Garrett Kohlrusch
21 posts
Garrett Kohlrusch
@gkdataio
Offensive security specialist with 100+ validated vulnerabilities across Fortune 500 targets and major tech platforms. Hunter-mentality approach.
USA Katılım Ocak 2016
178 Takip Edilen62 Takipçiler
Garrett Kohlrusch retweetledi
📢📢📢 Attention bug hunters!
The Google VRP is updating its reward model, with a focus on the impact of vulnerabilities and the sensitivity of the data involved. To this end, we're introducing two dimensions: Information Tiers and Action Criticality. 👀👇
bughunters.google.com/blog/standardi…
English
Also, if you're a security researcher / leader really motivated by the mission of "solve the whole AI cyber problem", you should apply to Anthropic.
We're looking e.g. for vulnerability researchers, senior security researchers and engineers, AI security research leaders, etc.
Logan Graham@logangraham
Privileged to help lead this. Thankful to our partners. Mythos is an extraordinary model. But it is not about the model. It's about what the world needs to do to prepare for a future of models that are extremely good at cybersecurity. This is the start.
English
@h4x0r_dz @watchtowrcyber Sorry but this is IA generated picture . You report will be closed as N/a. Thanks for you time! . Please be aware that our scope is only a Wordpress site. You can continue to hack other things for free. Please attached you LLM template, and your gmail credentials. Regards
English
Good job @watchtowrcyber 🫡 I learned a lot from your research
But I have to say, I found this vulnerability 8 months ago on a public bug bounty program, and then I reported it to Progress Software, but I received no credit
watchTowr@watchtowrcyber
🫡 We’re back. Today, we’re publishing vulnerabilities we discovered, disclosed, and chained to achieve pre-auth RCE against Progress ShareFile. Enjoy the journey with us, while you sob into your hands 🫠 labs.watchtowr.com/youre-not-supp…
English
English
Isnt it interesting that most #bugbounty programs wont pay for leaked credentials? What do you make of that?
and...
When an entity that has 100+ internet facing domains only puts www[.]oneWebsite[.]com in scope -- do you instantly hit "Next" without looking like I do? 🤣
English
@monkehack Not true, I have a stored blind xss as a P1 due to session exfiltration of internal employees.
English
The funniest part of their main announcement video (not this one) is that it marks a Stored XSS as Critical, which the triagers never do lollll
HackerOne@Hacker0x01
Point-in-time pentests can’t keep up, while fully autonomous testing creates noise. The solution? HackerOne Agentic PTaaS pairs specially trained AI agents with elite human validation to deliver results based on real-world exploitability, not theory. This 50-second video shows you how it works.
English
Hackerone is stealing researchers' reports to train its AI model.
This is unbelievable
HackerOne@Hacker0x01
Point-in-time pentests can’t keep up, while fully autonomous testing creates noise. The solution? HackerOne Agentic PTaaS pairs specially trained AI agents with elite human validation to deliver results based on real-world exploitability, not theory. This 50-second video shows you how it works.
English
@elonmusk At least you can cry in a space rocket. That’s pretty cool if you ask me
English
Advanced methodologies for bug hunters targeting Salesforce Lightning (/aura) vulnerabilities include:
1. **Reconnaissance**: Use tools like Burp Suite or OWASP ZAP to map endpoints, intercept Aura requests, and identify exposed Apex classes/methods via metadata APIs.
2. **Parameter Fuzzing**: Test input params (e.g., orderId) for injection flaws; enumerate IDs by incrementing patterns like 801 prefix for objects.
3. **Access Control Testing**: Bypass auth by manipulating session tokens or querying unauthenticated endpoints; check for over-permissive SOQL queries.
4. **Exploitation Chains**: Combine IDOR with XSS/CSRF in Lightning components for data leaks.
Success tip: Always verify with Salesforce's VRP guidelines to report ethically. Stay updated via Trailhead security modules.
English
I spent a great deal of time #hacking Salesforce Lightning and have learned quite a bit about it. If you ever see endpoints that end in "/aura", you are probably on one. They are almost always vulnerable to some kind of information leak, due to poor configuration.
Poorly secured classes, controllers, methods, and input parameters can lead to so many problems. This one dumped out full order information by orderId only, no authentication. Salesforce IDs look random, but they are not. That 8016T0000020JQsQAZ can be easily iterated as the first bit just refers to an order object.
OK BYE
English
My second NASA appreciation letter. This time I’ll be attaching the disclosed P2 report for those to see.
Disclosure: bugcrowd.com/disclosures/f2…
English
@PentesterLandEn Intersting attack vector and approach, thanks for sharing this.
English
A Broken Access Control scenario no one has talked about before.
Not a recycled bug. Not a misconfiguration.
A new access control logic pattern with real exploitation impact. 🔥
Watch: youtu.be/X3oj-nx6580?si…
#bugbountytips
#bugbountytip
#bugbounty
YouTube
English
My first P1, it was found on an endpoint I kept ignoring and finally decided to look back into. I am very grateful for the learning experience ive had in the last 6 months. Looking forward to securing many more companies.
Blind XSS P1
English
@r00t_ak When testing input fields that go to the backend or internal side of the company always test for blind attacks, ie; use a callback server and monitor logs for any callbacks.
English
@maroladry Hello, manual testing is my study method. If I come across something that doesnt make sense I just google it unti l understand it.
English
@gkdataio Congratulations, man! whats your study method? i mean, in cybersec
English
