Erick Fernando

@Hacker0x01 is responding to Support quickly; this time it only took them 11 months and 22 days to reply. 🫤

My first vulnerability capable of compromising accounts on a social network. Yay, I was awarded a $15,000 bounty on @Hacker0x01! hackerone.com/erickfernandox #TogetherWeHitHarder

🚨 WARNING: A 0day vulnerability in Adobe Acrobat Reader is being actively exploited in the wild for 4 months now. Simply opening a malicious PDF can lead to data theft and potentially full system compromise. Adobe has not released a patch for this vulnerability.

@hunter0x7 thanks 😁😀

@erickfernandox You are indeed a skilled hacker <3

I love Cache Poisoning! ❤️ #bugbounty #bugcrowd

@xandsz__ @Bugcrowd Kkkk

@erickfernandox @Bugcrowd Brinca muito!

Starting the year with a beautiful XXE exfiltration at @Bugcrowd. #bugbounty

@JoaoGomes12243 @Bugcrowd Obrigado @JoaoGomes12243 😄👏🏻

@erickfernandox @Bugcrowd Que achado legal, parabens @erickfernandox

A very good xss payload.🔥 <sCriPt x>(((confirm)))``</scRipt x> credit: @viehgroup #bugbountytips #xss #bugbounty

@PhilippeDelteil @Hacker0x01 Thank you! Coming from the best of Chile, it's an honor. 😁

@erickfernandox @Hacker0x01 Arrasou!

Yay, I was awarded a $10,000 bounty on @Hacker0x01! hackerone.com/erickfernandox #TogetherWeHitHarder

@pwnj0 @Hacker0x01 That was a great Christmas present. lol

@erickfernandox @Hacker0x01 wow, merry xmas 🎅🏻

@xandsz__ @Hacker0x01 O caminho é longo ainda viu kk

@erickfernandox @Hacker0x01 É o mestreee🔥

Critical Vulnerability Rewarded by Deutsche Telekom (T-Mobile Germany/European Union) #bugbounty #p1

Tamo bem rankeado na @bugcrowod no mês de agosto dentre os BR hein @sushicomabacate @erickfernandox

@c4ng4c3ir0 @sushicomabacate 👏👏

@cyberx00t Next, I generated a token using the OAuth code, and the generated token was an Amazon Cognito JWT. Using any regular user's Amazon Cognito token, I could access resources in any company system that user had access to.

@erickfernandox No Understand , Can You Provide More Accurent Way

A simple open redirect can wreak havoc. Simple open redirect -> misconfigured OAuth authentication flow -> privilege abuse using Amazon Cognito token #bugbounty #bugcrowd

@cyberx00t The application had a centralized API login using OAuth, and one of the domains had an open redirect vulnerability. It was possible to inject into the redirect_uri that returns the OAuth code to the application, allowing me to capture it.

Yay, I was awarded a $10,000 bounty on @Hacker0x01! hackerone.com/erickfernandox My First Five Digits on @Hacker0x01 #TogetherWeHitHarder