- Instagram account takeover via React debug.keystore
by phwd on 7/19/22, 2:43 PM, with comments
- HackerOne takes $25,000 from Belarusian hacker in response to sanctions
by phwd on 3/13/22, 2:38 PM, with comments
- Facebook SSRF
by phwd on 7/30/21, 5:33 PM, with comments
- Coding Exercises Exposed at Facebookrecruiting.com
by phwd on 7/26/21, 2:41 PM, with comments
- Bulletin.com Email Address Leak
by phwd on 7/21/21, 7:23 PM, with comments
- Facebook’s /intern/testdata tool: default password n0t3st
by phwd on 6/7/21, 10:07 AM, with comments
- Download Facebook internal mobile builds
by phwd on 4/26/21, 11:04 AM, with comments
- Leaked Credentials gives access to internalfb.com
by phwd on 3/11/21, 8:51 PM, with comments
- Instagram Terms of Use (2018 vs. 2020)
by phwd on 12/20/20, 4:17 PM, with comments
- Facebook Remote Code Execution via CDN ($80k Bounty)
by phwd on 11/19/20, 8:00 PM, with comments
- Facebook DOM Based XSS Using PostMessage
by phwd on 11/7/20, 10:49 PM, with comments
- $25K Instagram Almost XSS Filter Link
by phwd on 9/20/20, 3:52 PM, with comments
- I Hacked Facebook Again Unauthenticated RCE on MobileIron MDM
by phwd on 9/12/20, 11:04 AM, with comments
- Subscribe to typing notifications for any Instagram user
by phwd on 12/6/19, 12:17 PM, with comments
- HTTP Request Smuggling: How Did Tons of People Like Me on Tinder?
by phwd on 11/24/19, 4:53 PM, with comments
- Why Do Many Russians Prefer VK to Facebook?
by phwd on 11/23/19, 8:45 PM, with comments
- Hack any Instagram account ($30k Bug bounty)
by phwd on 7/15/19, 12:19 AM, with comments
- Denial of service in Facebook Fizz due to integer overflow (CVE-2019-3560)
by phwd on 3/19/19, 8:59 PM, with comments
- Changing email address on Twitter for Android unsets “Protect your Tweets”
by phwd on 1/19/19, 9:14 PM, with comments
- Facebook Business Takeover ($27,500 bounty)
by phwd on 10/29/18, 1:30 PM, with comments
- View Facebook friends for any user
by phwd on 10/17/18, 1:05 AM, with comments
- Facebook Broadens Bug Bounty to Help Fix Third-Party Apps
by phwd on 9/17/18, 3:39 PM, with comments
- Breaking the Facebook for Android Application
by phwd on 9/11/18, 4:26 PM, with comments
- View Private Instagram Photos
by phwd on 8/29/18, 12:00 AM, with comments
- Grab Facebook’s CSRF Token Through Their “Save to Facebook” Chrome Extension
by phwd on 8/27/18, 4:42 PM, with comments
- Remote Code Execution on a Facebook server
by phwd on 8/24/18, 1:30 PM, with comments
- Facebook “Client-Side” CSRF
by phwd on 5/13/18, 6:39 PM, with comments
- Facebook GraphQL CSRF
by phwd on 3/30/18, 11:47 AM, with comments
- Data Analytics, App Developers, and Facebook’s Role in Data Misuse
by phwd on 3/21/18, 5:23 PM, with comments
- Stored XSS on Facebook
by phwd on 3/18/18, 4:15 PM, with comments
- Facebook Bug Bounty 2017 Highlights: $880,000 Paid to Researchers
by phwd on 1/11/18, 10:38 PM, with comments
- Posting GIFs as anyone on Facebook
by phwd on 11/3/17, 6:07 PM, with comments
- De-anonymizing Facebook Ads
by phwd on 6/8/17, 4:51 PM, with comments
- Zomato Security Notice Update
by phwd on 5/18/17, 6:50 PM, with comments
- How I got your phone number through Facebook
by phwd on 2/21/17, 5:15 PM, with comments
- Remote Code Execution on Facebook via ImageTragick ($40,000 Bounty)
by phwd on 1/17/17, 11:22 AM, with comments
- GitHub Enterprise SQL Injection
by phwd on 1/7/17, 3:52 PM, with comments
- Nintendo Launches Vulnerability Rewards Program for Nintendo 3DS
by phwd on 12/6/16, 1:36 AM, with comments
- Facebook Bug Bounty: $5M Paid in 5 Years
by phwd on 10/12/16, 11:37 PM, with comments
- What it's like on your first day when you get a job at Facebook
by phwd on 10/12/16, 10:04 AM, with comments
- Marauder’s Map: Sniffing MAC addresses in the MIT wireless network [pdf]
by phwd on 8/23/16, 10:08 AM, with comments