Jester
@Jester0x01
Followers
1K
Following
15K
Media
441
Statuses
3K
To my rabbit, whom I follow.
Joined October 2019
We're launching the OpenAI Bug Bounty Program — earn cash awards for finding & responsibly reporting security vulnerabilities.
openai.com
This initiative is essential to our commitment to develop safe and advanced AI. As we create technology and services that are secure, reliable, and trustworthy, we need your help.
612
1K
5K
Introducing the Living Off The Land Drivers (LOLDrivers) project, a crucial resource that consolidates vulnerable and malicious drivers in one place to streamline research and analysis. https://t.co/jf0t0DyAx1 LOLDrivers enhances awareness of driver-related security risks and
loldrivers.io
24
581
1K
it turned out nobody knew what the heck was going on inside their computer, so i spent several months using the power of Software to find out: https://t.co/Mm0r58oAsh
community.atlassian.com
We're publishing a new tool to diff virtual machine snapshots and view the diffs in-browser. It lets you see every file and process that’s changed between two points in time, and lets us finally...
26
113
673
Probably the best thing you'll see today. In 2017, a group of developers hilariously competed for who could create worst volume control interface in the world. The results 🧵 1/22
1K
42K
169K
Cascade of duty: Modern web. A 3D shooter written in just HTML/CSS absolutely no JavaScript! https://t.co/Xj7hZGArFc
11
22
138
Tbh, I have never tried or found these issues. So, I don't know validity of it. I don't even how know this works behind the scene. But these issues sound to me exactly like "Disable the js and you can access the html loaded content that have client-side js protection on it"
0
0
1
There is no such thing as an "auth bypass by editing http RESPONSE". The only thing you might do is tricking the client UI to think you are authenticated. This could lead to easy identification of completely missing auth on endpoints, but you didn't bypass auth.
1
0
2
Introducing AIx, A simple CLI tool for interacting with Large Language Models (LLM) APIs! With AIx, you can easily query OpenAI's LLM APIs to ask about anything and get the answers straight to your CLI. GitHub Project - https://t.co/XGGgzTPbEo
#AI #LLM #CLI #OpenAI #Opensource
6
54
189
Hey everyone, I am graduating this May, and I am looking for #AppSec opportunities. If you are hiring, more than happy to interview :)
0
1
1
We offer no explanation as to why [anything works except] divine benevolence.
242
311
3K
Even though JMX exploitation is well understood, @mwulftange and @qtc_de found new universal exploitation techniques & one of them allows to gain instant Remote Code Execution using TemplatesImpl (which is now implemented in #beanshooter)
codewhitesec.blogspot.com
0
75
169
You can stop wayback archive from scraping your website if you add "Ia_archiver" in your /robots.txt. 🙄
2
29
136
A quick writeup on how I was able to exploit Fortinet's heap overflow (CVE-2022-42475) :
1
76
187
here is GPT-4, our most capable and aligned model yet. it is available today in our API (with a waitlist) and in ChatGPT+. https://t.co/2ZFC36xqAJ it is still flawed, still limited, and it still seems more impressive on first use than it does after you spend more time with it.
openai.com
We’ve created GPT-4, the latest milestone in OpenAI’s effort in scaling up deep learning. GPT-4 is a large multimodal model (accepting image and text inputs, emitting text outputs) that, while less...
974
4K
20K
After consulting with Hackerone support, I found out traigers can hack on their company's bb program if the customer company allows it. I am not sure if company gave permission to that employee but one thing I am sure is, these cases are not extremely rare.
0
0
1
FUN FACT: Last year I saw a company triager (not Hackerone's) who was also hacking on same bb program. He commented on my every bug report as a triager but he was also no. 1 in leaderboard of that bb program with huge point difference.
@CoreyD97 Side question, can a triager report bugs in the same programme or it’s forbidden for some time after? I think if a reporter knows that the triager has no interest but also can earn more points/money by accepting an actual issue then they would feel much better.
1
0
0