You might like
Unfortunately, your AI is wrong here: "It requires a separate vulnerability that allows an attacker to poison the page cache" Here's my blog describing how to exploit it: rcesecurity.com/2025/11/exploi…
The blog.mantrainfosec.com/blog/18/prepar… post by @xoreipeip shows how prepared statements can be exploited in NodeJS using mysql and mysql2 packages leading to SQLi! 🪄 So use of prepared statement might not be the ultimate solution here 🥵 as a side note, @xoreipeip later found this…
When doing recon, if you have a file with a bunch of URLs, you can use @xnl_h4ck3r's urless tool to declutter and reduce the amount of noise in the results. Check it out here 👇 github.com/xnl-h4ck3r/url…
Sharing the report from a 3-week solo audit: • 16 High • 6 Medium • 4 Low • 16 Info Large codebase using the Diamond Proxy pattern and integrating with Uniswap. Report 👇 github.com/gkrastenov/aud…
I have created and uploaded the videos for the Prototype Pollution labs. There are also write-ups. Check out the links. @PortSwigger @WebSecAcademy Write-Ups: sommercode.gitbook.io/web-security-a… Playlist: youtube.com/playlist?list=…
I'm reading this article from @zhero___ quite late looking at the release date, but it's a goldmine if you want to start or understand bug hunting zhero-web-sec.github.io/thoughts/bugbo…
Things you must read to slowly step up your client-side game AuxClickjacking by @rafabyte_: blog.bugport.net/auxclickjacking
H2H video with @ThisIsDK999 live here in 17 hours > Made $100K+ in bug bounties before 25 > Started hacking in cyber cafes, no formal training > Focused on Adobe Experience Manager, rich niche > Collaboration prevents burnout > Recon + automation = efficiency > Bug bounties…
youtube.com
YouTube
How This 22 Year Old Made $100,000 Hacking Companies ! | Hacker...
It's impossible not to add all @ctbbpodcast research to bb.vitorfalcao.com. I may automate it to automatically add them using RSS (if they have it)
I'm creating an AI Red Team course based on the few AI Security jobs openings descriptions I've seen. I'm also writing X Articles that may be of interest. github.com/Vect0rdecay/ai…
Static analysis for Android apps based on the OWASP MASVS framework 🌟 - github.com/Cyber-Buddy/AP… #infosec #cybersec #bugbountytips
In short - bug bounties are a fast track to entrepreneurship :)
Seem like one common path In bounties are. Realize bounties exist, do bounties, find bugs, share wins n writeups, level up, do talks, do lhe’s, burn out, build solution, if good enough, get acquired, have job, do bounties for fun and profit.
Todays thinking moment: Imagine you rely on automation. You ask automation (tool) for subdomains. It gives you 2000 subdomains. You start working. You run into a buddy who has 6000 subdomains for same target. You are confused. Buddy tells you "oh, your automation (tool) will…
If you find some time take a look at this article, this helped me a lot. steipete.me/posts/just-tal…
AND IVE BEEN DOING THIS MANUALLY AND THERE WAS A TOOOL FML
When testing GraphQL APIs make sure to run graphw00f (github.com/dolevf/graphw0…) to fingerprint the specific GraphQL implementation the application is running. Then you can review the Threat Matrix to get likely attack vectors.
United States Trends
- 1. Josh Allen 32.3K posts
- 2. Texans 52.2K posts
- 3. Bills 146K posts
- 4. Joe Brady 4,825 posts
- 5. #MissUniverse 340K posts
- 6. #MissUniverse 340K posts
- 7. Anderson 26.1K posts
- 8. McDermott 4,063 posts
- 9. Maxey 10.6K posts
- 10. #TNFonPrime 3,087 posts
- 11. Al Michaels N/A
- 12. Costa de Marfil 21.7K posts
- 13. Dion Dawkins N/A
- 14. Shakir 5,474 posts
- 15. #htownmade 3,380 posts
- 16. CJ Stroud 1,169 posts
- 17. #BUFvsHOU 3,157 posts
- 18. James Cook 5,554 posts
- 19. Spencer Brown N/A
- 20. Knox 5,581 posts
You might like
-
Japz (h4nt3rx) 🕷️🏴☠️
@japzdivino -
Samuel
@saamux -
xer0dayz
@xer0dayz -
Aditya Gujar
@fyoorer -
pwnmachine 👾
@princechaddha -
Sébastien Morin
@SebMorin1 -
gujjuboy10x00
@vis_hacker -
Ashar Javed
@soaj1664ashar -
Karel Origin
@Karel_Origin -
Tabahi
@_tabahi -
Ian Bouchard
@Corb3nik -
@v!b$123!
@vibs123i -
SecuNinja support 🇺🇦 🌌 @secuninja.bsky.social
@secuninja -
Splint3r7
@Splint3r7 -
Arbaz Hussain
@ArbazKiraak
Something went wrong.
Something went wrong.