Osama Hamad 。
@about_testing
bug hunting and security enginyeewing
You might like
github.com/osamahamad/pay… Monitor public bug bounty programs fresh assets and provides public bug bounty programs in-scope data that offer rewards , continuously updated. #bugbounty #automation
Since CVE's are trending (not for good reasons :) ) I just got my first CVE, in @cursor_ai -> CVE-2025-64110 The bug exploited a flaw where an attacker could bypass the existing cursorignore security rules simply by instructing the agent to create a new cursorignore file.…
💥 20 Real Cache Poisoning Bug Bounty Reports An in-depth analysis of real-world cache poisoning vulnerabilities discovered on major platforms, with extracted techniques and sophisticated attack methodologies 20+ real-world reports — explaining : 🔹 How the bugs were found 🔹…
A penetration tester got root access to our Kubernetes cluster in 15 minutes. Here's what they exploited. The attack chain: - Found exposed Kubernetes dashboard (our bad) - Dashboard had view-only service account (we thought this was safe) - Service account could list secrets…
Now in private beta: Aardvark, an agent that finds and fixes security bugs using GPT-5. openai.com/index/introduc…
Burp Automator - Tool that uses the Burp Suite API to automate scanning. Can be used to setup DAST scanning. github.com/tristanlatr/bu… Credits to the author of the tool. #appsec #infosec #cybersecurity
Your Cursor workflow is now 5 times more productive. Tell Traycer your task, and it creates a detailed plan. Cursor executes it, reducing reprompts and ensuring no changes are missed, decreasing bugs and errors. Try it for free 👇 traycer.ai
Utlize certstream.calidog.io to catch new subdomains on your favourite list of targets. Domain age configurable. github.com/osamahamad/cer…
How to access servers behind Cloudflare by bypassing the firewall? @FearsOff #bugbountytips #cloudflare #firewall #bypass 1) Found a sweet hostname but Cloudflare Firewall blocks you? There's a neat trick attackers can use if the origin is misconfigured.
🎉 You’ve been asking for it. The Caido Scanner plugin is finally here. Run checks in the background or scan specific requests on demand to find issues like reflected XSS, SQL injection, and CORS misconfigs. All checks are open source. Add your own and help the list grow 💪
Just released a new recollapse version thanks to @ryancbarnett and @4ng3lhacker after their talk in @BlackHatEvents today. What’s new? 💥Mode 6: Fuzz case folding/upper/lower 💥 Mode 7: Fuzz byte truncations 💥 Recollapse is now available to use as a python library and…
Telerecon: OSINT reconnaissance framework for researching, investigating, and scraping Telegram meterpreter.org/telerecon-osin…
meterpreter.org
Telerecon: OSINT reconnaissance framework for researching, investigating, and scraping Telegram
Telerecon is a comprehensive OSINT reconnaissance framework for researching, investigating, and scraping Telegram.
Join the OneTest Discord! The XSS extension is running a bit late, but we’re working hard to ship the beta ASAP. Check out this quick demo video, all updates and test-lab access will be shared there. See you inside! 👇 discord.gg/tPgThJ6RAU
I just built a custom action to let you test for race conditions with a single click! No tab groups required, and it uses the cutting edge single-packet attack under the hood.
CVE-2025-1974: Ingress-Nginx Admission Controller RCE Escalation 🔥PoC: github.com/sandumjacob/In…
⚡️The vulnerability details are now available: hub.zoomeye.ai 🚨🚨Kubernetes users, heads up! Critical flaws found in Ingress NGINX Controller: CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, and CVE-2025-1974! ⚠️Attackers can exploit these to gain unauthorized access to…
HTTP Request Smuggling Lab Walkthrough: Confirming a CL.TE vulnerability via differential responses. How to identify CLTE Vulnerabilities: 1. Send request to repeater 2. Downgrade protocol to HTTP/1.1 3. Disable "Update Content-Length" 4. Set Content-Length to 6 5. Add…
the research paper is out: Next.js and the corrupt middleware: the authorizing artifact result of a collaboration with @inzo____ that led to CVE-2025-29927 (9.1-critical) zhero-web-sec.github.io/research-and-t… enjoy the read!
Our security research team discovered a pre-auth RCE (CVE-2025-27218) in Sitecore XP 10.4. You can read our research here: slcyber.io/blog/sitecore-…
Introducing Orka, the energy drink that tastes like water. amazon.com/dp/B0CTVVQNP2
Read more about Shadow Repeater and how to install this extension: portswigger.net/research/shado…
portswigger.net
Shadow Repeater:AI-enhanced manual testing
Have you ever wondered how many vulnerabilities you've missed by a hair's breadth, due to a single flawed choice? We've just released Shadow Repeater, which enhances your manual testing with AI-powere
"The problem with the world is that fools and fanatics are always so certain of themselves, and wiser people so full of doubts." - Bertrand Russell
United States Trends
- 1. St. John 4,257 posts
- 2. Texas Tech 9,284 posts
- 3. Obamacare 168K posts
- 4. Elyiss Williams N/A
- 5. #iufb N/A
- 6. Shapen N/A
- 7. #SaturdayVibes 5,538 posts
- 8. Sunderland 71.2K posts
- 9. Mississippi State 3,645 posts
- 10. Gameday 15.4K posts
- 11. #Caturday 5,650 posts
- 12. Insurance 213K posts
- 13. #BYUFOOTBALL N/A
- 14. Fernando Mendoza N/A
- 15. #SUNARS 3,712 posts
- 16. Beaver Stadium N/A
- 17. Trump Stadium N/A
- 18. Aden Holloway N/A
- 19. Calen Bullock N/A
- 20. Parker Kingston N/A
You might like
-
Samuel
@saamux -
rapiddns
@rapiddns -
zonduu
@zonduu1 -
Lobuhi 🍉
@lobuhisec -
Aman Mahendra
@amanmahendra_ -
b0yd
@rwincey -
𝕎𝔼𝕊𝕊 †
@K0to4m4tsukami -
Burhan Chhotaudepur
@burhan__xd -
Ranjeet Singh
@geekboyranjeet -
Andi Rrahmani
@andirrahmani1 -
Mustafa Jamal
@MustafaJamaI -
Hassan Cypher تنولی 🇵🇰
@iamMR_HAK -
SplinterSec
@splint3rsec -
Hasan Ali
@Hasan_ethical -
PwrSpl0it
@newbiepath
Something went wrong.
Something went wrong.