Patrik Fehrenbach

Made a simple dashboard to help track/search CVEs and security vulnerabilities in near real-time. No fancy stuff - just a clean interface to see what's burning in the security world right now. (it's Ivanti🙈) huntdb.com/cve/CVE-2025-0…) huntdb.com Feedback welcome!

I have launched YSoNet (ysonet.net) and added #SharePoint CVE-2025-49704 payload generator to it as the first thing. Here is how this can work: Running command: ``` ysonet.exe -p sharepoint --cve=CVE-2025-49704 -var 1 -c "calc" ``` Running C# code: ``` ysonet.exe…

When applying for a job at McDonald's, over 90% of franchises use "Olivia," an AI-powered chatbot. We (@iangcarroll and I) discovered a vulnerability that could allow an attacker to access the over 64 million chat records using the password "123456". ian.sh/mcdonalds

Hey peeps! As many of you know, I was diagnosed with ALS nearly 2 years ago. I continue to fight a losing battle with it every day. I am determined to live long enough to attend this ALS Walk fundraiser in October. I would sincerely appreciate any small donation you can spare to…

Honestly a bit surreal, but I’ll be joining @assetnote as a Security Researcher soon🦆. Excited to be part of such a brilliant team.

We all know who the real #1 US Hacker on HackerOne is 👇

How do we turn bad SSRF (blind) into good SSRF (full response)? The @assetnote Security Research team at @SLCyberSec used a novel technique involving HTTP redirect loops and incremental status codes that leaked the full HTTP resp. It may work elsewhere! slcyber.io/assetnote-secu…

What does it take to hack a @Sonos Era 300 for Pwn2Own? Take a look at our process of adapting existing research, establishing a foothold, and exploiting media parsers for unauthenticated RCE over the network🔥👇 blog.ret2.io/2025/06/11/pwn…

Happy Pride Month! Celebrating all the courage it takes to live your truth and love openly. God is love, and whoever lives in love lives in God, and God in them.' - 1 John 4:16 ❣️

Lads, its on

I am killing it lately with the bug bounty stuff

Things are happening soon… 👀 fromdayzerotozeroday.com

Just waiting on the AI that cleans up AI-generated slop. Should be any day now. 🤌🏻

1/ In late 2023 a former Yuga Labs security researcher was stopped at the airport after law enforcement mistakenly linked them to a $1.1M phishing theft from a Bored Ape owner. Here’s an investigation into where the stolen funds went and who’s actually responsible.

I made a tool to help test archive (zip/tar) extraction bugs (synk working directory into archive, add path traversals, links, permissions, etc): github.com/avlidienbrunn/…

👀

📷 Just released ProKZee v0.0.1! My new cross-platform tool for HTTP/HTTPS traffic interception features a modern UI and powerful analysis capabilities. Perfect for developers and security researchers. Check it out: github.com/al-sultani/pro… #infosec #bugbounty #bug_bounty

MITRE’s CVE funding just dried up because the US can’t get its paperwork in order. Maybe global cybersecurity shouldn’t depend on one country’s clown show. Just a thought.

Love it

Obviously an April fools joke, but the 79,99$ for unlocking private reports is crazy