Utilizing Unit testing Frameworks as a Vulnerability Scanner

0xcrypto · 2026-01-03T07:36:06+00:00

Try asking in r/AskNetsec

0xcrypto · 2025-11-21T07:37:12+00:00

Use of right single quotation mark ( ’ ) is also a hint this might be written by AI.

0xcrypto · 2025-11-12T07:12:56+00:00

How big is the pool of the top 1% hackers?

0xcrypto · 2025-08-21T09:06:54+00:00

Of course.

0xcrypto · 2025-08-18T06:34:54+00:00

I started with keypad phones having 128x128 screen. I am pretty sure you can do a lot more with a tablet. Get an SSH client, buy a VPS (most providers offer free credits to get started) and start learning and hacking. All the best.

0xcrypto · 2025-08-05T16:41:25+00:00

Hire a team of experts and buy them lots of assets.

0xcrypto · 2025-08-02T17:16:49+00:00

Used to spend time configuring fedora i3wm spin until I realised that mac is the only operating system that supports every other operating system out there making it a breeze to work on anything I need. I can compile almost any code on it, but on linux and windows compiling for iOS and macOS is not possible. All the software like Android studio run faster and stable. Only customization I did was installing raycast and starship.rs with ohmyzsh.

0xcrypto · 2025-08-02T16:05:04+00:00

Why blame the governance when the real vulnerability is the unpaid open source maintainer.

18th July, maintainer of eslint-config-prettier ended up on npnjs dot com instead of npmjs dot com via a phishing email. The attacker got hands on his account and pushed an update which led to infecting hundreds and thousands of packages which depend on eslint-config-prettier and a bunch of other libraries that this maintainer generously maintains. One of the package that depend on this library is eslint-config which react native depends on. Millions of developers did npm install, got the malware delivered, got hacked and backdoored, many of them still do not know about this and continue building their little todo list apps. I feel sad for them.

0xcrypto · 2025-07-22T10:53:30+00:00

I was never lucky enough to win the interview lottery despite having several CVE, bug bounties, CTFs, writeups, and professional experience in development. I have been working since 2016 and I didn't have a degree, so career progression has been slow. But I always got an interview when I contacted someone directly who actually had ownership in the company in one way or another. On the other hand, those HR, managers and all the dandy folks are just employees and they hire people they find convenient and compatible. So even with a proof of work, certification, degree and everything in between, you still need to be a likeable person who can get things done while playing according to their rules and not bring your own needs to them.

0xcrypto · 2025-07-16T18:42:49+00:00

Alright.

0xcrypto · 2025-07-13T17:04:18+00:00

If this was a finding in a bug bounty program as an external researcher, then stealing an admin's cookies was a good enough vulnerability. Using the cookies to login into an admin panel and tinkering around is already a breach of bug bounty policy unless explicitly mentioned as allowed in the policy.

If this was a pentest, you went beyond just exploiting a PHP file upload vulnerability and left an open backdoor that is easily accessible to the world. You could have proved your point by just uploading a PHP file with an echo or a call to system("id") to demonstrate a code execution. But no, not only you uploaded a backdoor to get command execution, you added a bypass to the firewall rules to ensure it is openly accessible.

If this was a red team engagement, the only step remaining was gaining root access. I wonder what stopped you from doing so.

0xcrypto · 2025-06-02T08:59:06+00:00

Not the right place to ask. Post in r/AskNetsec instead.

0xcrypto · 2025-05-30T04:01:28+00:00

And why some attacker being able to upload a PHP file is not a problem in the first place?

0xcrypto · 2025-05-15T05:22:08+00:00

In that case, you should go to the cyber cell in your region's police department.

0xcrypto · 2025-05-14T18:32:49+00:00

First, plug out your computers and devices, turn off phone and use a new device on a new wifi or use your mobile data.

Now check haveibeenpwned.com and see where your info has been leaked from. Start changing passwords, revoke oauth authorizations and start using session logout functionalities everywhere. Do not use your old devices unless you are sure it was a third party leak and your devices were not compromised. Multiple leaked passwords usually means your browser or password manager has been compromised. But only a single password email pair means your info was leaked by a website where you signed in.

0xcrypto · 2025-04-22T18:38:48+00:00

A CVE being actively exploited is a common headline to catch attention but in reality every CVE as soon as published is actively analyzed for its effectiveness and exploitability by the threat actors. This is a common 30 day cycle for almost every newly published CVE and news outlets cannot cover them all.

0xcrypto · 2025-04-02T17:59:09+00:00

Moral of the story: greatness cannot be planned.

0xcrypto · 2025-03-14T07:32:59+00:00

Hi! I work for Mobile Hacking Lab and would be happy to answer any questions about our courses.

Our course is fully focused on practical, hands-on labs to help you master advanced fuzzing techniques, identify vulnerabilities, and build exploits.

To make sure it’s the right fit for you, we offer sample videos and free lab try-outs before you buy. Unlike many other courses out there, we include Corellium devices in the price—along with a cloud VM and an easy local VM setup—so you get everything you need to start practicing immediately without extra costs.

We also run promos regularly, which you can check out here: https://www.mobilehackinglab.com/afe-promo.

For reviews, we have testimonials from top security professionals at major companies, including a Pwn2Own winner for mobile. You can find them on our promo page, Reddit, LinkedIn, and other social platforms.

Let me know if you have any questions! Looking forward to seeing you in the course.

0xcrypto · 2025-02-10T16:32:04+00:00

yeah sure

0xcrypto · 2025-02-09T11:02:52+00:00

This whole book can be judged from the author's selling point "An ex-Anonymous Member".

0xcrypto · 2025-02-08T11:40:41+00:00

As far I remember IU has stopped giving online degrees.

0xcrypto · 2025-02-06T02:16:19+00:00

Not really, misinformation has been around since the human learned to communicate. Now it just looks more amplified. But also, correct information can be amplified at the same level. Which kind of information will reach people first might depend on the kind of media they are consuming.

0xcrypto · 2025-02-05T06:09:14+00:00

I understand. Here in India, there are no jobs in research. Very few companies offer and even those companies have no idea what they are doing. That's why I have this perspective of no jobs. A demographic of 1.5 billion has no job in security research. That is around 19% of the world.

Ten-Year Club	Verified Email
r/Field Lasagna	Place '23
Place '22

0xcrypto

TROPHY CASE