Here's one for all you Google Dorks out there! 🤓 Try something like "© [COMPANY]. All rights reserved." to find new root domains!

if you say you can't code, remember this video

🚨We could bypass authentication to thousands of applications by exploiting a configuration-based vulnerability in AWS ALB. Here’s everything you need to know about the #ALBeast vulnerability discovered by Miggo Security

We just shipped a new native prompt gallery in Google AI Studio ✨ Test out long context, native multi-modal (image, video and audio), structured outputs, and more! aistudio.google.com

Yay, I was awarded a $1,575 + $457 bounty on HackerOne! hackerone.com/0x999 #TogetherWeHitHarder Thanks to Gareth Heyes \u2028 for the awesome research!

Can someone explain this

🔥 Microsoft fixed a high severity data exfiltration exploit chain in Copilot that I reported earlier this year. It was possible for a phishing mail to steal PII via prompt injection, including the contents of entire emails and other documents. The demonstrated exploit chain

Thanks for the great explanations for this. Apparently, URL parsing (at least in browsers) is supposed to strip out "newlines" AND tabs. So all of these will land on /b

سایه HackerOne Gareth Heyes \u2028 Read the white paper: portswigger.net/research/split… Practice using the lab: portswigger.net/web-security/l… Search for web applications that have any functionality which relies on an email domain validation, probe -> exploit -> report

"How to write a prompt in ChatGPT for Bug Bounty❓" Today I have a great GitHub repository suggestion where you can find the answer to this question❗️👩🏻‍💻 Don't forget to bookmark it.🌸 Credit: Mike Takahashi 🌟🙌🏻 Repo: github.com/TakSec/chatgpt… #CyberSecurity #AI #ChatGPT #BugBounty

The rise of LLMs is transforming how we work, but what does this mean for innovation and creativity? In my latest post, we explore this and a paradigm I am calling the Generalist. Click the below to learn more! saoudkhalifah.com/2024/08/28/the…

In April, Sam Curry and I discovered a way to bypass airport security via SQL injection in a database of crewmembers. Unfortunately, DHS ghosted us after we disclosed the issue, and the TSA attempted to cover up what we found. Here is our writeup: ian.sh/tsa

Whoaaa, you know how folks talk about QR code scams and mention to be careful but that there isn’t a lot of evidence that QR code scams are in the wild often. Here’s another QR code scam in CA! 150 parking meters with fake QR codes on them plus on the parking signs themselves.

Thanks for having me! Great chat, check it out