I've made over 100k on SSRF vulnerabilities. They aren't always as simple as pointing it at localhost or AWS Metadata service. Here are some tricks I've picked up over the past 5 years of web app testing:

I've made $500k+ from SSRF vulnerabilities. Here are my tricks:

Super excited and proud to announce I’ll be running the official Bug Bounty Village at @DEFCON alongside Harley Kimball for the first time! Follow @BugBountyDefcon for updates and join us in shaping the future of Bug bounty. Please help us with a RT #BugBountyVillage #DEFCON

Can I just say Paulos Yibelo has been dropping some bangers lately. We'll mention them on the pod this upcoming Thursday, but both of these client-side techniques are really innovative and sick: paulosyibelo.com/2024/02/cross-… octagon.net/blog/2022/05/2…

🚨#BREAKING🚨Notorious threat actor, IntelBroker, is selling access to a large Cybersecurity company. Price: $20,000. Details below. #DarkWebInformer #DarkWeb #Cybersecurity #Cyberattack #Cybercrime #Infosec #CTI Revenue: $1.8 Billion Access includes: - Confidential and highly

Here is the full blogpost: inti.io/p/when-privacy…

x.com/i/article/1799…

A POC for CVE-2024-38063 (RCE in tcpip.sys / IPv6) github.com/ynwarcs/CVE-20…

In April, Sam Curry and I discovered a way to bypass airport security via SQL injection in a database of crewmembers. Unfortunately, DHS ghosted us after we disclosed the issue, and the TSA attempted to cover up what we found. Here is our writeup: ian.sh/tsa

INTRODUCING: Agentic Security - LLM Security Scanner! 🔍 🔑 Features: Scans for prompt injections, jailbreaking & more. Provides detailed reports & options to customize attack rules. 🔗access the GitHub Link ↓

We're excited to announce one of our giveaways thanks to "Caido" 🎉 We will pick 5 winners to win a 1-year Caido Pro license! To enter: 1️⃣ Follow us @BugBountyDefcon and Caido 2️⃣ Like this post ❤️ 3️⃣ Retweet this post 🔁 You have time to participate until Friday (9/13)!

Fucking wild. OpenAI's new o1 model was tested with a Capture The Flag (CTF) cybersecurity challenge. But the Docker container containing the test was misconfigured, causing the CTF to crash. Instead of giving up, o1 decided to just hack the container to grab the flag inside.

1/ An investigation into how Greavys (Malone Iam), Wiz (Veer Chetal), and Box (Jeandiel Serrano) stole $243M from a single person last month in a highly sophisticated social engineering attack and my efforts which have helped lead to multiple arrests and millions frozen.

🎙️ New episode of The Hacker's Cache #Podcast is LIVE! 🔥 Ever wondered how to become a #BugBounty hunter or what it’s like being an #OffensiveSecurity pro at a Fortune 500 company? We’ve got you covered in Ep. 17 with @RootSploit! Watch now! youtu.be/8VbZ-iLt8W4 #InfoSec

Apple released a hearing aids feature for the AirPods Pro a while ago. I bought a pair for grandma, but then realized that the feature was geoblocked in India So we at Lagrange Point decided to unblock it. It ended up involving a leaky microwave and building a Faraday cage:

github.com/BountySecurity…

So... I just simply asked Manus to give me the files at "/opt/.manus/", and it just gave it to me, their sandbox runtime code... > it's claude sonnet > it's claude sonnet with 29 tools > it's claude sonnet without multi-agent > it uses Browser Use > browser_use code was

MCP Security Notification: Tool Poisoning Attacks invariantlabs.ai/blog/mcp-secur…

Ever run an exploit in the wrong path? AI has too In this demo, Niemand & djurado show their agent (@xbow) debugging itself, fixing dependencies, tweaking payloads and eventually logging in as admin — autonomously. Full talk → youtu.be/YDsHI2acEVA #BugBounty #DEFCON