kedrisec

@trace37_labs Is it system for evolving agents? Or just for evolve xss payloads?

@kedrisec what details would you like?

I've just re-seeded my four 'survival of the fittest' sanitiser bypass engines. Some good healthy genes being put back into the gene pool... and we run again... Project Fermat has been running for weeks. One sanitiser bypass payload in the db has a max fitness of 0.9825. 1.0 means CVE. Reseeding this particular one with my fit payloads saw it jump back up to above 0.90 within a couple of generations... not all top payloads have worked their way through yet. Other sanitisers have some work still to do but all are climbing. So much fun getting an hourly discord alert telling me how the generational offspring are performing. Proud dad!

@CristiVlad25 @AnthropicAI @bcherny I guess, one way to figure it out is to granulate tasks for even small pieces to make it harder for Claude to fool you. It's better to feed ai with small pieces one by one instead of big bunches of them. Claude is lazy or it's affected by context rotting with such effects

It's getting annoying keeping Claude accountable. I wonder what we can do about this behavior @AnthropicAI @bcherny

@trace37_labs You write skills with using ai?

If I add in the iOS apps (including "Uber" for my kids - with me as an unpaid driver on-demand!), my entire life-management system and a range of other stuff, I reckon 250k lines of code/prompts "written" in the last 12-14 months. Not a flex - it just shows how insanely productive AI/LLM makes us today.

@HackerOn2Wheels @roohaa_n On my targets katana doesn't see dynamically loaded scripts

@roohaa_n Is there any good tool that would crawl and gather all JS? Katana?

Bug hunter friends, what is the best tool to get all the javascript files given a list of domains, hosts or URLs ?? I want to download all of JS files to a directory.

$15k RCE Through Monitoring Debug Mode @0xold/15k-rce-through-monitoring-debug-mode-4f474d8549d5" target="_blank" rel="nofollow noopener">medium.com/@0xold/15k-rce… #infosec #bugbounty #TogetherWeHitHarder #inbbupdatesblogs

@BattleDashDev Nice one!

Just published a new write-up - Hacking 700 Million Electronic Arts Accounts battleda.sh/blog/ea-accoun…

@0xtavian I thought the axiom works in a similar way. Thanks for answering. Now I'm using fleex for this kind of tasks. Will try your tool, thanks for sharing!

@kedrisec Ax Framework speeds things up by distributing the workload across many cloud instances, leveraging cheap computational power. It’s all about parallelizing tasks to get results faster.

Hack faster with Ax Framework. Check this out. We ran subfinder on the top 100 domains and received 200,000 results in just 2 minutes using Ax (compared to almost half and hour)! 😲👇 🏎️ Now imagine how much faster it would be with 1 million domains!? 💨

@0xw2w @damian_89_ I fucking hate that shit. It always looks like we are playing the stupid game "find the bug only on our specified endpoints" that doesn't have any relation to the company's real security.

@damian_89_ A few months ago, I sent a bug that allowed the PII of 4 million users to be downloaded. They rolled a fast hotfix and marked it as ineligible for bounty since the API endpoint is located on the OOS target, although the API call is made within the in-scope target

BugBountyLife... Full PII of 80k consumers of a huge brand but hey... Not in scope, no bounty... One of those programs I wish the worst and won't help anymore ;)

@defparam Definitely me lol

@defparam Nice one! I use just a curl request to lambda endpoint and take the response into slack.

@HusseiN98D But why?

One of the best investments you can do when doing #bugbounty is getting yourself a strong VPS with very fast internet. Those 2GB ram 3$/month won't help you much if you're serious into it.

CVE-2024-30043: @chudyPB details this #SharePoint XXE he discovered. He calls it one of the craziest XXEs he has ever seen, both in terms of vuln discovery and the method of triggering. He shows how it can be used for info disclosure & NTLM relaying. zerodayinitiative.com/blog/2024/5/29…

@nnwakelam Moreover, I would like to suggest to thinking about bb like playing against companies (who totally don't give a fuck about you as person, they were made and think(most of them)only about money making, so why don't you think same way?), but not people.

The biggest piece of advice I would give any bounty hunter going from $XX,000 to a multiple of that is to start to view your reporting as adversarial to the bug bounty program. 1/2

@hakluke It's nice to know, that not only me is addicted to the idea of automation bug bounty. Also so funny to see how my way to make architecture better is close to someone else's :)

Creating the perfect bug bounty automation (via trial and error) Attempt #1: Bash Attempt #2: Django Attempt #3: Golang and the Unix Philosophy Attempt #4: Cloud Native loom.ly/AiTZb8g

I often export proxy items from Burp to extract certain data. Example: filter out all response headers where request param is X, get a list of all response params for custom wordlist creation etc. I built this tool to make it do what I want: github.com/fransr/unpack-…

Bug write-up for Google Extensions thanks @ThomasOrlita and others for the help :) ndevtk.github.io/writeups/2023/… this writeup does include some free XSSs I got board of waiting.

@xnl_h4ck3r Thank you for your work! It's one of my lovely extensions!

v3.3 of GAP Burp ext is here: ✅Can be called from any context, not just Site Map ✅Add Link Exclusion checkbox. If not selected, the links exclusions will not be applied (so returns all links) 🩹5 bug fixes - see CHANGELOG for more details 🤘 github.com/xnl-h4ck3r/GAP… #BugBounty