INTRODUCING: Agentic Security - LLM Security Scanner! 🔍 🛠️ Customizable Rule Sets: Tackle agent-based attacks with precision! 🧪 Comprehensive Fuzzing: Dive deep into any LLM's vulnerabilities! 🔄 LLM API Integration & Stress Testing: Ensure robust performance!

What is the difference between invites and engagements on bugcrowd platform?

A Day in the Life of an Unemployed Bug Hunter

.@insiderPhD's 4 must have Burp Suite extensions:

Come hack on Okta at bugcrowd.com/okta #ItTakesACrowd via bugcrowd

When it comes to GraphQL recon, JavaScript is the next best thing to introspection. I made a tool (in go) which finds all graphql queries in js files (or folders) and uses ChatGPT to build the queries for you! github.com/xssdoctor/grap…

Indeed, for me aswell ! Thanks bugcrowd from my bottom of the heart ❤️!

it sucks. Just after opening Burp Suite

🚨Alert🚨CVE-2024-30103: Microsoft Outlook Remote Code Execution Vulnerability ⚠This Microsoft Outlook vulnerability can be circulated from user to user and doesn’t require a click to execute. Rather, execution initiates when an affected email is opened.This is notably dangerous

I was facing a very strict WAF while trying to exploit a XSS : no gt/lt signs, no parentheses, no double quotes, no backticks. I was injecting inside an html tag. Turns out the solution was very simple (and not well documented): <img src=x onerror=alert&#40document.domain&#41>

There is a public website with the following folder path: txyz.com/wp-content/upl…<filename> Does anyone know of any tricks for WordPress websites that would allow me to list all files and folders in the 'uploads' directory? #thanks-in-adv

After a 4-month break, I’m backon bugcrowd ! Life kept me busy with something truly special—welcoming my adorable daughter into the world. 🍼💕 Feeling so blessed! 🥰

Got a CSRF attack being blocked by Content-Type validation? You might be able to bypass it with this quality technique. x.com/lukejahnke/sta…

3th1c_yuk1 Intigriti renniepak Seems rennie deleted his twitter so original post is gone :/ but someone made a post about it here with the code: execure.medium.com/unleashing-the…

Unleashing The Power of a JavaScript Bookmarklet for Endpoint Discovery in Bug Bounty and… execure.medium.com/unleashing-the…

paulosyibelo.com/2024/12/double…

Thanks to the recent PortSwigger top 10, I finally found the motivation to finish writing the 2nd article about DOMPurify security! 😁 Before releasing it, I would like to share a small challenge 🚩 Challenge link 👇 challenges.mizu.re/xss_04.html 1/2

blog.cloudflare.com/resolving-a-mu… I don’t work there anymore but it’s truly so sick seeing this level of weird bug being patched so fast Hell yeah

New Rhino Blog Post: CVE-2025-0693: AWS IAM User Enumeration bit.ly/3QcEpnx