Here’s our Apple RCE writeup!

RT @pdiscoveryio: Day 1 of launch week! We've completely rebuilt exposure discovery and asset management for the modern web. Here's what'…

Analysing everything through a logic pov can make even simple decisions feel overwhelming. Some experiences, especially emotions, don’t always need to be understood. If you try to break down every feeling into cause and effect, you might lose the essence of simply experiencing. At the same time, logic is very curicual, it helps you make informed decisions and minimise risks. But there should be a balance. If you overuse it, you risk disconnecting from spontaneity, emotions, and the flow of relationships (although you might find genuine connections if you stay to your core). I think it is very important sometimes to let things be, to feel without questioning why. It’s like music, if you analyze every note and chord, you might understand it better, but you might also miss the feeling it was made for.

@0xcharan @S1r1u5_ @ZeptoNow Lmao

@infosec_au @mgianarakis Comgrats!!

@RenwaX23 @S1r1u5_ Hence: @S1r1u5_ is average joe! /s

RT @artsploit: Last year, I committed to uncovering critical vulnerabilities in Maven repositories. Now it’s time to share the findings: RC…

@artsploit Really cool stuff!

OTT(s) are scam of the decade.

@samm0uda @Meta @phwd_ @JosipFranjkovic @vulnano Congrats! Amazing milestone!

@thespandsoub Woah! Surreal!

Shower thought - Pattern recognition definitely helps in web hacking. Or generally in everything but I think most of findings comes down to understanding certain patterns.

Missed flight for the first time (Not my proudest moment).

Toughest chores: Ironing and then folding.

AI is coming! (We are cooked!)

RT @infosec_au: We discovered a pre-authentication RCE vulnerability in Craft CMS caused by an obscure PHP foot gun (CVE-2024-56145), appro…

RT @S1r1u5_: Imagine opening a Discord message and suddenly your computer is hacked. We discovered a bug that made this possible and earne…

@SecretlyHidden1 @nullcon @GoogleVRP Not sure yet. Ill let you know. Good luck tho :D looking forward to it.

Agreed, and to be fair, I did receive compensation. My perspective on this: - Open source project: Once a fix is released on Git, anyone can analyze the changes and publish a PoC, irrespective of any agreements with the original finder. The impact remains the same - the bug gets disclosed. - Also, A 90-day disclosure window starting from the "fix" date doesn't make sense. If the fix takes 30+ days, that shouldn't push back my ability to share my findings. - I wasn't specifically looking for issues in the project. I discovered a vulnerability in a library that happened to affect the project, so I reported it via HackerOne as part of being responsible. The terms applied as a result. (I wish I had reported it off the platform seriously, the rush to just send the bug in got me.)

Open source project: “You must wait 90 days after the fix is released before publicly disclosing any information about the vulnerability, your research methods, or how it may be exploited”