Aman Rawat

Escalating XSS to Account takeover #bugbounty #infosec #hacking theamanrawat.github.io/2021/02/01/xss…

We cut LLM costs by 59% with prompt caching on Neo. Key moves: → 3 breakpoints with deliberate TTLs → Moved dynamic content out of the prefix to the tail → Stable templates, byte-identical across all users → Provider routing for cache locality 7% to 84% cache hit rate. Full breakdown: projectdiscovery.io/blog/how-we-cu…

Finding vulns is getting easier. But proving them is still the hard part. We ran Neo against popular open source repos and got back 22 confirmed CVEs (auth bypasses, RCEs, sandbox escapes) each with working exploits and real evidence. New blog breaks down 5 of the most interesting findings 👉 projectdiscovery.io/blog/everyone-… Heading to #RSAC? Try Neo yourself at Booth 3131 → projectdiscovery.io/events/rsac-20…

After our last experiment scanning vibe-coded apps, we turned Neo loose on popular and trending open-source projects over the past few weeks. Neo found 50+ bugs with 22 already assigned CVEs. It’s becoming clear that finding bugs with LLMs isn’t the real challenge validation and noise reduction are. That’s where Neo stands out, delivering production-ready results with under 10% false positives and continuously improving

How Neo found an SSRF vulnerability in Faraday.. 👾

We built three full-stack apps using Claude Code, Codex, and Cursor - a healthcare portal, a banking platform, and an insurance claims system. The prompts were casual, exactly how people actually vibe code. No mention of security, nothing intentionally broken. Then we threw four security scanners at them Neo, Claude, Invicti and Snyk and manually verified every single finding. The results genuinely surprised us. 70 exploitable vulnerabilities across three apps. Unlimited money creation in the banking app. Any user could create admin accounts in the insurance platform. Patient records accessible to anyone in the healthcare portal. All Critical and High severity. All shipped out of the box. But what really got me was the scanner gap. Neo found 62 of 70 vulnerabilities with only 5 false positives. Snyk found literally zero valid issues. The difference between these tools isn't incremental it's the difference between finding the bugs that matter and walking away with a false sense of security. Full blog with the stats is live. The detailed research paper with exact prompts, methodology, all the findings, and the apps themselves is coming soon.

Awesome finding 🔥👏

Exploring the cutting-edge of cybersecurity at BSides Goa with these brilliant minds! #BSidesGoa #Cybersecurity @bsidesgoa

@srb1mal @SynackRedTeam Thanks

@theamanrawat @SynackRedTeam Congratulations brother, can I talk with regarding something in dm, I can't dm you as it's asking for subs?

I've achieved the 3rd rank on @SynackRedTeam in the last 30 days in India!

@pmnh_ @SynackRedTeam Thanks @pmnh_

@theamanrawat @SynackRedTeam Congrats, you've done very well in an incredibly difficult and slow period at Synack.

⏰ It's new docs time! 📝 ProjectDiscovery has updated our docs site and it's 😍. check it out here: buff.ly/3ua7qbN

Get a template started immediately while reading about the newest #vulnerability, by using #opensourcesecurity, AI, and the blog you read it in. #Nuclei Template AI Browser Extension. Now available. buff.ly/3QQRjJ9

@sudhanshur705 @aszx87410 Nice finding ❤️

I along with @aszx87410 was recently able to find an interesting case of a DOM based xss in figma.com Sharing the details in this writeup as the bug is fixed now github.com/Sudistark/xss-…

@prateek_0490 @zomato ✋

Hello, CTF Lovers! We conducted an internal CTF competition at @zomato, and we're considering making it public to everyone to have some fun in solving some brain-twisting stuff. Let us know in this thread if any of you would be interested in participating. #ctf #infosec

@Madara_Hax0r blog.amanrawat.in/2022/08/30/CVE…

@theamanrawat can you provide a poc for this cve since its old now

I got CVE-2022-38463 for unauthenticated XSS in ServiceNow. 😁 cve.mitre.org/cgi-bin/cvenam…

[NEW-RELEASE] Nuclei Template Editor - AI-powered hub to create, debug, scan, and store templates. Collaborate effortlessly with your team and community. Public signup is open; we're eager to hear your feedback on this early release. - Editor: templates.nuclei.sh - Docs: docs.nuclei.sh/editor #Hackwithautomation #AI #CyberSecurity

@RitikChaddha @pdnuclei 🔥

CVE-2023-34362 - MOVEit Transfer - Remote Code Execution (critical) 🚨🚨 Nuclei Template : github.com/projectdiscove… @pdnuclei #hackwithautomation #bugbounty #pdteam #infosec #poc

@ja1sharma Thanks 😊

@theamanrawat Nice one 🔥

Here is the blog post of my another finding on ServiceNow - CVE-2022-39048 blog.amanrawat.in/2023/05/05/CVE… #bugbounty #infosec #Hacking

@tirtha_mandal Thanks

@theamanrawat Congrats! Look for high/crit