rafa.hashnode.dev/exploiting-htt… #bugbounty #infosec

In April, Sam Curry and I discovered a way to bypass airport security via SQL injection in a database of crewmembers. Unfortunately, DHS ghosted us after we disclosed the issue, and the TSA attempted to cover up what we found. Here is our writeup: ian.sh/tsa

Exploiting JavaScript Interface for Unauthorized Access in a 'global' cryptocurrency exchange android app hulkvision.github.io/blog/javascrip… #infosec #androidapp

Just gained RCE on an AEM web server (real world) by exploiting GroovyConsole and an exceptional bounty! In Intigriti ! If you too, want to do super cool hax0r things such as hacking real-world web apps, use my link and sign up today! login.intigriti.com/account/regist… 🧵...(1/n)

Story Time: How I hacked back a crypto scammer! Yesterday an NFT collector reached out to me showing interest in buying my NFTs. He/she messed up right there, no one would want to buy it! He had a good profile, even had his OpenSea in bio #Crypto #NFTs #CyberSecurity 1/n

🚨 Hey Hackers! 🚨 Get ready for HackerOne Hacking Meetup – Bangalore 3rd Edition! 🌟 organized by Akshansh Jaiswal 🎯 Hack live on a private program 🎁 Earn bounties & rewards 🤝 Collaborate, learn, and network with top hackers 🗓️ Event Date: December 7th Don’t miss out –

Just finished my writeup about CVE-2025-23369, an interesting SAML authentication bypass on GitHub Enterprise Server I reported last year. you can read about it here: repzret.blogspot.com/2025/02/abusin…

Take a look at my blog w/ bugcrowd where I talk about RCE and one of the ways it landed me a critical payout! bugcrowd.com/blog/remote-co…

Attention Kali Linux users! In the coming day(s), apt update is going to fail for pretty much everyone. The reason? We had to roll a new signing key for the Kali repository. You need to download and install the new key manually: offs.ec/4lUEtak

Join!!

Jenish Sojitra Little late to this, but you can follow these steps: 1. Create Rooted AVD with rootAVD & Magisk v27. Choose SDK API v33. 2. Add magisk modules: MagiskFrida, Always Trust User Certificates 3. Use the following script with Frida: github.com/hackcatml/frid… This worked for me.

Ever seen two responses to one request? That's just pipelining... or is it? I've just published "Beware the false false-positive: how to distinguish HTTP pipelining from request smuggling" 👇

reconFTW v3.2.0 released! - New modules: GraphQL, gRPC reflection, param discovery, websockets, cloud enum & mail hygiene - Faster --quick-rescan (skips heavy web steps) - Optional Axiom in Docker, IPv6 support, more toggles - All open issues fixed! github.com/six2dez/reconf…

Whaaaaaaaaaaaaat?

New reconftw small release with a bunch of QoL improvements, small fixes and ip.thc.org by The Hacker's Choice (@[email protected]) added as a source for passive subs and RevDNS entries. ENJOY! github.com/six2dez/reconf…

Reconftw v4.0 is almost ready. It will contain a ton of changes and a proper documentation page. The doc page is also almost ready at docs.reconftw.com 🔥🔥🔥😬😬😬

"19 archives, with 19,389 additions and 9,208 deletions." This is what the new reconFTW version looks like. V4.0 is almost here!