u/TheReedemer69

Hey everyone, I wanted to ask for some advice from people who publish bug bounty write-ups, disclosed reports, or CVE-related research.

I moved to a new country a little while ago, so I’ve been trying to network more, find opportunities, and be more active in the security community. As part of that, I started going through a backlog of security findings I’ve been sitting on for years and turning them into proper write-ups.

I’ve been doing this for about a month now, and honestly, the results feel pretty hit or miss. Some posts do really well, while others barely get any attention. It does not always seem to match the quality of the finding or the amount of effort I put into explaining it.

I’m not expecting every post to blow up, but I’m trying to understand where people usually share this kind of content, especially when they do not already have a big audience.

For those of you who publish bug bounty write-ups, CVE write-ups, or technical research, where do you usually post them? Personal blog, Medium, LinkedIn, X/Twitter, GitHub, HackerOne Hacktivity, Bugcrowd, Discord communities, newsletters, or somewhere else?

Any advice would be appreciated. I have 4 more CVEs planned to post this month, and hopefully 2 or 3 more in July, so I’m trying to be a bit more intentional about where I share them.

Disclosure: this is my own research/writeup.

I reported this ZTE H-series router DoS in 2024; it is now public as CVE-2026-34473.

The writeup focuses on the root cause rather than just the symptom. The issue is not simply “large POST body kills the UI.” Firmware analysis maps the behavior to CGILua request-body parsing: attacker-controlled application/x-www-form-urlencoded POST data reaches body handling before login enforcement matters.

The article includes validation footage, affected-model context, disclosure timeline, decompiled parser evidence, and reconstructed public-safe code-path notes.

Interested in feedback on the root-cause framing from people who review embedded web stacks or router firmware.

open for collabs too.

Curious what the community is using. Lately I've been experimenting with a few MCP servers that have genuinely improved my recon and analysis pipeline:

• Playwright MCP : great for automating browser-based recon and testing web app behavior
• Perplexity MCP : useful for quick contextual research without leaving your workflow
• Ghidra MCP : powerful for binary analysis and reverse engineering automation

Would love to hear what others are using and how you're integrating MCPs into your day-to-day security work. Are there any lesser-known ones worth trying?

thxxxxx

I mentioned in a post that I'm childfree and that I'd like to meet people who feel the same.

The reactions I got were something I wasn't expecting. People told me that being childfree at 24 is bizarre, that I have a "childfree obsession," and that I shouldn't even be bringing up children talk with people I've just met. one comment said "Childfree" isn't a thing nor lifestyle nor an interest in Italy and I should just "get a hobby. ffs" and one comment said that "even people who don't want kids would avoid me for leading with it"

What's funny is that the country has one of the lowest birth rates in Europe. So clearly people aren't having kids.

looks like I doomed myself in Italy : }

Curious what people are running for AI-assisted solving. Not talking about full automation, more like having a model help reason through privilege escalation paths, analyze binaries, or generate quick scripts during a box.

I've been testing a few since Codex got limited. Refusal rate is still the main bottleneck since most models choke on anything that looks offensive even in a clearly sandboxed lab context.

Running Gemini CLI via pro sub right now for its low refusal rate but the output consistency isn't great for multi-step reasoning. Anyone found something that holds up better? Local models welcome too.

Hey everyone,

I moved to Milan two months ago and I'm really enjoying the city, but making genuine connections has been harder than expected.

The dating side is especially tough — I'm childfree and finding women who feel the same way here seems pretty rare. Not impossible, just… quietly difficult.

I'm still learning Italian (very much a work in progress), so I've been leaning on English-speaking spaces for now.

Has anyone here navigated something similar? Any expat groups, apps, events, or spots in Milan that tend to attract international or CF-friendly people would mean a lot. Open to any advice really — social or dating side of things.

Thanks in advance 🙏

Switched away from Codex after the insane 5.5 refusal rate and have been testing alternatives. Refusal rate and output consistency are the two things that matter most for security-relevant tasks like recon scripting, payload crafting, and analyzing API specs.

What are you actually using day to day? API or local? Would love to hear what has held up in real engagements.

I mostly do redteam

thxxxx

I am looking for a replacement for claude code.

View Poll

Has anyone run into Codex suddenly blocking requests related to CVE research?

I've been using it for months as part of my research workflow with zero issues, but recently every

relevant query gets cut off with a content flagging warning. The suggested fix is to verify identity

through OpenAI's Trusted Access for Cyber program (government ID + trust signals).

Before I go through that whole process — is it actually reliable once you're verified? Any alternative

AI-assisted workflows people have switched to for CVE/vuln research in the meantime?