nick

I submitted a critical and imminent vulnerability report to a BSC project that exposed $400 million TVL to theft and was being actively exploited. The CEO promised a bug bounty if I shared the the team. I did. They confirmed it. CEO ghosted me for months and has refused to pay.

Hilarious bug bounty story. Reported an RCE to one of the @immunefi programs. Their scope was hxxps://app.com. When loaded, their app sent requests to hxxps://api.app.finance. And by modifying one of these requests i gained RCE.

@HusseiN98D Hope u will brigther soon!

I've been taking some time OFF due to COVID - variant where you feel the pain, then felt good after 2 weeks, then again felt bad after 2 days of recovering. Kind of endless loop. Doing better now, thanks for the messages. Take care and keep shining there ❤️

Subsidized.sol, a modifier to refund gas cost of calling functions in your contract: github.com/z0r0z/soliditi…

Hackerone might be the only company that decided to not pay citizens of Belarus/Russia what they owed them prior to invasion of Ukraine. They won't send $25k that I earned in 2021. They say sanctions are the reason, but actually the reasons are not legal, but... ideological. 1/

New research out on DOS attacks in the blockchain ecosystem! The authors provide lots of examples of DOS attacks against 10 blockchain entities. Definitely worth a read for #immunefischool! arxiv.org/pdf/2205.13322…

@Jhaddix Harry Potter and methods of rationality. It's easy and enthralling fanfic which contain a lot of physic's methodology stuff.

Can someone recommend an easy (but good) sci-fi or fantasy read? Helps me de-stress 🤓

Recent Local File Read WAF bypass. Null byte %00 in between two dots .. ➡️ .%00./file.php #bugbounty #bugbountytips #bugbountytip #infosec #pentest #waf #bypass

@NahamSec Try Harry Potter and methods of rationality

Almost done with “The Power of Now”. What should I read next?

@h4x0r_dz yo, somebody succes is not your failure, especially if it's fake

Why everyone is successful at LinkedIn ? every single day when I open "LinkedIn " I see everyone showing off their success ?. This makes me depressed

@equat0rium @Hacker0x01 Yo, honestly is realy impressive that u only focus on Epic Games for few month or even more, congratz man

@stokfredrik I find it when u have 1.7k subs, Congratz man

Do you stop and celebrate milestones, or do you keep pushing towards what’s next?

@stokfredrik @TomNomNom it doesnt have to be like everyone else course, espesially if we have guys like @stokfredrik here

@stokfredrik @TomNomNom It would be great if u ask permission from apps like h1 or smth and do step by step understanding of how it works. Just kinda course about what u pay attention for and kinda scenariors might be here with that stuff

Speaking of courses, what if I managed to convince @TomNomNom to teach a course together with me (I mean Tom’s voice and teaching skills is to die for) On what subject would you like us to educate you on? And would you be willing to pay for said course? Asking for a friend,

@stokfredrik @TomNomNom actualy intesting how guys like @TomNomNom do these things. It might contain a sections like 'js static analasys', 'requests analysis' etc

@GodfatherOrwa @XHackerx007 congrats

@Masonhck3571 i've found xss on literaly same kinda place few weeks ago and sec. team told that they need working atack vector. It's hard sometimes to proof any impact on these circumstences if u playing around black box. So, report was closed as "informative".

Thoughts? If I find an XSS on an authentication portal(unauthenticated) and even though I am unable to get authentication, I can prove(via JS file) that the web app stores Auth token or session cookie in Localstorage, Would that be enough to consider a higher severity?

@h4x0r_dz so, it might be a good point for smth u realy wanna do

@h4x0r_dz just go outside and take a walk, don't think about motivation and productivity. Just focus on what you see and feel in the moment. You can go somewhere and have tea or coffee. Usually such walks help to free ur mind from negativity and unpleasant thoughts.