Skip to content
View 1N3's full-sized avatar
Block or Report

Block or report 1N3

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Please don't include any personal information such as legal names or email addresses. Maximum 100 characters, markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
1N3/README.md

Bug Bounty Profiles

Public Exploits

Open Source Security Tools

Certifications

  • OSCE
  • OSCP
  • CISSP
  • Security+
  • CNA
  • MCP
  • Network+
  • A+
  • PCI-ASV
  • SecurityTube Android Security For Penetration Testers

Public Exploits/PoC's/CVE's/Bug Bounties/CTF's

2024:

2021:

  • Nutanix Stored DOM Cross-Site Scripting (XSS) & Reflected Cross-Site Scripting (XSS) 0day

2020:

2018:

2017:

  • Recieved Offensive Security Certified Expert (OSCE) cerfication 12/2017
  • Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in WEMO HomeKit Bridge ($3,000 bounty) 9/2017
  • Stored Cross-Site Scripting (XSS) vulnerability in WEMO HomeKit Bridge ($500 bounty) 9/2017
  • Systemic Stored XSS vulnerability in WEMO HomeKit Android Application ($1,500 bounty) 9/2017
  • Systemic Local File Inclusion in WEMO HomeKit Android Application ($3,000 bounty) 9/2017
  • Placed 7th in ToorConCTF CTF 8/2017
  • Stored XSS in ModSecurity App for Splunk (Full Disclosure) 8/2017
  • Directory Traversal in PSPDFKit/Atlassian Jira Cloud Android application Bug Bounty 7/2017
  • Recieved Android Security For Penetration Testers (ASFP) certification from SecurityTube 5/2017
  • Gave talk at ISSA/OWASP Phoenix to 90+ attendees titled "Man In The Browser Advanced Client Side Exploitation" (https://www.slideshare.net/1N3/man-in-the-browser-advanced-client-side-exploitation-using-beef) 4/2017
  • PSV-2017-0227: Cross-Site Tracing Vulnerability in NETGEAR Arlo CVE 2/2017
  • Directory traversal + multiple CSRF + multiple stored and reflected XSS in NETGEAR M4300-8X8F switches ($3,000+ bounty) 3/2017
  • Recieved Department of Defense HackerOne Challenge coin for the Hack The Army Bug Bounty Program 2/2017
  • Listed on the BugCrowd 2016 MVP list 1/2017

2016:

2015:

2014:

Pinned

  1. Sn1per Sn1per Public

    Attack Surface Management Platform

    Shell 7.7k 1.8k

  2. IntruderPayloads IntruderPayloads Public

    A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.

    BlitzBasic 3.6k 1.2k

  3. Findsploit Findsploit Public

    Find exploits in local and online databases instantly

    Shell 1.6k 320

  4. PrivEsc PrivEsc Public

    A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.

    C 948 316

  5. BruteX BruteX Public

    Automatically brute force all services running on a target.

    Shell 1.9k 568

  6. BlackWidow BlackWidow Public

    A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

    Python 1.5k 343