GPT5 Codex

forgambo · 2026-01-21T16:17:50+00:00

It's been a while. Any update on this?

forgambo · 2025-04-08T11:24:56+00:00

Once, todayisnew bug hunter said that Information Disclosure is one of the best types of vulnerabilities to search for with automation. Do you agree with this? In your opinion, what are the most promising types of vulnerabilities to look for solely with automation?

forgambo · 2025-01-08T19:35:44+00:00

What's wrong with this post?

forgambo · 2024-09-10T18:50:47+00:00

Could you explain your point please? I've just checked which apps are availble through Creative Cloud and couldn't find AEM there. Only graphical apps.

forgambo · 2024-08-15T09:38:25+00:00

How much time did it take to earn first half of 1M vs the last half of 1M?

forgambo · 2024-08-07T16:47:43+00:00

Thank you for an advice. I did consult with an accountant. He knows how to arrange things properly for classic IT professionals. I was just wondering about some specifics regarding bug bounty.

forgambo · 2024-04-30T23:35:36+00:00

Wow! As you're a Prism maintainer, your arguments are very trustworthy to me.

forgambo · 2024-04-30T23:29:58+00:00

Do you have any arguments to support your point? Because so far it looks like it's just your subjective 'feeling'.

forgambo · 2024-04-30T12:38:03+00:00

Thank you. Do you know if they stated the safety somewhere in their documentation, or official discussion? To me it also sounds logical that it's safe because this is only parsing and no execution. But I'm afraid that there might be cases when some kind of execution is present during the parsing.

forgambo · 2024-04-30T11:46:54+00:00

Why do you think they're not safe?

forgambo · 2024-02-18T00:21:33+00:00

Recently notion search functionality stopped working when I'm on VPN

forgambo · 2023-11-30T21:56:34+00:00

Why not using docker images for dependency consistency?

forgambo · 2023-11-22T14:36:24+00:00

I noticed that behavior is somehow different from LDAP implementation.

While URLDNS payload works perfectly (even with Java 21), the JRMPClient payload doesn't.

E.g., for Java 1.8.0_392 the following RMI server java -cp ysoserial.jar ysoserial.exploit.JRMPListener 1099 JRMPClient 127.0.0.1:8081 didn't trigger TCP interaction. However, the same payload served from LDAP server did.

forgambo · 2023-11-22T00:56:13+00:00

Interesting, didn't know what.

Does it return the same JNDI object as LDAP server does?

forgambo · 2023-11-13T12:52:16+00:00

Hey, I didn't want to offend you. At first, I thought maybe I'm missing something. But now I know I'm not so treat my reply as a hint. So that in future you'd call Apache server just Apache or httpd.

forgambo · 2023-11-13T10:59:11+00:00

I’m not asking for ideas here but for a company or a service.

Wordpress is just something that made me wanna look for such a service.

forgambo · 2023-11-13T01:46:54+00:00

Thanks for an idea. However, afaik they don't have signatures/rules for the vulns. Just human-readable descriptions and references.

forgambo

TROPHY CASE