usmann
@usmannk
Followers
2K
Following
4K
Media
63
Statuses
1K
Apple hates its (developer) customers so much. No good examples, no good docs. Every reference you need is buried inside a WWDC video from 5 years ago. Of course SDK source is unavailable.
1
0
4
wish someone would make a SWE AI for iOS apps specifically. writing software for apple devices is mindbogglingly difficult. it was literally easier to create Android apps in 2012 using Eclipse IDE than it is to make an iOS app in Swift (or its piece of shit cousin SwiftUI) today.
4
0
8
to be clear i think they should notify their users, i wish they would, and i think they might even be legally required to lol. but what am i gonna do, sue them? i dont want to get in a fight with any well funded company.
0
0
7
users have no clue how vulnerable many apps are. I once reported to a somewhat prominent dating app that every user's DMs were exposed along with their lat/long email phone # etc. Took them many months to fix. Once it's fixed it's not really worth it for they or me to publicize.
This is why you don't roll your own security, even for an MVP. Security researcher investigates app that only has magic sign-in, and immediately finds that instead of checking the OTP server-side, they send it as a response to the client request. Allows to take over ANY
1
0
18
RT @WhiteHatMage: Last week I reported a Critical bug to @Scroll_ZKP via @immunefi. Massive shoutout to the team for their exceptional com….
0
23
0
your AI auditor, and everyone else's, is a marketing scam.
🚨Our AI Auditor just ranked 18th out of 461 in a @sherlockdefi audit contest. Outperforming hundreds of human auditors, and this is just the beginning. ✅ Accepted finding: "Lack of Access Control on Reward Notification". Filed. Flagged. Fixed. Secure your smart contracts
2
3
65
it does this by adding chatgpt to its LSApplicationQueriesSchemes and calling canOpenURL
0
0
2
related to this, you might not know that every time you open the @grok app it checks if you have @ChatGPTapp installed and sends that info back to its servers
Since the app exploiting it was leaked, I’m leaking the function they used. Don’t know if it’s exploitable on latest or not.
1
3
12
this was written for traders but it applies to SRs just as much.
As a logical thinker, until you get data points on the board to plot out and see a trajectory for yourself, it’s hard not to have the imposter’s syndrome. Up until the point that you prove to yourself that you’re on the right track, you kinda have to be delusional by default.
0
2
25
RT @WhiteHatMage: The toughest part of finding a bug on a blockchain client is getting it to run.
0
3
0
Adding to the pile with an alpha leak. There are bugs I’ve held on to for years now. They dont pose any issues, and I consider them as “load-bearing lows”. Parts of a codebase long forgotten that dont work as expected, and could become exploitable at a moment’s notice.
My best bug so far took me over 2 years. During that time I came back to work on it many times, each time spending loads of time on it, and I was able to successfully exploit it only recently. It was still worth it by far. Persistence and patience is key for bug bounty.
0
0
23
RT @xyz_remedy: Another titan enters the arena. Huge thanks to @usmannk for joining The Remedy CTF 2025 (jan 24-26). Hope you’re not scar….
0
2
0
this whole saga sucks. my entire career in crypto was sprung off of opportunities I found via @WeekInEthNews. sad to see it go like this.
To all the BD people sliding into my DMs asking if I'll give them @WeekInEthNews for free: lol, no 🤣🤣🤣. It's not like I don't think I could get funding for it. I'm sure I could beg and scrape together enough money if I wanted to, including from EF (though EF is notoriously.
1
2
36
🫡
2024 was HUGE for Immunefi and our community of rockstar security researchers. 🔥 $23M paid out this year.🚨 1,700+ vulnerabilities found.💰 600+ Criticals & Highs. SRs leveled up, broke records, and boosted onchain security like never before. Watch the recap 👇. #Immunefi2024
26
15
345
1.5m in rewards*. * advertised reward pool available only if you compromise the entire mainnet TVL 5 times over.
The Education Period of the Ethereum protocol Attackathon has officially begun! 🚨. With up to $1.5m in rewards available, you’ll want to use the next four weeks to dive deep into Ethereum’s codebase and get ready to hunt before the Attackathon officially starts. 👉Visit the
1
1
18