yeah ,don't forget to add `layout` parameter to your wordlist :) . It got me a nice lfi on a private program a week ago . #BugBounty #bugbountytips See the full exploitation at : x.com/0xCaptainFreak… @0xCaptainFreak

This is a nice finding! I've confirmed 'layout' is already in Param Miner's default wordlist.

🏳️ 🏴

Vulnerability in Node.js application has potential to achieve remote code execution (cc @0xCaptainFreak) portswigger.net/daily-swig/pot…

Researcher @0xCaptainFreak found a bug in a couple of Node.JS packages that when combined together(ExpressJs with Handlebars) could lead to Remote Code Execution (RCE) #NodeJS #bug #RCE blog.shoebpatel.com/2021/01/23/The…

💣 ExpressJS + Handlebars => RCE Excellent post by @0xCaptainFreak on how providing a `layout` parameter can lead to Local File Read (steal source code / env variables) or RCE 👌 example of digging into framework internals #bugbounty #bugbountytips blog.shoebpatel.com/2021/01/23/The…

📚 tl;dr sec 69 * Matt Fuller Cloud security table top exercises * @0xCaptainFreak Finding RCE in Express apps * Lewis Ardern Mathew Payne SecuriTEA & crumpets * Marco Lancini CloudSecDocs on SCPs * @CisoHelen When to move on as a security leader tldrsec.com/blog/tldr-sec-…

IMO, I would rephrase it to - "The best web hackers are quite good at web engineering concepts too".

Great to see that my write-up on ExpressJS Template Object Injection (blog.shoebpatel.com/2021/01/23/The…) has directly helped to make an open-source project safer. Good work on finding the issue Arjun Shibu

Was hanging out with d0nut 🦀 on twitch stream. It was quick trip down to memory lane when d0nut reminded me of H1-65 LHE signed poster. Awesome location, vibes and cool bugs! Good times.

The original research for this vuln done by @0xCaptainFreak blog.shoebpatel.com/2021/01/23/The…

Published a write-up on how we at Flipkart AppSec utilize vulnerabilities in production as a feedback mechanism for what we do for Security in our SDLC. #appsec #infosec #security #bugbounty blog.flipkart.tech/how-flipkart-r…

📚 tl;dr sec 129 * @0xCaptainFreak Getting the most value from vulns * Asra Ali, laurent Tamper-proof GitHub Action builds * ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ 🛡️ On being vulnerable * JS0N Haddix Pentest stories * Harsh Jaiswal, William Bowling Ruby deserialization tldrsec.com/blog/tldr-sec-…

@0xCaptainFreak Asra Ali laurent ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ 🛡️ JS0N Haddix Harsh Jaiswal William Bowling Datadog, Inc. Consensys.eth Rishabh Raz0r Arnica .@0xCaptainFreak Getting the most value from vulns blog.flipkart.tech/how-flipkart-r… Parsia Hakimian Code Review Hotspots with Semgrep parsiya.net/blog/2022-04-0… Harsh Jaiswal RCE gadget in Rails github.com/httpvoid/write… William Bowling Universal Ruby deserialisation gadget devcraft.io/2022/04/04/uni…

How Flipkart Reacts to Security Vulnerabilities by @0xCaptainFreak blog.flipkart.tech/how-flipkart-r…

What a great tech story I just read! 🔥 It's about building an automation tool. Apparently tailored for attack surface reconnaissance. And the system actually looks neat. But I enjoyed the read even more than the end result 🙈 Kudos to @0xCaptainFreak! research.shoebpatel.com/2022/07/27/Aut…