@yeswehack profile picture
YesWeHack ⠵ @yeswehack
Joined July 2012
  • Tweets 9,144
  • Following 3,385
  • Followers 42,013
1,986 Photos and videos
Tick, tock… ⏰ The countdown is on: two weeks to go before we launch our annual #LiveHackingEvent at @_leHACK_, open to all attendees! 👉 June 26. 1:00 PM. Le Loft. Mark your calendars. The target remains under wraps… for now 😉
2
8
892
New #CTF challenge live on Dojo 🚩 Streamcore, a slick little video stream service, is hiding something... Think you can read what you're not supposed to? Go hack it 👉 dojo-yeswehack.com/challenge…
2
16
786
The solution to our latest Dojo challenge is out 🏁 In Deadbolt, we discovered how a custom-generated license key allowed custom plugin uploads vulnerable to Zip Slip, leading to RCE! 🤯 Full write-up here 👇 yeswehack.com/dojo/dojo-chal…

Dojo challenge #51 Deadbolt solution

Solution for Dojo – Deadbolt: Exploit a weak key check and a Zip Slip vulnerability to achieve remote code execution.

yeswehack.com
3
15
1,153
We now have our monthly Dojo champions! 🏆 Massive congrats to d0x, Frozenk and twilightwounds for solving Deadbolt - you’ve earned a cool YesWeHack swag pack 🎁 Keep an eye on your mailbox 📬 ⚔️ Haven't tried our challenges on Dojo yet? Join the fun: dojo-yeswehack.com/
3
6
21
1,363
How much damage can one payload do? At @_leHACK_, try Payload Plz Reloaded by @BitK_ and @Brumens2 to find the answer! 📅 26-27 June 📍 Booth 49 remote access 🎁 Rewards for top hackers ...And goodies to earn when at least 3 systems are compromised with a single payload!
1
5
28
2,922
More info: yeswehack.com/page/yeswehack…
2
1,825
AI isn’t replacing hunters – but transforming how they work 🤖 In the 1st of a series of Q&As on AI-assisted hacking, @aituglo explains how he leverages AI, his best LLM-assisted find so far, & the impact of AI on his performance and that of his peers 👇 yeswehack.com/community/llms…

How LLMs are changing Bug Bounty: An interview with Aituglo

French hacker Aituglo explains how he leverages AI, his best LLM-assisted find so far, and the impact of AI on his own performance and that of his peers.

yeswehack.com
1
8
75
2,780
PDF export features run a full browser engine server-side. Inject HTML into a headless renderer and it fetches cloud creds or reads local files from inside the network! 🖨️ Our SSRF guide covers it all 👇 yeswehack.com/learn-bug-boun…

The ultimate Bug Bounty guide to exploiting SSRF vulnerabilities

Learn how to find and exploit SSRF vulnerabilities with blind SSRF, cloud metadata theft, Gopher payloads, filter bypasses and SSRF-to-RCE techniques.

yeswehack.com
6
64
2,513
2️⃣ days. 1️⃣ target. Our #LHE at @_leHACK_ is back, and this year comes with a twist: the action starts on Friday. That means more time to hunt and go after juicy rewards. 💰 The target will be revealed on 26 June, 1:00 PM. After that, it’s over to you! Will you be there? 👀
4
23
3,923
Yes @Rhynorater, you read it right! Our triage team is comprised exclusively of security engineers with mandatory OSCP & OSWE certs deep CVSS expertise. They know their stuff 🔥 Since Justin brought them up in this clip, should we do an interview with our triagers? We’d cover their workflows, top submission tips, and some funny report memories! Let us know in the replies 👇
9
6
183
11,790
Check out the full video here 👇 youtu.be/CfLhKqbADfA?si=WwMF…

600 CVEs on Adobe AEM with Jim Green (GreenJam) (Ep. 176)

Episode 176: In this episode of Critical Thinking - Bug Bounty Podc...

youtube.com
2
19
3,647
Note to our beloved community: join us at @_leHACK_! 📝 Don't miss: 🧠 @Brumens2 and @BitK_'s chall: Payload Plz Reloaded 🔥 Our Live Hacking Event - starting on Friday 26 June this year! 🎁 Talks, tips & swag at booth 49 See you in Paris! More info: yeswehack.com/page/yeswehack…
1
2
21
1,593
Quick reminder: the Dojo challenge - Deadbolt is still live! How about taking a break and hacking the challenge entirely in your browser? 👀 Will you be able to capture the flag? Let's find out 👉 dojo-yeswehack.com/challenge… #CTF #BugBounty
12
1,343
Curiosity, patience and persistence are key traits for #BugBounty hunters 🧐 @SpawnZii, ranked 50th on our all-time leaderboard, shares his journey, target-selection methodology and advice for finding your first bugs 👇 yeswehack.com/community/curi…

‘You must be curious’: SpawnZii on balancing Bug Bounty & pentesting

The thriving hunter explains how he got into hacking, explains how he chooses targets, and shares practical advice for aspiring hunters.

yeswehack.com
1
6
40
2,059
AI is “bad at knowing what’s actually exploitable” (cc @xclow3n), but “our expertise still lets us steer AI toward the right lead” (cc @aituglo). Plus: @LiveOverflow on why smaller models can beat larger ones on cost-to-recall. Our latest #BugBounty roundup 👇 yeswehack.com/news/ai-force-…

‘AI is a force multiplier’, small v large models – hacker roundup

Post-Mythos, Xclow3n believes expert judgement still separates noise from CVEs, while LiveOverflow finds smaller LLMs more cost-effective on cost-to-recall.

yeswehack.com
4
21
1,153
Ready to pwn Deadbolt on Dojo? 🚩 Discover how you can generate your own license key and achieve RCE! Hack the challenge and level up your YesWeHack profile 👉 dojo-yeswehack.com/challenge… #BugBounty #CTF
3
1
18
1,608
SSRF turns a server’s own outbound requests into your weapon against its internal network 🌐 From a single callback to full cloud account takeover, the escalation path is wild when you know the tricks 🔥 Full guide on hunting SSRF 👇 yeswehack.com/learn-bug-boun…

The ultimate Bug Bounty guide to exploiting SSRF vulnerabilities

Learn how to find and exploit SSRF vulnerabilities with blind SSRF, cloud metadata theft, Gopher payloads, filter bypasses and SSRF-to-RCE techniques.

yeswehack.com
2
15
99
9,880
Missed the latest #TalkiePwnii? Now’s your chance 👀 @pwnwithlove breaks down a wildcard argument injection exploit on a @zerodaygym Dojo challenge - from initial discovery to full exploitation 👇 youtu.be/xsaa7dBn1jg
4
29
3,019
Load more