Shlomie Liberow

Visit target.com --> SSO Visit target.com/admin--> login Reviews Javascript --> if (data == 'SUCCESS') { location.href = "/admin/<snipped>?uname="+username+""; } Visit: target.com/admin/<snipped>?uname=admin Admin Access... #bugbountytips

@0xLupin is a one of a kind founder and from personal experience, Depi is the real deal. One to watch!

It's quite something to see this all written down:

@Arl_rose Was such a joy working with you throughout the years, Ari. The dedication and ability to just make things happen was out of this world and LHEs leveled up with your involvement. Keep rocking it 🔥🔥

After almost seven years, my journey at HackerOne comes to an end today. This has been one of the most impactful experiences of my life, and I wanted to share a bit more about the ride. It all started in 2018. I had a dream of bringing a Live Hacking Event to Argentina after seeing the magic of the community in Las Vegas. I am forever grateful for the trust placed in me back then. Someone took a chance on a random guy from Argentina and made my hire happen, and I wouldn't be where I am today without that shot. In the years since, I have been lucky enough to build things from the ground up. I was tasked with building the pentest community from scratch when we launched the product, and seeing it grow into a home for hundreds of professional pentesters has been incredible. My biggest passion project was always focused on a worldwide hacking competition. My early pitches for a regional tournament eventually evolved into building a global network of hackers instead. We started that program with just seven people. Today, I leave a network of 90 ambassadors across 45 countries. That network finally allowed me to execute the Ambassador World Cup. Watching that tournament evolve into a global phenomenon that paid out 2.4 million dollars in its latest edition was a dream come true. From the finals in my hometown of Buenos Aires to the trophy presentation in Dubai, seeing hackers find their first bugs through this program has been the highlight of my career. After 20 Live Hacking Events as an employee, traveling the world and meeting the community in person kept my passion alive for years. None of this was a solo effort. I was only able to be creative because my team was the best in the business and I was given the room to run. Thank you to the global community of hackers and the rockstars on the community team for being such a massive part of my life. I am moving on to a new chapter to do some fun stuff. More to come on that soon. Thank you for everything and stay in touch!

There was an air of inevitability about it. Nobody knows when or where the next antisemitic outrage will emerge, but with every fake post about Israel killing babies, with every biased BBC report whipping up the animus of viewers, with every chant of “globalise the intifada” on university campuses, death comes one step closer. Now, it would appear it has come to Bondi Beach. That Australian paradise is always packed with partygoers, joggers, picnickers and the elderly, enjoying the sea and the summer sun. In the last few hours, it was the location of a family Chanukah party that reportedly attracted about 2,000 people. And a mass shooting... My @Telegraph column today. telegraph.co.uk/news/2025/12/1…

Which model suggested this is the question

UN on Francesca Albanese: “The special rapporteurs will say what the special rapporteurs say. For the Secretary General, it is very clear that journalists should never come under any violence, wherever they may be, whether that violence is physical, whether that violence is verbal, whether they are intimidated.” — @UN_Spokesperson in response to this query by @Mike_Wagenheim @i24NEWS_EN: “Francesca Albanese, who continues to put the “special” in “special rapporteur,” weighed in recently on the attack on an Italian media outlet which led to 30 arrests for vandalism. While she condemned the attack, she said: “This should serve as a warning to journalists to go back to doing their job." Which was condemned by a wide swath of the Italian political spectrum, as basically an intimidation tactic on the press there. The Secretary General just stated yesterday, I believe that you know, “journalists need to be protected from this kind of intimidation.” Any thoughts from the Secretary General or his office on the latest comments?”

Pretty neat and interesting how much of a fine line before it goes overboard and attempts to follow your instructions

LLM driven bedtime routines #gemini3

Zero surprises here. Attack vectors don't need to be sophisticated as much as just needing to be persistent and trying all variants possible.

@S1r1u5_ Yup. I'm using it and there are some funky edge cases!

supapwn

Compliance be compliancing

I’ve been training LLMs to recognise vulnerability chains and revisiting my favorite bug bounty reports to understand what patterns they can be taught to spot. Let’s look at this example of a ticketing platform's booking flow that leaked millions of PII records. This wasn’t  a zero-day or some sophisticated exploit, but a combination of  4 separate bugs that any decent scanner might find and file as Low/Medium severity. However, in combination, potentially genuinely damaging. ━━━━━━━━━━━━━━━━━━━━ Bug #𝟭: 𝗧𝗵𝗲 𝗔𝘂𝘁𝗵𝗲𝗻𝘁𝗶𝗰𝗮𝘁𝗶𝗼𝗻 𝗔𝗻𝗼𝗺𝗮𝗹𝘆 (medium severity) Most of the ticketing platform’s site used cookies, but the booking API switched to a custom header for user identification. Whenever auth does something unexpected, you want to pay attention. I was able to change the header to a different user's ID and see their data, although only partially, it was missing emails and other fields. This bug demonstrated a routing issue, but incompletely. ━━━━━━━━━━━━━━━━━━━━ Bug #𝟮: 𝗧𝗵𝗲 𝗣𝗮𝘁𝗵 𝗧𝗿𝗮𝘃𝗲𝗿𝘀𝗮𝗹 (medium severity) The ticketing platform’s API ran on Apache, which handles file paths in specific ways. I sent ../../../../api# as the header value - telling the server "go up four directories" and ignore everything after the #. The response changed timing and structure. It worked, but blindly - I was moving through directories but couldn't see where. This bug was confirmed exploitable, but I needed a way to make it meaningful. ━━━━━━━━━━━━━━━━━━━━ Bug #𝟯: 𝗧𝗵𝗲 𝗘𝗿𝗿𝗼𝗿 𝗠𝗲𝘀𝘀𝗮𝗴𝗲 (low severity) I sent an invalid user identifier to a different endpoint on the platform to see what would break. The error response included: "self":"/api//;user={xxxxx}/profile" This leaked the internal path structure - how the system organizes and stores user data. ━━━━━━━━━━━━━━━━━━━━ Bug #𝟰: 𝗧𝗵𝗲 𝗦𝗲𝗾𝘂𝗲𝗻𝘁𝗶𝗮𝗹 𝗜𝗗𝘀 (informational) While testing other endpoints, I noticed another identifier type in the responses, tied to accounts, not users. These IDs were sequential: 3443123, 3443124, 3443125 ━━━━━━━━━━━━━━━━━━━━ 𝗕𝗿𝗶𝗻𝗴𝗶𝗻𝗴 𝗜𝘁 𝗔𝗹𝗹 𝗧𝗼𝗴𝗲𝘁𝗵𝗲𝗿 For Real Impact Four findings. Four tickets. Different teams. Different severities. But combined, a major breach of PII. Here's the chain: X-User-ID: ../../../../api//;account=3443125/profile# This combines: • Path traversal escapes the directory • Internal structure from the error maps the route • Sequential account ID replaces the random user ID • Access control weakness reads the data The result: Full user profile is revealed: name, DOB, address, email, phone, and more. In other words, a Complete database enumeration. ━━━━━━━━━━━━━━━━━━━━ 𝗧𝗵𝗲 𝗣𝗮𝘁𝘁𝗲𝗿𝗻 A scanner may find these issues in isolation but can't see that Medium + Medium + Low + Info = Critical breach. This is the direction LLMs can work towards with the right context: models that recognize not just individual bugs, but the investigation paths that connect them. #BugBounty #Security #VulnerabilityManagement

Day in the life... #claudecode

My 7 year journey at HackerOne recently came to a close🏁 It's been an incredible run working with the best people and being part of something that transformed the security industry. Working there gave me a unique vantage point: the intersection of the world's best security researchers and the teams defending our most critical infrastructure. Leading initiatives that drove over $20M in bounty payouts, I watched brilliant hackers uncover vulnerabilities that traditional tools completely missed, while enterprise security teams grappled with overwhelming complexity. Through it all, one thing became clear: the gap between offensive discovery and defensive understanding is still surprisingly wide. It was a privilege to be trusted by both sides - by researchers who'd spent weeks crafting elegant attack chains, and by CISOs who had to make impossible decisions with incomplete information. Both groups are incredibly sophisticated, but they often speak different languages. Translating between them, turning a complex finding into clear business context, taught me more about where security breaks down than any single role ever could. I'm immensely grateful for every conversation and every moment of bridging those worlds. It's a journey that began in Las Vegas and has taken me across the globe to lead live hacking events - from Tokyo and Singapore to Dubai and Argentina. Ending this chapter with a final event in Sydney feels like the perfect closing note. Something new is coming. More soon. 👀

@zseano Ahh, you made me just post something:P

@Shlibness Wait.. former ? You left h1? 🥹

Excited to be part of #HackAIcon. Great lineup - lots to discuss with AI reshaping everything we thought we knew about security

Just guy next to me at the gym explaining to his friend that before Hitler went for it, Jews boycotted Germany "just like we boycott Israel" and something something Rothschild controls all finances. Good work @BBCNews et al for the constant stream of blood libels setting the tone

@zseano So sorry for your loss, man!

Unexpectedly lost my dad early hours this morning… completely out of the blue. He was fit & healthy and now he’s gone 😭 lost for words on how I feel. RIP Dad ❤️❤️ love & miss you forever