Tomi 🥀

Guys I made it. 19th of this month is my last day at work, from the 20th I will be a full time bug bounty hunter. Dreams come true, this is just the beginning. 🔝

ALS has gradually taken away Kenneth’s ability to speak. Through Neuralink’s VOICE clinical trial, he’s exploring how a brain-computer interface designed to translate thought to speech could help restore autonomy in his daily life. Watch to learn more:

I’m still surprised that the influencer pandemic has reached cybersecurity... I’ll always prefer to keep a low profile rather than pr*stitute this passion.

Valverde? 👀

Este tío ha decidido que en este partido quiere ser defensivamente Paolo Maldini, Fernando Redondo en el centro del campo y Ronaldo Nazario en la delantera. Fede Valverde acaba de realizar la mejor primera media hora de la Historia del Fútbol. Sí, sí, de la Historia del Fútbol.

@h0rus3c 💪hard work always pays off

It’s been almost two years since I started my journey in Bug Bounty Hunting at 22, while finishing my university degree. After investing 1,730 hours in studying, researching, and hacking, I’m proud to share that I’ve earned over €150,000 in bug bounty rewards, with more than €10,000 still pending from recently submitted reports. That’s an average of €93 / hour Many people say bug bounty is a scam or just a matter of luck. Yes, luck plays a role. But it’s far from everything. This is fully autonomous, self-driven work. No one gives you a roadmap. Most of the time, you face complex problems alone, without solutions on internet, and you’re the one who has to figure them out. On top of that, the competition is global. You’re searching for vulnerabilities in systems where thousands of skilled researchers have already looked before you. It hasn’t been an easy path. I’ve had disagreements with programs and triagers. I’ve encountered programs that don’t pay fairly or take months to respond. I’ve dealt with reports that weren’t fully read or properly understood. But I’ve also encountered the complete opposite: amazing programs, triagers, and staff with whom it’s been a real pleasure to collaborate, and with whom I continue to work to this day. All of that shapes you. Not only technically, but professionally. You learn negotiation. You learn how to communicate clearly with companies. You learn how to demonstrate real impact and deliver what organizations truly value. And that growth is just as important as the rewards. Finally, a huge thanks to the amazing platforms @Hacker0x01 @yeswehack @immunefi @cantinaxyz where I have been hunting throughout my journey #BugBounty #CyberSecurity #Hacking #Infosec

Weekends in Spain: - Great food - Amazing culture - Mild, sunny winters - Good football on TV - Half of the internet randomly stops working

BAILA @vinijr and please never stop. They will never tell us what we have to do or not. ✊🏽

LaLiga has been ordering Spanish ISPs to block ~3000 IP addresses almost every weekend. Because Cloudflare IPs are shared, this has been doing massive collateral damage to thousands of legitimate websites, apps, and vital services - all at the whim of a private corporation.

As I said at the time, I don't know who will advise on these measures. These people from the Spanish league have no idea, with all due respect.

We have become aware of recent reports concerning legal proceedings in Spain that may affect VPN services, including Proton VPN. At this stage, we were not aware of any proceedings that may have been underway prior to these reports coming to light and have not been formally notified of any proceedings or judgment. Moreover, any judicial order issued without proper notification to the affected parties, thereby denying them the opportunity to be heard, would be procedurally invalid under fundamental principles of due process. Spanish courts, like all courts operating under the rule of law, are bound by procedural safeguards that ensure parties are given a fair opportunity to present their case before any binding judgment is rendered.

🔴 #URGENTE | Pedro Sánchez y Begoña Gómez montaron una trama de influencias entre la Organización Mundial del Turismo, Air Europa y República Dominicana. Mensajes de WhatsApp desvelados en el teléfono móvil de Koldo García así lo indican. Las conversaciones secretas del asesor de José Luis Ábalos muestran cómo Víctor de Aldama hizo de intermediario entre la OMT, Air Europa y Moncloa.

@fwrnr I mean, the main “product” of bug bounty platforms is researchers, but it seems like that’s being forgotten. I don’t have any say here. I started from scratch, and my goal isn’t to gain followers—just to do what I enjoy. Even so, I don’t think this AI idea is right.

'if nothing is reported' there are tens of millions of reports as far as I understand? That's more than enough, combine that with other data sources like people's blog posts, books that have been published, bug trackers etc... It's the fault of ppl in the community with big followings for never holding platforms to account over anything. They have consistently only spoken up on something when it started to affect them. I don't mind watching it all explode, I checked out mentally after realizing I was pushing for accountability and pro-hunter action more than people with 100x my following :-)

These platforms would be useless without researchers. What good is it for an agent to learn from our reports if nothing is reported? All platforms should start valuing their researchers and not allow this kind of thing, at least not without asking permission first.

Unfortunately most of the execs at these bug bounty platform fail to understand one thing: Your platform isn't your product... your hackers are. 🤷🏽‍♂️

@zseano @Radiowebcc hackerone.com/terms/general 3.1 "HackerOne may use Confidential Information to develop and/or improve its Services (for example, to identify trends, and to train AI models) provided such use does not result in disclosure of Confidential Information to unauthorized third parties."

Can you spot the XSS vulnerability? 👀 Test it out live at: pwnbox.xyz

Crazy challenge @AmirMSafari !

Le están metiendo mierda al científico que ha dado un paso enorme para curar el cáncer de páncreas porque pertenece a una fundación privada, critica sin tapujos la falta de financiación pública y no descarto que por ir al Hormiguero. Son unos hijos de puta, es que no hay más.

Justo hoy pasamos por allí y es una vergüenza