Sayaan Alam

Finally, the Most awaited write-up is here , SSRF (Server Side Request Forgery) worth $4,913 | My Highest Bounty Ever! Kudos to @TechFenixSec Red team for helping me throughout the research Retweet if you like it.🙂 #bugbounty medium.com/techfenix/ssrf…

@damian_89_ Sure thing :)

@ehsayaan Will answer you later - currently on the road

Absolutely thrilled that one of the most amazing cybersecurity conferences is happening in breathtaking Mussoorie! @BsidesMussoorie is more than a conference, it’s an experience: insightful talks, brilliant minds, networking, and fresh mountain air.

@rauchg @tech_savvy_guy_ @vercel You should change that setting to allow everyone @rauchg since you are always expecting some DMs, hahaha!

@tech_savvy_guy_ @vercel 💀 sorry, DM’d

hey @rauchg - there seems to be a flaw in the deployment protection in @vercel i am part of an organization in both GitHub and Vercel with my organization email added to both platforms. Now, when I author commits to my repo with my organization email, it blocks the deployment

@rauchg Obsession can make me sit on a screen for straight 16 hours or more. A job could never match that productivity!! Obsession + Goal is key to super productivity.

Obsession is the mother of invention

@ArmanSameer95 Sorry to hear bro, you can always call whenever you don’t feel good or need someone.

Life isn’t fair. I lost my childhood best friend, the one I grew up with. This doesn’t feel right.

@dhruvagoyal Less AI interactions when using MCP, you just give input and final output/results. No follow up on each step

If AI models can control applications directly (CLI/Browser/API), what’s the point of MCP?

@rajivayyangar @ProductHunt Check your DMs!

Builders ✨showed up ✨ Check out the leaderboard today - it’s exciting to see so many YC applications!

@arshadkazmi42 Takeover check failed: incompatible encoding regexp match (UTF-8 regexp with ASCII-8BIT string)

I recently added subdomain takeover monitoring to issl.today, along with an API. You can now generate an API key and programmatically check whether a domain is vulnerable or potentially vulnerable to subdomain takeover. It also supports importing your HackerOne scope via API key. The system will: Import all in-scope domains Perform subdomain enumeration (including wildcards) Continuously monitor them for services that could lead to takeover Useful if you’re tracking takeover opportunities across many programs.

@rauchg @YShahinzadeh Haha i didn’t expect a lightning fast response like that. I must applaud for your responsiveness on such issues. I wish all other C Suite executives were like that🙌🏻

@ehsayaan @YShahinzadeh DMing. Thx for ping

Is anyone here from Vercel? I discovered a P2 vulnerability in one of their products. I initially reported it by email but received an automated response directing me to submit through HackerOne, and you know the rest of the story :] Is there anyone I can speak with directly?

Track trending vulnerabilities and active exploitation signals. Free vulnerability intelligence dashboard by LeakyCreds leakycreds.com/vulnerability-…

Live Vulnerability Intelligence & Trending CVEs | LeakyCreds leakycreds.com/vulnerability-…

@18002096006 I sent you the details in DM

@ehsayaan Hi @ehsayaan, this is definitely not the experience we want you to have. Kindly share your registered contact number and vehicle details with us via DM, so we can connect and address the issue more effectively. Regards, MahindraForYou twitter.com/messages/compo…

@rauchg Hahaha it’s good to see you involved in bug bounties lately. Especially during Vercel WAF challenge. Can’t donate funds to some early age cybersecurity startup to kickstart their journey?

Due to how these bug bounty programs work, we’re getting paid for the discoveries by Cloudflare / Matthew. Please reply with interesting AI and cybersecurity research teams or open source projects we should donate the funds to!

We've identified, responsibly disclosed, and confirmed 2 critical, 2 high, 2 medium, 1 low security vulnerabilities in Cloudflare's vibe-coded framework Vinext. We believe the security of the internet is the highest priority, especially in the age of AI. Vibe coding is a useful tool, especially when used responsibly. Our security research and framework teams are extending their help and expertise to Cloudflare in the interest of the public internet's security.

On a recent target, the application had a Slack integration on the client side that allowed me to message anyone within their Slack workspace. #bugbounty

That’s massive :)

What’s next from them?