你可能會喜歡
You found a bug. You wrote the PoC. You hit Submit. …but what happens next? 👀 Join Sameer @sameer_bhatt5 , Senior Triager @HackerOne, as he breaks down what really goes on behind triage, reports, reviews, rejections & rewards! 🎯 Pure triager insights + 🎁 PentesterLab…
We found a way to access Max Verstappen's passport, driver's license, and personal information. Along with every other @Formula1 driver's sensitive data. It took us 10 minutes using one simple security flaw 🧵
much better
I'm giving away the secrets to our 20K$ bounty. Link :- speakerdeck.com/dk999/to-the-d… Cost - 0$
The recording of "HTTP/1.1 must die: the desync endgame" has now landed on YouTube. Enjoy! youtube.com/watch?v=zr5y6B…
youtube.com
YouTube
RomHack 2025 - James “albinowax” Kettle - HTTP/1.1 Must Die! The...
hustle. consistency. reward
Spent around 2 months hunting on @Bugcrowd Total submissions on Atlassian = 56 Pending = 2 Accepted = 12 Rejected = 10 Duplicate = 32 All manual, no recon, no tools/extensions—just Burp on a single domain.
How to turn iframes and window.open into weapons for XSS. From origin manipulation to sandbox escape, this paper by @aszx87410 is stacked with juicy info. Huli dives deep into the magical world of iframes and and is definitely worth a read!…
Just scored a reward @intigriti, check my profile: app.intigriti.com/profile/hetrou… #HackWithIntigriti
How to grab subs for a target using subfinder, validate them and extract the text body from each response using httpx and jq, extract a wordlist of keywords using NLP then resolve them using puredns to find valid subdomains 👇 You can also use LLMs and tools like alterx to…
Shoutout to @intigriti triagers!! Thanks for being awesome to work with! Somehow landed at the top of the 90-day leaderboard…
When applying for a job at McDonald's, over 90% of franchises use "Olivia," an AI-powered chatbot. We (@iangcarroll and I) discovered a vulnerability that could allow an attacker to access the over 64 million chat records using the password "123456". ian.sh/mcdonalds
When HTTP/1.1 Must Die lands at DEFCON we’ll publish a @WebSecAcademy lab with a new class of desync attack. One week later, I’ll livestream the solution on air with @offby1security! You’re invited :) youtube.com/live/B7p8dIB7b…
youtube.com
YouTube
Novel HTTP/1 Request Smuggling/Desync Attacks with James Kettle
After 9 months+ of cranking, cursing, and cursoring, and drawing on over 20 years experience running #HITB's Call for Papers, I bring you CFP Directory - a single system to make it easier for speakers to submit and organizers to connect and curate talks: cfp.directory
After about five years of sifting through and triaging thousands of vulnerability reports, I’ve got a pretty good sense of what makes a report stand out, and what makes it a slog to read. Lately, I’ve noticed more and more folks using AI to jazz up their reports with flowery,…
HackerOne Clubs across Asia-Pacific are adding fresh energy. Welcome to these new Brand Ambassadors! 🇮🇩 @zeeagils & 🇮🇩 root_geek280 (Indonesia—new club!) 🇮🇳 @hetroublehacker & 🇮🇳 @05__Yash (India North) 🇮🇳 @0xcharan (India South) 🇮🇳 @ThisIsDK999 & snifyak (India East) 🇧🇩…
casually dropping some info, how you can enroll on zoom private BBP! instagram.com/reel/DKjobWfBE…
AI isn’t replacing bug bounty hunters anytime soon, but it’s getting surprisingly close. In this DEF CON talk, Joel Noguera & Diego Jurado (@xbow) show how they built agents that exploit real-world XSS, JWT, and CSRF bugs autonomously youtu.be/YDsHI2acEVA #BugBounty #DEFCON
I've been working on something behind the scenes for the past couple of months, and I'm finally ready to share it. Disclosed. A curated newsletter about the bug bounty world. getdisclosed.com/subscribe Over the last four weeks, I've been quietly publishing weekly issues and…
Automation handles the known. Humans uncover the new. Here are 6 ways to manually find new attack vectors 👇 1️⃣ Redefining the Impossible - "You can't" Search documentation for “X cannot do Y” restrictions. These statements often highlight strong assumptions and logic. Use…
Just dropped a breakdown of one of my most viral reels — XSS explained #XSS #bugbountytips #Cybersecurity #HeTroubleHacker #infosec Viral XSS Reel Breakdown | Hacks Explained EP 1 | HeTroubleHacker youtu.be/4n9OV7P70EU?si…
youtube.com
YouTube
Viral XSS Reel Breakdown | Hacks Explained EP 1 | HeTroubleHacker
RFC 2047 "encoded-word" is crazy! It lets you smuggle encoded payloads into email addresses and the craziest thing is that some parsers decode it before validation 👇 Shout out to @garethheyes for this 🔥
United States 趨勢
- 1. New York 25.8K posts
- 2. New York 25.8K posts
- 3. Virginia 544K posts
- 4. Prop 50 191K posts
- 5. Texas 232K posts
- 6. #DWTS 41.5K posts
- 7. Van Jones 2,710 posts
- 8. #XLOV_UXLXVE 7,004 posts
- 9. Clippers 9,794 posts
- 10. TURN THE VOLUME UP 24.4K posts
- 11. #RadioStatic 4,273 posts
- 12. Harden 10.1K posts
- 13. Ty Lue 1,013 posts
- 14. Jay Jones 106K posts
- 15. #QuestPit 6,638 posts
- 16. WOKE IS BACK 41K posts
- 17. Bulls 37.8K posts
- 18. Eugene Debs 3,451 posts
- 19. #Election2025 16.8K posts
- 20. AND SO IT BEGINS 9,506 posts
你可能會喜歡
-
pikpikcu
@pikpikcu -
Aseem Shrey
@AseemShrey -
Hx01
@Hxzeroone -
streaak
@streaak -
Shiv chouhan
@1ndianl33t -
Sunil Yedla
@sunilyedla2 -
HAHWUL
@hahwul -
pwnmachine 👾
@princechaddha -
Deepak Dhiman🇮🇳
@Virdoex_hunter -
Aditya sharma 🇮🇳
@Assass1nmarcos -
Udit Bhadauria
@udit_thakkur -
Ashish Kunwar
@D0rkerDevil -
Ninad Mathpati 🇮🇳
@Ninad_Mathpati -
Ahmad Halabi
@Ahmad_Halabi_ -
0xrudra
@0xrudrapratap
Something went wrong.
Something went wrong.