@daeken There would be a high risk to get lost depending on the company you fly with
English
Luciano Corsalini
142 posts
I'm pretty sure I've tweeted this before, but I'd pay so much for a service that knocks me out in my hotel room, brings me to the airport, puts me on a plane, transports me home, and wakes me in my bed. Fuck first class; give me an oxygen mask in a box in the cargo hold.
English
@rohk_infosec Just to be on the safe ride, I’d ask the not-dupe one for favors instead
English
We're feeling generous! 🤗 We're manually sending out some private bug bounty program invites today... who should we invite? 👂#HackWithIntigriti
English
Please don’t actually report this. There isn’t any real impact. It’s basically the same as if you registered an entirely new email and set up email forwarding on one of the addresses.
Somdev Sangwan@s0md3v
@cybercdh Good one. Here's one from me: example@gmail.com AND e.xa.m.p.le@gmail.com are the same things. If a web application registers them as different emails, you can report it as a vulnerability that let's you create multiple accounts with one email.
English
@cyb3rsick So stupid that leads to ATO as the URL always contains a token to keep going with the password reset flow. Not sure whether you or the company really realized the impact of this.
English
At password reset pages always try manipulating HOST header, you might get lucky and find that the password reset URL contain your own host instead of the original domain name.
Just got easy 500$ for this stupid bug.
#bugbountytip #Bugbounty #ItTakesACrowd
English
Luciano Corsalini retweetledi
People have been trying to get me to tell them all of my secrets on how I reverse engineer apps. I wrote a small article on how I do everything. Enjoy
wongmjane.com/post/secret-of…
English
If you want to live what you experience the moment you die when you see your entire life passing by in a flash, just run:
. ~/.bash_history
English
@stefanohablando @EdOverflow Try popping the song lyrics in an alert instead 😜
English
English
@Bitquark One of my favorites github.com/urfave/cli. Anyway, you can always set a custom usage message if you don’t like the default one. Just override flag.Usage
English
Yay, I was awarded a $4,000 bounty on @Hacker0x01! hackerone.com/lucio #TogetherWeHitHarder TIP: take always the right amount of time to write a good PoC!
English
Finally managed to get some cool stuff @HackenProof sent me! Thank you guys, it definitely worth the time spent in line at the post office 😜
English
@ITSecurityguard @Bitquark @_bl4de @smiegles Space broken is not a big deal. You can always replace it with %20
English
It fasinates me that a trillion dollar company is not competent enough to build a working keyboard. So yeah, really excited to go to the Apple store to fix my space bar and be without a laptop for a week..
English
@jackhcable In case someone finds an RCE, can he/she get a degree before reporting it?
English
Stanford’s launching a bug bounty program! Open to all students and faculty, the program kicks off this Saturday. Join us Saturday at Lathrop 282 from 10am - 4pm for a launch hackathon. Details at bounty.stanford.edu. #bugbounty
English
Luciano Corsalini retweetledi
CHALLENGE: FIND THE FLAG🚩 & WIN🏆! There's a secret flag hidden in this tweet. Can you find it? 🕵️ Check the rules in the replies! 👇#HackWithIntigriti #BugBounty #CTF pic.twitter.com/0PFZNd692W
English
@phr0nak @rohk_infosec Sounds odd but it never works with a pillow on my back
English
@rohk_infosec “Set Up an Alternative Appearance” id your friend ;)
English
@ITSecurityguard I’d send him/her a package with a picture of what you’re selling inside
English
Love selling things on eBay.
I've been chatting with this scammer for the last hour or so :D
Don't fall for such a scam :)
English
Luciano Corsalini retweetledi
Bugbounty tip: Want to find some internal code of companies or some sample codes of new features? Checkout with: site:repl.it intext:<companydomain>. In companydomain, if you know the internal domain it is even better. #bugbountytip
English