1\%27};(_=conf%irm,_(1))%3C%!--%

Have fun everyone Certifried: Active Directory Domain Privilege Escalation (CVE-2022–26923) research.ifcr.dk/certifried-act…

Exploit dev's be like

Something for the weekend:) #synack #bugbounty

A new set of 487 million WhatsApp phone numbers for sales in the Dark Web. A sample indicates the phone numbers are legit. Please stay vigilant as threat actors downstream will use this data to conduct smishing (phishing messages) campaigns. Stay SAFU. 🙏

Today i had the pleasure to sit and talk with one of the best bug bounty hunters: m4ll0k , alongside @elmahdibenrais and Yassine, it was really my pleasure to meet such a wonderful person in real life, thank you for your valuable time, so proud of you brother 🇲🇦💪

extremely saddened by the tragic and deadly 6.9 magnitude earthquake that hit home in Morocco 🇲🇦 the death toll has already surpassed 2,000 (at time of writing) with more than 1400 injured. my sincere condolences and prayers to all the people and families victims of this

HTTP Request Splitting vulnerabilities exploitation Video [RU]: youtube.com/watch?v=p1ClNh…

By-design AV bypass with "dev drive" 😅 I really like this feature! Update your detection rules if you want to spot this...

Pic of the Day #infosec #cybersecurity #cybersecuritytips #pentesting #cybersecurityawareness #informationsecurity

懐かしさと切なさ

Flipper Lab github.com/flipperdevices… github.com/flipperdevices… Web platform for your Flipper Zero #FlipperZero

Final Setup

🤷‍♂️

PHP just fixed one of my RCE vulnerabilities, which affects XAMPP by default. Check to see if you are affected and update now! 🔥 blog.orange.tw/2024/06/cve-20…

HackerOne #AWC2024 Team 🇲🇦, we're climbing the ladder

In a 2021 study, Jensen et al. observed a pronounced concentration of anime girl profile pictures among the most obscure accounts during a social network analysis of "infosec twitter" and associated subcommunities. As part of the study, a visualization was generated:

#BHMEA24

publication of my latest modest paper; Eclipse on Next.js: Conditioned exploitation of an intended race-condition - (CVE-2025-32421) enabling a partial bypass of my previous vulnerability, CVE-2024-46982 by chaining a race-condition to a cache-poisoning zhero-web-sec.github.io/research-and-t…

Meet our speakers. One of the biggest bug bounty hunters in Morocco, El Mehdi, will dive into a specific area in Bug Bounty, which is DOM XSS. In his opinion, DOM XSS is a really underrated in bug bounty, so he will be sharing with us his findings concerning DOM XSSs and he