Banana for scale. Thx for the bugs Mukul Goyal Youstin zseano Jonathan Bouman Frans Rosén ­Mathias Karlsson gr3pme and everyone else who participated in our Seattle event!

Had an awesome time hacking Amazon!⚡️ The scope was kinda tight, but Jayesh Madnani, Mukul Goyal and I still found 40+ bugs from medium to critical. Next time we might just hog most of the bonuses too…sorry zseano, not sorry 😅👀

K-Pope

Got invited to #h16102 🤙🏼

Published a write up on a couple of RCEs Sreeram KL Raidh Ĥere and I found in Google Cloud products. We got a $10k bounty - and somehow also received a pair of Nikes. stazot.com/?article=datap…

Tested this app a bunch of times and even saw that API... and still missed it 🥲 Great bug Jasmin Landry!🔥

Bug bounties ain't just web. Throwback to when Vinnie and I got RCE on Steam Client via a buffer overflow in Server Browser 🚨 Root Cause: 🎯 Wide-char conversion without boundary checks inside serverbrowser.dll leading to stack corruption Exploit: 🪲 Crafted oversized

👀 Something big is coming…. We’re heading to Sydney to kick off #H16102, our next Live Hacking Event with @Salesforce! Stay tuned as we celebrate 10 years of collaboration and crowdsourced security—and check out this video from last year’s event to see what to expect.

OMG looks 🔥🔥 Thanks!! :)

My Salesforce 0-day got patched! I noticed today that an SOQL injection in Salesforce itself that I reported a few months ago is not working anymore. Since they did not release any CVE or advisory I decided to post a small writeup, enjoy! mastersplinter.work/research/sales…

👀👀👀

Hey Swiggy Cares, placed one order via UPI and got hit with a duplicate COD order at the exact same timestamp—clearly a glitch. Support said no charges, then slapped a cancellation fee. 3 calls, 0 resolution. Agents pretend not to hear and hang up. zomato's looking better.

Wrapped up #h16102 teaming up with Jayesh Madnani — not our best run, but still managed to land 3️⃣ Critical and 2️⃣ High severity bugs, and picked up the 🏆 bonus for Most Impactful Bug on one of the targets. Huge thanks to HackerOne and Salesforce 🔥

Is anybody travelling to DEF CON this year? 👀🛫

Hey peeps! As many of you know, I was diagnosed with ALS nearly 2 years ago. I continue to fight a losing battle with it every day. I am determined to live long enough to attend this ALS Walk fundraiser in October. I would sincerely appreciate any small donation you can spare to

Jumped into this right after #h16102 with barely any time to prep, so I stuck to a tiny corner of an asset. Somehow stumbled onto 3 highs and a medium! 😅 Always a great time working with the Zoom + HackerOne —thanks for the fun ride!

Mentally, I’m here

Hey Grok, based on your analysis of the last 365 days, list in sequence 10 accounts that frequently visit my profile. Do not mention the person, only @.username and the rate of visits to the profile per month

Brick 😭

Is anybody travelling to Amsterdam in Oct? 👀🛫