xer0dayz 1N3
Founder of Sn1perSecurity LLC. Creator of Sn1per. Top 20 worldwide on@bugcrowd in 2016. OSCE/OSCP/CISSP/Security+
- https://packetstormsecurity.com/files/author/1N3/
- https://www.exploit-db.com/?author=7787
- https://vulners.com/search?query=1N3
- Sn1per (https://github.com/1N3/Sn1per)
- Findsploit (https://github.com/1N3/Findsploit)
- BruteX (https://github.com/1N3/BruteX)
- BlackWidow (https://github.com/1N3/BlackWidow)
- ReverseAPK (https://github.com/1N3/ReverseAPK)
- GooHak (https://github.com/1N3/GooHak)
- PRISM-AP (https://github.com/1N3/PRISM-AP)
- OSCE
- OSCP
- CISSP
- Security+
- CNA
- MCP
- Network+
- A+
- PCI-ASV
- SecurityTube Android Security For Penetration Testers
- CVE-2024-21733 Apache Tomcat HTTP Request Smuggling (Client- Side Desync) (https://sn1persecurity.com/wordpress/cve-2024-21733-apache-tomcat-http-request-smuggling/) $4,660 bounty (https://hackerone.com/reports/2327341)
- Nutanix Stored DOM Cross-Site Scripting (XSS) & Reflected Cross-Site Scripting (XSS) 0day
- Discovered a critical vulnerability in Proofpoint affecting many customers and was added to the Hall of Fame (https://www.proofpoint.com/us/security)
- Featured in Hackin9 Magazine - Open Source Hacking Tools edition (https://hakin9.org/download/open-source-hacking-tools/) 8/2018
- Jetty 6.1.6 Cross-Site Scripting (XSS) (https://seclists.org/fulldisclosure/2018/Aug/15) (Full Disclosure) 8/2018
- Listed on the DoD Defense Travel System HoF 6/2018
- Qualified for the BugCrowd 2018 MVP researcher list (https://www.bugcrowd.com/bugcrowd-mvps-april-edition/) 4/2018
- CVE-2018-8917 Synology-SA-18:14 - Reflected XSS in DSM 6.1.5-15254 (https://www.synology.com/en-us/security/advisory/Synology_SA_18_14) 3/2018
- CVE-2018-6545 Ipswitch MoveIt v8.1 Stored Cross-Site Scripting (XSS) (https://www.exploit-db.com/exploits/43947) 2/2018
- Multiple Cross-Site Scripting (XSS) vulnerabilities in Illustra IP Cameras ($600 bounty) 2/2018
- Directory Traversal vulnerability in Illustra IP Cameras ($800 bounty) 2/2018
- Remote Command Execution vulnerability in Illustra IP Cameras ($900 bounty) 2/2018
- Listed on the BugCrowd 2017 MVP researcher list (https://www.bugcrowd.com/today-we-recognize-our-2017-mvp-researchers/) 1/2018
- Recieved Offensive Security Certified Expert (OSCE) cerfication 12/2017
- Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in WEMO HomeKit Bridge ($3,000 bounty) 9/2017
- Stored Cross-Site Scripting (XSS) vulnerability in WEMO HomeKit Bridge ($500 bounty) 9/2017
- Systemic Stored XSS vulnerability in WEMO HomeKit Android Application ($1,500 bounty) 9/2017
- Systemic Local File Inclusion in WEMO HomeKit Android Application ($3,000 bounty) 9/2017
- Placed 7th in ToorConCTF CTF 8/2017
- Stored XSS in ModSecurity App for Splunk (Full Disclosure) 8/2017
- Directory Traversal in PSPDFKit/Atlassian Jira Cloud Android application Bug Bounty 7/2017
- Recieved Android Security For Penetration Testers (ASFP) certification from SecurityTube 5/2017
- Gave talk at ISSA/OWASP Phoenix to 90+ attendees titled "Man In The Browser Advanced Client Side Exploitation" (https://www.slideshare.net/1N3/man-in-the-browser-advanced-client-side-exploitation-using-beef) 4/2017
- PSV-2017-0227: Cross-Site Tracing Vulnerability in NETGEAR Arlo CVE 2/2017
- Directory traversal + multiple CSRF + multiple stored and reflected XSS in NETGEAR M4300-8X8F switches ($3,000+ bounty) 3/2017
- Recieved Department of Defense HackerOne Challenge coin for the Hack The Army Bug Bounty Program 2/2017
- Listed on the BugCrowd 2016 MVP list 1/2017
- Placed 3rd on BugCrowd's Operation Code CTF 9/2016
- 1st place @DEFCON CMD+CTRL CTF 8/2016
- HTTPoxy Exploit Scanner Exploit/PoC 7/2016
- CVE-2016-1034 Zabbix SQL Injection 0day (www.cvedetails.com/cve/CVE-2016-10134/) 7/2016
- CVE-2016-4401 Unauthenticated Database Credential Leak in Aruba ClearPass ($1,500 bounty) (https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-010.txt) 6/2016
- Tied for 2nd place in BugCrowd Operation Code CTF 6/2016
- Made the top 10 researcher list on BugCrowd 6/2016
- Placed 2nd at CactusCon 2016 RootTheBox CTF 5/2016
- Ranked 19th on BugCrowd's Worldwide Leaderboard Bug Bounty 5/2016
- Charts 4 PHP 1.2.3 Cross Site Scripting (Full Disclosure) (https://packetstormsecurity.com/files/135666/Charts-4-PHP-1.2.3-Cross-Site-Scripting.html) 2/2016
- Open Web Analytics 1.5.7 Cross Site Scripting (Full Disclosure) (https://packetstormsecurity.com/files/135948/Open-Web-Analytics-1.5.7-Cross-Site-Scripting.html) 2/2016
- WordPress All In One SEO Pack 2.2.2 Cross Site Scripting (Full Disclosure) 2/2016
- PSV-2016-0127: Directory Traversal In NETGEAR R7800 Routers 0day (https://kb.netgear.com/000053136/Security-Advisory-for-Arbitrary-File-Read-on-Some-Routers-and-Gateways-PSV-2016-0127) 1/2016
- PSV-2016-0124: Cleartext Submission of Password In NETGEAR R7800 Routers 0day (https://kb.netgear.com/000055105/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-and-Extenders-PSV-2016-0124) 1/2016
- PSV-2016-0116: Denial of Service (DoS) in NETGEAR R7800 Routers 0day 1/2016
- PSV-2016-0136: Unrestricted Arbitrary File Upload In NETGEAR R7800 Routers 0day (https://kb.netgear.com/000049063/Security-Advisory-for-Security-Misconfiguration-Vulnerability-on-R7800-Routers-PSV-2017-0136) 1/2016
- PSV-2016-0114: Directory Traversal In NETGEAR R7800 Routers 0day (https://kb.netgear.com/000053135/Security-Advisory-for-Arbitrary-File-Read-on-Some-Routers-and-Gateways-PSV-2016-0114) 1/2016
- PSV-2016-0113: Denial of Service (DoS) in NETGEAR R7800 Routers 0day 1/2016
- PSV-2016-0131: Server Side Request Forgery in NETGEAR R7800 Routers 0day (https://kb.netgear.com/000053137/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-and-Gateways-PSV-2016-0131) 1/2016
- Founded CrowdShield (https://crowdshield.com) A bug bounty startup based in Toronto, Canada.
- Made the top 10 researcher list on BugCrowd 11/2015
- Wordpress XMLRPC System Multicall Brute Force Exploit (0day) Exploit/PoC 10/2015
- Aruba AP-205 Remote Command Injection Vulnerability ($750 bounty) (https://www.youtube.com/watch?v=TZqDkN1NQf4) 10/2015
- Apache Range Header Denial of Service Exploit (CVE-2011-3192) Exploit/PoC 8/2015
- Listed on AT&T's Bug Bounty Hall of Fame Bug Bounty (https://bugbounty.att.com/hof.php) 8/2015
- Won the InfoSec Institute Practical Web CTF #2 Challenge (https://resources.infosecinstitute.com/ctf-2-practical-web-hacking-winners/#gref) 8/2015
- HP Photosmart 7520 Printers Stored Cross Site Scripting (0day) Exploit/CVE 7/2015
- Supermicro IPMI/BMC Cleartext Password Scanner Exploit/PoC 3/2015
- WebFOCUS 533 Server XSS & Directory Traversal Vulnerabilities (0day) Exploit/CVE 2/2015
- Imgur Server Side Request Forgery (SSRF) ($1600 bounty) (https://hackerone.com/reports/91816) 1/2015
- CVE-2015-0235 GHOST glibc gethostbyname buffer overflow Exploit (https://www.exploit-db.com/exploits/35951) 1/2015
- Hak5 Wifi PinnappleV Remote Code Execution Exploit/CVE 1/2015
- Hak5 Wifi PinnappleV SSLSplit Cross Site Scripting Exploit/CVE 1/2015
- Lyris ListManagerWeb 8.95a Cross Site Scripting (Full Disclosure) (https://packetstormsecurity.com/files/127672/Lyris-ListManagerWeb-8.95a-Cross-Site-Scripting.html) 7/2014
- MyConnection Server (MCS) 9.7i Cross Site Scripting (Full Disclosure) (https://0day.today/exploit/description/22526) 7/2014
- AlogoSec FireFlow 6.3 Cross Site Scripting (Full Disclosure) (https://packetstormsecurity.com/files/127001/AlogoSec-FireFlow-6.3-Cross-Site-Scripting.html) 7/2014
- Recieved Offensive Security Certified Professional (OSCP) certification 2/2014
PinnedLoading
- IntruderPayloads
IntruderPayloads PublicA collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.
- BlackWidow
BlackWidow PublicA Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
Something went wrong, please refresh the page to try again.
If the problem persists, check theGitHub status page orcontact support.
If the problem persists, check theGitHub status page orcontact support.