gr3pme
@gr3pme
Followers
2K
Following
3K
Media
14
Statuses
316
Cohost @ctbbpodcast || Bug Bounty Hunter || OSWE, OSCP
Joined January 2019
First full squad episode = one of the most fun to date. Our Halloween special is live ๐๐
Justin got FIRED?! - https://t.co/HiRpD5eG9z In ep. 146, the boys sit down to celebrate the spooky season by telling us their scariest hacking stories. Grab your flashlight, a blanket and come listen to what happens when hacking goes a little too far! ๐ป
1
0
12
Been a while since I wrote a blog post, so here is a funny one about how I was able to leak more than 5M user PII data using a really simple trick :) Enjoy! https://t.co/XktgYX2XwB
#BugBounty
hacktus.tech
When I start looking at a target in finance, medical, etc, I always go for the most valuable data. In this case, on a major application we'll call "Redacted Corp," that meant file uploads. Invoices,...
12
46
272
@cametome006 @albinowax, following on from your CTB episode - perhaps frameworks like this could help you spin up labs in a fairly painless way?
0
0
3
Havenโt tested it yet, but love the idea: a frictionless way to spin up a lab from research you've read or your own notes. Even cooler - it grew out of a podcast episode. Nice work, @cametome006.
Built LabGenie: a multi-agent framework that automatically converts security write-ups into hands-on labs. We're drowning in amazing vulnerability write-ups, but have no easy way to practice them in their original context. Blog:
2
0
7
Super nice behaviour here - nice work @castilho101
I found out that you can use "ftp::" to convert a limited Dom Clobering situation into a full CSPT. Then, while talking about it with @LooseSecurity, he found that we can also use "https::" This can be used to prevent URL parsing of href, allowing us to hit other endpoints
0
0
24
The creator of HackerNotes @gr3pme showed us his note taking methodology this week. Really cool and useful insights on how he approaches his note taking and how it helps him! You can find the templates in episode 145's HackerNotes: https://t.co/JylAVzXRQC
0
32
187
HackerNotes TLDR for episode 145! โ https://t.co/JylAVzYpGa โบโ Syntax Confusion: Two or more components in a system may interpret the same input differently due to ambiguous or inconsistent syntax rules. Learn more in @yeswehack's new blog: The Minefield Between Syntaxes:
blog.criticalthinkingpodcast.io
A 'by Hackers for Hackers' podcast focused on technical bug bounty content.
0
5
46
Iโve had a lot of questions since Iโve started hunting on how I threat model and note take for longer term success on a target. In this EP, Iโve shared how alongside the templates I use for targets. I hope yโall find it useful!
New Episode is Out! - https://t.co/U89DFxkxIm In episode 145, @gr3pme lets us in on some of his notetaking tips, including his templates, threat modelling, and ways he uses notes to help with collaboration.
0
1
25
New Episode is Out! - https://t.co/U89DFxkxIm In episode 145, @gr3pme lets us in on some of his notetaking tips, including his templates, threat modelling, and ways he uses notes to help with collaboration.
0
11
78
Just letting yall know that now we have a dedicated "writeups" tab on our research page! - https://t.co/2xC3e5bVZC If you want to publish our first writeup, check the link right above "Latest Content".
lab.ctbb.show
A โby Hackers for Hackersโ podcast focused on technical content ranging from bug bounty tips, to write-up explanations, to the latest exploitation techniques.
0
8
75
Its official! Iโm now a cohost on @ctbbpodcast. Super happy to be able to continue contributing to the pod and the community alongside my pals @Rhynorater and @rez0__ ! Thanks yaโll for the support!
14
2
122
Some really nice content dropped on @ctbbpodcast research. Much more to come.
3 new posts just dropped on our Research Page! - Hamid wrote about libmagic inconsistencies and how they lead to type confusion in file uploads - @J0R1AN dropped 2 new cool HTML-related tricks Check them out:
0
0
6
New Episode is Out! - https://t.co/vr0bGZYA3H In episode 142: - @rez0__ and @gr3pme join forces to discuss Websocket research, Metaโs $111750 Bug, PROMISQROUTE, and the opportunities afforded by going full time in Bug Bounty.
2
4
71
Super excited to announce @gr3pme as the hacker on stage w. @Bugcrowd at @awscloud Hacker show in London next month (spots available: https://t.co/N1nkZ3eDEU) You can catch half min of Brandyn on ITV's GMB show๐. And watch this space for the customer announcement in due course!
2
3
10
After trying for 4 years, I was _finally_ awarded the H1-Elite award by @Hacker0x01 ! Thank you to all the hackers I've worked with along the way!!!
30
5
214
Amazing episode with @PortSwiggerRes's @albinowax. Back when I started the pod in 2023, I envisioned episodes just like this. High signal, technical, depthful. If you're gonna catch any episode of CTBB, this would be a good one: https://t.co/3xcwRrw7Ha
2
21
138
x has been fire this week for tips. Thank you @J0R1AN ๐
Small tip for the JavaScript reverse engineers out there, Chrome has a `debug()` function which triggers a breakpoint whenever its first argument is called. It even works on built-in methods, no more wrapping stuff in proxies :D debug(DOMParser.prototype.parseFromString)
0
1
18