exploitio
@exploitio
مشاور امنیت استارتاپ، کسب و کار و سازمان
คุณอาจชื่นชอบ
🗃️قسمت ۶ نرم افزار اتومیشن #باگ_بانتی🗃️ در این قسمت اومدم یک #s3 اضافه کردم برای ذخیره کردن: - نتایج اسکن - اسکرین شات - پارامترهای بدست اومده #امنیت #bugbounty #bugbountytips
🗃️قسمت ۵ نرم افزار اتومیشن #باگ_بانتی🗃️ - اضافه شدن مدل web برای وبسایت 👨💻 - توضیحات بیشتر در ادامه 👇 #امنیت #bugbountytips
پایان «vibe coding» و شروع توسعه مهندسیشده 😄 📌 یه ابزار جالب اوپن سورس بنام Spec-Kit که پشتش یک تفکر مهمه: Spec-Driven Development 🔍حالا Spec-Driven Development یعنی چی؟ یعنی بهجای اینکه توسعه نرمافزار از کدنویسی شروع بشه، همهچیز از یک spec شفاف و دقیق شروع میشه؛ spec…
As I promised, here is my writeup. RCE via Insecure JS Sandbox Bypass medium.com/@win3zz/rce-vi…
بلاخره اینم آپدیت شد …
We (Project Zero) got a new website! Because the last one was so...2014? projectzero.google
Unc has totally FREE API labs on which you can try my own custom API hacking tool: Hackxpert-brute labs.hackxpert.com/APIs/index.html github.com/The-XSS-Rat/ha… With over 140 stars, it is clear you guys love to use it - maybe even on CAPIE? thexssrat.podia.com/capie-lesson-m… thexssrat.podia.com/voucher-materi…
Privilege Escalation Matters: 12 Chains Leading to Full Takeover (Step-by-Step Guide) medium.com/@verylazytech/… #bugbounty #bugbountytips #bugbountytip
Useful WAF Bypass Techniques for React2Shell. for more you can check the updated article: coffinxp.medium.com/from-recon-to-…
Slides for "ToolShell Patch Bypass and the AI That Might Have Seen It Coming" at @NDC_Conferences {Manchester} 2025. github.com/irsdl/sharepoi… Bonus: WAF & workarounds bypass! #AppSec #SharePoint #TolShell
A very good xss payload. <sCriPt x>(((confirm)))``</scRipt x> #bugbountytips #xss #bugbounty
I just got a $15,000 #BugBounty for a UUID-based IDOR that led to an account takeover 🥷 Interestingly, the application used some fixed UUIDs like 00000000-0000-0000-0000-000000000000 and 11111111-1111-1111-1111-111111111111 for some _administrative_ users 🤷♂️
this one is brilliant! you may have seen GIS OAuth during hunting (I have, many times), XSS + ATO. I recommend reading and studying this write-up (author does not have X acc)✌🏻 blog.voorivex.team/not-so-dirty-d…
Curious how AutoVader works in practice? The demo video is up. See automated client side bug hunting in action. 🎥
United States เทรนด์
- 1. Nicki Minaj 44.1K posts
- 2. James Cook 4,789 posts
- 3. Bryce Young 2,274 posts
- 4. Judkins 5,550 posts
- 5. JJ McCarthy 2,464 posts
- 6. #KeepPounding 2,273 posts
- 7. #Browns 3,334 posts
- 8. #BillsMafia 6,321 posts
- 9. Abdul Carter N/A
- 10. #Skol 1,711 posts
- 11. Jaxson Dart 1,981 posts
- 12. #DawgPound 2,299 posts
- 13. Titans 13.5K posts
- 14. Ewers 4,367 posts
- 15. Sean Tucker N/A
- 16. Theo Johnson N/A
- 17. Chase Brown 1,395 posts
- 18. Brian Burns N/A
- 19. Mike Evans 2,454 posts
- 20. TMac 1,159 posts
คุณอาจชื่นชอบ
-
Amirabbas Ataei
@ImAyrix -
Mohammad Nikouei
@NikoueiMohammad -
Sadra
@MrMSA16 -
Call me matitanium
@MatinNouryan -
AmirMohammad Safari
@AmirMSafari -
Sina Yeganeh
@Sin4Yeganeh -
Nim
@pwn_world -
OnHexGroup
@onhexgroup -
LIL NIX
@thelilnix -
Esmaeil Rahimian
@H_Mosafer -
Sep
@bubanisepehr -
🛡VAHID NAMENI
@vahidnameni -
iM4n Emperor
@iM4n_ -
Adel
@1rpwn -
Mohammad Zaheri
@mzaherii
Something went wrong.
Something went wrong.