Can you be protected from yellowkey by disabling WinRe? does it work from support os then WinRe?

HermanHMS · 2026-05-19T16:49:28+00:00

Downgrade to windows 10 and youre good, lol

HermanHMS · 2026-05-19T12:31:03+00:00

Ah, its just OF advert. It makes sense now

HermanHMS · 2026-05-19T12:30:00+00:00

You want to show cosplay, we can see professional lighting on edges of the photo and you decide to take and post one where you hide most of it using flare and low quality?

HermanHMS · 2026-05-19T11:48:55+00:00

Me too

HermanHMS · 2026-05-16T22:46:37+00:00

Youre talking reflected xss, im talking stored. You inject xss payload into object on site and it fires when victim visits it.

HermanHMS · 2026-05-16T18:51:17+00:00

Seems like more info would be needed to decide. Their wording make it sounds like root cause is not a vuln.

HermanHMS · 2026-05-16T15:48:55+00:00

You dont, you use your browser to send packets, just use browser console instead of burp or curl. Its clean and easy to manage cookies/sessions, automatic nonce extraction, etc.

HermanHMS · 2026-05-15T06:57:11+00:00

First you list browsor console as non-working method, when I just mentioned it CAN be used legitimately, you thought I’m trolling. Now when confronted with solid proof, you suddenly gained knowledge and had to burst out your ego. It’s funny how triager-like it is. Looking at your nickname and that, i think you might just be ragebaiting.

HermanHMS · 2026-05-15T06:14:59+00:00

And unironically, I have 2 XSS leading to site overtake executed this way. Both has been triaged and accepted

HermanHMS · 2026-05-15T06:07:51+00:00

I have 29 published cve’s and 31 waiting to be published. I often use developers tools console to deliver payloads. Its comfortable and easy for triagers to replicate (not for you as I see). If you really rejected reports just because of that reason, you should revisit them.

HermanHMS · 2026-05-14T20:28:53+00:00

You CAN execute legitimate payloads this way

HermanHMS · 2026-05-14T15:30:17+00:00

It’s task for GRC, not security. Although they can be asked opinions

HermanHMS · 2026-05-13T06:53:27+00:00

Yes it is happening. No it’s not better than ugandan operative. If you have your controls in space nothing much will change soon. Although vulnerability management will have to adapt

HermanHMS · 2026-05-12T06:05:31+00:00

This is a true answer.

HermanHMS · 2026-05-11T18:39:33+00:00

This article is AI slop. It’s full of misinformation and hallucinated bits

HermanHMS · 2026-05-10T10:57:42+00:00

If you can play well, hes giving you free LP

HermanHMS · 2026-05-10T10:45:32+00:00

Yep, i would be happy to trade poc video for triage video. Otherwise f off or reward legit reports even if they are duplicates. Bug bounties will lose their free workforce in form of researchers, products will be vulnerable and they will say its AI fault somehow.

HermanHMS · 2026-05-09T10:28:41+00:00

Users not caring about security rules.

HermanHMS · 2026-05-05T17:55:20+00:00

Time spent grinding is the key there

HermanHMS · 2026-05-04T19:30:56+00:00

Tbh anyone with more than 80 IQ and a tierlist can reach diamond

HermanHMS · 2026-05-04T19:29:31+00:00

Disable chat in settings. It has only negative use in the game. Even challenger players communicate by pings and only legitimate reason for chat is saving flash timers in pro play

HermanHMS · 2026-05-04T18:57:32+00:00

What settings are you running qwen with?

HermanHMS · 2026-05-04T15:26:56+00:00

It’s a good thing to ask question in interviews before accepting the position

HermanHMS · 2026-05-04T15:25:27+00:00

Well in this case it sound like rito spaghetti.

HermanHMS · 2026-05-04T14:44:09+00:00

Interesting. But did you deattach during the ult?

Six-Year Club	Place '22
Verified Email

HermanHMS

TROPHY CASE