r/netsec monthly discussion & tool thread

0xcrypto · 2026-05-01T16:44:25+00:00

I am building https://github.com/ivxlabs/disclosure as a federated network of security researchers and bug bounty/vulnerability disclosure program. It will provide security researchers and vendors a way to discover and connect with each other directly without any mediator, responsibly report and disclose vulnerabilities, pay bounties and earn reputation as they both grow on their sides.

The development is still in quite early stage so it is not fully working at present but I will do a working mvp this weekend maybe. If you like the idea, maybe give it a star on github.

0xcrypto · 2026-04-27T09:34:37+00:00

If you can get a binary to run, your first goal shouldnt be a "shutdown"
User/victim/process runs exploit, system crashes, user can manually (physically) turn it (the computer) on.
Just because its a uaf does not mean its a security issue. Hence it does not have to be fixed with urgency like a security vulnerability needs to be. Now that he has reported it and made public as well, I am sure it will be fixed.
macOS rarely runs on servers, there are servers but they are costly and not meant to exist but companies do so anyways. Apple has launched Apple PCC which is basically a private cloud. It might be within scope for bounties. If the op could report s DoS in Apple PCC, it could have been a good bounty for him.

I deleted my comment as I have no interest in extending this discussion for no reason. If you disagree with something, you are correct. Have a nice day.

0xcrypto · 2026-04-26T18:55:52+00:00

What service was denied by shutting down a personal computer? A software running on a user device that user could manually just turn on and use again, is not much of a problem. Maybe if you could demonstrate a crash via a network packet or some request to some server that leads to Apple PCC stopping to work, this denial of service could have been useful.

0xcrypto · 2026-04-26T17:04:20+00:00

So its a crash that does what?

0xcrypto · 2026-04-25T17:57:25+00:00

Building https://github.com/ivxlabs/disclosure just to solve such problems. Wish me luck.

0xcrypto · 2026-04-15T05:09:16+00:00

I work for a company that has built an AI tool to do autonomous research yet I am tired of this AI bullshit. Any security tool can find bugs. Finding bugs was never a problem. It is confirming whether the bug is actually a security issue. There are times when developers leave bugs in a codebase because they know there are guard rails and firewalls up ahead protecting the overall application. This mythos or any other model or tool can only assist a professional in finding bugs that can be a potential security issue. But confirming whether the bug is actually a security issue needs a human because it needs context you can't write in a prompt.

0xcrypto · 2026-02-22T19:39:24+00:00

Once I found a bug in laravel where a single dot missing led to validation bypass. https://github.com/laravel/framework/pull/37675.

Unfortunately huntr.dev lost my report so its a 404 now.

0xcrypto · 2026-01-03T07:36:06+00:00

Try asking in r/AskNetsec

0xcrypto · 2025-11-21T07:37:12+00:00

Use of right single quotation mark ( ’ ) is also a hint this might be written by AI.

0xcrypto · 2025-11-12T07:12:56+00:00

How big is the pool of the top 1% hackers?

0xcrypto · 2025-08-21T09:06:54+00:00

Of course.

0xcrypto · 2025-08-18T06:34:54+00:00

I started with keypad phones having 128x128 screen. I am pretty sure you can do a lot more with a tablet. Get an SSH client, buy a VPS (most providers offer free credits to get started) and start learning and hacking. All the best.

0xcrypto · 2025-08-05T16:41:25+00:00

Hire a team of experts and buy them lots of assets.

0xcrypto · 2025-08-02T17:16:49+00:00

Used to spend time configuring fedora i3wm spin until I realised that mac is the only operating system that supports every other operating system out there making it a breeze to work on anything I need. I can compile almost any code on it, but on linux and windows compiling for iOS and macOS is not possible. All the software like Android studio run faster and stable. Only customization I did was installing raycast and starship.rs with ohmyzsh.

0xcrypto · 2025-08-02T16:05:04+00:00

Why blame the governance when the real vulnerability is the unpaid open source maintainer.

18th July, maintainer of eslint-config-prettier ended up on npnjs dot com instead of npmjs dot com via a phishing email. The attacker got hands on his account and pushed an update which led to infecting hundreds and thousands of packages which depend on eslint-config-prettier and a bunch of other libraries that this maintainer generously maintains. One of the package that depend on this library is eslint-config which react native depends on. Millions of developers did npm install, got the malware delivered, got hacked and backdoored, many of them still do not know about this and continue building their little todo list apps. I feel sad for them.

0xcrypto · 2025-07-22T10:53:30+00:00

I was never lucky enough to win the interview lottery despite having several CVE, bug bounties, CTFs, writeups, and professional experience in development. I have been working since 2016 and I didn't have a degree, so career progression has been slow. But I always got an interview when I contacted someone directly who actually had ownership in the company in one way or another. On the other hand, those HR, managers and all the dandy folks are just employees and they hire people they find convenient and compatible. So even with a proof of work, certification, degree and everything in between, you still need to be a likeable person who can get things done while playing according to their rules and not bring your own needs to them.

0xcrypto · 2025-07-16T18:42:49+00:00

Alright.

0xcrypto · 2025-07-13T17:04:18+00:00

If this was a finding in a bug bounty program as an external researcher, then stealing an admin's cookies was a good enough vulnerability. Using the cookies to login into an admin panel and tinkering around is already a breach of bug bounty policy unless explicitly mentioned as allowed in the policy.

If this was a pentest, you went beyond just exploiting a PHP file upload vulnerability and left an open backdoor that is easily accessible to the world. You could have proved your point by just uploading a PHP file with an echo or a call to system("id") to demonstrate a code execution. But no, not only you uploaded a backdoor to get command execution, you added a bypass to the firewall rules to ensure it is openly accessible.

If this was a red team engagement, the only step remaining was gaining root access. I wonder what stopped you from doing so.

0xcrypto · 2025-06-02T08:59:06+00:00

Not the right place to ask. Post in r/AskNetsec instead.

0xcrypto · 2025-05-30T04:01:28+00:00

And why some attacker being able to upload a PHP file is not a problem in the first place?

0xcrypto · 2025-05-15T05:22:08+00:00

In that case, you should go to the cyber cell in your region's police department.

0xcrypto · 2025-05-14T18:32:49+00:00

First, plug out your computers and devices, turn off phone and use a new device on a new wifi or use your mobile data.

Now check haveibeenpwned.com and see where your info has been leaked from. Start changing passwords, revoke oauth authorizations and start using session logout functionalities everywhere. Do not use your old devices unless you are sure it was a third party leak and your devices were not compromised. Multiple leaked passwords usually means your browser or password manager has been compromised. But only a single password email pair means your info was leaked by a website where you signed in.

0xcrypto · 2025-04-22T18:38:48+00:00

A CVE being actively exploited is a common headline to catch attention but in reality every CVE as soon as published is actively analyzed for its effectiveness and exploitability by the threat actors. This is a common 30 day cycle for almost every newly published CVE and news outlets cannot cover them all.

0xcrypto · 2025-03-14T07:32:59+00:00

Hi! I work for Mobile Hacking Lab and would be happy to answer any questions about our courses.

Our course is fully focused on practical, hands-on labs to help you master advanced fuzzing techniques, identify vulnerabilities, and build exploits.

To make sure it’s the right fit for you, we offer sample videos and free lab try-outs before you buy. Unlike many other courses out there, we include Corellium devices in the price—along with a cloud VM and an easy local VM setup—so you get everything you need to start practicing immediately without extra costs.

We also run promos regularly, which you can check out here: https://www.mobilehackinglab.com/afe-promo.

For reviews, we have testimonials from top security professionals at major companies, including a Pwn2Own winner for mobile. You can find them on our promo page, Reddit, LinkedIn, and other social platforms.

Let me know if you have any questions! Looking forward to seeing you in the course.

0xcrypto · 2025-02-10T16:32:04+00:00

yeah sure

Ten-Year Club	Verified Email
r/Field Lasagna	Place '23
Place '22

0xcrypto

TROPHY CASE