39 Photos and videos
Faav retweeted
"brutecat is super talented", "luckily I'm not oncall ;)", "incredible"
These are all real quotes from Googlers after seeing this blog post. Amazing work @brutecat, thank you for sharing!
Hacking Google with A.I. for $500,000
brutecat.com/r/hacking-googl…
2
25
550
33,358
Faav retweeted
Jun 12
I wrote a short article about my research on Chromium, it's not too technical, but still relevant. I hope you guys like it. I plan to release the technical article in a few weeks (or days).
davi-1337.github.io/posts/ou…
8
12
81
5,753
Faav retweeted
$600k in ONLY 6 MONTHS? Let's chat more about @brutecat's journey hacking one of the most hardened companies in the world!
youtu.be/xZe7bBC17TM
19
127
12,413
Hacking Google with A.I. for $500,000
brutecat.com/r/hacking-googl…
59
501
2,458
323,096
Faav retweeted
Not even Google is safe from RCEs, and we brought @brutecat on the pod to talk about his hacking journey on Google!
youtu.be/ZpEeWsqPy6g
1
12
95
10,319
New short article on a real-world exploitation case rather than pure research, demonstrating how a specific mistake in Next.js can lead to a systematic zero-click SXSS on its latest versions (w/@inzo____):
Re:CACHE - Excessive reflection, type confusion, and 0-click SXSS on Next.js
zhero-web-sec.github.io/rese…
6
67
355
19,796
Faav retweeted
Jun 2
Yay, I was awarded a $143,000 bounty on @Hacker0x01! hackerone.com/njcve #TogetherWeHitHarder
It was worth waiting for ;)
114
51
1,161
109,332
RT @Hacker0x01: A 100% surge in submissions changed how we think about triage. We're rolling out new changes, including TriageOne Smart Ro…
6
Faav retweeted
As promised, here is paper part 2 of 2 attacking Azure Front Door issues for various bugs.
Smuggling Through the Front Door... Achieving 0-Click XSS with Cache Poisoning
malicious.group/smuggling-th…
1
16
52
3,497
Faav retweeted
Azure post 1 of 2 is live now, covering traffic hijacking via Smuggle Caching. Post 2 will focus on a Azure Front Door 0-click XSS that worked on HTTP/1.x and HTTP/2.
Smuggling Through the Front Door... Achieving Global Redirect Poisoning at the Edge
malicious.group/smuggling-th…
8
19
113
5,966
. @brutecat posts some of the most high quality interesting blog posts in bug bounty imo brutecat.com/articles/
8
40
1,411
Faav retweeted
May 26
Here we go. my DEF CON CTF writeup, a little different from the others. Also, thanks to Pwn de Queijo for letting me play with you guys.
davi1337.gitbook.io/public/d…
12
95
8,265
Faav retweeted
May 25
Faav is a beastttttt. Keep going bro!!
Been grinding out on HackerOne and I beat @rez0__ somehow, not sure how long this'll last though... 😅 (USA Leaderboard)
1
83
5,974
StubZero: $148,337 RCE in Google Cloud Production
brutecat.com/articles/google…
16
174
759
84,929
Faav retweeted
May 22
Adam (@hash_kitten) posted the solution for the XSS challenge he made earlier in the week on our Searchlight Cyber blog here: slcyber.io/research-center/t… - pretty interesting behaviour in Chrome's sanitizer API!
May 22
Thanks everyone for playing! I talk about the solution here, as well as how I discovered this behavior while looking into the Chrome Sanitizer API: slcyber.io/research-center/t…
7
99
11,746
A few months ago I found an SSTI on a large media company's bug bounty program. I got duped on the original report by four minutes, but came back a few months later and found a bypass that ended up being writeup worthy.
phsi.se/posts/chaining-razor…
5
15
140
6,814