It has been great fun building this and watching it deliver a steady stream of real vulnerabilities in live sites! If you're curious how we did it, @nicowaisman.bsky.social has a new post: xbow.com/blog/top-1-h...
24.06.2025 20:01 — 👍 10 🔁 2 💬 0 📌 1
This is the first of a series of posts we're doing on some of the vulns found as part of the HackerOne work – we have lots more fun ones coming up about some great SSRF, SQLi, and RCE vulns it discovered, with very clever exploit techniques :)
24.06.2025 20:07 — 👍 8 🔁 3 💬 0 📌 0
XBOW – Breaking the Shield: How XBOW Discovered Multiple XSS Vulnerabilities in Palo Alto’s GlobalProtect VPN
XBOW discovered multiple cross-site scripting (XSS) vulnerabilities in Palo Alto Networks’ GlobalProtect VPN web application
For the last 6 months I’ve been helping an incredible team to build
@xbow.com
and there was not a single day without being amazed by XBOW findings and reasoning. It even got to the top of
@hacker0x01.bsky.social
US leaderboard 🤯Stay tuned for blog posts and detailed traces!
24.06.2025 21:37 — 👍 4 🔁 0 💬 0 📌 1
For the first time in history, the #1 hacker in the US is an AI.
(1/8)
24.06.2025 19:41 — 👍 15 🔁 7 💬 1 📌 3
December was my last month at GitHub, and after a refreshing Xmas break, I’m thrilled to announce that I’ll be starting a new adventure at @xbow! 🚀 Grateful for all the memories and experiences at GitHub, and can’t wait to help shaping the future of security testing!
08.01.2025 22:32 — 👍 8 🔁 0 💬 1 📌 0
After an amazing journey, this is my last week at GitHub. It’s been an incredible 5 years working alongside the talented team at the Security Lab. Grateful for the experiences, collaborations, and the amazing culture I’ve been a part of. On to the next adventure!
19.12.2024 21:41 — 👍 8 🔁 0 💬 0 📌 0
CISO @Lyft - Former Binary entomologist - Opinions are my own.
AI researcher at XBOW, Associate Professor @ NYU Tandon (on leave). Security, RE, ML. PGP http://keybase.io/moyix/
Founder of the MESS Lab: http://messlab.moyix.net
Independent AI researcher, creator of datasette.io and llm.datasette.io, building open source tools for data journalism, writing about a lot of stuff at https://simonwillison.net/
The bluesky appendage of https://github.com/darakian/
Bringing AI to offensive security by autonomously finding and exploiting web vulnerabilities. Watch XBOW hack things: https://xbow.com/traces
Co-founder, security researcher. Building an attack surface management platform, @assetnote.io
We make learning web hacking and security easier. Online systems, code review, videos & courses that can be used to understand, test and exploit bugs!
personal website @ cloudcurio.us ✦ researching @ Wiz Security (threats.wiz.io) 🐞 maintaining @ cloudvulndb.org 🎙️ podcasting @ cryingoutcloud.io 🗺️ pivoting @ Pivot Atlas (gopivot.ing)
RC F'13, F2'17
Cryptogopher / Go cryptography maintainer
Professional open source maintainer
https://filippo.io / https://github.com/FiloSottile
https://mkcert.dev / https://age-encryption.org
https://sunlight.dev / https://filippo.io/newsletter
Full Time #BugBounty Vulnerability Researcher
https://blog.ajxchapman.com
Paw / Pwn / Purr
@nbk_2000
Aspiring Bug Bounty Hunter & dev of tools: GAP, xnLinkFinder & waymore, featured in "Bug Hunter’s Methodology: Application Analysis v1" by JHaddix 🤘
RTFM🧐
About me?
| Website: https://mizu.re
| Tool: https://github.com/kevin-mizu/domloggerpp
| Teams: @rhackgondins, @FlatNetworkOrg, @ECSC_TeamFrance
| From: https://twitter.com/kevin_mizu
Hacker grinding for L1gh7 and Fr33dφm, straight outta the cosmic realm.
Co-founder @ethiack.com
https://0xacb.com
CTF / Bugbounty / Web Guy
Web Security Expert | Bug Hunter | Käferjäger
