🔥Telegram İfşa

At the height of One Million Checkboxes's popularity I thought I'd been hacked. A few hours later I was tearing up, extraordinarily proud of some brilliant teens. A thread about my favorite story from running OMCB....

Ben Sadeghipour A small secret in bug bounty, gamification is king. The same report could be $1k or $10k. Learn the program, write good reports, and show impact. Don't assume the people running the program know what you know, show the business impact and wow them.

Took the plunge and started blogging about bug bounties - my first post is live! AI can be a powerful tool for bug hunting at speed when combined with human intuition. shlomie.uk/posts/Cracking… Feedback most welcome!

One day, the technique for exploiting this vulnerability will be available. Not today, but one day. Working with other bug hunters makes a huge difference. Two minds bouncing ideas off each other leads to peak efficiency.

what did you cook today?

A contractor said something during this project which I thought was both compassionate and the sign that he was a skilled professional, and I thought I’d share: Scene: My mother, who has some mobility challenges, is sketching out what she wants in her kitchen. He listens.

Third person games perform slightly better on Twitch than first person games The reason why might be really dumb: Video encoding

I see we're doing the quarterly open source tools/research debate again. I'll just say this: Phishing got much harder when Kuba Gretzky released evilnginx AD got more secure after SpecterOps released Certified Pre-Owned AD got more secure when Tim Medin @timmedin.bsky.social 🇺🇦 showed us kerberoasting

For those not familiar with the dynamics here, talented cyber folks often choose to work for the U S. gov despite lower pay because of: 1. stability 2. a more direct mission of protecting the public from U.S. adversaries. With both in major flux, there will be talent flight.

What are your favorite MCP servers?

I don't know why we think the American public, whose base level of health literacy is completely infantile, should be able to make decisions that impact public health.

Triagers who communicate well throughout the reports, address CVSS concerns, and respond with understanding and kindness really make a difference :)

I’m well respected in the bug community, but unfortunately bugs don’t live very long so in a month or two I’ll have to earn the bug community’s respect again

i bet the cat doesn’t know about AWS and the horrors of a terraform lock being inaccessible

There's ALWAYS a bug. Always. The app that everyone & their mom uses? The one that's owned by Megacorp X/Y/Z/whatever? Littered with bugs. The app being developed by engineers making $500k+/yr? Crawling with bugs. The app that's been through 30 pentests? Bugs. Go find them.

i mean it's a great therapeutic experience

Over the next year Cloudflare will make nearly every feature we offer available to any customer who wants to buy and use it. cfl.re/4mzwgr1 #BirthdayWeek