❤️❤️❤️

After months of work (and bugs), Maxence SCHMITT has finally released his fabulous research. Exploiting Client-Side Path Traversal to Perform Cross-Site Request Forgery or #CSPT2CSRF. Full paper here: doyensec.com/resources/Doye… Summary in blog.doyensec.com/2024/07/02/csp…

Help me spread word about #HackerSummer🌞. Use HACKERSUMMER20OFF to get 20% off on any of Altered Security on-demand courses. Repost, Like and Comment on this post to get a chance to win a CRTP voucher. I will announce 2 winners on Sunday 7th July. alteredsecurity.com/online-labs

Learnt about Stream ciphers recently and wrote a blog post on it. payatu.com/blog/stream-ci…

Just released my blog post "Bidding Like a Billionaire - Stealing NFTs With 4-Char CSTIs"! It's about a very impactful and technically interesting client-side bug I found in a major NFT site. matanber.com/blog/4-char-cs…

Dear players of Damn Vulnerable DeFi, rumours are true. The most vulnerable smart contracts in all web3 have been upgraded. V4 is out! 🔥 This is a major update to the game, packed with new challenges and improvements all around. damnvulnerabledefi.xyz/v4-release/

⚠️ Giveaway ⚠️ Want to learn modern reconnaissance and hacking skills? Join The Bug Hunter's Methodology Cohort 5! October 2nd, 3rd, 4th - jhaddix.gumroad.com/l/kihwd Like and retweet this post for a chance to win a free seat! Five winners will be announced on Sept 1st!

So good! 👍😂😂

The whitepaper is live! Listen to the whispers: web timing attacks that actually work. Read it here -> portswigger.net/research/liste…

I just published a small blogpost , I found the CSP bypass a bit interesting so here you go Bypassing CSP via URL Parser Confusions : XSS on Netlify’s Image CDN link.medium.com/hzLMuLKYvMb

Found a security vulnerability in any site? Check if it has a public bug bounty program: xplo1t-sec.github.io/bugbounty-look… #BugBounty #bugbountytip

I'm happy to say that the DOMLogger++ workshop created for GreHack is now available 😁 I've written it in a way that it can serve as documentation. I hope it helps you understand how to use it properly! Website: domloggerpp-workshop.mizu.re:5173 GitHub: github.com/kevin-mizu/dom…

🛑 GIVEAWAY ALERT 🛑 Today is DAY TWO of FIVE DAYS of Arcanum Information Security and friends Black Friday and Cyber Monday giveaways! Today we are giving away FIVE seats to our flagship training: "The Bug Hunter's Methodology Live" TBHM is one of the BEST trainings in the industry for

🔴 GIVEAWAY ALERT 🔴 Our AI Red Teaming cohort is over 50% full and starts in just 9 days! For Black Friday, we're giving away TWO seats to our course, which is led by the world's top AI Security Experts! RT this post & Comment below to enter! Winners announced on Dec. 1st!

🛑 GIVEAWAY ALERT 🛑 ⬇️ Today is day FOUR of FIVE days of Arcanum Information Security and friends Black Friday and Cyber Monday giveaways! Today we are giving away FIVE seats to our training: "Red Blue Purple AI" RBPAI is a cutting edge course on how to USE AI to scale

🛑 GIVEAWAY ALERT 🛑 ⬇️ Today is day SIX of EIGHT days of Arcanum Information Security and friends Black Friday and Cyber Monday giveaways! Today game recognizes game. If you’ve taken my classes, you know I always recommend @LearnPrompting. Today, I’m giving away one free seat to their

CONGRATULATIONS TO GUKESH, THE NEW WORLD CHAMPION 🏆 The 18-year-old Indian star has defeated the reigning champion, Ding Liren, to become the youngest-ever undisputed classical chess world champion. Wow! 🇮🇳

Blog: #Android App Links Allowed Hijacking Arbitrary #SSO Flows 👉 security.lauritz-holtmann.de/post/sso-andro… Discover how Tobi Weißhaar and I uncovered a severe issue allowing hijack of SSO flows on Android… only to find we were years late to the party. #BugBounty #Security #FuckUp

Altered Security Diwali Giveaway! Win FREE access to: • 1 CRTP seat • 1 CARTP seat How to participate: • Like • Comment & tag your Red Team buddies! • Repost Winners will be randomly announced on October 25, 2025 Our Diwali offers are already live - up to 25% OFF on Red

🚨 As of tomorrow I am permanently reducing my course cost by 50% to $100 so more people have access to it and can get those bounties while they are still hot. And yes, they are still hot. The internet is still full of stupid problems waiting to be found for those looking, at