Want to become an ethical hacker? 🥷 Here's a list of my favourite [mostly practical] resources 📚 They are all free (or have a free option) and there's more high quality material here than anybody realistically has the time to complete ⏳

Cloudflare Bypasses Here are 10 Writeups about Cloudflare bypasses 1. medium.com/@the_harvester… (XSS) 2. cyberweapons.medium.com/reflected-xss-… (RXSS) 3. medium.com/@amitdutta6026… (SQLi) 4. medium.com/@mayankchoubey… (SID from XSS) 5. royzsec.medium.com/cloudflare-byp… (In Microsoft) 6.

If you're scratching your head after the matan berkovich episodes, here's a demo to show you how to: - Enable developer mode - Download extension's crx file Debugging: - Enable "Search in anonymous and content scripts" - Disable Ignore List "Content scripts injected by extensions"

We’re finally live! You can now watch “Listen to the whispers: web timing attacks that actually work” on YouTube: youtube.com/watch?v=zOPjz-…

🎯 Black Friday Special+ Giveaway: Get the full course for just $29 (reg. $119) at with code 'FRIDAY2024'! hhub.io/BlackFriday Includes: 15+ Hours of content + 100+ labs! 🎁 BONUS: reply & retweet - one lucky winner gets 2 FREE course coupons (keep one, gift one)!

Struggling with WAFs that seem to block every XSS attempt? Here’s a lesser-known trick from parrot409: the Chrome-only onscrollsnapchange event. We’ve just added it to our XSS cheat sheet for those hard-to-crack scenarios.

#BugBountyTip of the day: If you're learning about cookie injection or parsing logic, you should read arxenix’s blog on cookie bugs. Link: blog.ankursundara.com/cookie-bugs Once you've read it, make sure to bookmark it for when you find yourself in injection contexts!

We've interviewed a lot of impressive hackers here on Critical Thinking - but Sharon Brizinov is really something else. This guy won two awards at the latest H1 LHE and has been a regular at Pwn2Own for the past several years. He does web & IoT. Enjoy! youtu.be/CP3FxNPXh0g

How to find the manifest.json file of any Chrome extension: 1. Go to chrome://extensions 2. Turn on Developer mode 3. Copy the extension ID 4. Go to ~/Library/Application Support/Google/Chrome/Default/Extensions 5. Find the matching ID then find the manifest.json file!

🚨 GIVEAWAY ALERT 🚨 Today is DAY ONE of FIVE DAYS of Arcanum Information Security and friends Black Friday and Cyber Monday giveaways! Today we are giving away FIVE seats to our new "Attacking AI" course in January! (Syllabus coming soon, it's gonna be a banger) payhip.com/b/2qPZ1

🛑 GIVEAWAY ALERT 🛑 Today is DAY TWO of FIVE DAYS of Arcanum Information Security and friends Black Friday and Cyber Monday giveaways! Today we are giving away FIVE seats to our flagship training: "The Bug Hunter's Methodology Live" TBHM is one of the BEST trainings in the industry for

📚 The Smarter Bug Hunting (For Low Hanging Bug) 📌 Step 1: Gather Recon Data The foundation of bug hunting is solid reconnaissance. Use tools like Amass and Subfinder to discover subdomains. #amass enum -d target.com #subfinder -d target.com -o

🛑 GIVEAWAY ALERT 🛑 ⬇️ Today is day FOUR of FIVE days of Arcanum Information Security and friends Black Friday and Cyber Monday giveaways! Today we are giving away FIVE seats to our training: "Red Blue Purple AI" RBPAI is a cutting edge course on how to USE AI to scale

My latest writeup about how to exploit file upload vulnerabilities, even when the server is hardened and "secured" 🔥 #BugBounty #bugbountytips #hacking medium.com/@red.whisperer…

We'll be giving out 6 of these on the Critical Thinking - Bug Bounty Podcast episode that goes live on Thursday morning. A great gift for the hacker in your life <3

join the secure code summit by Black Hills Information Security

Oh hey ArmorCode ARMOsec Arnica AppSentinels @attcyber Qwiet AI Zimperium Oxeye Pangea Phoenix Security - Appsec Phoenix - Cloud Security Phylum Pixee did you hear that we're looking for 2025 sponsors? Learn more 👉 buff.ly/2SNQsJp and jump on this 🥁 🎸🎤 wagon! #appsec

Think you've got an XSS in Markdown? Here's a list of payloads to try! 👇 (Thanks Предраг Цујановић � Ｐ𝗿𝐞ⅆｒ𝚊ⓖ Ⅽ𝗎𝐉ａｎ𝚘𝕧ⓘć 🤘) github.com/cujanovic/Mark…

We recently had a vision meeting with the Crit Digital team - the parent company of Critical Thinking - Bug Bounty Podcast. The goal for the company is simple: Promote hacker excellence in the bug bounty community. Here is how we plan to do it.

Last one here! the new account is live. Esteban Brenes S follow!