English
English Indonesia Türkçe Deutsch Español Português Pусский Français Italiano Nederlands Polski العربية ไทย Tiếng Việt 繁體中文 简体中文 日本語 한국어

#webapp_security search results

ksg93rd's profile picture. To catch an adversary you must become one. Always deliver more than expected !!!!!! All post are educational purposes only. prompt Library ⬇️ URL
Mr. OS
 @ksg93rd
Oct 16

#AIOps #Fuzzing #WebApp_Security "In-Browser LLM-Guided Fuzzing for Real-Time Prompt Injection Testing in Agentic AI Browsers", 2025. ]-> Complete fuzzing platform - browsertotal.com/demos/agentic-… // LLM based agents integrated into web browsers offer powerful automation of web tasks.…

ksg93rd's tweet card. Comprehensive browser security analysis platform for scanning Chrome, Edge & Firefox extensions, detecting vulnerabilities, analyzing URLs, packages, and security policies.
BrowserTotal - Browser Security Analysis Platform | Extension & Vulnerability Scanner
Source: browsertotal.com
0
0
1
1
215
ksg93rd's profile picture. To catch an adversary you must become one. Always deliver more than expected !!!!!! All post are educational purposes only. prompt Library ⬇️ URL
Mr. OS
 @ksg93rd
Sep 16

#tools #WebApp_Security "Automated Testing of Broken Authentication Vulnerabilities in Web APIs with AuthREST", 2025. ]-> github.com/SeUniVr/AuthRE… // AuthREST automatically tests web APIs for credential stuffing, password brute forcing, and unchecked token authenticity

github.com

GitHub - SeUniVr/AuthREST: Automated Testing of Broken Authentication Vulnerabilities in Web APIs

Automated Testing of Broken Authentication Vulnerabilities in Web APIs - SeUniVr/AuthREST

Source: github.com
0
1
0
1
142
ksg93rd's profile picture. To catch an adversary you must become one. Always deliver more than expected !!!!!! All post are educational purposes only. prompt Library ⬇️ URL
Mr. OS
 @ksg93rd
Aug 5

#WebApp_Security 1. Exploiting an ORM Injection to Steal Cryptocurrency from an Online Shooter blog.p1.gs/writeup/2025/0… 2. Delivering PHP RCE to the Local Network Servers github.com/ZeroMemoryEx/P… 3. XSS in Google IDX Workstation sudistark.github.io/2025/07/02/idx…

ksg93rd's tweet card. blog writeup
Exploiting an ORM Injection to Steal Cryptocurrency from an Online Shooter
Source: blog.p1.gs
1
2
4
4
329
ksg93rd's profile picture. To catch an adversary you must become one. Always deliver more than expected !!!!!! All post are educational purposes only. prompt Library ⬇️ URL
Mr. OS
 @ksg93rd
Oct 22

#tools #WebApp_Security "PixelPatrol3D: An In-Browser Vision-Based Defense Against Web Behavior Manipulation Attacks", 2025. ]-> PixelPatrol3D (PP3D) browser framework - github.com/NISLabUGA/Pixe… // Pixel Patrol 3D (PP3D) - first end-to-end browser framework for discovering,…

0
0
0
0
166
ksg93rd's profile picture. To catch an adversary you must become one. Always deliver more than expected !!!!!! All post are educational purposes only. prompt Library ⬇️ URL
Mr. OS
 @ksg93rd
Jul 10

#WebApp_Security 1. DoubleClickjacking: A New Era of UI Redressing evil.blog/2024/12/double… // DoubleClickjacking leverages the small gap between the start of a click and of the second click in multiple windows without utilizing any popunder tricks 2. Revisiting Cross Session…

0
0
1
1
191
ksg93rd's profile picture. To catch an adversary you must become one. Always deliver more than expected !!!!!! All post are educational purposes only. prompt Library ⬇️ URL
Mr. OS
 @ksg93rd
Aug 14

#Research #WebApp_Security 34th USENIX Security Symposium: "The Silent Danger in HTTP: Identifying HTTP Desync Vulnerabilities with Gray-box Testing", 2025. ]-> github.com/mukeran/HDHunt… // HDHunter - automatic HTTP discrepancy detection framework using the gray-box…

ksg93rd's tweet card. Contribute to mukeran/HDHunter development by creating an account on GitHub.
GitHub - mukeran/HDHunter
Source: github.com
0
0
1
0
177
ksg93rd's profile picture. To catch an adversary you must become one. Always deliver more than expected !!!!!! All post are educational purposes only. prompt Library ⬇️ URL
Mr. OS
 @ksg93rd
Aug 12

#Threat_Research #WebApp_Security HTTP/1.1 must die: the desync endgame portswigger.net/research/http1… // details about new types of HTTP/1.1 desync attacks it uncovered. These attacks are particularly critical for organizations using middleboxes to translate from HTTP/2 to HTTP/1.1

ksg93rd's tweet card. Abstract Upstream HTTP/1.1 is inherently insecure and regularly exposes millions of websites to hostile takeover. Six years of attempted mitigations have hidden the issue, but failed to fix it. This p
HTTP/1.1 must die: the desync endgame
Source: portswigger.net
0
0
0
0
85
ksg93rd's profile picture. To catch an adversary you must become one. Always deliver more than expected !!!!!! All post are educational purposes only. prompt Library ⬇️ URL
Mr. OS
 @ksg93rd
Jul 21

#cryptography #WebApp_Security "SSH-Passkeys: Leveraging Web Authentication for Passwordless SSH", 2025. ]-> SSH Authentication with WebAuthn - anonymous.4open.science/r/ssh-passkeys… // We propose the utilization of passkeys for SSH authentication, with SSH-passkeys framework by utilizing PAM…

0
0
0
0
136
ksg93rd's profile picture. To catch an adversary you must become one. Always deliver more than expected !!!!!! All post are educational purposes only. prompt Library ⬇️ URL
Mr. OS
 @ksg93rd
Oct 11

#AppSec #WebApp_Security 1⃣ Hacking Veeam: RCE, LPE, Auth. Bypass, NTLM Relay to Account Takeover, Broken Access Control & IDORs blog.voorivex.team/hacking-veeam-… // CVE-2024-29849, CVE-2024-42024, CVE-2024-29850, CVE-2024-29853, CVE-2024-29852 2⃣ Next.js Security Testing Guide…

ksg93rd's tweet card. Hacking Veeam exposed vulnerabilities, earning $30k in bounties. Discover bug bounty tips and reverse engineering insights
Veeam Vulnerabilities: CVEs and $30K Bounties
Source: blog.voorivex.team
0
0
7
5
810
ksg93rd's profile picture. To catch an adversary you must become one. Always deliver more than expected !!!!!! All post are educational purposes only. prompt Library ⬇️ URL
Mr. OS
 @ksg93rd
Mar 18

#WebApp_Security #Offensive_security 1. Disclosing YouTube Creator Emails brutecat.com/articles/youtu… 2. PassKey Account Takeover in All Mobile Browsers (CVE-2024-9956) mastersplinter.work/research/passk… ]-> Cross Device Authentication Tesing Tool

ksg93rd's tweet card. From creator privacy to phishing paradise: How a secret parameter could have exposed the private email addresses of monetized YouTube channels
Disclosing YouTube Creator Emails for a $20k Bounty
Source: brutecat.com
0
0
0
0
166
ksg93rd's profile picture. To catch an adversary you must become one. Always deliver more than expected !!!!!! All post are educational purposes only. prompt Library ⬇️ URL
Mr. OS
 @ksg93rd
Mar 28

#AppSec #WebApp_Security 1. OpenResty/lua-nginx-module HTTP Request Smuggling in HEAD requests (CVE-2024-33452) benasin.space/2025/03/18/Ope… 2. How to gain code execution on millions of people and hundreds of popular apps kibty.town/blog/todesktop

0
0
0
1
211
ksg93rd's profile picture. To catch an adversary you must become one. Always deliver more than expected !!!!!! All post are educational purposes only. prompt Library ⬇️ URL
Mr. OS
 @ksg93rd
Mar 21

#WebApp_Security #Offensive_security 1. Hacking High-Profile Bug Bounty Targets: Deep Dive into a Client-Side Chain vitorfalcao.com/posts/hacking-… 2. Intel Suspicious XSS matan-h.com/intel-suspicio… 3. Exploiting HTTP Request Smuggling (TE/CL) - XSS to website takeover…

0
0
0
0
178
ksg93rd's profile picture. To catch an adversary you must become one. Always deliver more than expected !!!!!! All post are educational purposes only. prompt Library ⬇️ URL
Mr. OS
 @ksg93rd
Sep 1

#WebApp_Security 1. Cache Deception + CSPT: Turning Non Impactful Findings into Account Takeover zere.es/posts/cache-de… 2. Smuggling Requests with Chunked Extensions: A New HTTP Desync Trick imperva.com/blog/smuggling… 3. Sitecore Experience Platform Cache Poisoning to RCE…

0
1
3
2
357
ksg93rd's profile picture. To catch an adversary you must become one. Always deliver more than expected !!!!!! All post are educational purposes only. prompt Library ⬇️ URL
Mr. OS
 @ksg93rd
Jul 16

#AppSec #WebApp_Security #Offensive_security 1. Drag and Pwnd: Leverage ASCII characters to exploit VS Code - portswigger.net/research/drag-… ]-> ActiveScan++ Burp Suite Plugin - github.com/albinowax/Acti… ]-> PoC/Researcher's labs - github.com/PortSwigger/re… ]-> The Terminal Escapes:…

ksg93rd's tweet card. Control characters like SOH, STX, EOT and ETX were never meant to run your code - but in the world of modern terminal emulators, they sometimes do. In this post, I'll dive into the forgotten mechanics
Drag and Pwnd: Leverage ASCII characters to exploit VS Code
Source: portswigger.net
0
0
1
0
177
akaclandestine's profile picture. | Security | Osint | Threat Research | Opsec | Threat Intelligence | Infosec | Threat Hunting | Humint |
Clandestine
 @akaclandestine
Jan 23

#WebApp_Security #Offensive_security Stealing HttpOnly cookies with the cookie sandwich technique portswigger.net/research/bypas… ]-> Memcached Command Injections at Pylibmc

akaclandestine's tweet card. HTTP cookies often control critical website features, but their long and convoluted history exposes them to parser discrepancy vulnerabilities. In this post, I'll explore some dangerous, lesser-known
Bypassing WAFs with the phantom $Version cookie
Source: portswigger.net
0
3
6
5
932
ksg93rd's profile picture. To catch an adversary you must become one. Always deliver more than expected !!!!!! All post are educational purposes only. prompt Library ⬇️ URL
Mr. OS
 @ksg93rd
Oct 22

#tools #WebApp_Security "PixelPatrol3D: An In-Browser Vision-Based Defense Against Web Behavior Manipulation Attacks", 2025. ]-> PixelPatrol3D (PP3D) browser framework - github.com/NISLabUGA/Pixe… // Pixel Patrol 3D (PP3D) - first end-to-end browser framework for discovering,…

0
0
0
0
166
ksg93rd's profile picture. To catch an adversary you must become one. Always deliver more than expected !!!!!! All post are educational purposes only. prompt Library ⬇️ URL
Mr. OS
 @ksg93rd
Oct 16

#AIOps #Fuzzing #WebApp_Security "In-Browser LLM-Guided Fuzzing for Real-Time Prompt Injection Testing in Agentic AI Browsers", 2025. ]-> Complete fuzzing platform - browsertotal.com/demos/agentic-… // LLM based agents integrated into web browsers offer powerful automation of web tasks.…

ksg93rd's tweet card. Comprehensive browser security analysis platform for scanning Chrome, Edge & Firefox extensions, detecting vulnerabilities, analyzing URLs, packages, and security policies.
BrowserTotal - Browser Security Analysis Platform | Extension & Vulnerability Scanner
Source: browsertotal.com
0
0
1
1
215
ksg93rd's profile picture. To catch an adversary you must become one. Always deliver more than expected !!!!!! All post are educational purposes only. prompt Library ⬇️ URL
Mr. OS
 @ksg93rd
Oct 11

#AppSec #WebApp_Security 1⃣ Hacking Veeam: RCE, LPE, Auth. Bypass, NTLM Relay to Account Takeover, Broken Access Control & IDORs blog.voorivex.team/hacking-veeam-… // CVE-2024-29849, CVE-2024-42024, CVE-2024-29850, CVE-2024-29853, CVE-2024-29852 2⃣ Next.js Security Testing Guide…

ksg93rd's tweet card. Hacking Veeam exposed vulnerabilities, earning $30k in bounties. Discover bug bounty tips and reverse engineering insights
Veeam Vulnerabilities: CVEs and $30K Bounties
Source: blog.voorivex.team
0
0
7
5
810
ksg93rd's profile picture. To catch an adversary you must become one. Always deliver more than expected !!!!!! All post are educational purposes only. prompt Library ⬇️ URL
Mr. OS
 @ksg93rd
Sep 24

#WebApp_Security #Offensive_security The Phantom Extension: Backdooring chrome through uncharted pathways synacktiv.com/en/publication… // by leveraging a simple disk write primitive, it becomes possible to silently install custom extensions on Chromium‑based browsers deployed within…

ksg93rd's tweet card. The Phantom Extension: Backdooring chrome through uncharted pathways
The Phantom Extension: Backdooring chrome through uncharted pathways
Source: synacktiv.com
0
0
0
0
161
ksg93rd's profile picture. To catch an adversary you must become one. Always deliver more than expected !!!!!! All post are educational purposes only. prompt Library ⬇️ URL
Mr. OS
 @ksg93rd
Sep 16

#tools #WebApp_Security "Automated Testing of Broken Authentication Vulnerabilities in Web APIs with AuthREST", 2025. ]-> github.com/SeUniVr/AuthRE… // AuthREST automatically tests web APIs for credential stuffing, password brute forcing, and unchecked token authenticity

github.com

GitHub - SeUniVr/AuthREST: Automated Testing of Broken Authentication Vulnerabilities in Web APIs

Automated Testing of Broken Authentication Vulnerabilities in Web APIs - SeUniVr/AuthREST

Source: github.com
0
1
0
1
142
ksg93rd's profile picture. To catch an adversary you must become one. Always deliver more than expected !!!!!! All post are educational purposes only. prompt Library ⬇️ URL
Mr. OS
 @ksg93rd
Sep 7

#AppSec #WebApp_Security 1. Critical UXSS in Opera Browser medium.com/@renwa/when-ct… // Leak open tab URLs (flag included) 2. Subverting code integrity checks to locally backdoor Signal, 1Password, Slack, and more blog.trailofbits.com/2025/09/03/sub… // deep dive into Electron CVE-2025-55305 3.…

ksg93rd's tweet card. CTF challenge led to discovery of a critical Opera GX UXSS bug enabling URL leaks and OAuth account takeover. Reported, patched, rewarded
When CTF Meets Bug Bounty: A Critical UXSS in Opera Browser
Source: medium.com
0
0
0
1
403
ksg93rd's profile picture. To catch an adversary you must become one. Always deliver more than expected !!!!!! All post are educational purposes only. prompt Library ⬇️ URL
Mr. OS
 @ksg93rd
Sep 1

#WebApp_Security 1. Cache Deception + CSPT: Turning Non Impactful Findings into Account Takeover zere.es/posts/cache-de… 2. Smuggling Requests with Chunked Extensions: A New HTTP Desync Trick imperva.com/blog/smuggling… 3. Sitecore Experience Platform Cache Poisoning to RCE…

0
1
3
2
357
ksg93rd's profile picture. To catch an adversary you must become one. Always deliver more than expected !!!!!! All post are educational purposes only. prompt Library ⬇️ URL
Mr. OS
 @ksg93rd
Aug 14

#Research #WebApp_Security 34th USENIX Security Symposium: "The Silent Danger in HTTP: Identifying HTTP Desync Vulnerabilities with Gray-box Testing", 2025. ]-> github.com/mukeran/HDHunt… // HDHunter - automatic HTTP discrepancy detection framework using the gray-box…

ksg93rd's tweet card. Contribute to mukeran/HDHunter development by creating an account on GitHub.
GitHub - mukeran/HDHunter
Source: github.com
0
0
1
0
177
ksg93rd's profile picture. To catch an adversary you must become one. Always deliver more than expected !!!!!! All post are educational purposes only. prompt Library ⬇️ URL
Mr. OS
 @ksg93rd
Aug 12

#Threat_Research #WebApp_Security HTTP/1.1 must die: the desync endgame portswigger.net/research/http1… // details about new types of HTTP/1.1 desync attacks it uncovered. These attacks are particularly critical for organizations using middleboxes to translate from HTTP/2 to HTTP/1.1

ksg93rd's tweet card. Abstract Upstream HTTP/1.1 is inherently insecure and regularly exposes millions of websites to hostile takeover. Six years of attempted mitigations have hidden the issue, but failed to fix it. This p
HTTP/1.1 must die: the desync endgame
Source: portswigger.net
0
0
0
0
85
ksg93rd's profile picture. To catch an adversary you must become one. Always deliver more than expected !!!!!! All post are educational purposes only. prompt Library ⬇️ URL
Mr. OS
 @ksg93rd
Aug 5

#WebApp_Security 1. Exploiting an ORM Injection to Steal Cryptocurrency from an Online Shooter blog.p1.gs/writeup/2025/0… 2. Delivering PHP RCE to the Local Network Servers github.com/ZeroMemoryEx/P… 3. XSS in Google IDX Workstation sudistark.github.io/2025/07/02/idx…

ksg93rd's tweet card. blog writeup
Exploiting an ORM Injection to Steal Cryptocurrency from an Online Shooter
Source: blog.p1.gs
1
2
4
4
329
ksg93rd's profile picture. To catch an adversary you must become one. Always deliver more than expected !!!!!! All post are educational purposes only. prompt Library ⬇️ URL
Mr. OS
 @ksg93rd
Jul 21

#cryptography #WebApp_Security "SSH-Passkeys: Leveraging Web Authentication for Passwordless SSH", 2025. ]-> SSH Authentication with WebAuthn - anonymous.4open.science/r/ssh-passkeys… // We propose the utilization of passkeys for SSH authentication, with SSH-passkeys framework by utilizing PAM…

0
0
0
0
136
ksg93rd's profile picture. To catch an adversary you must become one. Always deliver more than expected !!!!!! All post are educational purposes only. prompt Library ⬇️ URL
Mr. OS
 @ksg93rd
Jul 16

#AppSec #WebApp_Security #Offensive_security 1. Drag and Pwnd: Leverage ASCII characters to exploit VS Code - portswigger.net/research/drag-… ]-> ActiveScan++ Burp Suite Plugin - github.com/albinowax/Acti… ]-> PoC/Researcher's labs - github.com/PortSwigger/re… ]-> The Terminal Escapes:…

ksg93rd's tweet card. Control characters like SOH, STX, EOT and ETX were never meant to run your code - but in the world of modern terminal emulators, they sometimes do. In this post, I'll dive into the forgotten mechanics
Drag and Pwnd: Leverage ASCII characters to exploit VS Code
Source: portswigger.net
0
0
1
0
177
ksg93rd's profile picture. To catch an adversary you must become one. Always deliver more than expected !!!!!! All post are educational purposes only. prompt Library ⬇️ URL
Mr. OS
 @ksg93rd
Jul 10

#WebApp_Security 1. DoubleClickjacking: A New Era of UI Redressing evil.blog/2024/12/double… // DoubleClickjacking leverages the small gap between the start of a click and of the second click in multiple windows without utilizing any popunder tricks 2. Revisiting Cross Session…

0
0
1
1
191
ksg93rd's profile picture. To catch an adversary you must become one. Always deliver more than expected !!!!!! All post are educational purposes only. prompt Library ⬇️ URL
Mr. OS
 @ksg93rd
Mar 28

#AppSec #WebApp_Security 1. OpenResty/lua-nginx-module HTTP Request Smuggling in HEAD requests (CVE-2024-33452) benasin.space/2025/03/18/Ope… 2. How to gain code execution on millions of people and hundreds of popular apps kibty.town/blog/todesktop

0
0
0
1
211
ksg93rd's profile picture. To catch an adversary you must become one. Always deliver more than expected !!!!!! All post are educational purposes only. prompt Library ⬇️ URL
Mr. OS
 @ksg93rd
Mar 21

#WebApp_Security #Offensive_security 1. Hacking High-Profile Bug Bounty Targets: Deep Dive into a Client-Side Chain vitorfalcao.com/posts/hacking-… 2. Intel Suspicious XSS matan-h.com/intel-suspicio… 3. Exploiting HTTP Request Smuggling (TE/CL) - XSS to website takeover…

0
0
0
0
178
ksg93rd's profile picture. To catch an adversary you must become one. Always deliver more than expected !!!!!! All post are educational purposes only. prompt Library ⬇️ URL
Mr. OS
 @ksg93rd
Mar 18

#WebApp_Security #Offensive_security 1. Disclosing YouTube Creator Emails brutecat.com/articles/youtu… 2. PassKey Account Takeover in All Mobile Browsers (CVE-2024-9956) mastersplinter.work/research/passk… ]-> Cross Device Authentication Tesing Tool

ksg93rd's tweet card. From creator privacy to phishing paradise: How a secret parameter could have exposed the private email addresses of monetized YouTube channels
Disclosing YouTube Creator Emails for a $20k Bounty
Source: brutecat.com
0
0
0
0
166
No results for "#webapp_security"
briskinfosec's profile picture. Next-gen AI cybersecurity experts certified by #CREST & #CERTIN. Delivering smarter, faster, stronger protection for your business.
Briskinfosec Technology and Consulting Pvt Ltd
 @briskinfosec
Nov 28, 2018

#Briskinfosec Web Application security assessment is not just about Automated scanning its about find various hidden Business logic vulnerabilities and most popular vulnerabilities respective of #OWASP_ASVS. Refer 👉bit.ly/2TGnE5B #Webapp_security #Penetration_Test

briskinfosec's tweet image. #Briskinfosec Web Application security assessment is not just about Automated scanning its about find various hidden Business logic vulnerabilities and most popular vulnerabilities respective of #OWASP_ASVS. Refer 👉bit.ly/2TGnE5B #Webapp_security #Penetration_Test
0
1
3
0
0
eucallsnet's profile picture. Search for European calls for proposals, find the right EU partners and create winning consortia.
EUcalls
 @eucallsnet
Sep 6, 2019

CelebConnect Inc. - premium EUcalls subscriber - addresses privacy issues by providing #webapp_security through #AI and #ML based facial recognition. CelebConnect is interested in the #H2020 calls Login to view their profile eucalls.net/dashboard/part…

eucallsnet's tweet image. CelebConnect Inc. - premium EUcalls subscriber - addresses privacy issues by providing #webapp_security through #AI and #ML based facial recognition. CelebConnect is interested in the #H2020 calls Login to view their profile eucalls.net/dashboard/part…
0
0
1
0
0

Something went wrong.


Something went wrong.


United States Trends