Bug Bounty hunters when they accidentally find a 0-day.

What is Loader Lock? 🤔 Going BEYOND undocumented, we delve into the heart of the modern Windows loader investigating some internals for the first t...

Re @IntelSecurity EPIC MOVIE HERE 🎬 https://www.youtube.com/watch?v=6z_EE9mHkHM

Re @0xElkomy أعوذ بكلمات الله التامات من شر ما خلق.

If you don’t have money to purchase a VPS. Use https://www.thc.org/segfault/ A free kali linux VPS. You can run the GUI on chrome or Firefox go hack ...

NucleiFuzzer Automation tool for detecting XSS, SQLi, SSRF, Open-Redirect, etc.. Vulnerabilities in Web Applications https://github.com/0xKayala/Nucle...

If you want to find third parties domains for your target. Go to @securitytrails and on the search write your keyword. Example your target is indeed ....

“Fuzzing APIs” by hackysterio https://hackysterio.medium.com/fuzzing-apis-73d9f5cdf156

“RCE | XSS via Image Exif metadata” by Gokulvinesh https://gokulvinesh.medium.com/rce-xss-via-image-exif-metadata-dddf33dadb41

“Exploiting SSRF Vulnerability to Gain Unauthorized Access to AWS Data” by theUnixe https://medium.com/@theUnixe/exploiting-ssrf-vulnerability-to-ga...

“The Importance of Burp Suite History Analysis to Bypass 403 Error” by REDFISH IA VEN https://redfishiaven.medium.com/the-importance-of-burp-suite-h...

“My $1000 Bounty Bug: How I Stopped Companies from Losing Money with an IDOR Flaw” by Abhi Sharma https://infosecwriteups.com/my-1000-bounty-bug-how...

“🔍 The Ultimate Guide to Find S3 Buckets: Basic to Advance🔓🔎” by Qasim Mahmood Khalid https://medium.com/@qaafqasim/the-ultimate-guide-to-h...

“How i got more than 100 vulnerabilities in just one site? (zseano-challenge)” by Mohamed Anani https://0xm5awy.medium.com/how-i-got-more-than-100-v...

“Hacking Microsoft IIS : IIS Enumeration” by Mudasser Hussain https://medium.com/@mudasserhussain1111/hacking-microsoft-iis-enumerating-iis-for-v-39...

“Mastering API Penetration Testing: A Comprehensive Guide for Security Pentesters” by Suprajabaskaran https://infosecwriteups.com/mastering-api-pene...

“XSS via Chat bot — Cloudflare Bypassed” by theUnixe https://medium.com/@theUnixe/xss-via-chat-bot-cloudflare-bypassed-239ee65feef

“Hack WordPress sites in 10 Minutes” by Mohamed Thoufeeq https://medium.com/@mohammedthoufeeq_25137/hack-wordpress-sites-in-10-minutes-407c8b5689b3

“LFI using Automation tool and Google Dorking” by Kushal Shrestha https://medium.com/@kushalshrestha77/lfi-using-automation-tool-and-google-dorking-...

“Blind OS Command Injection via Activation Request!!” by theUnixe https://medium.com/@theUnixe/blind-os-command-injection-via-activation-request-2ea...

“Account (of the CEO) Takeover via Password Reset” by Cristi Vlad https://cristivlad.medium.com/account-of-the-ceo-takeover-via-password-reset-7e55c...

“How to find subdomain takeover using httpx + dig” by DrakenKun https://medium.com/@DrakenKun/how-to-find-subdomain-takeover-using-httpx-dig-5c2351d...

RT Rafin Rahman Chy: I just published my first article on Medium! I believe that any level of AppSec professional will be benefited from this write-up...

Re @xssrae @sushicomabacate Opa rae tudo certo? Trabalho na área de bug bounty, automação é sinixtro sim, mas quando a pessoa já conhece o “manu...

Re @AnupamAS01 We're just as excited as you are, Anupam! Your contribution to our customer's security is greatly appreciated. Congratulations! 🎉

pocsuite3 is an open-sourced remote vulnerability testing framework developed by the Knownsec 404 Team. https://github.com/knownsec/pocsuite3

Security Analysis of a Thirteenth-Century Venetian Election Protocol https://www.schneier.com/blog/archives/2023/12/security-analysis-of-a-thirteenth-...

+1500 HuggingFace API Tokens were exposed, leaving millions of Meta-Llama, Bloom, and Pythia users vulnerable to supply chain attacks https://www.redd...

US Aerospace Firm Downed By Spearphishing Attack https://packetstormsecurity.com/news/view/35270/US-Aerospace-Firm-Downed-By-Spearphishing-Attack.html

Unicode XSS via Combining Characters https://gist.github.com/paj28/86c7b8f37371d89c9a36ed0280fcf450

Gadgets Chain In Laravel https://fenrisk.com/publications/blogpost/2023/11/30/gadgets-chain-in-laravel/

Reverse engineering the barrel shifter circuit on the Intel 386 processor die http://www.righto.com/2023/12/386-barrel-shifter.html

Atlassian patches critical RCE flaws across multiple products https://www.bleepingcomputer.com/news/security/atlassian-patches-critical-rce-flaws-acro...

Navy contractor Austal USA confirms cyberattack after data leak https://www.bleepingcomputer.com/news/security/navy-contractor-austal-usa-confirms-cyb...

A year on, CISA realizes debunked vuln actually a dud and removes it from must-patch list https://go.theregister.com/feed/www.theregister.com/2023/12/...

“恐龙雪橇”，挂在恐龙后面！

PassBreaker - Command-line Password Cracking Tool Developed In Python http://dlvr.it/Szn6n2

Re @cyb3rops Just imagine when there are no hashes, domains or IPs, despite the blog claiming to share “extensive IOCs” 🤗

RT Tal Be'ery: 1/ #Bitcoin is a dark forest (too)! In 2020, @Paradigm researchers @danrobinson @gakonst discovered #Ethereum's Dark forest: bots monit...

RT Tal Be'ery: This attacker has been using this address for a ~ month with ~50 attacks, all in the same pattern: 1. intercepting Tx in mempool 2. Pay...

Re @Oddvarmoe lol you monster

Re @Jean_Maes_1994 @MarcOverIP lul same. I’ll accept a postal hoodie though 😅

Re @_EthicalChaos_ @FrankMcG @UK_Daniel_Card

Re @PikuHaku Program managers mostly.

Nissan is investigating cyberattack and potential data breach https://www.bleepingcomputer.com/news/security/nissan-is-investigating-cyberattack-and-p...

Experts demonstrate a post-exploitation tampering technique to display Fake Lockdown mode https://securityaffairs.com/155317/security/fake-lockdown-mo...

Governments Spying On Apple, Google Users Through Push Notifications https://packetstormsecurity.com/news/view/35275/Governments-Spying-On-Apple-Googl...

Alert: Threat Actors Can Leverage AWS STS to Infiltrate Cloud Accounts https://thehackernews.com/2023/12/alert-threat-actors-can-leverage-aws.html

Inside The Secret Complex Making High-Tech Gadgets For UK Spies https://packetstormsecurity.com/news/view/35269/Inside-The-Secret-Complex-Making-High-...

Linpmem: A Linux memory acquisition tool https://securityonline.info/linpmem-a-linux-memory-acquisition-tool/