Mat Rollings

Mat's 25k Bath to Bristol Railway Run Help Mat Rollings raise money to support Cool Earth

Since starting my training I've lost over 7kg, dropped 6% body fat, got 4 new Hawaiian shirts, and taken >5mins off my 5k time.

Am I ready? No. But I'll get through it by thinking about the post-run takeaway and bubble bath 🛀 Last chance to donate🙏

www.justgiving.com/page/oh-no-2...

Stealthcopter Overly-greedy regex replacements can break HTML sanitisation and lead to XSS. I’ve already pulled in over $6k from this bug class, and there are plenty mo

REGEXSS: How .* Turned Into over $6k in Bounties

Overly-greedy regex replacements can break HTML sanitisation & lead to XSS. Includes a live demo you can try exploiting it yourself!

sec.stealthcopter.com/regexss

#BugBounty #BugBountyTips #XSS #AppSec

Last week I found two regex bugs using regex → unauth XSS → 2× $2k = $4k in bounties 🥳 If you’ve been putting it off, learn regex. Seriously.

/regex\+xss/\$4k/

#BugBounty #BugBountyTips

Physically & emotionally drained after the rollercoaster that was @yeswehack.bsky.social's LHE at #NullconBerlin2025

@teamviewer.com was a tough target & I nearly gave up but pushed through to snag 10th place overall 🥳

Thanks to @yeswehack.bsky.social for the support & awesome hosting!

#BugBounty

Hack the Agent | Can you get a free ticket? HackAIcon is around the corner, and we wanted to give you a little challenge. Can you extract a free ticket?

Really enjoyed these AI hacking challenges by HackAIcon, the last one had some fun little twists: hacktheagent.com

#ctf

Passed the CBBH exam! Instead of spending £60 on the certificate and a t-shirt I'd never wear I decided print it myself and to go out for french toast and a breakfast shake to celebrate🥳

#BugBounty #CyberSecurity #WillHackForFrenchToast

🚀New plugin in the Caido Store!

Introducing "Exploit Generator" by @stealthcopter

Generate executable proof-of-concept (PoC) code from intercepted requests, in multiple languages and frameworks, such as Python, JavaScript, and Bash/cURL.

Check out more details: github.com/stealthcopte...

GitHub - stealthcopter/CaidoExploitGenerator Contribute to stealthcopter/CaidoExploitGenerator development by creating an account on GitHub.

🚀 Just released a new @caido.io plugin: Exploit Generator 💣

Generate clean, working, customizable PoC exploit scripts instantly in Python, JS, Bash/cURL (more langs & frameworks coming soon)

Live now in the Caido Plugin Store: github.com/stealthcopte...

#Caido #BugBounty

Selfie of me running the half marathon with the Clifton suspension bridge in the background

Survived the Bristol Half Marathon (2hr40). Then immediately got a kebab and cheesecake because I am an athlete 💪

Next: 25km Bath to Bristol for @coolearthaction.bsky.social. Please donate so the rainforest wins and I continue to question my life choices 🌍💚

www.justgiving.com/page/oh-no-2...

Signed Hackers movie memorabilia and patchstack metch

Just received the coolest #ctf prize ever from @patchstack.com, signed Hackers memorabilia and swag!

💾HACK THE PLANET! 🌍

#BugBounty #HackThePlanet #Infosec #Hackers

It's wild that I'm getting paid for this nonsense

#WordPress #BugBounty

Stealthcopter Third write-up for the Sneaky Patchstack CTF challenge, exploring visual diffing and fun with PHP filter chains

and Sneaky 🥷 sec.stealthcopter.com/patchstack-c...

Stealthcopter Explore how creative tricks in PHP and WordPress allow you to bypass restrictions in a fun Patchstack CTF (S02E01) challenge and uncover neat tricks with filter

And for anyone wanting to learn some more PHP tricks 🪄, here's my other two write ups for the Patchstack #wcasia2025 CTF, Blocked 🛑

sec.stealthcopter.com/patchstack-c...

#CTF #WordPress #Hacking

Mat's 25k Bath to Bristol Railway Run Help Mat Rollings raise money to support Cool Earth

I'm running 25k to raise money for Cool Earth. This will be the furthest I’ve ever run, and it’s going to be incredibly difficult!

Any donations are massively appreciated! 🙌 Even if you don’t donate, check out the FAQ on my page, it’s worth a read!

www.justgiving.com/page/oh-no-2...

Stealthcopter This writeup explores a Patchstack WordPress CTF challenge where a vulnerable custom footer feature allows for dynamic function execution. The challenge involve

Woop 🥳I placed 5th in the @patchstack.com CTF at #wcasia2025 🏆 Here's my first write-up covering one of the trickier challenges, diving into PHP’s quirks, like mixed-case function calls and dynamic execution.

sec.stealthcopter.com/patchstack-c...

#CTF #WordPress #Hacking

Second collaboration of the year 🥳 Many more to come 🤞I was awarded a $1,500 bounty on @Hacker0x01! hackerone.com/stealthcopter #TogetherWeHitHarder

Stealthcopter tldr; On their own, these two vulnerabilities in JupiterX Core wouldn’t have been very impactful or likely to get a bounty; but by chaining them together,

Chained two 'meh' WordPress vulnerabilities into a high-impact exploit on JupiterX Core 👾. From low-privilege SVG upload to full RCE, check out the full breakdown and PoC 🛠️

#BugBounty #WordPress #Cybersecurity

sec.stealthcopter.com/jupiterx-cha...

🧩👀🧠👈😵‍💫🔠❓➡️🤯🚩🥳

🧩👀🧠👈😵‍💫🔠❓➡️🤯🚩🥳

#ctf