"I still believe that one day I will reach my dream, my self, what I want." ~M.D
I will never understand how someone can look at the endless signs of the Creator in this world and still deny His existence. I hope I never lose that sense of faith.
Just posted an addendum to 'Funky chunks' with a couple of bonus smuggling techniques. Check it out: w4ke.info/2025/10/29/fun…
🚨 Doing a giveaway for my Blind XSS Masterclass Most people think they know XSS, until they meet blind XSS, the kind that fires where you’ll never see it. Same methods that helped me earn $250K+ from real reports. hhub.io/nahamsecbxss 🎁 Retweet and reply to enter.
I made this script to fuzz non-printable characters. It takes a URL and fuzzes after and before the `/`.
Yes, with HTTP/1.1 it’s straightforward: just create an Intruder payload like §XX§, use a brute force payload set abcdef0123456789, and add two processing rules: Add % and URL-decode. Unfortunately, HTTP2 is a binary protocol, so that trick won’t work: you’d need a ketled request
🔴 Proud to share our latest finding CVE-2025-52665 (RCE) in UniFi OS, scored 10.0 CVSS, discovered with @3zizMe_ at @CatchifySA . catchify.sa/post/cve-2025-… Enjoy!
If you're excited to see the WhatsApp bug thrown @thezdi - free to watch my talk from @reconmtl 2025 on 4 remote bugs I discovered last year! While they're not 0-click RCE - there are some remote corruption and funny logic bugs in there. youtube.com/watch?v=bre5bA…
youtube.com
YouTube
Recon 2025 - Call, Crash, Repeat: Hacking WhatsApp
Had some recent success using untranslatable Unicode in place of a "?" when attacking URL parsers for SSRF/OAuth issues. What worked was... \udfff -> � -> ? Therefore... {"redirectUri":"https://attacker\udfff@[victim]/"} Equals... Location: https://attacker?@[victim]/
![samwcyo's tweet image. Had some recent success using untranslatable Unicode in place of a "?" when attacking URL parsers for SSRF/OAuth issues.
What worked was...
\udfff -> � -> ?
Therefore...
{"redirectUri":"https://attacker\udfff@[victim]/"}
Equals...
Location: https://attacker?@[victim]/](https://pbs.twimg.com/media/EU45ABnXYAAUYgS.png)
Earlier this year, @infosec_au and I discovered multiple vulnerabilities that allowed us to access the back office admin panel of ClubWPT Gold (the World Poker Tour's website) where we could manage customer data, KYC, and more. Read the writeup here: samcurry.net/hacking-clubwp…
﴿إِن يَنصُرْكُمُ اللَّهُ فَلَا غَالِبَ لَكُمْ﴾❤️🩹.
Hacking is literally a drug. You're always just trying to replicate the feeling of getting that first shell, getting that first bounty, getting that first Domain Admin account. You're ecstatic for maybe an hour and then you're back on the grind trying to get that high again.
“My name is Palestine and I will survive” 📸 Sliman Mansour
Interested in Spring Boot Actuators in the context of bug bounty hunting? I wrote something - nothing new - just some insights ;) Article: dsecured.com/en/articles/sp… Retweet appreciated! Dont expect 0days or some fancy magic.
Ever since #ChatGPT started ‘thinking for a better answer’ it actually became much dumber.
We just published a new quick read on how we performed LFI via XSS in a PDF generator. #BugBounty #bugbountytips #hackerone #bugcrowd #cybersecurity blog.sudarshana.io/blog/local-fil…
I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog: dirkjanm.io/obtaining-glob…
For all non-french speakers out there, I finally found the time to write the article associated to "1001 ways to PWN prod!" ^.^ thinkloveshare.com/hacking/1001_w… For all those that welcomed this talk so well - cc @clintgibler @absoluteappsec @yeswehack @intigriti @chybeta @ManoMano_Tech
مقاله لطيفه 👌: شخص حصل على المركز الاول في CTF Bug Bounty Village في ديفكون وكتب مقالة عن التحديات : shubhamchaskar.com/defcon-bbv-ctf/
United States Trends
- 1. Pond 243K posts
- 2. Daboll 37.1K posts
- 3. Veterans Day 22.5K posts
- 4. Jimmy Olsen 3,226 posts
- 5. Go Birds 13.2K posts
- 6. Downshift N/A
- 7. Schoen 19.4K posts
- 8. #OTGala8 117K posts
- 9. Akira 27.3K posts
- 10. McRib 1,554 posts
- 11. Biker 4,054 posts
- 12. Zendaya 10.3K posts
- 13. American Vandal 1,844 posts
- 14. Gorilla Grodd 1,755 posts
- 15. #FlyEaglesFly 5,910 posts
- 16. Mecole Hardman N/A
- 17. Nene Leakes N/A
- 18. Johnny Carson 1,036 posts
- 19. Hanoi Jane 1,467 posts
- 20. Kyle Hendricks N/A
Something went wrong.
Something went wrong.