Sabitlenmiş Tweet
Hi,
Here is a small article of critical vulnerabilities we found on SPIP/Root-Me.
You will find the exploitation of a CSRF and the bypass of the @TheLaluka RCE fix.
spawnzii.github.io/posts/2022/07/…
English
SpawnZii
132 posts
We won 2nd place in YesWeHack SPIRITCYBER25 IOT LHE. 🥳🥳🥳
YesWeHack ⠵@yeswehack
✅ #SPIRITCYBER25 has come to a successful close! 👏 Big shoutout to everyone who participated and congrats to our Top 6 teams once again - your findings have helped advanced Singapore’s cyber resilience. 1️⃣ zamny zamn zamn: @elma_ios, @sunsh1nefact0ry, @junr0n 2️⃣ NullIoT: @bytehx343 @0xakm, @mgthura404 3️⃣ Obsidian Ghost Protocol: @spaceraccoon, Zhong Liang, Azer 4️⃣ Peenoise: @shipcod3, @jeroldcamacho, @japzdivino 5️⃣ saltedeggchicken: @Sn0rkY, Cher Boon Sim, @nbuzydebat 6️⃣ Testalways: @testalways
English
Thrilled to have participated in a private program event on @yeswehack
Had the chance to investigate for a month potential vulnerabilities in an AI assistant model based on LLMs
Proud to have finished top #1 on the leaderboard 🛡️
#YesWeRHackers #bugbounty #cybersecurity
English
Today was my last day as a pentester at Bsecure, and it feels a bit surreal. After a three-year journey of hunting on the side, I’m finally ready to go all-in as a full-time bug bounty hunter.
To celebrate this milestone, I've written an article sharing the full story. It’s a transparent look at the path that got me here: the wins, the lessons, the real financial numbers, and my honest advice for anyone considering this adventure.
You can read all about my journey from pentester to full-time hunter here: gelu.chat/posts/from-pen…
English
That was amazing ! A very nice collab with @cosad3s !
Finally hitting the top 1 😇
YesWeHack ⠵@yeswehack
The hunt is over in Le Loft – and the final scores of our #LHE are in! Hats off to all participants, and in particular to our top 3: 🥇 @aituglo 🥈 @cosad3s 🥉 @SpawnZii A huge thanks to @_leHACK_ 🙌 👀 Check out the final leaderboard: event.yeswehack.com/events/lehack-…
English
Glad to publish a blog post on a critical vulnerability I found some months ago on GLPI, that impacts all default installation under a certain version:
sensepost.com/blog/2025/leak…
We also released a tool that implements some check for known vulnerabilities:
github.com/Orange-Cyberde…
English
Happy to reach the top 10 all time on @yeswehack ! I've admit it's been a long journey, not always easy, but I'm very happy with myself and everything I've achieved over the last few years😄
bonus : this was achieved with a nice critical SSRF 🏴☠️🤠
English
With @FlatNetworkOrg we took part in the @1ns0mn1h4ck finals and we ended up in second place. The Insotransfer challenge was about an RCE on a FastAPI readonly docker instance, enjoy the read :)
worty.fr/post/writeups/…
English
Today, we’re celebrating love by offering some swag! 😍
To take part, make sure to follow us & comment which item you prefer from the pic 👇
We’ll draw two winners (one on X, one on LinkedIn – so you can maximise your chances) on Monday, 10am CET.
Happy Valentine’s Day! 💖
English
SpawnZii retweetledi
Heyo ! 🍺
Prochain stream demain Mardi 11 Fev à 21h !
Au programme :
- Intro Actus & Mini Techno-Watch
- Then GestSup Pwning avec @_Worty & @SpawnZii 🧨
See you there !
➡️ twitch.tv/thelaluka
HT
Just got a reward for a critical vulnerability submitted on @yeswehack -- SQL Injection (CWE-89). yeswehack.com/hunters/spawnz… #YesWeRHackers
English
SpawnZii retweetledi
Just published a quick blogpost about my failing journey trying to get a valid entry for this edition.
link.medium.com/AJgtsUo2MNb
I'll keep trying until I succeed!
In the meantime I wish good luck to all participants and may the demo God be with you 🤘
TrendAI Zero Day Initiative@thezdi
Registration for #Pwn2Own Ireland is officially closed!! We officially have a plethora of attempts, which means a lot to us. Tune in for the drawing for order next Monday, Oct 20, 14:30 Cork time (GMT+1) youtube.com/live/Km4nRs9He…
English
today with @Brumens2 we received a 50,000€ reward for discovering a bug in a public program !! don't be shy, go hunt in public programs too
@yeswehack ʚ(。˃ ᵕ ˂ )ɞ
English
I assessed my first year doing full-time hunting, and also some thought about my new automation. If you want to know more, here it is
aituglo.com/aituweek-13/
English
Just got a reward for a high vulnerability submitted on @yeswehack -- Business Logic Errors (CWE-840). yeswehack.com/hunters/wlayzz #YesWeRHackers
English
SpawnZii retweetledi
🎵 Please don't pwn the music 🎵
Who could say no to a party before a #LHE? Not our bug hunters! They joined our pre-hack party last Friday after an exciting 1st day at @_leHACK_. With fresh beer, great music & amazing people, it was surely a night to remember!
#HackThePlanet
English
Just got a reward for a critical vulnerability submitted on @yeswehack -- OS Command Injection (CWE-78). #YesWeRHackers
English
I'm really happy to say that @github furthered their analysis of the Cache Poisoning on @npmjs and decided to award an additional 10 000$ Bounty !
Here is the writeup for those who are interested (I'll edit it once I get approval):
landh.tech/blog/20240603-…
I'm really grateful to the entire Security Team that worked on this case. They provided a lot of additional technical details that I hope I can disclose some day.
Getting this vulnerabilities recognised is an amazing step for the entire Supply Chain Ecosystem.
We are going to hack this planet 🌍🤟
English
A few weeks ago I found a vulnerability in Apache Allura while reading an excellent paper from @Sonar_Research and the according fix. CVE has been published today.
allura.apache.org/posts/2024-all…
#offensivesec #infosec
English
