@[email protected] (also jub0bs.bsky.social) @jub0bs
#infosec enthusiast • #golang dev & trainer • minimalist • #degrowth advocate • atheist • chaotic good • trying to make sense of the Web • he/him • Free 🇵🇸! jub0bs.com La Dictature En Marche Joined August 2013-
Tweets5K
-
Followers2K
-
Following0
-
Likes17K
🚀 Release of v0.7.0 of jub0bs/fcors, the CORS middleware library for #golang that saves you time ⏳ and money 💸! - Go 1.21 or above is now required. - Removed dependency on golang[.]org/x/exp - Various documentation improvements github.com/jub0bs/fcors
In case you missed it, my @euro_rust talk is live!! youtu.be/QcS9UNsVhp8?fe…
It’s so bad that I wrote a thread 🧵 ⤵️
🙇 Thanks to @righettod and @ricardo_iramar for mentioning my blog and CORS middleware library on OWASP's Secure Headers Project! owasp.org/www-project-se…
J'HALLUCINE. En 2017, nous avons exigé que chaque € des Livret Développement Durable (& Livret A) finance des activités vraiment 100% climat-compatibles. Le 11 déc 2017 @BrunoLeMaire a promis. Il ne l'a pas fait. En 2023, le LDDS va financer l'industrie de la défense.
@GDarmanin cheh 🤣
"C'est vraiment trop injuste !"
"C'est vraiment trop injuste !" https://t.co/bMkwQB7lDv
🙇 I don't do this often but I feel blessed in terms of infosec content! 🤓 Seldom a day goes by without learning something new from @garethheyes, @joaxcar, @ctbbpodcast, @dayzerosec, @gregxsunday, @LiveOverflow, and all the others that wouldn't fit in this tweet. Thx!
Episode 44 is UP! This week it's back to the traditional format of @Rhynorater and @teknogeek talking about cool hacking shit. We discuss some crazy auth bypasses and techniques to bypass URL validation - trust us, it's good stuff. ctbb.show/s1e44
Somebody asked me recently if you can exploit an XSS scenario like this: x.y(1,INJECT); where x and y are not defined. You cannot break out of the script tag, but you can break out of the function call. I tried everything I could think of to abuse error handling and hoisting…
Here is the story of an interesting bug chain involving JSONP and SameSite that I found today. #websecurity infosec.exchange/@jub0bs/111348…
@m1ke_n1 My 0dayfans site was already linked there is a feed page you might find useful: 0dayfans.com/feeds.txt Some specific callouts (some are not 100% web): Github Security Lab, Synactiv, Mozilla Attack & Defense, StarLabs, AssetNote, Rhino Security Labs and @jub0bs blog
📢 Nouvelle formation (1 jour) sur les bases de la programmation concurrente en #golang. Si la concurrence reste mystérieuse ou vous joue des tours (interblocage, fuite de goroutines, bogue de synchronisation, etc.), c'est la formation qu'il vous faut. 😉 humancoders.com/formations/inv…
I was afraid that ServeMux's upcoming method-matching functionality would become an obstacle to middleware use... 😟 ... until @carlmjohnson made me realise my fears were unfounded. 😌 #golang github.com/golang/go/issu…
Sam Curry @samwcyo
77K Followers 948 Following Hacker, bug bounty hunter. Run a blog to better explain web application security.Joseph Thacker @rez0__
49K Followers 869 Following the promptfather. christian. hacker. hobby jogger. principal ai engineer @appomnisecurity.Gareth Heyes \u2028 @garethheyes
32K Followers 1K Following JavaScript for hackers: Learn to think like a hacker. https://t.co/e0aNEbEDk5shubs @infosec_au
50K Followers 2K Following Co-founder, security researcher. Building an attack surface management platform, @assetnoteNathaniel @nnwakelam
38K Followers 1K Followinghakluke @hakluke
88K Followers 2K Following Hacker, bounties, entrepreneur. I help cybersecurity companies produce amazing content for their blogs and socials. Founder of: @haksecio and @hacker_contentBug Bounty Reports Ex.. @gregxsunday
39K Followers 555 Following Grzegorz Niedziela - a hacker who documents his hacking journey by creating and curating the best content about bug bounty and offensive security.renniepak @renniepak
10K Followers 340 Following Self-XSS connoisseur. Elite Hacker. MVH H11337UPBash. One-Percent Man. Co-Founder @HackerHideout (he/him)Tuan Anh Nguyen 🇻�.. @haxor31337
13K Followers 2K Following 28 y/o Bug Bounty Hunter and Red Teamer at Viettel Cyber Security. Brand Ambassador @Hacker0x01 - Researcher Spotlight @BugcrowdJustin Gardner @Rhynorater
27K Followers 2K Following Christian | Full-time Bug Bounty Hunter | Host of @ctbbpodcast | Advisor @CaidoIO | 2x HackerOne MVH | 🗣️ English, 日本語 | ♥️ @mariahchan_ ♥️Inti De Ceukelaire @securinti
29K Followers 387 Following Hacker | @intidc (Dutch) | Chief Hacker Officer @intigritisw33tLie @sw33tLie
7K Followers 819 Following Hacker and CS student, 23yo. Top 50 @ https://t.co/u2ia5UqJZA https://t.co/ukQXXGMJxT https://t.co/LGYK7tMOGopayloadartist @payloadartist
34K Followers 288 Following Tweeting about Application Security, Hacking, & Cybersecurity • Helped secure organizations like Google • Opinions are my ownAndré @0xacb
14K Followers 702 Following Hacker grinding for L1gh7 and Fr33dφm, straight outta the cosmic realm. Co-founder @ethiackTomNomNom @TomNomNom
69K Followers 1K Following Open-source tool maker, web security person, trainer, talker, eater. He/him. Tools: https://t.co/pVV3LH3UsU YouTube: https://t.co/03Nrl7oBZIroot@AkashHamal0x01:~.. @AkashHamal0x01
7K Followers 691 Following Solo | https://t.co/I6KH8WN8nm | Community Helper 🤝| WebApp Security 🐞 | Avid Learner 📖 | Male | Father of One | Married 💍Md Ismail Šojal @0x0SojalSec
22K Followers 4K Following Cyber_Security_Researchers || 0SINT || Digital Forensics System Analysis / incident Response II Pwn || GH0ST_3xP10iT || 0ld Accounts Suspended @0xSojalSec ||pry0cc // Ben Bidmead @pry0cc
31K Followers 1K Following Pentester for 5 yrs - that dude who invented axiom - now Bug Bounty Triage lead @ AWS 🤓 e/accAnonymous @B_D3aTH
126 Followers 774 FollowingK1nz @viet_kien16450
105 Followers 2K Followingpoor_coder @poor_coder12
42 Followers 627 Following CSE Student | Learner | Technology enthusiastic HTML | CSS | JavaScript | Bootstrap | Git & GitHub | React | Material UI Github:https://t.co/ucYrD9GWs6Abdallah Waleed @Abdalla08402216
26 Followers 559 FollowingABDENNOUR CHEQROUNI @ACheqrouni
20 Followers 611 Following Software Engineer. DevOps consultant, Kubernetes (CKA,CKS,CKAD}, Golang, GitOps🔻 @game7match
258 Followers 654 Following Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nulla pellentesque ac quam vel dictum.Mazen Hussein @0xMazenHussein
0 Followers 37 FollowingCamille Roux @CamilleRoux
31K Followers 328 Following Directeur général et fondateur de @humancoders • Art: @camillerouxart • il/lui he/himAshraf Harb @ashrafharb97
170 Followers 1K Following @qotoz security researcher on hackerone and bugcrowd https://t.co/4jT842nV4v https://t.co/9gQhbLaAVtGashie Maso @Gashie_official
238 Followers 954 Following DevOps 🧑💻||AWS || Computer Engineer in the making ⚙️|| NBA 🏀 || Brick by brick ⬆️Zhuo xiaoming @XiaomingZf
17 Followers 86 FollowingTiago @tiago_hom7
111 Followers 959 FollowingDineshwar @dineshwarrajen
247 Followers 5K FollowingHal Cyan @Halcyon_Fire
71 Followers 303 Following Came for the bug reports, staying for the bounties@[email protected].. @geg3n
22 Followers 365 Following señor security engineer at ███████ | time magazine's person of the year 2006Marco Iannaccone @FeliceMente
165 Followers 193 Following Software engineer, maker, science and technology enthusiast, beer lover and beer maker!Phuong Le @func25
3K Followers 78 Following A Go writer who has just moved to Twi... X, I write clickbaity content and am currently open to new opportunities.Basanta Bhusan Khadka @BhusanKhadka
21 Followers 80 Following Frontend Developer @ktmbees 🚀 | Passionate about continuous learning, currently mastering Go ⚡ | Let's craft remarkable digital experiences together! 💻0xsniper09c @0xsniper09c
18 Followers 153 Followingannumeena @annumeena19
61 Followers 4K FollowingIsmail Arabi @IsmailArabi18
68 Followers 1K Followingnaive_tester @naive_tester
24 Followers 387 FollowingSai Prashanth @saip_007
44 Followers 585 Following #saip007 Tech enthusiast; Security Researcher @Loginsoft_IncSamman Sikarwar @SikarwarSamman
95 Followers 925 Following I am a 17 y/o driven individual who secures website's infrastructure by identifying and reporting flaws or vulnerabilities in their system.roxlu ☾ @roxlu
1K Followers 570 Following Diederick Huijbers is a programmer working in the creative field of high performance graphics and interesting interactions. webgl, opengl, vulkan, c/c++, etc.la0gke @la0gke0
11 Followers 136 FollowingHarsh🧢 @harshinsecurity
742 Followers 771 Following Security @tekioncorp Ex- @synopsys | Cyber Security Enthusiast | | HoF: @Apple, @Google, Microsoft +30 | Forever Learner | Minimalist▪️Terminal Junki3.. @Terminal_Junkie
28 Followers 39 Following Code / Webs / Coffee / Computers / Shells / PizzaHow can VDPs damage the Bug Bounty World? Here is an example. My 5 reports to a private BBP were closed as a duplicate of a VDP submission. Dear hacker who submitted my vuln to the company's VDP, congrats! You won 7 internet points, but lost $$$ and your time.
Got 10 reports (wrongfully) closed as duplicates of the same report overnight. Makes me wanna quit bug bounty and open a bed and breakfast 🥲
I recently had one of my worst #BugBounty mediation experiences on @zerocopter, where they backed an immature program that downgraded my mobile account takeover and paid out the bare minimum. These are the program's reasons for downgrading: 1. The implementation is publicly…
"Le monde de l'informatique est petit, Bordeaux c'est un village, tu ne devrais pas faire de vagues, ça peut nuire à ta carrière." Combien de fois je l'ai entendu de la part de directeurs maltraitants ou hors la loi ? Trop pour compter...
Qd on sait que @rophilogene envoi des courriers d'avocat aux jeunes femmes en désaccord avec lui, son message à Hannah prend une autre dimension. Non seulement il mansplain (mec random qui explique à une femme quoi dire sur Internet), ms en plus il la menace (ecosystem is small)
I just added an extra property 'is-site-admin':true, and voilà, I became one of the site admins.🤣🤣🤣🤟🤟#bugbounty
Finally got another payout! I can now pay my salary for April as well 😅
@joernchen no, I have only had to pay myself for one month so far. The next one is due in a week. Let's pray for some more payouts! (on a serious note, I had the economy for all months from the get-go and would not have done this otherwise). But it did pay more than my day job
👉 @jub0bs a produit une nouvelle bibliothèque pour gérer CORS en Go. github.com/jub0bs/cors
Since having @albinowax research tools embedded in #BurpSuite, I keep finding race condition issues in the payment systems. I was doing this stuff before (since 2010 at least) but was not always successful. The single packet attack is 👌 - Turbo Intruder can also elevate it!
After attending my training course last week, an attendee was eager to start his next audit. And he found a race condition on the very first day, thanks to the methodology and the tools we covered 🔥 He's happy, his manager is happy, and I'm happy too 🥲
Here's the thing. I care about this community. If a group within this community feel like they are being treated unfairly and voice their concerns, I listen to them and try to help by amplifying & defending whenever I can. If you can't stand the occasional few tweets about the…
The software industry is rapidly converging on just three languages: Go, Rust, and JS. It would be smart to learn one of those really well, and have at least a working acquaintance with the other two.
One of my issues with most bugbounty programs is that they effectively attempt to buy silence instead of focusing strictly on improving security. There are notable exceptions, like Google, which applies the 90 day policy to itself as well.
btw this is what you can get when you push a vendor to fix after a year of delay from fixing a couple of critical bugs. No bounty awarded for critical bugs btw When I got this mail I really didnt really care what companies flag me or not, no one replies or responds to my mails…
My hot take on working full remote? After 2 years, let's be honest, I kind of miss people! Lunchtime is for me a great way to reconnect with peers. 🍔 Quality time with my friend @FabriceFontenoy discussing projects and 💡 #SoftwareEngineer #remotejobs #WomenInTech
I start hunting on this BMW program 03:00AM in 03:20AM i submitted the first SQL injection Now Iam going to made something new will pickup a 5-15 random hunter from my comments and will try get 5-15 critical/exceptional and invite one collab 50% for each submission
Les français qui s'offusquent de la façon de prononcer les mots anglais par d'autres français, en fait c'est pas cool, parce que vous bloquez encore plus les gens dans leur volonté d'essayer de parler anglais. J'ai mis des années à comprendre que les anglophones (non français)…
J'ai lu qu'être #speaker en #conférence tech était valorisé/valorisable sur un CV et pouvait soit disant rapporter gros (salaire X3, LOL). Je voulais dire que de mon expérience personnelle (limitée à ma petite personne donc), c'est absolument faux. Un thread 🧵⬇️
We've got another 2.5 hour podcast for you this week - this time featuring our boi, @samwcyo! Sam is one of the most legendary hackers around and this time we double clicked into his motivation for these crazy hacks and the methodology behind them. Enjoy ctbb.show/65
I've noticed an interesting reoccurring mistake I make during research. When I experience multiple ideas failing in a row, I lose my optimism so when I finally try something successful, I assume it's a false positive after 30 seconds and abandon it.
"I wasn't going to report it, I thought it was your laboratory but after my first analysis this seems real" We've just disclosed a surprisingly simple directory traversal that @0xd0m7 found in our website for $5,000! hackerone.com/reports/2424815