SplinterSec

@Masonhck3571 @Bugcrowd Steak and fries for dinner

I earned $75 for my submission on @bugcrowd bugcrowd.com/h/{id: "masonhck357"} #ItTakesACrowd 🫠🫠🫠

Want to see what top-notch security research looks like? Look no further than @j_domeracki's latest research, a standout contributor to the Google Cloud VRP! 🪲💪 jdsec.cloud/posts/2026-01-…

@SinSinology Looking sharp! Nice shots 👌🏼

@splint3rsec fuji x-t3

photos

@kevin_mizu Same here... :(

I didn’t manage to get a place for the CCC this year… I’m looking for two. If you’re selling one or know someone who is, please contact me 🙏

@_xploiterr Pay attention to stress

You need to bring urgency into your life for doing anything for example a task, that way you will be able to complete the tasks way faster that you normally do and you will learn more.

@OriginalSicksec @wld_basha Congrats boys! 👏🏻

Me and @wld_basha got awarded 20K for a very nice supply chain attack

@Masonhck3571 @Bugcrowd Big fish! Congrats 👏🏻

I earned $12,000 for my submission on @bugcrowd bugcrowd.com/masonhck357 #ItTakesACrowd SQL Injection via hidden parameter on password reset functionality.

@Bugcrowd Ffuf

$1,000 GIVEAWAY 🎁‼️ Here’s how to enter: 1️⃣ Fill out the ITMOAH survey 2️⃣ Like this post 3️⃣ Comment your fave tool 4️⃣ Repost bc your friends deserve a chance too Giveaway closes Sept 30 at 11:59pm ET. One hacker takes home $1K. 20 others will score $200 each. Already filled out the survey? You’re entered to win! If not, now's your chance: surveymonkey.com/r/bugcrowd-itm…

@iambouali nice catch!

Back to hacking PayPal after some time off, mass PII exposure this time. Shoutout to h1_analyst_alexander, always professional and on point. Even when everything looks secure, there's always something to find.

@actuallyclover @Hacker0x01 My bounty has been pending on a program for more than 6 months now, I left it without hesitation :)

Every failure leads to the next success Keep going and the game will reward you

@theevilbit Speedrun root? We shall contact Guinness World Records

Since I haven't posted any exploit videos in a while, here's a macOS Tahoe LPE. 🐟

@jobertabma @NahamSec @stokfredrik @Hacker0x01 splint3rsec

Hey hackers! We're running a beta for Hai for Hackers, our AI security agent. If you're interested, please reply with your HackerOne username (we will probably limit to ~100 hackers for now). After it's been enabled, you can start using it by clicking the Hai button in the top right corner of the app. It’s free to use (with a limited daily budget for now). It is like any other AI you’ve interacted with, with the added benefit that it has access to a whole bunch of HackerOne data, like reports and programs. We’re shipping improvements to Hai almost every day. Here are some neat use cases: - “take all the learnings from STÖK, jhaddix, and nahamsec's recon strategy and build one for me!” - “write a python script for a typical recon process” - “i need an XSS payload that doesn’t use single or double quotes” - “my XXE payload doesn't call back to my server, what could go wrong?” - “write a response for report #133337” The beta also comes with Hai Plays for you, which allows you to build your own security agents in HackerOne. You can create them at hackerone.com/settings/hai_p…. Some of the cool use cases we’ve seen so far are: - write reports with minimal input from you (efficiency++!) - convert reports into blogposts with a single prompt - AI mentor to give feedback about your communication and increase the likelihood of a reward In the background we’ve been working on agentic behavior, which we expect will soon come to Hai for Hackers as well. These AI agents can act like your hacking buddy and hack alongside you. We’ll keep you in the loop on our progress.

2025, cognitive capitalism; everything is accessible/learnable, the only currency: your time building your skill set inherently involves risk when the primary goal -among others- is the alchemical process of turning knowledge into gold is skill set X worth Y of your lifetime?

@disclosedh1 Conclusion: always test SSO as well :)

Mozilla disclosed a bug submitted by z3phyrus: hackerone.com/reports/3154983 - Bounty: $6,000 #hackerone #bugbounty

@Krevetk0Valeriy Probably you're the first one ever to use 🔥

I'm not gonna lie, if I say that's the craziest thing that could have happened during the bug bounty journey. Hard and limited scope with Best Hackers in the Leaderboard. And this is the result - complete infrastructure fuckup. Thanks to my buddy for the infinitely cool ideas.

@x86rax @Apple It's pretty fast. Go for it

@splint3rsec @Apple How are you finding it? The GPU is failing on my Lenovo I think so looking for replacement

@theevilbit Oh been there, amazing shots!

@splint3rsec Yes, this is at Dobogoko.

A little green with sunset.