload that doesn’t use single or double quotes” - “my XXE payload doesn't call back to my server, what could go wrong?” - “write a response for report #133337” The beta also comes with Hai Plays for you, which allows you to build your own security agents in HackerOne. You can create them at hackerone.com/settings/hai_p…. Some of the cool use cases we’ve seen so far are: - write reports with minimal input from you (efficiency++!) - convert reports into blogposts with a single prompt - AI mentor to give feedback about your communication and increase the likelihood of a reward In the background we’ve been working on agentic behavior, which we expect will soon come to Hai for Hackers as well. These AI agents can act like your hacking buddy and hack alongside you. We’ll keep you in the loop on our progress.

@Blaklis_ @Hacker0x01 @swisscom_csirt Welcome back boss 😉

In a few days, I was awarded $20'000 in bounties on @Hacker0x01, and a nice CFH 10'000 (~$12'000) bounty on @swisscom_csirt ! Nice way to slowly get back at it hehe :) #TogetherWeHitHarder #bugbounty #SwisscomBugBounty

@Blaklis_ @garethheyes ♥️ memories

My french team, for the world cup, and in collaboration with my wife, printed me a hoodie with a redacted payload on it. That bug was super fun, but quite hard to exploit! If encoded words, RFC2047 and so on are strange words to you, @garethheyes presented at the same time their research about emails parsing, which explains much better and much deeper the things I'm talking about in my talk : portswigger.net/research/split… t.co/jB0vOfWEQb Worth a read/look! :) #bugbounty

@yeswehack Où est ce qu'on signe ? 🎅

Before tonight's big feast, take a glimpse into our Christmas parties ✨ In London, the team gathered for an exciting urban golf session ⛳, while in Singapore, it was boat time, wandering the Straits of Singapore 🚤 Parisians had to save Gotham City and escape the Joker's lair 🃏, and a medieval role-playing game entertained our team in Rouen! ⚜️ Now, we won't delay your preparations any longer... and wish you a wonderful Christmas Eve! 🥂

@yeswehack @LOrealGroupe @_leHACK_ Maman, je passe à la TV !

Our catch-up session continues with @LOrealGroupe, the target of our #LiveHackingEvent at @_leHACK_ this summer! 💄 Bug hunters, L’Oréal’s & @yeswehack’s teams shared an electrifying day and night of pwn, discussions and collaboration. Check it out ⤵ youtube.com/watch?v=wVSZ5l…

@nissanfrance @Gabydebur Bonjour @Gabydebur, On ne se connaît pas mais je m'apprêtais à passer une commande chez @nissanfrance, si vous pouviez me dire s'ils ont réglé la situation concernant votre véhicule ça m'intéresse car de mon côté je ne pourrai pas me permettre un tel retard de livraison.

@Gabydebur Pour cela, il nous faudrait ces éléments dans un message privé : votre nom complet, votre numéro de téléphone, le nom de la concession et votre numéro de commande. Cordialement, Emilie 2/2

Hey @nissanfrance ! Ma #xTrail commandée fin août, devait arriver il y a 2 semaines. Elle a été repoussée sans aucun avertissement à fin février ! Vous trouvez ça normal ? J'ai un dossier ouvert chez vous depuis deux semaines et pas de news depuis ! @UFCquechoisir

@yeswehack All I want is easier Bitk Challs during @_leHACK_ 😉

It’s nearly Christmas, so we need your letter to Santa, bug hunters! ✍ Which topic would you like us to focus on to add great features to the @yeswehack platform in 2025? 🎁 Got another wish? Drop it in the comments 👇

@DoomerOutrun @gregxsunday We need more infos about the workout to be so fresh as you are on these pics 😁

@gregxsunday Man thanks a toooon I was so honored of being there with you. That was a sick day 🔥

Today, @DoomerOutrun made history as the first BBRE podcast guest to visit Kraków exclusively for the recording. We:  ✅ Conducted a great interview ✅ Did a workout ✅ Went to a shooting range ✅ Got some drinks It was a pleasure and fun hosting you Victor!

@h4x0r_dz Try with your own known id to validate : /api/users/H4x*

I have an endpoint, /api/users/<id>, which retrieves user data . when I use * as ID, like `/api/users/*`, it takes 60 seconds and returns a Timeout . I think this request is trying to retrieve data for all users, but due to the large volume of data, the response is timing out.

@Blaklis_ Merci pour tous les bons moments et pour les opportunités que tu nous as offert chef ! 🇫🇷

I'm no longer a HackerOne ambassador - I decided recently to re-focus on myself, and on hacking. I've invested a lot of time in the community last years - and I'll still be there, somehow - but it's time to get back some time for myself, and for hacking a bit more :) #bugbounty

On the menu ? (>) How to perform ? (>) How to handle pressure ? (>) Getting selected (>) 2 real-world cases : From zero to LHE ! (>) A big up to the FR community and all of the awesome people in it -> @Blaklis_ @Geluchat @0xLupin, freesec, snorlhax, @BitK_ , @n1nj4sec , @Intrusio , @Yumi_Sec