Brett Buerhaus

@bbuerhaus

Digital bounty hunter. 26/9/15/20

Irvine, California
Vrijeme pridruživanja: lipanj 2014.

Tweetovi

Blokirali ste korisnika/cu @bbuerhaus

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @bbuerhaus

  1. proslijedio/la je Tweet
    11. sij

    Shall we play a game? Here's a recon CTF with some giveaways from , , and ! All the details you need are in this blog post! Good luck, have fun, and happy hacking!

    Poništi
  2. 31. pro 2019.

    This is the coolest thing ever ... something I researched was part of a CTF challenge. Thanks for the write-up

    Poništi
  3. 30. pro 2019.
    Poništi
  4. 26. pro 2019.

    1) Start having a bigger impact on security education and leveling-up people who are looking to get better at bug bounty. 2) Stop hunting for simple vulns - go deeper - better research, better write-ups. 3) $$$ goals - enough to help the people I care about

    Poništi
  5. 25. stu 2019.

    If anyone is looking for a reason to challenge or motivate themselves this week in bug bounty, try to find a vuln and put some of that bounty towards a good cause

    Poništi
  6. 20. stu 2019.

    Blizzard is hiring a Senior Red Team Specialist!

    Poništi
  7. 18. lis 2019.

    A Tale of Exploitation in Spreadsheet File Conversions - Researching exploitation in headless document conversion in LibreOffice w/ , ,

    Poništi
  8. proslijedio/la je Tweet
    4. lis 2019.
    Odgovor korisnicima

    Lesson 1 really is "learn how to learn" in this field. If you can't do that, you're going to fail spectacularly and you'll have no one to blame but yourself. I sympathize (but probably not to quite the same degree)

    Poništi
  9. 4. lis 2019.

    1. First Program: Facebook 2. Had difficulties: Dropbox (Probably one of the hardest programs out there) 3. Most used Platform: HackerOne 4. Totally hate: Points-only programs () 5. Most loved: Airbnb 6. For beginners: Yahoo is still one of the best training grounds

    Poništi
  10. 23. kol 2019.

    Wooo! I finally broke 10k rep on . It's been a slow year for me, but I finally gathered some motivation this past month

    Poništi
  11. proslijedio/la je Tweet

    When you successfully exploit an obscure crit on a service used by hundreds of millions of people! (With special guest )

    Prikaži ovu nit
    Poništi
  12. 14. kol 2019.

    Got my assassin award in the mail today for 4 crits on one of the h1-702 targets. Thanks again for the best event yet!

    Poništi
  13. 10. kol 2019.

    Yay, I was awarded a $20,000 bounty on !

    Poništi
  14. proslijedio/la je Tweet
    8. kol 2019.

    So... we'll give out 100k USD in Grants for Google Cloud vulnerability research and we'll pay the best report we get in 2019 another 100k

    Poništi
  15. 8. kol 2019.

    Yay, I was awarded a $16,000 bounty on !

    Poništi
  16. proslijedio/la je Tweet
    31. srp 2019.

    My teams are hiring . We need talent in red, blue, corp-sec and everything in between. DM Matt or I if you will be around the conferences =)

    Poništi
  17. proslijedio/la je Tweet
    23. srp 2019.

    I used this trick with not too long ago where we saw a reference to a Jira subdomain in the data we collected from a certificate. We were able to see the Jira instance and exploit an SSRF to get access to the company's internal network.

    Prikaži ovu nit
    Poništi
  18. proslijedio/la je Tweet
    11. lip 2019.

    Found a pretty neat SSRF on and thanks to ideas from , we were able to escalate it a bit. Technical details will be included in our talk and (if it gets approved). Enjoy!

    Poništi
  19. proslijedio/la je Tweet
    21. tra 2019.

    Just released viewgen, a ViewState tool capable of generating both signed and encrypted payloads with leaked validation keys or web.config files. All algorithms supported. TL;DR: Got a web.config file or LFI on ? Pop a shell!

    Prikaži ovu nit
    Poništi
  20. 18. tra 2019.
    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·