banner
LightNews LightNews
ajxchapman.bsky.social
Alex Chapman
@ajxchapman.bsky.social
2.8K followers 460 following 190 posts
Full Time #BugBounty Vulnerability Researcher https://blog.ajxchapman.com
blog.ajxchapman.com
Posts Media Videos Starter Packs
Pinned
ajxchapman.bsky.social
Alex Chapman @ajxchapman.bsky.social · Nov 12
My bug hunting methodology
a man taking a shower with the words " sobbing uncontrollably " written above him
Alt: A man taking a shower whilst sobbing uncontrollably.
media.tenor.com
2 40
Reposted by Alex Chapman
rhi.bsky.social
Rhianna Pratchett @rhi.bsky.social · 11d
Dad’s books are full of empathy, common sense, and a healthy suspicion of the powerful. But at its heart his work is also about how systems keep people poor while pretending it’s their own fault. So I hope Kemi’s taking notes as well as reading the jokes.
paulhaine.bsky.social Paul Haine @paulhaine.bsky.social · 11d
Kemi Badenoch claiming Terry Pratchett as her favourite author is wild
140 2K 7.7K
ajxchapman.bsky.social
Alex Chapman @ajxchapman.bsky.social · 19d
"Despite repeated warnings over X's evolution into what some might describe as a wretched hive of scum and villainy, governments and organizations are still reluctant to leave the social media platform" 🔥
1 1
Reposted by Alex Chapman
ajxchapman.bsky.social
Alex Chapman @ajxchapman.bsky.social · 20d
An in depth summary of the consequence of Google VRP increasing bounties in 2024.

"We observe statistically significant increases in the reporting
of high-value bugs, especially in the highest impact tiers and high merit submissions." 🔥

arxiv.org/abs/2509.16655
Incentives and Outcomes in Bug Bounties
Bug bounty programs have contributed significantly to security in technology firms in the last decade, but little is known about the role of reward incentives in producing useful outcomes. We analyze ...
arxiv.org
3 7
ajxchapman.bsky.social
Alex Chapman @ajxchapman.bsky.social · 20d
An in depth summary of the consequence of Google VRP increasing bounties in 2024.

"We observe statistically significant increases in the reporting
of high-value bugs, especially in the highest impact tiers and high merit submissions." 🔥

arxiv.org/abs/2509.16655
Incentives and Outcomes in Bug Bounties
Bug bounty programs have contributed significantly to security in technology firms in the last decade, but little is known about the role of reward incentives in producing useful outcomes. We analyze ...
arxiv.org
3 7
ajxchapman.bsky.social
Alex Chapman @ajxchapman.bsky.social · Sep 18
The new favourite fidget toy on my desk is the Zippo lighter I've had since I was a teenager. There is something about the noise of the cap flipping open and flint sparking. This has replaced the ever popular poker chips.

Needless to say, I am not a great example for my kids 😬
2 1
ajxchapman.bsky.social
Alex Chapman @ajxchapman.bsky.social · Sep 16
Hackers tops the list of films that have influenced my life. Without seeing this film as a young teen I may not have misspent my youth in front of a computer trying to understand how it all worked. Which, despite what my parents suggested at the time, seems to have worked out well for me 😆
lookitup.baby Ian Coldwater 👻🌿 @lookitup.baby · Sep 15
Today is the 30th anniversary of Hackers
the cast of Hackers (1995) posing in a series of adjacent phone booths
8
ajxchapman.bsky.social
Alex Chapman @ajxchapman.bsky.social · Sep 15
Back in the day when I was hopping around flats in London I got all of them though scraping rental and roomshare adverts (mostly Gumtree at the time) so I could be the first person to respond and see a place. It's definitely an underrated technique!
1 1
ajxchapman.bsky.social
Alex Chapman @ajxchapman.bsky.social · Sep 12
That feeling when you finally read that blog post you've had open in a browser tab for 3 months, and it's complete garbage 😑
2 30
ajxchapman.bsky.social
Alex Chapman @ajxchapman.bsky.social · Sep 2
It's honestly embarrassing!
1
ajxchapman.bsky.social
Alex Chapman @ajxchapman.bsky.social · Aug 24
My previous yearly posts were on the other site, linked below for anyone who wishes to read them, or read Chloë's story.

x.com/ajxchapman/s...
Alex Chapman on X: "It's been 6 years (!) since I lost my daughter Chloë. This is an intensely confusing time of year for me, enjoying time with my two (wonderful) subsequent daughters, whilst mourning Chloë's loss. I am so blessed, but at the same time so incredibly sad and angry." / X
It's been 6 years (!) since I lost my daughter Chloë. This is an intensely confusing time of year for me, enjoying time with my two (wonderful) subsequent daughters, whilst mourning Chloë's loss. I am so blessed, but at the same time so incredibly sad and angry.
x.com
2
ajxchapman.bsky.social
Alex Chapman @ajxchapman.bsky.social · Aug 24
I nearly didn't post Chloë's birthday this year. I feel like after 7 years I should be able to handle the pain better (I can't) or be over it somehow (I'm not). I decided that it's a way I choose to remember her, and I don't want to ever forget.
1 2
ajxchapman.bsky.social
Alex Chapman @ajxchapman.bsky.social · Aug 24
It's been another year since my wife and I lost our first daughter Chloë. She would have been 7 today. With each passing year I can't help but think about what her life would have been like, what our life would have been like, had she been given a chance. I love her so much, but don't even know her.
1 21
ajxchapman.bsky.social
Alex Chapman @ajxchapman.bsky.social · Aug 15
This jaw dropping write-up of an LLM solving a DEF CON CTF challenge(!) with minimal human interaction 🤯 It seems like "vibe-reversing" is becoming a viable option now...
All You Need Is MCP - LLMs Solving a DEF CON CTF Finals Challenge
DEF CON CTF Every year world-class teams play difficult CTFs such as Plaid CTF and HITCON CTF in an attempt to qualify for DEF CON CTF by getting first place. There are usually only 3-4 CTFs a year de...
wilgibbs.com
1 3 11
ajxchapman.bsky.social
Alex Chapman @ajxchapman.bsky.social · Aug 14
I'll add it to the list
bsky.app/profile/ajxc...
ajxchapman.bsky.social Alex Chapman @ajxchapman.bsky.social · Aug 8
I've said it before and I'll say it again, Windows 11 is _such_ a hostile user experience, it's like they've actively tried to make it unpleasant to use 😑
2
ajxchapman.bsky.social
Alex Chapman @ajxchapman.bsky.social · Aug 8
There is something quite depressing about many of the advertised agentic AI use cases being posting "viral" content to social media. It stinks of one person assuming their time is inherently worth more than everyone else.
Simpsons meme "Old Man Yells At Cloud"
3
ajxchapman.bsky.social
Alex Chapman @ajxchapman.bsky.social · Aug 8
I've said it before and I'll say it again, Windows 11 is _such_ a hostile user experience, it's like they've actively tried to make it unpleasant to use 😑
1 1 9
Reposted by Alex Chapman
avibagla.com
avi bagla @avibagla.com · Aug 6
Can Bluesky say every word in the dictionary?
I dunno but I plan to find out!

I made a website that tracks every single word said on bluesky (as of yesterday).
67 140 610
Reposted by Alex Chapman
jameskettle.com
James Kettle @jameskettle.com · Aug 6
The whitepaper is live! Learn how to win the HTTP desync endgame... and why HTTP/1.1 needs to die: http1mustdie.com
HTTP/1.1 Must Die
Upstream HTTP/1.1 is inherently insecure, and routinely exposes millions of websites to hostile takeover. Join the mission to kill HTTP/1.1 now
http1mustdie.com
22 40
ajxchapman.bsky.social
Alex Chapman @ajxchapman.bsky.social · Aug 6
Wow, that GIF is garbage resolution 🤦‍♂️
1
ajxchapman.bsky.social
Alex Chapman @ajxchapman.bsky.social · Aug 6
The FOMO is definitely real this year. There are unfortunately no other simultaneous security events quite like it anywhere else in the world (even though the event I'd usually go for isn't actually running this year), unless...
a cartoon of a robot on the moon with a light shining on it
ALT: a cartoon of a robot on the moon with a light shining on it
media.tenor.com
2 1
Reposted by Alex Chapman
saelo.bsky.social
Samuel Groß @saelo.bsky.social · Aug 1
We released our Fuzzilli-based V8 Sandbox fuzzer: github.com/googleprojec...
It explores the heap to find interesting objects and corrupts them in a deterministic way using V8's memory corruption API. Happy fuzzing!
Add V8SandboxFuzzer · googleprojectzero/fuzzilli@675eccd
This is a basic fuzzer for the V8 Sandbox. It uses the memory corruption API to implement a random-but-deterministic (given a seed) traversal through the V8 heap object graph and corrupts some obje...
github.com
6 24
ajxchapman.bsky.social
Alex Chapman @ajxchapman.bsky.social · Jul 22
As someone heavily invested in Bug Bounty, I have genuine sympathy for the pain the curl projects Bug Bounty program is going through, but I don't believe that excuses Daniel's actions here. He made an assumption about an advertisement for a Black Hat talk and attempted to shame James for it 🤷‍♂️
Reposted by Alex Chapman
ajxchapman.bsky.social
Alex Chapman @ajxchapman.bsky.social · Jul 21
I presented my magnum opus in 2014 and have been in steady decline ever since.
1 2
Reposted by Alex Chapman
ajxchapman.bsky.social
Alex Chapman @ajxchapman.bsky.social · Jul 21
There are bad security takes, and then there is @daniel.haxx.se attempting to shame @jameskettle.com for not "responsibly disclosing" a vulnerability to the curl project that doesn't affect the curl project... and _then_ complaining the details are being kept "secret" :facepalm:
daniel:// stenberg:// (@[email protected])
@[email protected] @[email protected] @[email protected] the website, the naming, the scare, the secrecy
mastodon.social
2 2 8
ajxchapman.bsky.social
Alex Chapman @ajxchapman.bsky.social · Jul 21
Congrats Katie!!1!
1