Abhishek Meena 🏵️

3.6K posts

Abhishek Meena 🏵️ banner
Abhishek Meena 🏵️

Abhishek Meena 🏵️

@aacle_

Building @Vulncure ⚡| Helping founders fix vulnerabilities before hackers find them. Talk to me about: Bug Bounties, LLM Security & React.👇 Book a 15-min Demo

Katılım Haziran 2017
284 Takip Edilen47K Takipçiler
Sabitlenmiş Tweet
Abhishek Meena 🏵️
We've curated entire API Pentesting Series into a single, auto-updating Notion page. • All existing parts • Future parts added automatically • One link to bookmark Access the full library here: vulncure.com/api-pentest/ap…
Abhishek Meena 🏵️ tweet media
English
5
122
590
29.2K
Abhishek Meena 🏵️
8/ What to do today: - Don't open untrusted repos on your main Windows machine. Use Windows Sandbox. - Treat every cloned repo like an npm install from a stranger. - Watch for the patch. Until it ships, git.exe in any repo you open is a loaded file. @Aacle/the-cursor-zero-day-that-sat-through-70-versions-a144c79ae20f?sk=372fde5c15c261ad4685534f0659ba4d" target="_blank" rel="nofollow noopener">medium.com/@Aacle/the-cur…
English
0
0
1
61
Abhishek Meena 🏵️
7/ Why this is bigger than Cursor AI-assisted IDEs aren't editors anymore. They run code, resolve paths, inherit your machine's trust. Most teams haven't audited surface. The bug will get patched. The pattern stays. This is new perimeter for dev teams, and most haven't noticed.
English
2
0
1
58
Abhishek Meena 🏵️
1/ A researcher renamed Windows Calculator to git.exe, dropped it in a folder, opened it in Cursor. Calculator opened. He didn't click anything. One file. One rename. One folder open. Code execution. And it's still not patched after 7 months. Here's the story. 👇
Abhishek Meena 🏵️ tweet media
English
1
0
2
387
Abhishek Meena 🏵️ retweetledi
Bug Bounty Insights 🪄
If your external recon stops at running Amass and a standard Nmap scan over an ASN, you’re missing 80% of attack surface. Real-world hunting means tracking → analytics tracking IDs, → fuzzing VHosts on naked IPs, → and watching CT log renewal clusters. Efficiency > scale.
Bug Bounty Insights 🪄 tweet media
English
0
1
3
309
Abhishek Meena 🏵️
You asked for this enough times that I had to finish it. Part 3 of the MCP Bug Bounty Guide is live @Aacle/prompt-injection-is-just-ssrf-for-text-7c864c73571e?sk=72f8e982df275aaa51704ec32e733d99" target="_blank" rel="nofollow noopener">medium.com/@Aacle/prompt-…
AnmolSecSavvy@AnmolSecSavvy

@aacle_ brooo when we will get MCP part 3?

English
0
0
12
1.2K
Abhishek Meena 🏵️
Before you read another take on the WordPress RCE, run the checker. wp2shell.com 5 seconds. Tells you if your site is vulnerable. Not patched? Block /wp-json/batch/v1 in your WAF now.
Abhishek Meena 🏵️ tweet media
English
0
3
17
954
Abhishek Meena 🏵️
I used to think prompt injection was an AI safety problem. Then I wrote it up as SSRF and the whole thing clicked. → The boundary is the same. → The bug is the same. → The bounty table row already exists. Part 3 of the MCP bug bounty guide: @Aacle/prompt-injection-is-just-ssrf-for-text-7c864c73571e?sk=72f8e982df275aaa51704ec32e733d99" target="_blank" rel="nofollow noopener">medium.com/@Aacle/prompt-…
English
1
2
17
1K
Abhishek Meena 🏵️
Bug hunters: stop only fuzzing endpoints. Start reading tool descriptions. Whoever writes an MCP tool's description writes instructions the model will follow and it's a real, reportable vuln most programs are ignoring. @Aacle/the-tool-list-itself-is-the-attack-mcp-bugbounty-series-part-2-107e0311be94" target="_blank" rel="nofollow noopener">medium.com/@Aacle/the-too…
English
0
2
11
939
Abhishek Meena 🏵️
Bookmark the ones you'll use. Drop your under-the-radar one below, always looking for more.
English
0
0
1
281
Abhishek Meena 🏵️
7/ The one that pays more than any tool: read 10 paid, disclosed HackerOne reports per vuln class before hunting that class. Not tutorials. Reports. You learn what "impact" looks like to a triager.
English
1
1
2
1.4K
Abhishek Meena 🏵️
1/ Everyone knows HackTricks and PortSwigger. These are the resources that actually find bugs. Less hyped, higher yield. A short list I keep going back to. 🧵
Abhishek Meena 🏵️ tweet media
English
2
16
65
3.5K