Anirudh Anand

@pilvar222 @manaaaaaaaf @haicker_app @pilvar222 @manaaaaaaaf Would love to try this out. Could you add me to the beta ? Have signed up through the website form.

My friend @manaaaaaaaf and I have created an AI hacker! 👨‍💻 It can find 0-days in web applications with 0% false positives, and it also works on CTF challenges! What you see ⬇️ is @haicker_app solving a web challenge from UMassCTF 2025 (only 45/557 teams were able to solve it!)

Diving deep into Jetbrains #TeamCity Part 2 - Analysing CVE-2024-24942 leading to unauthenticated Path Traversal: blog.0daylabs.com/2024/12/11/jet…

Applications of Large Language Models (LLMs) in Offensive Security: blog.xint.io/offensive-secu…

CVE-2024-0132: Escaping @NVIDIA Container Toolkit allowing attackers to gain full access to the host's filesystem leading to Remote Code Execution (#RCE). Amazing research from @wiz_io 🔥 wiz.io/blog/wiz-resea…

Hacking Kia: Remotely Controlling Cars With Just a License Plate, amazing read from @samwcyo 🔥😎 samcurry.net/hacking-kia

CVE-2024-45489 - Gaining access to anyone's browser without them even visiting a website, fun read from @xyz3va 🔥 kibty.town/blog/arc/

[Must Read] Using #YouTube to steal your files - Crazy writeup by @rebane2001 🔥 lyra.horse/blog/2024/09/u…

Microsoft #Copilot: From Prompt Injection to Exfiltration of Personal Information, amazing read from @wunderwuzzi23 embracethered.com/blog/posts/202…

Detailed analysis on #XSS -> #RCE in #electron bypassing the nodeintegration affecting user note app ! Amazing writeup from @ruikai 🔥 0reg.dev/blog/electron-…

Just released the first part of a multi-part series on analyzing recent #TeamCity vulnerabilities! Part 1 is all about CVE-2024-23917 and how it leads to Authentication Bypass.

Leaking sensitive data within shared preferences using an insecure Content Provider in the Android App leading to Account Takeover, an interesting read from @0Xhunterx 🔥 @ahmedelmorsy312/unsecure-content-provider-led-to-account-takeover-1e45d716bd7c" target="_blank" rel="nofollow noopener">medium.com/@ahmedelmorsy3…

Exploiting CVE-2024-20356: Jailbreaking a Cisco appliance to run DOOM 🔥: labs.nettitude.com/blog/cve-2024-…

Race Condition on Changing Email Leading to Arbitrary Email Forgery  by  @blackarazi 🤠 link.medium.com/jZUVZpf1WIb

An interesting collection of Server-Side Prototype Pollution gadgets found in Node.js, Deno standard libraries, and various third-party NPM packages along with exploits: github.com/KTH-LangSec/se…

[Fun Read] Fixing Typo's and breaching Microsoft's perimeter for a whopping $0 bounty ! "the only thing standing between the public internet and Microsoft’s internal network was a single typo and some shell commands" 🤣 johnstawinski.com/2024/04/15/fix…

CVE-2023-46851: #Apache Allura (< 1.15.0) Arbitrary File Read via Discussion Import leading to Remote Code Execution (#RCE) via Signed Serialized Session, amazing read from @Sonar_Research 🔥 sonarsource.com/blog/dangerous…

CVE-2024-0333: ZIP embedding attack on Google #Chrome extensions through abusing CRX file format ( Embedding malicious extension inside a valid Chrome extension to create a malicious extension with a valid signature) readme.synack.com/exploits-expla…

Exploiting Race Condition to Gain Infinite Wealth (through unlimited refunds) - m0leCon (@pwnthem0le) CTF 2023 goldinospizza2 writeup: @Solderet/m0leCon-ctf-exploiting-race-condition-goldinopizza2" target="_blank" rel="nofollow noopener">hackmd.io/@Solderet/m0le…

Making #PHP Great Again 2.0, or how to use filters with `require_once` ? Fun read from @dustriorg 🔥 dustri.org/b/solution-to-… If you love solving similar PHP challenges, do checkout websec.fr (Extremely fun PHP based challenges)