You’re conducting a penetration test on a network, and you discover that the target environment uses Active Directory. After some initial recon, you find: ❶ An open SMB port (445) on one of the servers ❷ A valid set of low-privileged domain user credentials - user1:

This guy gave away $462,000 of the #bugbounty he earned on Google VRP (Google Bug Hunters) to picoCTF – a massive show of gratitude for the skills he gained by playing their CTFs. Talk about giving back to the community! What a chad. cylab.cmu.edu/news/2025/01/0… #infosec #cybersecurity #infosec

DomPurify is supposed to keep XSS out. But what happens when a browser and a security library don’t fully agree on what an HTML comment looks like? Someone found a way to bypass DomPurify by abusing a weird parsing issue. Here’s how it works.

Let's see how well you all know your Content-Security-Policy. This one came up recently and tripped me up 💉 Comment which CSP you think is the most secure and why! ⌨

hot take: the Indian security research and bug hunting community seems overly insecure. I recently collaborated with a bug bounty team, and ironically, no one was actually sharing their work, yet they called it “teamwork.” this isn’t just a one-off experience; it seems to be

change my mind

We knew very little about how LLMs actually work...until now. Anthropic just dropped the most insane research paper, detailing some of the ways AI "thinks." And it's completely different than we thought. Here are their wild findings: 🧵

Have you ever come across Flutter APKs and wondered how to intercept their network requests? reFlutter by PT SWARM is a game-changer for mobile bug hunters! 📱 reFlutter works by replacing the original Flutter engine in the APK with a modified one, allowing real-time

ok my new blog is live, will update with older blog posts soon! 👉 pwnfunction.com

We all know who the real #1 US Hacker on HackerOne is 👇

Here are some useful regex patterns for finding vulnerabilities in Java code, along with a list of Java security code review tools. gist.github.com/win3zz/59854aa…

You found this simple SSTI... how are you going to escalate it? 🤠

If you’re planning to promote your research with a website, better prepare for some quite hostile takes! (Yes, I am practicing responsible disclosure as always)

Gareth Heyes \u2028 The final HTML would look like this: <img src="/images/tracker.gif?search=a" srcset="FFF" onerror="alert();//&quot;"> In this case we can still trigger the onerror event handler by setting invalid image path for srcset even though src has the valid path. #bugbounty

I was able to determine whether an Instagram account had two-factor authentication (2FA) enabled #BugBounty #bugbountytips

Just saw a sick live demo of wireless headphone hijacking that allows the attacker to perform the following without ever pairing the device. All the attacker has to do is be in range. - read/write arbitrary bytes to device - read headphones information - dump firmware info -

Just published my first blog post "Hunting for postMessage Vulnerabilities" blog.ryukudz.com/posts/postmess… It covers 11 postMessage vulnerabilities I discovered on bug bounty targets. enjoy ☕️ #BugBounty #bugbountytips #websecurity

We announced the Critical Research Lab this week. And for our FIRST post, we got Jorian's: - Exploiting Web Worker XSS with Blobs Go check it out! lab.ctbb.show/research/Explo…

tl;dr of today > rastaland.TV gets crypto drained > he has stage 4 cancer > hes targeted specifically for his cancer treatment money > loses $32,000 > nerds band together > Alex Becker 🍊🏆🥇 donates $30,000 to him > malware nerds come together > drainer infra found > pull all victim

x.com/albinowax/stat…