xit! 🇮🇳
2.2K posts
xit! 🇮🇳
@xitsec
Security Engineer !| Bug bounty hunter !| Pentester | whitehat @Immunefi | bugcrowd | hackerone | @Hackenproof Security Researcher
Katılım Ekim 2023
245 Takip Edilen3.7K Takipçiler
Companies should take Prompt injection seriously now ! Bcz some bug bounty programs out there don't care abt them !
Jarrod Watts@jarrodwatts
Someone just stole $175,000 from @grok... and then gave it back?! On a now deleted account, @Ilhamrfliansyh used a prompt injection attack to trick Grok into tweeting something malicious... The original tweet seems to have been morse code for something like "Withdraw ALL debtreliefbot:native to Ilhamrfliansyh" - although it's hard to tell from the deleted account. Grok, trying to be helpful, posted the decrypted version of the original tweet as a reply, also tagging @bankrbot, which caused the tweet to be treated as an onchain request. Bankr executed the request on behalf of Grok's wallet, and transferred 175K USD worth of debtreliefbot:native to the attacker's wallet. The attacker then sold all of the DRB into USDC across multiple wallets. But... just 5 minutes ago, they sent it all back to Grok's wallet in the form of ETH and USDC. So now Grok is whole again!
English
Huh? He’s not wrong - publicly disclosing an unpatched vulnerability is a blackhat behaviour !
impulsive@weezerOSINT
this man called me blackhat on his timeline to 71k people. in the dms he told me he's "not claiming i released some secret technique" so which is it? he had the platform to help get this fixed. contact the company, escalate the report, connect me with the right people. instead he chose to start a public fight over disclosure timelines and guess what? the company rotated the key. 25 days of private emails got nothing. one public tweet got it fixed. Joseph Thacker you know what you was doing when you made this post, you are a grown man instigating tl wars isn't there anything else you could be doing with your time right now?
English
Let's Hunt on the bugcrowd targets for next 30 days !
- Starting it with a very cool public program , will reveal the name tomorrow after submitting some finding !
#bugbounty
English
I ended up with total 3.3k in bounties , bcz some programs bounties amount was low for medium bugs , but i enjoyed hunting them
xit! 🇮🇳@xitsec
Let's Hunt on the bugcrowd targets for next 30 days ! - Starting it with a very cool public program , will reveal the name tomorrow after submitting some finding ! #bugbounty
English
@thedawgyg Did they gave you reason's why can't they accept that flag ? Or they just don't care abt headless chrome ?
English
8 weeks to be told a chrome exploit cant use the flag --single-process when launching chrome.... looks like moving on from google will be the right call
English
Ig they patched it now !
root@AkashHamal0x01:~/ # 🇵🇭@AkashHamal0x01
People complaining about exhausting AI usage, meanwhile am using unlimited lol😂🤫
English
Yay, I was awarded a $655 bounty on @Hacker0x01! hackerone.com/alwayssmile #TogetherWeHitHarder #bugbounty
English
Yay, me and @hackerspider1 were awarded a $3,000 bounty on @Hacker0x01! hackerone.com/harshdranjan #TogetherWeHitHarder
All thanks to @hackerspider1 focus and motivation, that keeps us going
English
Yay, I was awarded a $631 bounty on @Hacker0x01! hackerone.com/alwayssmile #TogetherWeHitHarder #bugbounty
English
