Yūzā

825 posts

Yūzā banner
Yūzā

Yūzā

@yuzadef

Security Research

Katılım Temmuz 2022
87 Takip Edilen19 Takipçiler
wetw0rk
wetw0rk@wetw0rk7·
Did you think we were done learning about exploiting browsers with @ret2systems? Never! Jk - this is only the free sections :P, regardless this week we learn about the fundamentals of JavaScript! I would consider this another beginner friendly tutorial! Check out the latest video below! youtu.be/5LEYPY7fceU
YouTube video
YouTube
English
1
15
69
4.9K
Yūzā
Yūzā@yuzadef·
@norsyx @thedawgyg Models offered by ollama are getting smarter. I personally tried with qwen3.5 model and it satisfy my needs. It's worth it to try since you control everything, easier to maneuver as well.
English
0
0
1
28
Norsyx
Norsyx@norsyx·
@thedawgyg Based on your recent activities on fuzzing, I can tell that there's loads of efforts that can be shifted to bare automation/afl then reason on cloud or locally to find hits/crashes. Kinda hybrid solution
English
1
0
0
180
dawgyg - WoH
dawgyg - WoH@thedawgyg·
something changed with claude (mine atleast) and limits seem to be going much faster. hit the api limit on 4 of my 6 subscriptions (all max's) since Sunday already and ive only hit limit before 1 time when it was a single instance at the start...
English
13
1
71
8.2K
Yūzā
Yūzā@yuzadef·
@warlocksmurf Wouldn't be ethical without letting your org know first about the vulnerability before u start disclosing it. Like the other guy said, report and let them remediate, then ask for permission. If u insists, at least mask anything that can hint at the org being vulnerable.
English
0
0
1
39
Blue Lobster
Blue Lobster@warlocksmurf·
Need insights from bug bounty hunters/pentesters/etc that works in a corporate environment. What is the right way to share findings that are identified on my org's product? I want to do a sharing session in a Malaysia cyb group but I am still afraid on the legal side of things...
English
6
4
12
973
Yūzā
Yūzā@yuzadef·
@q1uf3ng @rez0__ What models were used in the workflow? $50 only for the APIs?? That's cheaper than I thought it would be for a workflow with no human in the loop.
English
1
0
1
399
秋风
秋风@q1uf3ng·
What are the limits of AI-assisted vulnerability hunting? I obtained 23 CVEs in one month. BentoML 8.2k CVE-2026-27905 HIGH SillyTavern 24.6k CVE-2026-26286 HIGH Plane 28.2k CVE-2026-27705 MEDIUM NocoDB 46.4k CVE-2026-28399 MEDIUM Mautic 8.4k CVE-2026-3105 HIGH File Browser 27.9k CVE-2026-28492 HIGH OpenReplay 7.3k CVE-2026-28443 MEDIUM SuiteCRM 4.0k CVE-2026-29096 HIGH Pimcore 3.6k CVE-2026-27461 HIGH Craft CMS 5.2k CVE-2026-32263 MEDIUM Froxlor 1.6k CVE-2026-30932 HIGH Actual Budget 3.2k CVE-2026-27638 HIGH Lemmy 14.0k CVE-2026-29178 MEDIUM Chartbrew 2.6k CVE-2026-27005 HIGH Tautulli 1.7k CVE-2026-28505 HIGH Typebot 9.5k CVE-2026-33712 CRITICAL LibreChat 34.7k CVE-2026-31942 HIGH Coolify 33.8k CVE-2026-27883 HIGH Gotenberg 3.0k CVE-2026-27018 HIGH Unkey 5.2k CVE-2026-28339 MEDIUM Piwigo 3.3k CVE-2026-27634 CRITICAL Pixelfed 10.7k CVE-2026-27011 HIGH Follow (Folo) 3.0k CVE-2026-27499 HIGH
English
10
18
203
28.7K
Yūzā retweetledi
dawgyg - WoH
dawgyg - WoH@thedawgyg·
dawgyg - WoH tweet media
ZXX
5
38
242
8.4K
Yūzā retweetledi
Renwa
Renwa@RenwaX23·
I think I have completed client-side security , just one report: Self-XSS -> Drag-Drop Payload -> Scroll-To-Fragment -> Unchecked postMessage Listener -> Text Injection -> DOM-XSS -> OAuth State Misconfiguration -> Cookie Bomb -> Account Takeover @renwa/iframe-sandbox-bypass-cross-origin-drag-drop-unvalidated-postmessage-origin-cookie-bomb-to-21357a4d94f5" target="_blank" rel="nofollow noopener">medium.com/@renwa/iframe-…
Renwa tweet media
English
11
58
441
20.7K
Yūzā retweetledi
dawgyg - WoH
dawgyg - WoH@thedawgyg·
Since he appears to be alive... Remember... Fuck Netanyahu and every single member of the Zionist regime that backs the genocide in Gaza, the destruction in Lebanon, and the illegal war in Iran.
English
8
7
127
5.4K
Yūzā retweetledi
dawgyg - WoH
dawgyg - WoH@thedawgyg·
Happy Friday and always remember... Fuck Netanyahu and the murderous Zionist child killing regime.
English
5
10
171
3.5K
Yūzā
Yūzā@yuzadef·
RT @Jvnior: Never forget how Israel murdered Palestinian First Responders on a literal live stream. Repost this. Please I beg you. https:…
English
0
60.6K
0
0
Yūzā retweetledi
julaibib
julaibib@julaibib18·
Praying and worshiping in a place like this is a great blessing. Kashmir
English
11
353
3.6K
44.5K
Yūzā retweetledi
Mustafa Bilgici
Mustafa Bilgici@mustafabilgicii·
The Psychological Aspect of Bug Bounty Training and Sustainability Without Burnout Social Media vs. Real Life In this article, I want to talk about the less-discussed aspects of bug bounty. In the bug bounty world, most of us see the success posts of famous hackers on Twitter and the high rewards they earn. From the outside, everything looks very smooth, as if bugs are constantly being found. But behind the scenes, there is serious patience, stress, and a psychological battle. Beginners usually have the same questions in their minds: Which platform should I start with? Which target should I choose? Of course, these are not unimportant things, but what is actually decisive most of the time is discipline. What Really Pays Off Is Consistency, Not the Platform Whether you manually test targets, use automation, are on HackerOne or on Synack doesn’t make much difference in my opinion — what matters is progressing consistently on one of them. The common point among almost all bug hunters is regularly testing targets and publishing findings. Many bug hunters: submit reports knowing they might be duplicates accept getting rejected spend weeks talking with the triager trying to prove their report is valid Sometimes a vulnerability is accepted but the payment takes months. Sometimes you find nothing for days. Even for weeks. You might have a great month and earn good bounties, and then at the beginning of the next month you can find almost nothing — which seriously affects motivation. The non-technical but hardest part of bug bounty, in my opinion, is exactly this: Psychological resilience. This is not a sprint; it’s more like an endurance marathon. When you approach it this way, you produce more findings in the long run, and there are periods where you might even close the year strong — but of course, it’s also important to control your spending :xd. By the way, I think this is exactly the main reason many people quit bug bounty. And sometimes, you really need to take breaks while doing this work. Full-Time Bug Hunting and Financial Pressure If you are doing bug hunting full-time and you don’t have another income or savings, everything changes. Having to earn a certain amount every month creates serious pressure. For example, one month you might get dozens of critical or high reports accepted and earn the equivalent of two or three months — but financially you actually need to control yourself here. The next month, you might find almost nothing. Especially during low-report periods: it becomes harder to focus motivation drops the time spent looking at targets increases but productivity decreases This cycle is mentally quite exhausting. Clearing Your Mind While Doing Bug Bounty & The Impact of Combat Sports One of the best things you can do at this point is to create a space for yourself outside of bug bounty. Starting a sport is very beneficial — and as a few bug hunter friends of mine do, starting a combat sport really makes a big difference. For example, I do MMA, and the friend I collaborate with when we get stuck on reports has been doing BJJ for a year. It has seriously improved our performance. Because fundamentally: your mind clears stress decreases when you sit back at the computer, you can focus more comfortably But the most important thing here is balance. These activities should not disrupt bug hunting. On the contrary, they should make it more sustainable. Mental Advice for Beginners Bug bounty doesn’t only have a technical side. The mental side is a separate process that must also be learned. The clearest advice I can give to beginners: Don’t compare yourself to others. The success posts on Twitter are not your journey — and in my opinion, most of them are not very realistic. Be process-oriented, not result-oriented. Looking at targets every day is more valuable than finding one bug per month. Because if you look consistently, you will eventually find something. Don’t see days without findings as failure. On those days, you are actually improving your methodology. Don’t be afraid to take breaks. Burnout resets productivity and focus to zero. Bug Bounty Is Not a Sprint, It’s a Marathon In short, bug bounty is not a job done only with technical knowledge. It is a long journey that requires patience, discipline, and mental resilience. Unless you build a sustainable system for yourself, no matter how technical you are, it becomes difficult to continue this work in the long term. Wishing all bug hunters a more focused, more balanced, and more sustainable bug bounty journey. #BugBounty
Mustafa Bilgici tweet media
English
3
8
61
2.5K
Yūzā
Yūzā@yuzadef·
@VenkatDev789 @4osp3l Right click on the request and view in source. Modern browsers automatically beautify the minified versions. Of course, you can't realistically get the really clean version unless .map is available. There are also cases where developers prevent the JavaScript from beutification.
English
1
0
0
33
Tech with Venkat
Tech with Venkat@VenkatDev789·
@4osp3l Nice one but may I know how u see the actual source bcz in most of the cases I see the minified version only in network tab. I am a beginner to bug bounty so pls don't mind if it's a simple question
English
1
0
0
277
Gospel
Gospel@4osp3l·
Read .JS; it will show you a lot.
Gospel tweet mediaGospel tweet media
English
2
9
100
4.9K
Yūzā
Yūzā@yuzadef·
@shakquraa I been following all the articles you posted. Any chance you will post something on js dynamic analysis soon?
English
1
0
0
69
Yūzā retweetledi
Idris
Idris@7signxx·
7 bullets after torture. May Allah have mercy on his soul and send lots of light to his grave...
English
246
5.1K
30.6K
536.7K
Yūzā retweetledi
Jvnior
Jvnior@Jvnior·
If you stand with Palestine, just repost this.
English
50
5.9K
8.5K
74.4K
Yūzā retweetledi
serènity
serènity@cultureartislam·
despite everything..
serènity tweet mediaserènity tweet mediaserènity tweet mediaserènity tweet media
English
20
5.2K
25.2K
235.3K