Uranium238

Every critical I find in major corp has been through the most obscure feature that is annoying as hell to setup. It never ceases to give.

@jackhcable with the receipts 😂

@S1r1u5_ Can confirm. Been using LLMs and Claude/Grok mixture as a rubber ducky to explain my thought process and work on reversing some codes. It has made the process 10x faster.

there is no better time than now to get better at source code review. you can 5x your source code auditing with AI.

@zhoro_x @InterviewCoder @im_roy_lee Might be worth for GitHub to start at least alerting on JWT as well in addition to their current coverage: #non-provider-patterns" target="_blank" rel="nofollow noopener">docs.github.com/en/code-securi…

bro pushed his .env file with api creds that ACTUALLY WORK u can just clone the project and use his stupid product for free lmaooooo we're beginning to witness the first disasters of vibe coding @InterviewCoder @im_roy_lee

@R3PL1C8R @zhoro_x @InterviewCoder @im_roy_lee GitHub does for some token types (vendors have to register in most cases). Registered vendors when notified auto deactivate tokens. GitHub does it themselves for their own api keys. docs.github.com/en/code-securi…

@zhoro_x @InterviewCoder @im_roy_lee Why doesn't Github just scan for these and warn you? Or not allow it?

@mrusschen 100%

@uraniumhacker Let’s chat!

Hacking with AI recently has been fun. Here is couple of things I did recently: - Parsed multiple JS files within seconds after identifying a target domain. Used the parsing data to find a critical vulnerability. - For a different program, used mixture of redress, radare2 and GPT-4o to reverse engineer a pretty large golang based server. The more I prompt, the more I am convinced automating hacking with AI is the future. #aihacking #hackbot #LLM

@rez0__ Damn you got my cheatcode.

If I wanted to never make any money from bug bounty, I would do these things: - Report immediately without reproducing - Spend 12 hours on a theoretical self-XSS - Skip reading the bounty scope - Write a tool that finds "Server" header disclosure - Convince myself that rate-limit bypass is always critical and report it as often as I can

getting ready to hack and send criticals

@jobertabma Honestly, should do this for LHEs 🤣

H1 is adding a package containing a banana, Saratoga water, and a clock with the alarm set to 3:59a to its bug bounty rewards.

We are doing #VibeSecurityForAI If you are an AI startup (pre-seed or seed ) we will test your application for free. We are doing this only for next two weeks. We are hackers who have hacked major companies like Zoom, AWS, Amazon, Google, banks and more. DM me or contact us @OphionSecurity. #AISecurity #vibecoding #pentest #securityassessment #vibesecurity

Presenting on some fun stuff with @OphionSecurity this year at @_kernelcon_ and @bsidesseattle. Come for the talk, stay for the vulnerabilities. #vulnerabilities #bugbounty #attacksurfacemanagement

@rez0__ You can't vibe code to production but you can damn get to production faster with Cursor.

everyone complaining about cursor not working on large code bases have a skill issue. Sure, on a large code base, you cant vibe code and it do everything for you. But you can still be 2-3x as fast as you once were by tagging the right files and will do most all the lifting.

Been trying out Cursor for the last few days with prompts generated through deep research via ChatGPT and Grok, it is definitely a game changer. I have deployed apps that I have wanted personally within hours. ◦ AI aided development is future. ◦ Security is still under-development. Just #vibecoding and deploying will cost in long term. ◦ SaaS mills that deploy what users want within 24 hours is going to be a future combined with #ai agents for sales. (imagine @levelsio on steroid pushing apps out every hour)

🚨 New blog alert! I recently "compromised" a threat actors Telegram based C2 channel, that was used for exfiltration of stolen data from the Nova infostealer. The threat actor stupidly tested their infostealing malware on their OWN production "hacking" box.... (1/3)

taptastic.app/?score=10&patt… I reached level 10 in Taptastic! 🎮 Final speed: Super Fast Tiles: 9 The pattern that defeated me: 🟥 🟨 🟨 🟥 🟦 🟦 🟦 🟥 🟨 🟩 🟨 Can you beat my score? #Taptastic

@rez0__ Holy, this is a genius feature. Makes life easy as hell.

Made one and put it in my bio

Vibe coded so much: I did not even write a single piece of code. It did all the heavy lifting.

Vibe coded a security script to open source for a future talk. I love AI. #security #GenAI #LLMs