De meeste van mijn nieuwe volgers van pakweg afgelopen jaar komen wel uit die hoek. Gekke is - ze hebben altijd accounts die al heel lang bestonden. Zouden ze slapende accounts hebben overgenomen met een AI-hackbot die dan meteen het profiel wijzigt en mensen gaat volgen?

Been waiting almost 4 years for a mediation ticket from @Hacker0x01 This is crazy.... The triager said "We're waiting on the vendor" and marked the ticket as "Needs more info" instead of "Waiting on Vendor". This caused Hackbot to close 12 tickets as NA after 30 days of waiting... I would've been top 50 for the season unti the 12 NA reports hit back in 2022. Totally unacceptable!

hiding this program from @rez0__ hackbot

Deepseek wired into claude code or claude code with opus 4.7 or 4.8 for security research? Not a hackbot but more of a protcol research assistant anyone have thoughts on this? #bugbounty

recentemente tenho criado vários skillsets para agentes especialistas em diferentes tipos de vulnerabilidade pro meu hackbot. vou compartilhando aos poucos alguns deles com vocês. o primeiro eh o de http request smuggling. eles foram feitos pra servir pro meu harness, então talvez não seja o ideal pra todos, mas segue o link: github.com/0xPira/SSKills

Fico muito curioso sobre o harnesss que outros pesquisadores usam pra segurança ofensiva se vc tem algo parecido tipo um hackbot me manda msg, vamos trocar conhecimento!!

não ficamos 100% dependentes de AI mas usamos em todos os desafios. deve ter gente que optou não usar, mas com certeza tentamos em todas e sim, vc nao pode usar um hackbot 100% autônomo. vc tinha que ir direcionando e revisando o que a AI faz pra nao ser desclassificado

We are in a new era, from "can you solve this" to "can your hackbot solve this".

Security researcher Joel Noguera @niemand_sec shares one of XBOW's biggest AI hackbot breakthroughs on the road to #1 on HackerOne in < 60 seconds

@niemand_sec and @djurado9 let hackers ask anything about building the first AI hackbot that beat EVERY human bug bounty hunter in the USA. DEFCON33 AMA → youtu.be/0rh7fRXphJs Full deep dive afterward → youtu.be/y_aQQmDMaY4 #BugBounty #AI #AppSec #Automation

HackerNotes TLDR for episode 175! blog.criticalthinkingpodcast… ►⠀Query parameter prompt injections in AI apps with GitHub connectors are wormable when the agent can modify auto-deployed repos ►⠀CSPT lives everywhere: mobile apps, desktop clients. Each time you find something that makes a request with a parameter you control, it can be worth checking it ►⠀Anthropic now gates claude -p behind separate API credits, but a PTY harness writing into the interactive TUI brings back --resume and remote control workflows ►⠀Stop-hook injections keep your hackbot running indefinitely, but the prompt matters: a blunt "keep going" can push the agent out of scope In the News: ►⠀Another day, another universal Linux LPE by @v12sec, with a gorgeous PoC video showing 192 bytes overwriting a read-only page cache byte by byte (x.com/v12sec/status/20544914…) ►⠀@ryotkak locked out of Pwn2Own registration after weeks of trying to register, highlighting how saturated the event has become (x.com/ryotkak/status/2052881…) ►⠀@GitHubSecurity April stats: 325 reports submitted, only $2,367 in bounties paid out (x.com/GitHubSecurity/status/…) ►⠀@orange_8361's logic-only Edge RCE chaining four logic bugs for $175k at Pwn2Own, no memory corruption involved (x.com/thezdi/status/20548684…) ►⠀@chompie1337's NV Container Toolkit exploit earning $50k and 5 Master of Pwn points (x.com/chompie1337/status/205…)

We're back to the roots with this episode talking about some of the coolest bugs we've been finding! Rhyno also finally caved on AI hacking and built his own hackbot, that's in there too! youtu.be/v-XhQHy_jHM

@rez0__ run your hackbot on it, I bet it's like a CTF

174 part 1: how optimised is your hackbot? Covering this and some cool writeups in part 1! Btw: pentest.ctbb.show

I listened in on the @arcanuminfosec hackbot seminar. It's very cool. Great content. But damn, this is not what I fell in love with. I really hope this is not where all of bug bounty will end up...

okay im calling it officially. codex is cracked. if you're a bb hunter and you dont have a hackbot set up yet, i recommend codex with gpt5.5 over claude code.

eh uma boa ou quem cria o melhor hackbot

yeah redbull only pays in redbulls. im not a fan of that, but it's better than only running a VDP. this photo is from back in the day but @xssdoctor and i recently put our hackbot on redbull so i should be getting more soon haha

about time i get another shipment of these. hackbot go brrr for redbulls

Starting a Streak for Bug Bounty Will keep updating on what I did. Day 1 Stats: Refined Hackbot Submitted one bug Studied about AI more Accepted or Rewarded Reports:N/A #bugbounty #hackbots #pentesting