Turbo Intruder can now trigger a callback per socket read, so you can extract and use response data before the response is fully delivered! github.com/PortSwigger/tu…

My writeup for the HackerOne H1-702 CTF! Had lots of fun on that one! 0xc0ffee.io/blog/50M-CTF

The day belongs to Sébastien Morin, the Most Valuable Hacker 🏆 at #h165! Congrats to all our awardees and thanks Dropbox for being an amazing partner!

I just submitted my new tool, "BitLeaker" to the CFP system of #BlackHat USA 2019. BitLeaker can extract the Volume Master Key (VMK) of BitLocker from the TPM. I also prepared new and not-published feature for Black Hat USA. I hope I could present it! Stay tuned! Black Hat

“[CVE-2019–5418] Ruby on Rails Arbitrary File Content Disclosure Analysis| Victor Zhu” by Victor Zhu link.medium.com/kn17maXbNV

AWS is not about paying for what you use, it’s about paying for what you forgot to turn off.

Just posted my writeup for INS'Hack 2019's "Bypasses Everywhere" XSS challenge - Bypassing CSP and Chrome's XSS auditor with Iframes - corb3nik.github.io/blog/ins-hack-…

3 day BurpSuite Pro training given by Nicolas Grégoire at NorthSec was excellent! Workflow improved heaps, learned a lot of neat tricks and ready to use them to find more bugs! Recommended!

My writeup for the FacebookCTF "Secret Note Keeper" challenge. Thank you Facebook Security for this great event! #ctf #fbctf #facebookctf 0xc0ffee.io/blog/FacebookC…

Here are my slides for "Cache Me If You Can: Messing with Web Caching", presented OWASP AppSec California & NorthSec! 🎉 Material includes: - Web Caching 101 - Web Cache Deception - Edge Side Include Injection - Web Cache Poisoning ...with real bugs showcased! drive.google.com/open?id=19IedR…

In San Francisco w/ ramsexy for the bugcrowd bug bash! Stoked to be here! 🔥👌 #BugBashSF

Touchdown, Vegas! Excited to meet everyone at the HackerOne #H1702 event 😄

Jonathan Birch is sharing tips on new Unicode normalization bugs (HostSplit/HostBond) he discovered. So many vulns found. He is encouraging folks to look around for more and showing how.

Grouse Mountain ⛰ with André Baptista ramsexy Sébastien Morin Joel Margolis (teknogeek) HackerOne

Had a fun week collabing with 0xc0ffee / Ilyass El Hadi that lead to some cool SSRFs in a PDF generator. Looking forward to working with him again! #BugBounty

Hey :) If you want to know how you can get started in bug bounties, the first and most important step is learning how to use Google, because that'll be your main tool for your whole career.

Me during code review...

Half of the success in source code auditing is just having the confidence and faith that you will find something. It doesn't matter what language it is or how many times it's been audited. This has proven true throughout my career. Just. Don't. Give. Up.

I wrote a thing with my colleague 0xc0ffee / Ilyass El Hadi & Charles Prevost, about how we've been leveraging offensive webapp testing during Red Teams. 4 use cases of external breaches using webapps inside, enjoy! #appsec cloud.google.com/blog/topics/th…

Armadin launches today with the largest combined Seed + Series A in cybersecurity history. AI-driven hyperattacks are here and human-led defenses can't keep pace. Meet the ultimate attacker: a swarm of AI agents built to prove what's actually exploitable before it is.