Go hack this. It's cool, and leading up to something cooler.

Imagine Being so Good That Bugs FIND YOU

RVAsec Deep Dive kicking off! React DOM XSS Hand-on Lab with @7urb01

CVE-2025-55315, a 9.9 HTTP smuggling vulnerability in dotnet Kestrel webserver disclosed this week, caught my attention this morning due to lack of information, so I put together a very limited analysis of it. https://t.co/9y5CH2qezK More to be done here for those interested!

Had enough people reaching out around the React createElement XSS stuff that I decided to throw up a blog post. Nothing really new added here from the original presentations, just gives some of it somewhere more accessible to live longer term.

Episode 141 is out! - https://t.co/4e85kJpTa1 In this episode, Justin sits down with Nick Copi to talk about CSPT, React, CSS Injections and how Nick hacked the pod. Hope you enjoy it!

So excited for today’s @Hacker0x01 ambassador event in Miami! These guys have been killing it over the past 2 weeks popping crits all over the place. Today we’re going to bring it home!

👀

Don't miss "From Component to Compromised: XSS via React createElement" by Nick Copi (@7urb01) on Saturday, August 9 at 12:00 PM inside the Village. Read more at https://t.co/e3glU8gWAU #BugBounty #DEFCON33

RVAsec 2025 Video: Nick Copi: Following The JSON Path: A Road Paved in RCE #Cyber #Security #Conference #Video #RVA #RVAsec

We’re excited to announce that Nick Copi (@7urb01) will be speaking at the Bug Bounty Village at DEF CON 33! Stay tuned for more details on their talk, you won’t want to miss it. #BugBounty #DEFCON #BBV #BugBountyVillage

Every time I consume anything @spaceraccoonsec puts out, it resonates with me greatly, and his vision always impresses me. Very excited to have received his new book from a giveaway drawing thanks to @ctbbpodcast!

While developing XBOW over the past three months, we played around with using it for bug bounties and ended up at #11 in the US on HackerOne: