LeeRayl

@[email protected]
340 Followers
212 Following
7.6K Posts
InfoSec Manager, vCISO ish
US Coast Guard Veteran
Service Disabled Small Business Owner

Outlaw 🤠
Punk Alt Folk Garage Rock
Harley's, Trikes, and Touring
#Starfield #Fallout random sims

Very Neurodivergent with Doctors note

Living On Duwamish Land among the Salish Sea Tribes
Who’s Land do you live on https://native-land.ca/
LinkedInhttps://www.linkedin.com/in/leerayl
JetCity Techhttps://jetcity.tech
GitHubhttps://github.com/leerayl
Signalleerayl33
LeeRayl11h ago
My girlfriend has been learning the ways of filling up my NAS hdds so I need to move some stuff. The slow painful process of moving my less watched media to some other drives. I got 24TB of space just need to script some API calls to move and update my systems. Thankfully all this stuff is pretty well documented and runs smoothly, just need to make it work for me.
LeeRayl1d ago
Accidental CISO1d ago
I’m building a slide deck for a career day presentation about cybersecurity to a bunch of 8th graders. I obviously need more cyber memes. Please reply with any of your favorites that might be relevant to a career day talk. 🙏
LeeRayl1d ago

RE: https://social.lol/@alexjsp/116420135708740069

Glad their are hiring because they need someone to fix their API issues and Auth flows.

Not being able to access my own media is definitely a problem that needs fixing. Not some premium membership after I spent money on a “lifetime” pass.

Keep hiring and keep your users happy.

LeeRayl2d ago
Just picked up some tickets to see Teenage Bottlerocket in Tacoma next Friday. Looking forward to it
LeeRayl2d ago
Show threadMike Sheward2d ago

Disclosure: This was Rippling (rippling.com)

Essentially, the flaw I discovered was that if you use their platform to send someone a job offer via email, shortly after sending said offer (no interaction required on the part of the recipient, such as, say, actually looking at or accepting the offer), if that person already had a Rippling account, such as from a prior employer, a Rippling process would run that would populate their information from what was already in the Rippling backend from another tenant.

This info includes all the PII, including SSN, banking, address etc.

That info would automatically become visible to the Rippling user who had sent the job offer email.

So, all you needed was a rippling tenant, and if your target had previously used Rippling ever - you could exchange their email address for all the info.

Timeline: reported in July 2025 to the Rippling Bugcrowd bug bounty program, accepted as a critical issue within 48 hours, only fixed last week (9 months).

No bounty was offered.

Just a data point for anyone else who considers submitting to this program. Probably the least impressive bug bounty experience I’ve had in the last 15+ years.

#infosec #bugbounty

Show threadLeeRayl4d ago
Used the wrong function but it’s paved and mostly back with my tools.
LeeRayl4d ago
This rain is yucky. Do not like.
Show threadLeeRayl4d ago
But it’s done already, weird…
LeeRayl4d ago

Why is my Mac Mini saying it’s going to take 4 hours to pave and install MacOS?

I didn’t expect it to be fast but 4 hours seems way too long.

Show threadLeeRayl4d ago
Oh and it took less than 30 minutes including my walk to city hall.