It has been great fun building this and watching it deliver a steady stream of real vulnerabilities in live sites! If you're curious how we did it, @nicowaisman.bsky.social has a new post: xbow.com/blog/top-1-h...

This is the first of a series of posts we're doing on some of the vulns found as part of the HackerOne work – we have lots more fun ones coming up about some great SSRF, SQLi, and RCE vulns it discovered, with very clever exploit techniques :)

XBOW – Breaking the Shield: How XBOW Discovered Multiple XSS Vulnerabilities in Palo Alto’s GlobalProtect VPN XBOW discovered multiple cross-site scripting (XSS) vulnerabilities in Palo Alto Networks’ GlobalProtect VPN web application

For the last 6 months I’ve been helping an incredible team to build
@xbow.com
and there was not a single day without being amazed by XBOW findings and reasoning. It even got to the top of
@hacker0x01.bsky.social
US leaderboard 🤯Stay tuned for blog posts and detailed traces!

For the first time in history, the #1 hacker in the US is an AI.

(1/8)

December was my last month at GitHub, and after a refreshing Xmas break, I’m thrilled to announce that I’ll be starting a new adventure at @xbow! 🚀 Grateful for all the memories and experiences at GitHub, and can’t wait to help shaping the future of security testing!

After an amazing journey, this is my last week at GitHub. It’s been an incredible 5 years working alongside the talented team at the Security Lab. Grateful for the experiences, collaborations, and the amazing culture I’ve been a part of. On to the next adventure!