🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

Rojan Rijal (Uranium238) will be diving into "Vulnerabilities and Misconfigurations in GitHub Actions" at #fwdcloudsec2023 in Anaheim.

New Tinder Security Labs' cloud security blog post! We got access to organizations' (including AWS itself) AWS account through misconfigured AWS OIDC in GitHub Actions. Learn more in the blog! medium.com/tinder/identif… #TinderSecurityLabs #cloudsecurity

Last week, #H14420 took over London. 🇬🇧 See who took home the top prizes and celebrate them with your best GIF below. Day 1 Winners: Exterminator: cache-money Best Collaboration: tomAnthony, todayisnew, hx01, shubs 2nd Place: f6x 1st Place: cache-money Vigilante: f6x

Tinder Security Labs will be at DEF CON this year! We will be presenting our research on automating & identifying vulnerabilities in Firebase configurations at scale at Cloud Village. Come check out our talk and say hi! #defcon #cloudvillage #tindersecuritylabs #security

In 2022, we at Tinder Security Labs, found a RCE in a workflow in Elastic's Logstash repository. Soon after, we took over a third-party namespace giving us indirect RCE to more than 315+ workflows which further led to RCE in a large set of an organization's customers. Then in

Would recommend joining the talks today. Presenting on something Tanner and I have been working on for past few years that we have not presented anywhere yet. 😃

New blog: We (Tanner and I) abused the central function in various email security gateways: unfurl and analyze URLs to access internal SaaS services of various companies including Netflix. Check the blog to learn more. #phishing #emailsecurity ophionsecurity.com/blog/phishing-…

Just been shown an awesome race attack by Tanner on Shopify for $15k back in 2017! This is the same attack concept described in my Gitlab multi-endpoint example. You can practise on this lab: portswigger.net/research/smash… portswigger.net/web-security/r… hackerone.com/reports/300305

🇯🇵

It happened 🔥 x.com/Jayesh25_/stat…

Never thought I would be so excited to sleep on a boring mattress Boring Mattress

That time Tanner dropped a mega crit and ruined yaworsk's Christmas...

Feeling too cheap to renew Burp which means it's time to try Caido!

A gamer 🎮, hacker, and all-around bug-hunting superhero! Welcome Tanner to the H1-Elite!

Ticketmaster only offering me one year of free identity monitoring for a data breach but my healthcare provider offering two free years for theirs 👌

Hey this was my bug! Thanks to Doppa for digging in and writing such a detailed post + PoC!

If you have the CSR make sure you cancel Lyft Pink auto-renew because it's no longer free and they will bill you

With HackerOne's Scotland Live Hacking Event now slowly wrapping up, I am excited to have had the opportunity to participate this time. I focused primarily on hacking AWS while collaborating on it with Tanner. Currently, we are ranked in the top 10 for AWS based on our

If you're using Llama Guard as a safety check make sure you're not using it with unfiltered input. You can trivially bypass the harm check in over 90% of cases by adding an Agent and a second User query. This results in the 2nd query validating safe but the LLM processing the 1st