HackerOnTwoWheels
@HackerOn2Wheels
Followers
11K
Following
8K
Media
284
Statuses
3K
I hack things and ride motorcycles. Co-Founder of Talaria Security Labs and UGWST. OSCP | OSCE | OSWE | eWPT | RTO 🇧🇷🇺🇲🇯🇵🇪🇸 Jesus is Lord.
Internet
Joined September 2011
These @immunefi profiles look actually pretty sick! 🔥.
immunefi.com
Profile of UGWST_COM on Immunefi
1
3
34
RT @watchtowrcyber: It’s Friday, and we’re back - completing our 2 part series detailing the vulnerabilities we discovered in the Sitecore….
labs.watchtowr.com
What is the main purpose of a Content Management System (CMS)? We have to accept that when we ask such existential and philosophical questions, we’re also admitting that we have no idea and that...
0
33
0
Blazing-fast image creation – using just your voice. Try Grok Imagine.
262
493
3K
RT @696e746c6f6c: Jokes aside about Microsoft using AI slop here last night what's impressing is how they popped a….
0
7
0
RT @silentgh00st: #bugbountytip .Quick tip and script : ✅️. If you are hunting or scanning a WordPress instance, don't forget to look for e….
0
112
0
RT @ElS1carius: Let's speak about real bugs. This one was found this year on a huge public program on @Bugcrowd with @Kuromatae666. TL;DR….
secarius.fr
A nice bug caused by a wrong Microsoft SSO implementation.
0
25
0
RT @ehsayaan: A recent SSRF in a PDF generator 👇. The server converted my supplied HTML into PDF, so I dropped in a <meta http-equiv="refre….
0
38
0
RT @ElS1carius: I wrote a (very) short article on how I found a Remote Code Execution, seconds after it got mistakenly deployed by the deve….
secarius.fr
A detailed blog on how I found an RCE seconds after its publication using profundis.io's alerting feature.
0
12
0
RT @j_domeracki: @GoogleVRP disclosed my most impactful client-side report to date:. TL;DR An attacker could've gai….
bughunters.google.com
Found a security vulnerability? Discover our forms for reporting security issues to Google: for the standard VRP, Google Play, and Play Data Abuse.
0
33
0
RT @albinowax: This is some really nice research! It's definitely worth trying these techniques against cryptocurrency extensions! https://….
marektoth.com
I described a new attack technique that I used against 11 password managers. The result was that stored data of tens of millions of users could be at risk.
0
53
0
RT @j_zere: Just published my first blog post "Cache Deception + CSPT: Turning Non Impactful Findings into Account Takeover". You can read….
zere.es
Recently, while auditing the main application of a private bug bounty program, I discovered a Client-Side Path Traversal (CSPT) and a Cache Deception vulnerability. Individually, these issues were...
0
107
0
RT @albinowax: Ever seen two responses to one request? That's just pipelining. or is it? I've just published "Beware the false false-posi….
0
34
0
RT @Doyensec: 📖Read about a real-world C# #cryptography vulnerability we've discovered in the wild in our latest blog post! No math require….
0
8
0
🤣🤣🤣🤣.
It's leaking nerds driver licenses too. DAWG LOL STOP VIBE CODING
0
0
0
Anyone gotten CAI setup and working?.
Xbow raised $117M to build AI hacker agents, in @AliasRobotics open-sourced it and made it completely free. Github: Paper:
7
0
28
Please undisclose this for the mental health of anyone who has to triage bb reports. 🤣.
3
2
64
RT @samwcyo: Revisiting this before playing the Battlefield 6 beta tonight. Really great blog about hacking a reverse proxy.
0
7
0
RT @0xzak: 🚨 UPDATE: Full Post-Mortem On Cursor Security Incident. In yesterday’s thread I explained how I got drained after installing a m….
0
251
0
RT @elder_plinius: 🌊 SYSTEM PROMPT LEAK 🌊. Here's the new and improved ChatGPT 5 system prompt! 🤗. PROMPT:.""".system_message:.role: system….
0
166
0