YesWeHack ⠵

9.2K posts

YesWeHack ⠵ banner
YesWeHack ⠵

YesWeHack ⠵

@yeswehack

Offensive Security & Exposure Management Platform 🎯 https://t.co/57gODBqAMx 👾 https://t.co/ICc6RyihIX 💡 https://t.co/KNYxhkL2p1

World Katılım Temmuz 2012
3.4K Takip Edilen42.2K Takipçiler
Sabitlenmiş Tweet
YesWeHack ⠵
YesWeHack ⠵@yeswehack·
Meet Jarvis, the Iron Man-inspired Claude Code setup steered by @Icare1337 🤖 This self-managing, multi-agent system has turbocharged his Bug Bounty workflow, but one rule remains ironclad: every finding needs human validation 👇 yeswehack.com/community/llms…
English
1
21
152
9.5K
OFFA
OFFA@0xOFFA·
Thanks @YesWeHack for the amazing swag 😍😍
OFFA tweet media
English
2
1
6
204
YesWeHack ⠵
YesWeHack ⠵@yeswehack·
Autonomous attacks + a validator agent to catch bugs and avoid false positives = that is how @Rhynorater uses AI to hunt faster without sacrificing quality. He also shares how Claude Code helped uncover one of his proudest XSS finds. Full interview 👇 yeswehack.com/community/llms…
English
0
17
79
3.3K
YesWeHack ⠵
YesWeHack ⠵@yeswehack·
Ever looked at a "Forgot password" form? It might be building the reset link from a header you control 🤔 Add X-Forwarded-Host: domain.com to the reset request. If the email link points to evil.com, the victim clicks → their reset token lands on your server 🎯 #BugBountyTips #YesWeRHackers
English
1
6
63
4.3K
R1s
R1s@R1s666·
Just got a reward for a vulnerability submitted on @yeswehack -- Improper Access Control - Generic (CWE-284). #YesWeRHackers
R1s tweet media
English
2
2
70
2.7K
YesWeHack ⠵
YesWeHack ⠵@yeswehack·
Last chance! 🚩 Streamcore is live until July 12. Can you figure out what is Streamcore hiding and read system files before time runs out? ⏳ The clock is ticking: dojo-yeswehack.com/challenge-of-t…
YesWeHack ⠵ tweet media
English
1
2
18
2.2K
YesWeHack ⠵
YesWeHack ⠵@yeswehack·
“YesWeHack saving our butts!” In the latest episode of @ctbbpodcast, @Rhynorater highlights our joint research with @sekoia_io. We exposed an undocumented supply chain attack targeting hackers via fake CVE PoCs. He also highlighted our @PUMA Live Hacking event at @_leHACK_ - 200+ reports in just 32 hours was indeed something! Enjoy the episode 👇 youtu.be/IESlRFjT0G8?si…
YouTube video
YouTube
English
0
3
31
2.5K
YesWeHack ⠵
YesWeHack ⠵@yeswehack·
HTTP Request Smuggling can be hard to spot... but not impossible 😉 Our practical guide breaks down CL.TE, TE.CL, TE.TE and HTTP/2 variants, with examples to help you understand how to detect and exploit them 👇 yeswehack.com/learn-bug-boun…
English
0
18
130
7.4K
YesWeHack ⠵
YesWeHack ⠵@yeswehack·
Today, and until July 24, Swiss Post launches the annual Public Intrusion Test of its e-voting system 🚀 💰 Rewards of up to €230,000 for confirmed findings ⚡ Additional €3,000 for the first three confirmed findings 👉 Start hunting now: yeswehack.com/programs/swiss…
YesWeHack ⠵ tweet media
English
0
2
49
3.5K
YesWeHack ⠵
YesWeHack ⠵@yeswehack·
4️⃣ Cache Deception: Trick the cache into treating an authenticated page as a static asset. Append a fake extension/segment: /account/profile.css, /account/settings/foo.js If the cache stores it, an attacker reads another user's data via the cached URL 🎯
English
1
1
2
538
YesWeHack ⠵
YesWeHack ⠵@yeswehack·
Ever found a cached response with an unkeyed input reflected into it? That's the whole cache serving your payload to every visitor 🤔 Tips to identify & exploit Web Cache Poisoning 👇 #YesWeRHackers #BugBountyTips
English
1
9
51
4.7K