Nate
16.7K posts


@nnwakelam Oh haha yeah, more of a fan of "wide spectrum" kinetic uh hotdogs
English

@nnwakelam Electronics is like legos, you can do whatever you want. Now I kind of want to make a machine that throws hot dogs at people.
English

@cheeseanddope What if I want it to shoot projectiles of my choosing and and what if it wasn’t a cat but could do human facial recognition asking for a friend
English

not every application has a hidden attack surface, learning to go breadth and knowing when to stop going breadth is really valuable. If you've thrown everything you can think of at it, beyond what you'd expect it to take and what may likely be hidden you should move on to something else as it's just burnt hours at a certain point.
English

I tried all the relevant SecLists and Actuator wordlists on this Whitelabel Error Page but couldn't find anything. Any suggestions on what I should try next?@TeslaTheGod @the_IDORminator @krishnsec @NahamSec @GodfatherOrwa @shreerajaput @4osp3l

English

@nickycakes @bankolewya the mental image of MJ swallowing 125 xanax a day is really something
English

@TheGrandPew This actually looks pretty good and I haven’t heard of it I’ll check it out
English

@nnwakelam too old to die young. its directed by refn who directed drive, pusher, bronson etc
English

@pjklife @nickycakes gonna go burn my hand on the stove to punish myself
English

@pjklife @nickycakes I can't engage in these kinds of discussions on this website or else I have to ban myself from it
English

@nnwakelam @nickycakes Shouldn't every person of a country not want their countries symbol burned? Only people that would disagree are people that shouldn't be part of your country.
English

@pilvar222 @J0R1AN It makes sense. This is one of those bugs that’ll hang around for a while. Nonstandard installation paths, abandoned forums on major infrastructure etc stuff you can’t dork for easily
English

@nnwakelam @J0R1AN Quite a lot of them, we reached out to moderators of the biggest ones about the patch though. Exploit is easy but leverage to RCE is harder, from what we saw 4.x.x allows installing PHP plugins but requires admin password again
English

We found this crit a few weeks ago, tens of millions of users impacted across all phpBB forums. After 4 weeks, @J0R1AN is finally releasing the details in a blog post!
aikido.dev/blog/authentic…
idk what's crazier, the 9 minutes triage or that this 1 req bug wasn't found for years

Aikido Security@AikidoSecurity
On June 10th, we announced a critical auth bypass in phpBB, now CVE-2026-48611. Here's the technical followup with exploit scenarios and how to detect it. All it takes is one unauthenticated request to log in as any user, admin included, on a default phpBB install, no password required. Aikido Attack caught this on a routine run. We reported it June 2nd, and phpBB shipped a fix four days later in version 3.3.17. If you haven't upgraded yet, do it now.
English

It's friday so you know what that means, time for a critical vulnerability!
Okay... we announced it 4 weeks ago already to be fair, but now we can talk about the technical parts 🙌
Read how authentication could be bypassed on every online phpBB instance:
aikido.dev/blog/authentic…
English






