really it's not fun for me, some HackerOne trigger team don't care about reports without understand the report quickly close it as N/A or dups, i had 4 reports it was closed as dups and i talked with them to closer look at these reports and they was mistake it was not dups.

blog.hacktivesecurity.com/index.php/2022… TL;DR: Overall bounty of USD 46,000! 😱🥳 First post by Medusa showing the outcomes of his most recent #bugbounty activity which led to the detection of an HTTP Request #Smuggling #vulnerability on several big Corp. #cybersecurity #bugbountytips

I just published a post on Medium about the most relevant vulnerability I have found in my life so far. "Worldwide Server-side Cache Poisoning on All Akamai Edge Nodes ($50K+ Bounty Earned)": medium.com/@jacopotediosi…

thestack.technology/akamai-vulnera… Medusa Jacopo Tediosi #BugBounty #bugbountytips #CyberSecurity

portswigger.net/daily-swig/res… Hey Medusa , the situation is getting out of hand! 😅 PortSwigger

This is one of the most widespread and impactful bugs I've ever found in my career. Great collab with bsysop and Medusa Smugglings are still out there—stay vigilant! #bugbounty bugcrowd bugcrowd.com/blog/unveiling…

BIG round of applause for this BIG find! 👏🐛📈

Servers with top-notch security measures like authentication, authorization, and ZeroTrust can still fall prey to HTTP Smuggling 🏴‍☠️. Proud to work with Medusa and sw33tLie on this discovery. Genius guys! 🚀🧠 bugcrowd.com/blog/unveiling… #BugBounty bugcrowd

It’s been a while since last publication on the hop-by-hop vulnerability affecting Akamai. Special thanks to bsysop, sw33tLie, the Google team, and bugcrowd for their invaluable support. bugcrowd.com/blog/unveiling…

🐝 Hive Five 181 - What the Dying Teach the Living --- 🔍 Innovative recon tool alert: Lemma, a Python-based AWS Lambda package for executing command-line tools in a scalable, remote environment. d3fp4r4m 🕵️ Unveiling TE.0 HTTP Request Smuggling: A critical vulnerability

How novel HTTP request smuggling techniques led to an in-depth investigation and a substantial payout... 🤯 After extensive research and failed attempts, sw33tLie, bsysop, and 메듀사 uncovered a new HTTP Request Smuggling vulnerability 🧩: bgcd.co/3zNVPlB

🏆 Top 10 Web Hacking Techniques of 2024 nominations are live, and this time, we’re participating! Our technique is "TE.0 HTTP Request Smuggling" affecting thousands of servers. Vote in portswigger.net/polls/top-10-w… Questions? CC: Medusa sw33tLie #BugBounty #InfoSec

Huge news! Our research just ranked #3 in PortSwigger’s Top Web Hacking Techniques of the Year! 🎉 Biggest lesson: ever assume something isn’t exploitable—test it. Smuggling attacks are far from dead! Massive thanks to my research partners bsysop & Medusa 🙌 #bugbounty

Super happy to see our research ranking #3 in PortSwigger Top Web Hacking Techniques of 2024! 🚀 This one was a wild ride! Huge thanks to Medusa & sw33tLie for the amazing teamwork and to bugcrowd, who supported us! ❤️ What next? Keep tuned 👀🥷🏻 #BugBounty #Hacking

I’m excited to introduce Namespace Confusion, a novel attack discovered during Gareth's and mySAML Roulette: The Hacker Always Wins research. We uncovered a brutal attack on XML signature validation that destroys authentication in Ruby-SAML!

I've recently put more work into my ffuf fork, uff, and I think every ffuf user should at least give it a try - and maybe even switch to it. Here's why, in a #bugbounty 🧵

I'm thrilled to announce "HTTP/1 Must Die! The Desync Endgame" is coming to #DEFCON33! This talk will feature multiple new classes of desync attack, mass exploitation spanning multiple CDNs, and over $200k in bug bounties. See you there!

Super glad to have collaborated on James Kettle’s research this year with bsysop and Medusa. Funny enough, it all started with a random Slack DM that revealed a potential research collision with James, and things took off from there.