@putsi profile picture
putsi @putsi

White hat hacking in Team ROT. Also, hacker-for-hire & bug bounty hunter -- hackerone.com/putsi

Joined September 2015
  • Tweets 941
  • Following 2,587
  • Followers 2,899
28 Photos and videos
Pinned Tweet
putsi@putsi
24 May 2019
Wrote a blog post about how to host private Burp collaborator instance. It also has some scripts to make it a bit easier and faster. teamrot.fi/2019/05/23/self-h…

11
115
274
putsi retweeted
skull
@brutecat
Jun 11
Hacking Google with A.I. for $500,000 brutecat.com/r/hacking-googl…

Hacking Google with A.I. for $500,000

What happens when you unleash an AI across all of Google's infrastructure? 1,500 APIs, 3,600 keys, and $500,000 in bounties later, here's what I found.

brutecat.com
59
501
2,460
324,390
putsi@putsi
Feb 23
Modifying Burp Collaborator config file every time you need to host a new payload takes too much time. If self-hosted Burp collaborator could serve files from a web root directory like Nginx does, would you use it? (I’m gathering votes for a support case)
92% Yes
0% No
8% Don’t care.
12 votes • Final results
4
481
putsi retweeted
Burp Suite@Burp_Suite
27 Feb 2025
As promised, here's the first sneak peek into our new AI-powered features coming to Burp Suite Professional next month... 👀 🤫 First up, we have Explain This. #BurpAI #BurpSuite
8
27
249
21,468
putsi retweeted
PortSwigger Research@PortSwiggerRes
4 Feb 2025
The results are in! We're proud to announce the Top ten web hacking techniques of 2024! portswigger.net/research/top…

Top 10 web hacking techniques of 2024

Welcome to the Top 10 Web Hacking Techniques of 2024, the 18th edition of our annual community-powered effort to identify the most innovative must-read web security research published in the last year

portswigger.net
24
290
872
221,281
putsi retweeted
Zack Witten@zswitten
23 Aug 2024
Spamming "hi" at every LLM: a thread.
320
1,279
14,663
3,506,994
putsi retweeted
Natalie Silvanovich@natashenka
20 Jun 2024
Can LLMs find vulns? Here’s what Project Zero found googleprojectzero.blogspot.c…

Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models

Posted by Sergei Glazunov and Mark Brand, Google Project Zero IntroductionAt Project Zero, we co...

projectzero.google
5
79
257
52,438
putsi retweeted
@mikko
@mikko
4 Apr 2024
I bet a song composed and performed by an AI will be a Top 40 hit during this year.
23
12
138
38,952
putsi retweeted
@mikko
@mikko
16 Jun 2024
Video of the Keynote talk from last T2 infosec conference in history: 𝒮𝒴𝒮𝒯𝐸𝑀𝒮 𝒜𝐿𝒞𝐻𝐸𝑀𝒴. By @thegrugq. youtu.be/JYhIui542Xg

t2/2024 - Systems Alchemy: The Transmutation of Hacking (Thaddeus...

Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.

youtube.com
10
30
14,092
putsi retweeted
faulty *ptrrr
@0x_shaq
3 May 2024
This is how tears look like under the microscope. Insane
0:12
11
99
1,005
188,308
putsi retweeted
Steve
@SteveFlanders22
16 Feb 2024
The first two weeks of the Vision Pro were absolutely insane. Here are 13 examples that prove the Vision Pro is the best piece of tech ever invented. 1) Real-time 3D surgery x.com/Medivis_AR/status/1712…

282
2,524
21,385
9,577,245
putsi retweeted
HTTPVoid@httpvoid0x2f
15 Feb 2024
Check out our new blog post! We hacked into Apple Travel Portal (yes, again!) using a 0-day Remote Code Execution exploit. Part 1 is live now, stay tuned for the follow-up on another RCE worth a total bounty of $40k! blog.projectdiscovery.io/hel…

Hello Lucee! Let us hack Apple again? — ProjectDiscovery Blog

Last year we conducted an in-depth analysis of multiple vulnerabilities within Adobe ColdFusion, we derived valuable insights, one of which revolved around CFM and CFC handling, parsing and executi...

projectdiscovery.io
4
110
353
44,486
putsi retweeted
shubs
@infosec_au
3 Feb 2024
The SSRF/auth bypass affecting Ivanti Pulse Connect Secure (CVE-2024-21893), is a great example of what can be achieved with a fully blind SSRF vulnerability (RCE). Read the @assetnote blog here which includes a reliable payload and generation steps: assetnote.io/resources/resea…

Ivanti's Pulse Connect Secure Auth Bypass Round Two

The Ivanti excitement continues! After an authentication bypass and command injection to kick off the year, Ivanti are following with a second authentication bypass and a privilege escalation. On...

assetnote.io
3
86
351
32,790
putsi retweeted
Corben Leo
@hacker_
24 Aug 2023
I've made $500k from SSRF vulnerabilities. Here are my tricks:
83
1,211
4,425
441,974
putsi retweeted
publiclyDisclosed@disclosedh1
10 Oct 2023
PortSwigger Web Security disclosed a bug submitted by @mattaustin: hackerone.com/reports/127469… - Bounty: $3,000 #hackerone #bugbounty
19
119
24,130
putsi retweeted
Chris Evans@scarybeasts
5 Oct 2023
Hackers, an important one. e.g.: we heard that CVSS "PR" is handled inconsistently (should be PR:None for self-sign-up). We're transparently listing a set of Detailed Platform Standards for consistency across programs. Need your help -- what to cover next? docs.hackerone.com/organizat…

Detailed Platform Standards | HackerOne Help Center

Organizations: HackerOne's Platform Standards for assessing rewards for a report

docs.hackerone.com
10
27
106
52,527
putsi retweeted
LiveOverflow 🔴
@LiveOverflow
5 Oct 2023
Web Security vs. Binary Exploitation
0:23
98
1,896
10,136
833,676
putsi retweeted
Julien | MrTuxracer 🇪🇺@MrTuxracer
23 Nov 2022
As promised: Here's the first $10,000 @Intel bug (aka CVE-2022-33942) that allows to bypass the authentication of Intel's DCM by spoofing Kerberos and LDAP responses. Exploit inside, enjoy 🥳 rcesecurity.com/2022/11/from… #BugBounty #security

16
247
806
putsi retweeted
The Paranoids@TheParanoids
7 Sep 2023
Earlier this year, the Paranoids Vulnerability Research team  disclosed a critical remote code execution (RCE) vulnerability in @GoIvanti’s endpoint management product: yahooinc.com/paranoids/paran….

Paranoids Vulnerability Research: Ivanti Issues Security Alert | Paranoids | Yahoo Inc.

The Paranoids flagged a critical RCE vulnerability in Ivanti Endpoint Manager, leading to a hotfix to prevent malicious software distribution. Learn more.

yahooinc.com
1
17
54
11,141
putsi retweeted
Bipin Jitiya@win3zz
27 Aug 2023
CVE-2023-21939 - Code Exec - PoC gist.github.com/win3zz/308c6…
3
87
378
35,772
putsi retweeted
Jeti@0xJeti
10 Aug 2023
Here's a write-up on a Browser-Powered Desync bug that I discovered in the Azure CDN service known as Front Door. The entire concept is built upon the excellent research by @albinowax. Initially identified within the @intigriti program. blog.jeti.pw/posts/knocking-… #bugbounty

Knocking on the Front Door (client side desync attack on Azure CDN)

A few months ago, I embarked on a security bug hunt within the scope of a private program available through the Intigriti platform. During this endeavor, I encountered an intriguing anomaly while...

blog.jeti.pw
8
46
150
16,559
Load more