w1j0y

Just endorsed .agent—keeping it open and not owned by one company. If you build with AI agents: @agentcommunity_ agentcommunity.org

Fixed it for you @Reuters.

@hakluke Exactly what i wanted to hear today

Your first bug bounty report will probably be terrible. Submit it anyway. My first few were genuinely embarrassing. You learn more from one bad submission than from six months of tutorials.

Been spending the past few weeks deep in AI agent security research. Found multiple critical vulnerabilities across major AI platforms including RCE on production infrastructure and a novel cross-application attack chain that hasn't been documented before. All findings responsibly disclosed. Reports pending. Detailed writeup coming after patches are deployed.

@Masonhck3571 🤣🤣

How it feels submitting AI-assisted findings.

hackthebox new UI

@cryptocupra Click bait

Hiring!!! I'm looking for a new set of Web3 - AI grinders to join my team. Salary will be $2000 per month No experience required, just eagerness to learn. Intrested? Comment below👇 Make sure to follow me so i can dm you.

@Ralphsaade Well said brother...

No, thank you. We don’t need solidarity. Go fix your service and lower your prices, you thieves. All over the world, people pay around 10$-$15 for unlimited internet, calls, and SMS. Here, I pay $15 for 22GB and nothing else.

@asen_sec Exactly

It's surprising how many valid bug bounty reports you need to submit before you get paid on one

Spent the day doing AI red teaming, testing how AI browsing agents handle untrusted web content. Built a custom test lab, crafted multiple payload pages, and tested 6 major AI agents for indirect prompt injection vulnerabilities. Results: 4 security reports submitted to vendors through their official bug bounty/VDP programs. One finding achieved full server-side data exfiltration, an attacker-controlled webpage caused an AI agent to transmit user PII to an external server, completely invisible to the user. AI agents that browse the web are the new attack surface. The arms race between injection and defense is just getting started.

@_casper0x Database enumeration and dumping, informative? Wth

SQLi allowed database enumeration and dumping, Still a bit weird the report was closed as Informative sqlmap -r r.txt --eval="import base64; payload_part='select 1 where 1=1'; GUID='x%27 or length(payload_part)=0'; del payload_part" #bugbounty #sqli #hackerone #bugbountytips

@hamidonsolo Well said 💯

I made close to $10,000 from bug bounties this month. I'm 19. Still in engineering school. Here's what I didn't show you. I found a Critical RCE — Remote Code Execution via path traversal on a company's server. The kind of bug that pays $5,000-$20,000. Duplicate. Someone found it 12 days before me. $0. Same work. Same skill. Same report. Wrong timing. That's one of dozens. For every bounty I post, there are 15+ reports that got: → Duplicated → Marked informative → Ignored for months → Closed as "not applicable" → Lowballed after months of follow-ups But you know what I do when that happens? I wake up. No emotion. No hate. I open Burp Suite. Next target. Next report. Because if I don't, someone else will. Every day I take off is a day someone else dupes me on the next find. So I show up. Even when I don't feel like it. Even when it hurts. Bug bounty is not "find bug, get paid." It's find 50 bugs, fight for 6, get duped on some of your best work, get ghosted on others, and still show up the next morning. The $10K months are real. But behind every mountain is a hundred steps nobody sees. If you're starting out and getting duped and rejected — that IS the path. You're not doing it wrong. You're doing it. Keep going.

@pietrobaudin Anyone else felt normal is ChatGPT logo and Pro is Claude, or is my brain damaged

How to draw star - Beginner vs normal😂

For this cycle of destructive distractions from the Epstein files to be over, we need to credibly demonstrate that we will not let pedophiles get away with it. If there's a demonstration this weekend, or any weekend, I will attend and I hope you will, too, until we get rid of every single child molesting monster in office.

Use Tosint when you need to gather intel on a Telegram bot tied to a phishing campaign or malware operation. It gives you insights into the bot's identity and capabilities quickly, saving time on manual checks. github.com/drego85/tosint

🔐 Tosint extracts actionable intelligence from Telegram bot tokens and chat IDs. It analyzes Telegram entities for security investigations. Fast and efficient.

When you need to test an application’s defenses, use this tool to create specific payloads without deep knowledge of shellcode. Save time during your pentesting workflow. github.com/D3Ext/Hooka

🔐 Generates custom shellcode loaders quickly. Easily create payloads tailored to your needs. Works across various platforms in a streamlined manner.

Using this means you can easily integrate and customize tools in Golang for your engagement. It's useful when you want to adapt existing tools to meet specific needs in a testing scenario. github.com/Enelg52/Offens…

🔐 This tool rewrites offensive utilities in Golang. It's designed for red team operations. Helps streamline attack workflows.