Christian Lopez 🦄

@stokfredrik 1. Infosec is small world. Be nice and humble. You're probably talking to your future employer/employee/colleague. 2. Learn to write reports. 3. Don't let people decide for you to which platforms use. Use all of them and increase your chances of learn.

I am hiring!! linkedin.com/posts/clopezma…

I'd like to believe there is a story behind the scenes, but checking in 44 seconds if the asset is in scope, it is not a duplicate, it is valid, impactful, and reproducible? If this is automated, I wonder what are the stats for FP and FN...🤔

"Success is not final. Failure is not fatal. It is the courage to continue that counts." – Winston Churchill

@CoreyD97 @Burp_Suite Happy Bday 🙂

@monkehack I was in the DMZ and JSA a few years ago. Totally recommend it. I remember seeing tourists groups on the other side and thinking what story their guide was sharing. Also remember when I got to the "blue house" and how I was extra careful to not cross the line 😅

Visiting the Korean DMZ and looking into North Korea was one of the weirdest experiences of my life. This is your reminder to balance work and hacking with living your life and experiencing the world. Onwards to Japan on Wednesday to see my grandma :)

I am in London for Black Hat Europe 2023. If you want to meet and have a chat about how @NCCGroupplc can help to fulfill your Bug Bounty needs, DM :) #BHEU

Every time you click this link, it will send you to a random Web 1.0 website wiby.me/surprise/

@dcuthbert The screenshot I attached was taken after reading your tweet. You are right do, before it was at this setting by default. But I was able to change it.

@phr0nak Go in and check, it defaults back to blue only, at least for me

So either it’s a bug or deliberate but you can’t change the setting

100 (very) short bug bounty rules:

@intigriti Could you spell that for me?

Your grandma asks you what an IDOR is, what do you answer?

@olearycrew Sent. Thanks.

@phr0nak Can you DM me the email you used to sign up?

Am I the only one not receiving the API key after sign up? @pdiscoveryio any help?

@irsdl @CoreyD97 I can only speak for my team at NCC Group. The answer is ABSOLUTELY NOT. Not even after X period of time.

@CoreyD97 Side question, can a triager report bugs in the same programme or it’s forbidden for some time after? I think if a reporter knows that the triager has no interest but also can earn more points/money by accepting an actual issue then they would feel much better.

After so many years there are still people who believe Triagers get commission for rejected reports. ¯\_(ツ)_/¯

@pry0cc @Hacker0x01 Merry Christmas 🎅