breaking stuff
Joined November 2017
- Tweets 643
- Following 91
- Followers 6,325
- Likes 1,902
64 Photos and videos
Apr 17
http desync attack on discord !!
Spying on everybody's Discord attachments with HTTP desync
tmctmt.com/posts/http-desync…
3
12
295
40,864
daniel retweeted
the watchers: how openai, the US government, and persona have been secretly running an identity surveillance system since nov 2023.
vmfunc.re/blog/persona
researched by @vmfunc, @MDLcsgo, @DziurwaF
128
870
4,327
494,704
Feb 8
as humanity inches closer and closer to technological dominance, the closest thing to god-like power is the ability to create and manipulate software
the true 1% are programmers who can translate their thoughts to software and the hackers who can manipulate software to their will
10
1,049
18 Dec 2025
we pwned x, vercel, cursor, and discord through a supply-chain attack
news.ycombinator.com/item?id…
how to hack discord, vercel and more with one easy trick
kibty.town/blog/mintlify/
16
65
1,442
211,855
CVE-2025-67842
CVE-2025-67843
CVE-2025-67844
CVE-2025-67845
CVE-2025-67846
w/ @hackermondev, @MDLcsgo
17
14
313
32,679
7 Oct 2025
back in 2023, i found a vulnerability on Discord to grab a support ticket details using just it's id.
ticket ids are incremental so an attacker could have enumerated the entire platform and stolen everything.
i reported it to their bug bounty program. they marked it as an "High", refused to upgrade its severity, and then silently fixed it.
36
243
6,351
290,278
7 Oct 2025
the recent Discord breach shows just how critical of a vulnerability this was.
if someone else had stumbled upon this vulnerability, they could have very easily stolen thousands of government IDs and confidential data
this is another classic example of how bug bounties are very scammy.
Discord's response to the recent data breach shows just how severe this vulnerability could have been.
7
26
1,886
71,869
15 Jul 2025
the hackerone employee who decided to change the dark theme needs to be fired
ALT what the hell is this
16
4
145
18,845
13 Jun 2025
you could essentially bypass any turnstile challenge during the outage.
next cloudflare outage gonna be crazy
13 Jun 2025
Multiple Cloudflare services, including Workers KV, Access, WARP and the Cloudflare dashboard, experienced an outage for up to 2 hours and 28 minutes earlier today. Here's a detailed breakdown of what happened: blog.cloudflare.com/cloudfla…
1
2
39
5,717
13 Apr 2025
i've been working on a security tool that i genuinely think will revolutionize web security research
just a few more things to do..
5
2
142
12,181
how to gain code execution on millions of people and hundreds of popular apps
and of course, firebase was (partially) the cause
kibty.town/blog/todesktop/
101
279
3,222
696,523
29 Jan 2025
the creator of doxbin was pwned through a calorie counter app
20
107
2,859
137,883
29 Jan 2025
long article but its a really interesting OSINT investigation into Doxbin's original owner
nacha.sh/
3
8
247
21,705
daniel retweeted
21 Jan 2025
A bug in Cloudflare (and just the nature of how CDNs work) let an attacker learn the broad location of Discord, Signal, Twitter users by just sending them an image, according to a researcher. It works because you check which data center cached the image 404media.co/cloudflare-issue…
37
513
1,853
116,402
21 Jan 2025
Research into a unique 0-click deanonymization exploit targeting Signal, Discord and hundreds of platform 🧵
102
473
4,305
420,508
19 Dec 2024
my 18y/o friend makes $100/week working at GIANT, restocking items, and other physical work.
I can make nearly $1000 from an hour of bug hunting in my bedroom with a laptop.
it's crazy how specific knowledge can put you ahead of most people.
11
18
427
35,635