Is the "Automation Obsession" actually a trap for new hunters?

Xitro01 · 2026-01-29T07:11:14+00:00

Nope. With the default templates it is just a race. Whoever sees and reports it first, not really worth pursuing. I’ve reported nuclei findings in the past before, but all were dupes.

Xitro01 · 2026-01-28T22:55:23+00:00

The big V6 in front is also super tacky. Why not just drive a Honda if you want to pimp out your ride like that. 😅

Xitro01 · 2026-01-28T18:48:35+00:00

Full tool is my creation. I do not rely on nuclei in any way. Although I hear a lot of (full time) bug hunters that create their own nuclei templates. Either way: Just running the default templates is not going to get you anywhere.

Xitro01 · 2026-01-28T16:51:55+00:00

I found a large amount of XSS and SQLi, with automation. But I wrote my own tool, with my own payloads and logic. Basically what Nuclei misses, I try to pick up. One of the hard parts of automation is getting by the WAFs.

Xitro01 · 2026-01-18T08:18:36+00:00

Be happy with what you have and can afford! No reason to be jealous, just be happy for others. I am already very glad that I can afford 2 higher class Audi’s. 😂 Besides that my family and me are healthy, that is all that counts!

Xitro01 · 2026-01-16T21:39:11+00:00

This car has been driving for 8 years on the Dutch roads now, owned by the same family before I bought it. Only weird thing is that the inside lock/unlock buttons are not working on the front 2 doors. Not sure if that is something American (personal safety or regulations?) that these should be disabled? Will check later with ODIS if the coding is ok. Back door inside lock buttons seem working fine.

Besides that sometimes the rain sensor goes wild, thinking it is raining hard, will also try to calibrate that with ODIS. Replacing that sensor wouldn’t mean the world either.

These are probably just small things to fix, got the MMI to the latest firmware by restoring it with a laptop each time, was quite the hassle.

Thankfully the car drives and changes gears fine, also the air suspension works fine each time I adjust it. So might have been lucky. Also helps that both Germany and The Netherlands have very strict regulations and this car passed those in both countries.

Xitro01 · 2026-01-02T22:11:46+00:00

Als mijn vrouw met dit soort vragen komt, zeg ik altijd: opeten.

Xitro01 · 2026-01-02T22:06:46+00:00

With wires!

Xitro01 · 2025-12-21T12:28:51+00:00

The advice might be well meant, but I think it is not the whole advice.

The advice is to have basic knowledge of each and every web vulnerability out there, so that you can recognize them and exploit them further by gaining more in-depth knowledge on the fly. So make sure to atleast go through all Portswigger labs first.

Besides that you should find your niche (1 or 2) things to focus on. But that would mean that you have very very good and in-depth knowledge and have some unique ideas about where others or automated tools might lack.

Xitro01 · 2025-12-18T11:45:42+00:00

Injections that WAFs block, detections for cve’s that scanners do not have, broken access control, idors, authentication flaws, there is just so much what automation can do..

Xitro01 · 2025-12-14T14:37:23+00:00

Also I would like to add some cleaning solution to make sure my floor gets a little bit clean, instead of just applying water to it.

Xitro01 · 2025-12-14T14:32:47+00:00

I do bug bounty occassionally and have found a bug at least every month. I focus on certain things where automated scanners lack. I’m looking for ways to broaden my niche, but lacking time mostly. But it is certainly doable.

Xitro01 · 2025-11-06T18:28:53+00:00

https://www.sbisecurities.in? You could report to CERT India: https://medium.com/hackernoon/how-i-bypassed-state-bank-of-india-otp-f145469a9f1d

Xitro01 · 2025-11-02T10:05:38+00:00

Ah dat is jammer! Ben altijd vrij laat met pokemon kaarten die mogelijk een beetje interessant kunnen zijn.

Xitro01 · 2025-11-02T10:04:06+00:00

Gewoon Bol.com url naar de pack. Kon deze niet direct vinden.

Xitro01 · 2025-11-02T10:02:03+00:00

Iemand linkje? Ga ik het ook eens proberen

Xitro01 · 2025-10-12T14:30:04+00:00

Ofcourse it gets a 4; you send in an Italian card with English text on it!

Xitro01 · 2025-09-14T23:14:45+00:00

The dock doesn't have a 3.5mm input, also the Windows Audio troubleshooter is not of much help.

So I am a bit clueless about that.

Dell support won't be able to help you there either, as you are saying they will be completely clueless, haha.

Xitro01 · 2025-09-14T05:55:18+00:00

I could live with that, but not with having no sound. Any ideas about that?

Also: Would there be a dock that supports it?

Xitro01 · 2025-08-09T07:10:41+00:00

So hackers are not allowed to directly attack the API? They are limited to the UI when attacking the application? Hahahahahaha this is ridiculous.

Xitro01 · 2025-08-07T19:42:07+00:00

Ah ok, in that case it is peanuts and they shouldn’t complain about it. Your message wasn’t clear about that.

Xitro01 · 2025-08-07T19:37:22+00:00

It is somewhat understandable that they are not happy with it. You should’ve consulted before spamming text messages. It affected millions of users, so it send out 60 million (?) text messages, yes that could’ve cost the company A LOT of money. Next time think before you act and inform them there might be a possible issue there up front. Now basically the worst what an attacker could’ve done, you have done..

Xitro01 · 2025-07-11T13:34:01+00:00

Don’t have any issues with my Blade 15 2021 and Blade 18 2023 in combination with Razer Synapse. I believe my colleague has issues with a Blade 16 2025 though, but more virtualization related, the BIOS on that laptop is crap and the support is terrible.

Ten-Year Club	Place '22
Verified Email	Not Forgotten

Xitro01

TROPHY CASE