Sajeeb Lohani (prodigysml / sml555)
@sml555_
Global TISO (Snr Director of) Cybersecurity @Bugcrowd | Web Security Lecturer (Masters) @ Melbourne University | Top 40 @Bugcrowd | #2 DVuln | Investor
Proud to release a small Burp plugin I wrote named Dr. Watson! It's a simple Burp Suite extension that helps find assets, keys, subdomains, IPs, and other useful information! It's your very own discovery side kick, the Dr. Watson to your Sherlock! github.com/prodigysml/Dr.…
Hey folks! I'm hiring for an epic Senior Security Engineer. This person will be bringing together engineering skills and security skills, helping a fast-paced, extremely innovative, security team delve into the depths of security! boards.greenhouse.io/bugcrowd/jobs/…
SecTalks Melbourne is back again and we're hoping people can come join us for a nice chill gathering! Come on by and enjoy some great chatter! meetup.com/sectalks-melbo…
This would've landed me a P1 a few months ago! Def worth keeping in your arsenal.
Exploit XSS in hidden inputs with no user-interaction, using this amazing new auto-executing vector from @kinugawamasato! We've added this powerful trick to our XSS cheat sheet linked below👇
💡 Sharing is caring! We didn’t want to keep our weird ideas to ourselves. So @sml555_ and his team made a lab. 🥼 Meet the #Bugcrowd Security Innovation Lab 🧪👉 home to experiments, open-source tools, and new ways to make security faster, smarter, and more useful. If you’re…
Welcome to @Bugcrowd's CTF. New challenges, same spiel as last year. The same team is running it, but now, as the @Bugcrowd Security Innovation Lab. There are some epic challenges ranging in difficulty. bhusa.bugcrowdctf.com PS. Awesome prizes up for grabs
I'm extremely proud to announce that we've finally released our Security Innovation Lab at @Bugcrowd ! My epic team will be innovating and sharing our gripes and struggles in security. We'll be sharing our hot takes and creative ways. bugcrowd.com/blog/introduci…
🚨 Level up your security skills this June! 🚨 Join our 2 live trainings: 🔐 Web Security Code Review (4 sessions, 3 hours each) 🦸♂️ Secure Coding in Golang (1 session, 3 hours) Learn real-world security skills you can apply right away! 💻🔐 👉 Register Now…
Lots of security teams should feel this one
Big thanks to @MSM_Marketplace for featuring hacker Fran and our own Global TISO, @sml555_! In this episode, Saj breaks down how to properly set and limit scope–a crucial part of any successful security program. 👀 Watch now: youtu.be/xC6fw1lj7zQ 🎬 Catch the full series:…
For context, some of y'all have been using cracked copies of software you shouldn't, and having your entire browsing sessions sent to third parties. So yes, password resets and MFA for everyone, so that everyone stays secure.
We’re taking extra steps to help you as hackers keep your accounts secure! Starting today, if you don’t have multi-factor authentication (MFA) enabled, you’ll need to update your password and turn on MFA at your next login. Already have MFA? You’re good to go. Happy hunting! 🐞
Just added OTP login flow support to bbscope #bugbounty
We’re taking extra steps to help you as hackers keep your accounts secure! Starting today, if you don’t have multi-factor authentication (MFA) enabled, you’ll need to update your password and turn on MFA at your next login. Already have MFA? You’re good to go. Happy hunting! 🐞
A couple of years ago I co-presented with @wbm312 how sensitive bug bounty hunter accounts can be, especially active hunters with years of file attachments and POC data. Today bugcrowd is mandating 2fa on all accounts: bugcrowd.com/blog/bugcrowd-… Definitely a positive change.
The requirement to enable MFA at login is a proactive security measure. This change to the platform was roadmapped for later on in the year, however, it was accelerated following threat intelligence that included credential leaks and compromised tools affecting other bug bounty…
It was an absolute pleasure to chat with the insightful and inspirational @JFran_cbit! So much to learn! Hats off mate and I'm looking forward to seeing some more of your epic research in the future!
We’re taking extra steps to help you as hackers keep your accounts secure! Starting today, if you don’t have multi-factor authentication (MFA) enabled, you’ll need to update your password and turn on MFA at your next login. Already have MFA? You’re good to go. Happy hunting! 🐞
TFW one of your favourite comedians becomes a CSO 🔥
A message from our new Chief Security Officer at Perplexity:
Our research on vulnerabilities caused by the great firewall was nominated for the top ten web hacking techniques this year (Insecurity through Censorship). This affects 30-40m domains. If you found our research interesting, you can vote here: portswigger.net/polls/top-10-w…
AI is changing cybersecurity! Knowing where to apply it is key. 🔨✨ @sml555_ notes AI can handle groundwork and simple tasks. Learn more on @DICEdotcom! dice.com/career-advice/… #CyberSecurity #AI #Innovation #TechTrends #DICE
Cybersecurity certs are great, but skills are the best. Code contributions, bug-bounty reports, and all the work you've done on Bugcrowd can be just as valuable. 😉 Get tips from @sml555_ in @JaiVijayan’s piece for @securityblvd: securityboulevard.com/2024/08/do-cyb… #CyberSecurity #Skills…
Why is crowdsourced security so important? It brings together the world’s best security minds to find vulnerabilities faster and more effectively than any in-house team could. 🌍⚡ Our CEO, @davegerryjr, gives his take🎙️
We’re hyped for @AISA_National Cyber Con, Nov 26–28! 😁 Catch us at booth 183 + don’t miss: 🎤 "Project Strange: Reviving the Internet's Lost Ideals - IAM Reimagined" 🗓 Nov 26 | 11:35am-12:15pm | Room 209 Speakers: 👨💻 @sml555_ 🔒 Ben Christian See you there! 🔗…