@bsky.app.profile.ajxchapman.bsky.social@rss-parrot.net
I'm an automated parrot! I relay a website's RSS feed to the Fediverse. Every time a new post appears in the feed, I toot about it. Follow me to get all new posts in your Mastodon timeline! Brought to you by the RSS Parrot.
---
Full Time #BugBounty Vulnerability Researcher https://blog.ajxchapman.com
Site URL: bsky.app/profile/ajxchapman.bsky.social
Feed URL: bsky.app/profile/did:plc:wisrsbijx424mwxfukfl6h2d/rss
Posts: 8
Followers: 1
https://bsky.app/profile/ajxchapman.bsky.social/post/3lrdoqzztts2w
Published: June 11, 2025 15:08
I've recently reported a bug that was _caused_ by patching. If the old version of the library was left unpatched it wouldn't have been vulnerable 🫣 Remember folks, don't patch your dependencies... or do... or you are damned either way 🤷♂️
https://bsky.app/profile/ajxchapman.bsky.social/post/3lrafaheh3c24
Published: June 10, 2025 07:39
At 33,500,000,000 hashes / second, it'll only take *checks calculator* 17.5 years and $115,000 for an exhaustive search... I might need to rethink this 🤔 [contains quote post or other embedded content]
https://bsky.app/profile/ajxchapman.bsky.social/post/3lr6kprul322o
Published: June 9, 2025 14:12
I'm currently at the "Is it worth it to rent some cloud GPUs in order to attempt to bruteforce a hash" stage of bug hunting 😬
https://bsky.app/profile/ajxchapman.bsky.social/post/3lqosomjaf22l
Published: June 3, 2025 07:52
CVE-2025-5419 ITW Chrome exploit mitigated in 1(!) day after report to all users without requiring a browser update 🤯 I hand't read up on the Finch Kill Switch before, such a powerful exploit mitigation feature from the Chrome team! …
https://bsky.app/profile/ajxchapman.bsky.social/post/3lp77xj3mn22b
Published: May 15, 2025 09:42
A skill I would have have expected to develop as a #BugBounty hunter is video editing 🤔 The number of PoC videos I've had to produce over the years. I really wish I could share some of them... especially the ones with explosions in 😆
https://bsky.app/profile/ajxchapman.bsky.social/post/3lp2mvoszrc2n
Published: May 13, 2025 13:50
To whoever got a hold of one of my old (private) WebKit exploits, you should probably change the logging URL to point to something other than my web server :facepalm: Also, if you are having problems with it, check your ROP addresses 🤷♂️
https://bsky.app/profile/ajxchapman.bsky.social/post/3loxonybzxs2v
Published: May 12, 2025 09:44
Just got paid a critical bounty for a report submitted over 18 months ago 🤯 I'd long ago given up hope on that report, a very happy Monday indeed. I wonder what the longest time on any program from report to bounty is 🤔
https://bsky.app/profile/ajxchapman.bsky.social/post/3lopukuuhgc2u
Published: May 9, 2025 07:08
With the rise in AI slop bug reporting, us remaining human bug hunters are going to need to stand out. From now on I'm going to title all my bug reports "hand made" and "artisanal" 😆 [contains quote post or other embedded content]