renniepak
@renniepak.nl
Self-XSS connoisseur. Elite Hacker. MVH H11337UPBash. One-Percent Man. Creator of CSPBypass.com. (he/him)
The security team running a bug bounty program as soon as your report comes in:
May 23, 2025 at 8:50 AM
The security team running a bug bounty program as soon as your report comes in:
If you’re into bug bounty hunting and like finding weird XSS bugs (like me 😊) in places most people overlook, come check out my talk at NahamCon 2025 this Friday, May 23.
"Widgets Gone Wild: Exploiting XSS Through Flawed postMessage Checks"
"Widgets Gone Wild: Exploiting XSS Through Flawed postMessage Checks"
May 20, 2025 at 9:04 AM
If you’re into bug bounty hunting and like finding weird XSS bugs (like me 😊) in places most people overlook, come check out my talk at NahamCon 2025 this Friday, May 23.
"Widgets Gone Wild: Exploiting XSS Through Flawed postMessage Checks"
"Widgets Gone Wild: Exploiting XSS Through Flawed postMessage Checks"
Bug bounty in a nutshell.
April 3, 2025 at 9:43 AM
Bug bounty in a nutshell.
Wow. Sora is pretty insane.
March 29, 2025 at 9:34 AM
Wow. Sora is pretty insane.
February 13, 2025 at 8:54 AM
Yesterday I discovered a tweet of mine was referenced in the book "Attacking and Exploiting Modern Web Applications: Discover the mindset, techniques, and tools to perform modern web attacks and exploitation"
www.amazon.nl/-/en/Simone-...
Since I deleted my account, this is the tweet:
www.amazon.nl/-/en/Simone-...
Since I deleted my account, this is the tweet:
February 12, 2025 at 8:19 AM
Yesterday I discovered a tweet of mine was referenced in the book "Attacking and Exploiting Modern Web Applications: Discover the mindset, techniques, and tools to perform modern web attacks and exploitation"
www.amazon.nl/-/en/Simone-...
Since I deleted my account, this is the tweet:
www.amazon.nl/-/en/Simone-...
Since I deleted my account, this is the tweet:
Just deleted all my tweets and unfollowed everyone. Kept my account so it cannot be used to impersonate me. 😅
December 2, 2024 at 8:07 AM
Just deleted all my tweets and unfollowed everyone. Kept my account so it cannot be used to impersonate me. 😅
This is so pathetic.
Company with a annual revenue of 25 BILLION USD reduces my bounty by $5 because I didn't supply my IP address.
For a postMessage XSS, so the only thing showing up in their logs would be me opening the homepage...
Company with a annual revenue of 25 BILLION USD reduces my bounty by $5 because I didn't supply my IP address.
For a postMessage XSS, so the only thing showing up in their logs would be me opening the homepage...
November 29, 2024 at 9:49 AM
This is so pathetic.
Company with a annual revenue of 25 BILLION USD reduces my bounty by $5 because I didn't supply my IP address.
For a postMessage XSS, so the only thing showing up in their logs would be me opening the homepage...
Company with a annual revenue of 25 BILLION USD reduces my bounty by $5 because I didn't supply my IP address.
For a postMessage XSS, so the only thing showing up in their logs would be me opening the homepage...
account banned bitcoin blocked coins crypto ethereum facebook fortnite help instagram private key lost metamask minecraft need nfts nft recover roblox scammed steam stolen support tiktok tokens twitter ubisoft unban unbanned unblock
November 20, 2024 at 2:13 PM
account banned bitcoin blocked coins crypto ethereum facebook fortnite help instagram private key lost metamask minecraft need nfts nft recover roblox scammed steam stolen support tiktok tokens twitter ubisoft unban unbanned unblock
November 20, 2024 at 8:29 AM
Why can I only send messages with a max of 300 characters while I can use 2000 characters in the alt text of an image?
November 20, 2024 at 8:02 AM
Why can I only send messages with a max of 300 characters while I can use 2000 characters in the alt text of an image?
Hey BlueSky!
I case you missed it:
I've created cspbypass.com
A site where you can search for known CSP bypass gadgets to gain XSS.
It already contains a bunch of useful gadgets with contributions from your favourite hackers.
If you have some CSP bypasses to share, feel free to contribute!
I case you missed it:
I've created cspbypass.com
A site where you can search for known CSP bypass gadgets to gain XSS.
It already contains a bunch of useful gadgets with contributions from your favourite hackers.
If you have some CSP bypasses to share, feel free to contribute!
November 14, 2024 at 2:57 PM
Hey BlueSky!
I case you missed it:
I've created cspbypass.com
A site where you can search for known CSP bypass gadgets to gain XSS.
It already contains a bunch of useful gadgets with contributions from your favourite hackers.
If you have some CSP bypasses to share, feel free to contribute!
I case you missed it:
I've created cspbypass.com
A site where you can search for known CSP bypass gadgets to gain XSS.
It already contains a bunch of useful gadgets with contributions from your favourite hackers.
If you have some CSP bypasses to share, feel free to contribute!
I've created a javascript bookmarklet that will extract all endpoints (starting with /) from your current DOM and from all the all the external script sources embedded on the page.
You can find it here, if you want to try it out:
https://0-a.nl/jsendpoints.txt
#bugbountytips
You can find it here, if you want to try it out:
https://0-a.nl/jsendpoints.txt
#bugbountytips
August 6, 2023 at 11:52 AM
I've created a javascript bookmarklet that will extract all endpoints (starting with /) from your current DOM and from all the all the external script sources embedded on the page.
You can find it here, if you want to try it out:
https://0-a.nl/jsendpoints.txt
#bugbountytips
You can find it here, if you want to try it out:
https://0-a.nl/jsendpoints.txt
#bugbountytips