• Irish/Japanese web/AI hacker from Cork, living in Scotland • Founder @StarstrikeAI • Researcher @ctbbpodcast • BT6 Member • Hacker Newsletter @ monke.ie
Joined March 2021
- Tweets 1,510
- Following 613
- Followers 5,425
- Likes 6,779
99 Photos and videos
Pinned Tweet
Feb 3
Excited to launch this with @busf4ctor. We'll be posting some of our research over the next few weeks 😁 so make sure to follow. Really looking forward to seeing where this goes!
Today, we (@busf4ctor and @monkehack), are launching Starstrike: an AI pentesting and research startup. We'll be releasing our first few research articles over the next few weeks, detailing several bugs that helped us net over $100k in total. Follow to ensure you don't miss them!
3
2
73
7,047
Jun 10
gathering data is cool but putting it in an over-engineered, entirely unnecessary visualisation is cooler
14
688
Jun 10
Back when I was interning in a data centre, I wrote a Terraform provider for them. This opened my eyes to the flexibility of Terraform and how it's not limited to cloud - it's actually a general system of managing resources declaratively. I think this works pretty well with AI!
8
755
Jun 10
My favourite window reference is event.source. It bypasses COOP, and is generally overlooked. Although I think @xssdoctor favours window.opener?
2
2
53
4,248
Jun 9
My life is now a cycle between building my startup and padding my bug pipeline with more bugs so I can work on my startup in mental peace for another quarter
3
48
2,076
Jun 4
🐵 MonkeHacks #98
Kyiv, Dublin Bug Bounty Meetup, Moving Fast
#bugbountytips #hacktheplanet #BugBounty monke.ie/p/monkehacks-98
4
22
933
The writeup is here. We achieved RCE in Minecraft Bedrock, turning a 4-byte heap overflow into complete client compromise.
@ryaagard details a universal, Bedrock-specific technique for bypassing ASLR and achieving arbitrary read / write primitives.
7
47
313
17,493
Jun 2
Bug bounty is dying a slow death in real time. This is HackerOne’s attempt to generate some value in the AI bubble, so they have a hope of getting acquired by a company gobbler like Cisco. It’s ironic that their agent will just get worse over time as they drive their best hackers away.
I'm not sure the community will like this. @Hacker0x01 will now reuse your novel techniques / exploits / old reports to look for vulns on the rest of the customer's infra. I guess they will add you as collab and give you a bounty, right? right?!
10
3
164
22,251
Jun 1
I was trying to analyse some of my ideas with Claude so I system-prompted it to be more harsh and honest. This worked well until it told me to stop asking it questions and go and speak to my design partners. 💀
1
12
1,173
May 30
I've just booked my flights and accommodation for Def Con 34. See you all in Vegas this year!
2
35
1,843
Ciarán Cotter retweeted
Stop blaming AI slop for what bug bounty platforms did to themselves.
👇 wrote down some thoughts about the state of triage
clawd.it/posts/14-to-kara-al…
5
49
242
58,803
Ciarán Cotter retweeted
May 21
We're finally ready to talk about Flipper One — a project we've been grinding on for years and have rebuilt from scratch several times. Read blog post >>
blog.flipper.net/flipper-one…
113
546
4,003
565,818
May 19
I don’t have any particular bit of research to present at Def Con this year but I do have a lot of miscellaneous techniques in AI hacking and other areas. Should I talk about the gadgets?
75%
Give us the gadgets
25%
Do proper research
8 votes • Final results
17
1,021
May 14
Amaze! Amaze! Amaze! Orange Tsai (@orange_8361) of DEVCORE Research Team (@d3vc0r3) was able to exploit Edge with a sandbox escape! If confirmed, we wins $175K. He's off to the disclosure room to explain how he did it. #Pwn2Own #P2OBerlin
11
1,013
wtf. the tanstack attack just went live.
we flagged this exact chain 25 days ago. april 16. All Depi clients were alerted.
if you're using @tan_stack check your manifest files right now 1.166.12, 1.166.15, 1.169.5, 1.169.8 are malicious. clean your cache. rebuild.
8
16
128
17,516
May 7
Just gonna vaguepost this one as well and do an evil laugh in the corner
May 7
vague posting is the best posting haha
11
161
12,364
May 6
🐵 MonkeHacks #97
Progress, Ireland, Human Tokens
#bugbountytips #hacktheplanet #BugBounty
monke.ie/p/monkehacks-97
1
4
29
1,490
May 6
Shoutout to @7urb01’s channel. He’s probably one of the best client side guys in the business and you get to witness his unfiltered thought process on his channel as he reviews research and gets sidetracked. This is a MUST follow resource: youtube.com/@7urb0one
12
108
8,530
He made the windows hug and now the LLM no longer bullies him by rolling to refuse to cooperate when triage tries to reproduce the bug. Thanks doc. Healing the world one iframe at a time. Research Review. youtu.be/2ZvHGtZuWPU
Apr 23
This time we have a guest blog from @xssdoctor, showcasing a new technique in AI hacking to achieve more consistent exploitation. This was initially a research collision, but XSSDoctor masterfully exploited this in the wild.
Link below 👇
1
6
21
3,602
May 2
Who wants to meet me at Def Con sticker swap this year to get stickers of the latest infosec drama à la Jonathan Scott?
13
758