Jacolon Walker
@calleax.bsky.social
One to Zero Chronicles
Ex-founder | Security Researcher | 👨🌾 Homesteader
Blog: blog.stellersjay.pub
X: https://x.com/call_eax
mastodon: https://infosec.exchange/@CALLEAX
Ex-founder | Security Researcher | 👨🌾 Homesteader
Blog: blog.stellersjay.pub
X: https://x.com/call_eax
mastodon: https://infosec.exchange/@CALLEAX
Pro Tip: Dive into bug trackers. Huge value in studying previously reported and resolved bugs with security impact (vulnerabilities).
Why it's great:
- Learn unfamiliar subsystems.
- Follow real-world PoCs from start to finish.
- Apply insights directly to your own targets.
Sharpens skills.
Why it's great:
- Learn unfamiliar subsystems.
- Follow real-world PoCs from start to finish.
- Apply insights directly to your own targets.
Sharpens skills.
May 7, 2025 at 6:54 PM
Pro Tip: Dive into bug trackers. Huge value in studying previously reported and resolved bugs with security impact (vulnerabilities).
Why it's great:
- Learn unfamiliar subsystems.
- Follow real-world PoCs from start to finish.
- Apply insights directly to your own targets.
Sharpens skills.
Why it's great:
- Learn unfamiliar subsystems.
- Follow real-world PoCs from start to finish.
- Apply insights directly to your own targets.
Sharpens skills.
Mythical API defense 🧌 found:
- Found a forbidden (403) path
- Check for subpaths beyond that
- Found an image
- Sub-sequential response length grew from 1034 to 830319 🙃
Great defense or it's a bug...
- Found a forbidden (403) path
- Check for subpaths beyond that
- Found an image
- Sub-sequential response length grew from 1034 to 830319 🙃
Great defense or it's a bug...
February 14, 2025 at 3:46 AM
Mythical API defense 🧌 found:
- Found a forbidden (403) path
- Check for subpaths beyond that
- Found an image
- Sub-sequential response length grew from 1034 to 830319 🙃
Great defense or it's a bug...
- Found a forbidden (403) path
- Check for subpaths beyond that
- Found an image
- Sub-sequential response length grew from 1034 to 830319 🙃
Great defense or it's a bug...
Bug Hunting Tip:
- 💯 Build your own API wordlist.
- Why? Public lists are too well-known and overused.
- Craft one tailored to your hunt for a competitive edge.
- Don’t forget to test these wordlists on URL subpaths, you might uncover unique bypasses.
#bugbountytips
- 💯 Build your own API wordlist.
- Why? Public lists are too well-known and overused.
- Craft one tailored to your hunt for a competitive edge.
- Don’t forget to test these wordlists on URL subpaths, you might uncover unique bypasses.
#bugbountytips
February 14, 2025 at 3:46 AM
Bug Hunting Tip:
- 💯 Build your own API wordlist.
- Why? Public lists are too well-known and overused.
- Craft one tailored to your hunt for a competitive edge.
- Don’t forget to test these wordlists on URL subpaths, you might uncover unique bypasses.
#bugbountytips
- 💯 Build your own API wordlist.
- Why? Public lists are too well-known and overused.
- Craft one tailored to your hunt for a competitive edge.
- Don’t forget to test these wordlists on URL subpaths, you might uncover unique bypasses.
#bugbountytips
Someone want to tell me what MURL Package Format ?!? I believe is definitely game related.
4d 55 52 4c 28 bd 06 00 52 50 4b 47 48 45 41 44 4c 00 00 00
4d 55 52 4c 28 bd 06 00 52 50 4b 47 48 45 41 44 4c 00 00 00
February 14, 2025 at 3:44 AM
Someone want to tell me what MURL Package Format ?!? I believe is definitely game related.
4d 55 52 4c 28 bd 06 00 52 50 4b 47 48 45 41 44 4c 00 00 00
4d 55 52 4c 28 bd 06 00 52 50 4b 47 48 45 41 44 4c 00 00 00
Does anything actually happen over here?
February 13, 2025 at 10:13 AM
Does anything actually happen over here?
Roosters maybe protective but cornish cross only abide one thing...eat or be eaten
January 15, 2025 at 4:42 AM
Roosters maybe protective but cornish cross only abide one thing...eat or be eaten
As targeted as JavaScriptCore and Webkit have been for ages, I am curious of the diff on the patch for CVE-2024-44308 and CVE-2024-44309...
November 20, 2024 at 10:22 AM
As targeted as JavaScriptCore and Webkit have been for ages, I am curious of the diff on the patch for CVE-2024-44308 and CVE-2024-44309...
It's important if code auditing to have >= 2 different projects that are unrelated to each other for reviewing. It helps keep you fresh and away from exhaustion. Also I would throw in a coding project as well which may or may not be related. #infosec
June 1, 2024 at 8:54 AM
It's important if code auditing to have >= 2 different projects that are unrelated to each other for reviewing. It helps keep you fresh and away from exhaustion. Also I would throw in a coding project as well which may or may not be related. #infosec
A lot of my time is spent diving into security advisories -> issues trackers -> code diffs (patches) to see how downstream consumers resolve bugs. I actually enjoy this part of the research as it paints the story of a bug turn potentially exploitable
May 3, 2024 at 7:41 AM
A lot of my time is spent diving into security advisories -> issues trackers -> code diffs (patches) to see how downstream consumers resolve bugs. I actually enjoy this part of the research as it paints the story of a bug turn potentially exploitable
Grind every side quest - sometimes you find bugs, sometimes they are exploitable but you can always learn something new that might be old or suspect...
blog.stellersjay.pub/now-and-late...
blog.stellersjay.pub/now-and-late...
Now and Later Bug Hunting Side Quest [04/28/24]
Distracted.. This post is more about a side quest, as I was a bit distracted awaiting some responses on some UAF and Format string vulnerabilities submitted to a couple bug bounty programs. In order t...
blog.stellersjay.pub
May 2, 2024 at 2:08 AM
Grind every side quest - sometimes you find bugs, sometimes they are exploitable but you can always learn something new that might be old or suspect...
blog.stellersjay.pub/now-and-late...
blog.stellersjay.pub/now-and-late...