We found a way to access Max Verstappen's passport, driver's license, and personal information. Along with every other @Formula1 driver's sensitive data.

It took us 10 minutes using one simple security flaw 🧵 Together with @samwcyo and @iangcarroll - all 3 of us being avid Formula1 Fans, we were looking at the security of the whole ecosystem.

That's how we stumbled upon a severe vulnerability in a critical portal managed by the @fia, that was reported and fixed in <24 hours.

I hacked a popular vibe coding platform with a simple, straight-forward logic flaw - allowing access to private applications . Here’s how I did it 🧵 As Vibe Coding Platforms are on the rise, I was intrigued with the question on how secure they really are, targeting @base_44 which was recently acquired by @Wix allowed me to access private applications of enterprises trusting their platform.

Critical vulnerabilities doesn't have to be complex or have a CVE - @deepseek_ai publicly exposed their internal ClickHouse database to the world, without any authentication at all, and leaked sensitive data.

No one is safe from security mistakes, follow along to learn more 🧵 @deepseek_ai @wiz_io When facing the task of discovering vulnerabilities on a specific company, the first step is to identify the externally facing attack surface, and later exploiting potential vulnerabilities - in this case, the 2 steps combined all together.

It all starts with DNS Discovery!

I've earned more than 5-figure bounties from sensitive links, sent via email, that were leaked without any user interaction. Surprisingly, the leaks came from the very security vendors that were supposed to protect the victims.

Curious how this happens? 👇

#BugBounty Major organizations globally use various tools to enhance their email security.

Two common approaches are passive and active detection of potential malware within incoming emails.

The team at @OpenAI just fixed a critical account takeover vulnerability I reported few hours ago affecting #ChatGPT.

It was possible to takeover someone's account, view their chat history, and access their billing information without them ever realizing it.

Breakdown below 👇 @OpenAI The vulnerability was "Web Cache Deception" and I'll explain in details how I managed to bypass the protections in place on chat.openai.com.

It's important to note that the issue is fixed, and I received a "Kudos" email from @OpenAI's team for my responsible disclosure.

Recently, I faced numerous challenges where I needed to bypass limited SSRF or overcome regex mitigations to increase impact and make a case for a report.

Spinning up a server to host a redirection header is time consuming and not-so-fun to do.

There's an easy alternative 🧵 While exploring some options online I've came across replit.com, their product offers a pretty easy way to just spin up a server with whatever technologies you'd like, and control the files and source code of your application.

#NotSponsored

In this thread i'll provide alternatives to overpaid BB stuff offered on twitter.

1. Sign up to digitalocean.com (not through my referral link - choose any you want just for 100$ budget)

2. Select the 48$/month box

3. Enjoy 2 month of strong VPS

1/n
#bugbountytips

https://twitter.com/theXSSrat/status/1399365482038312966

Should you buy a "Comprehensive Bug Bounty course"? There are definitely some good courses out there.
that said I wouldn't get any course from a personal without a clear proof on BB/PWN reputation.
and if you want to start and do it the right way, jump on this book as a start.