I gained complete access to @moltbook's database -The AI Agents Social Network - in under 3 minutes.

API keys of every agent. Over 25k email addresses. Private agent-to-agent DMs, and full write access.

Simply by browsing like a normal user.

Here's what happened 🧵

@moltbook The mega weekend hype about the platform got me curious to see how it worked, especially the following tweets from @karpathy and others calling it "genuinely the most incredible sci-fi takeoff-adjacent thing"

https://x.com/karpathy/status/2017296988589723767?s=20

@moltbook @karpathy I set up @openclaw via telegram, signed up to @moltbook and already got super scared that my agent will post my keys over the platform - so I just took the API Keys from the credentials file on the machine and deleted my agent machine to experiment further

Introducing my Bug Bounty Masterclass. 100% free.

I've made $2,000,000+ finding security bugs. I spent the last year turning my methodology into a complete blueprint.

4 hours of video - foundations, reconnaissance, web proxies, hands-on challenges, and certification.

Finish it in a weekend and start hacking real-world applications 🐞

Excited to see what bugs you all are going to find!

wiz.io/bug-bounty-mas…

The course is split to 5 main chapters that could guide anyone from 0 to finding their first bug, 100% guaranteed! especially if you augment yourself with Agents like @claudeai Claude code :)

We found a way to access Max Verstappen's passport, driver's license, and personal information. Along with every other @Formula1 driver's sensitive data.

It took us 10 minutes using one simple security flaw 🧵

Together with @samwcyo and @iangcarroll - all 3 of us being avid Formula1 Fans, we were looking at the security of the whole ecosystem.

That's how we stumbled upon a severe vulnerability in a critical portal managed by the @fia, that was reported and fixed in <24 hours.

To race in F1, drivers need an FIA Super Licence - the golden ticket of motorsport.

The @fia (@F1 1's governing body) also categorizes drivers as Bronze/Silver/Gold/Platinum for other racing events.
This is managed through a web portal - driverscategorisation.fia.com

I hacked a popular vibe coding platform with a simple, straight-forward logic flaw - allowing access to private applications . Here’s how I did it 🧵

As Vibe Coding Platforms are on the rise, I was intrigued with the question on how secure they really are, targeting @base_44 which was recently acquired by @Wix allowed me to access private applications of enterprises trusting their platform.

The external attack surface of the Vibe Coding platform is relatively small, we basically have:

1. The marketing website - base44.com
2. The main application - app.base44.com
3. The public docs - docs.base44.com

So I didn't expect to find much from an unauthenticated perspective...

Critical vulnerabilities doesn't have to be complex or have a CVE - @deepseek_ai publicly exposed their internal ClickHouse database to the world, without any authentication at all, and leaked sensitive data.

No one is safe from security mistakes, follow along to learn more 🧵

@deepseek_ai @wiz_io When facing the task of discovering vulnerabilities on a specific company, the first step is to identify the externally facing attack surface, and later exploiting potential vulnerabilities - in this case, the 2 steps combined all together.

It all starts with DNS Discovery!

Taking our target root domain (for Bug Bounty / Responsible Disclosure) such as deepseek[.]com, we will want to feed it into DNS Discovery tools, those divide to 2 main workflows - Passive & Active.

In the passive sense, we want to query public DNS datasets all over the internet and collect known subdomains of our target, the best way to do that is using a tool such as subfinder by @pdiscoveryio

In the active sense, we will collect public wordlists with hundreds of thousands of domain names, and will try to fuzz and "guess" additional valid domains under our target - deepseek[.]com, such as "admin.deepseek[.].com" etc,etc...

For this task, a tool I recommend is Puredns github.com/d3mondev/pured…

Which is simply run by the following command:

Additionally, there are more techniques such as permutation (adding dev-admin.deepseek[.]com for example) but we will leave it like that.

The goal of this phase is to collect a list of valid subdomains, and save them all in a single place.

Valid subdomain in our sense - a DNS record that has an IP Address or points to another asset.

I've earned more than 5-figure bounties from sensitive links, sent via email, that were leaked without any user interaction. Surprisingly, the leaks came from the very security vendors that were supposed to protect the victims.

Curious how this happens? 👇

#BugBounty

Major organizations globally use various tools to enhance their email security.

Two common approaches are passive and active detection of potential malware within incoming emails.

One popular tool for "sandboxed" evaluation of a link's legitimacy is .

Security vendors around the world use it, often under the hood within their own very expensive products. urlscan.io