Shlomie Liberow
@Shlibness
Followers
3K
Following
886
Media
396
Statuses
1K
Head of Hacker R&D @Hacker0x01. Lover of 4AM shell battles. All things hacking!
London
Joined June 2009
Visit --> SSO.Visit gt; login.Reviews Javascript -->.if (data == 'SUCCESS') {.location.href = "/admin/<snipped>?uname="+username+"";.}.Visit: lt;snipped>?uname=admin. Admin Access. #bugbountytips.
target.com
Shop Target online and in-store for everything from groceries and essentials to clothing and electronics. Choose contactless pickup or delivery today.
2
84
262
Hyped!!.
Don't miss "Securing Intelligence: How hackers are breaking modern AI systems … and how bug bounty programs can keep up" by @DaneSherrets & Shlomie Liberow (@shlibness) on Friday, August 8 at 02:00 PM on Creator Stage 4. Read more at #BugBounty #DEFCON
0
0
8
🔥Get signing up. It's a neat curation!.
I've been working on something behind the scenes for the past couple of months, and I'm finally ready to share it. Disclosed. A curated newsletter about the bug bounty world. Over the last four weeks, I've been quietly publishing weekly issues and.
0
0
3
Legendary work from @Arl_rose.
The @hacker0x01 ambassador World Cup comes to an end. After 1 year, 42 teams, 766 hackers, and 6 rounds (including two in person), we conclude what to me is a passion project I always envisioned and I'm very happy to make a reality. Thanks to everyone who made it possible.
1
0
6
Such a joy talking comprehensive asset discovery! Meeting the amass creator felt full circle - that tool's power to reveal overlooked and obscure subdomains is what kicked off my asset reconnaissance obsession years back and I've never looked back.
I enjoyed my last evening in London last week exchanging ideas with @Shlibness, the Head of R&D for @Hacker0x01, in the areas of asset discovery on the #internet, #attacksurface intelligence, the future of vuln management, vendor risk management, etc.
0
1
12
Looks like has been operating since February, gouging an extra £4 from circa 83,000 travelers by charging £10 for Heathrow's actual £6 drop-off fee. Just casual predatory behaviour that I suppose isn't illegal.
1
1
3
RT @0xLupin: For the past few months I've been talking a lot of Software Supply Chain security and Depi . Depi is SaaS platform aimed to….
0
27
0
RT @0xLupin: We just released a new article on how we made 50,000$ in #BugBounty by doing a really cool Software Supply Chain Attack🔥. 🔗Lin….
0
117
0
Working on exploiting a SSRF where the service is using axios. Looking at GH issues shows a PR that would have been perfect, allowing for local file read Reviewing the profile of this "helpful" PR [that was never merged] shows some suspicious biases 😂
1
0
25
Key Learnings:. - Deleted secrets live forever in Git history. - The biggest risks aren’t always cutting-edge—they’re often basics.- Much of Web3 often runs on Web2 infra - with cryptocurrency sprinkled on top. 👉 For the full details, see
shlomie.uk
How we discovered critical vulnerabilities in a $4.6B AI-driven cryptocurrency platform through a simple GitHub token leak.
0
0
9
We responsibly disclosed the issue to Virtuals, who revoked the tokens and awarded us a $10K bounty. This incident highlights a broader trend: even the most cutting edge platforms can be undone by the simplest security oversights.
1
0
4
This access would allow an attacker to do some serious damage:. - Manipulated how AI agents think and act. - Forced agents to promote scams to millions. - Wipe or corrupt the critical data these agents depend on.
1
0
3
While digging into Virtuals, we uncovered something unexpected. What looked like a simple token would eventually lead us to something much bigger - access that could reshape how these AI agents think and act.
1
0
4
First, what is Virtuals? . It’s like an App Store for AI agents—autonomous AI that have the ability to take actions without human input. One such AI agent, @aixbt_agent, has 386K followers, 83% prediction accuracy and a $641M market cap . Wild, right? 🤯.
1
0
3
🚨 Last month @DaneSherrets and I hacked @virtuals_io, a $4.6B platform for deploying AI agents and their associated cryptocurrency earning a $10,000 bounty. Here’s how we uncovered a major vulnerability that could’ve rewritten how these agents think and behave. 🧵👇.
5
10
86
/ remind me in 34 years.
The EU is committing to build a $11.13 billion constellation of satellites that will provide the bloc with encrypted global internet connectivity in a bid to provide a homegrown alternative to Elon Musk’s Starlink
0
0
2
Getting an early night sleep because openai is down. Our overlords are merciful at times
1
0
6
Always a joy collaborating with @Jayesh25_ and digging in deep.
🚨 Yay, we were rewarded with $20,000 on our.@Hacker0x01 submission for a SSRF bug discovered in collaboration with @Shlibness! 💰🎉. 🥳 We uncovered a Critical SSRF vulnerability, turning it into unauthorized access to internal admin endpoints, leading to PII leaks and
4
1
207
When you build a web crawler and it finds a very short root to the the FBI
1
0
7
Took the plunge and started blogging about bug bounties - my first post is live!. AI can be a powerful tool for bug hunting at speed when combined with human intuition. Feedback most welcome!.
9
25
119
RT @RachelMoiselle: Here is one of the pogromists. He explicitly says he is going on a Jew hunt and curses the Jews. Jews. Not ‘Maccabi….
0
579
0