Let me share our latest "Gudifu" paper and tool about a new search technique for parsing discrepancies between HTTP servers. The Gudifu tool has discovered several previously unknown attack vectors on popular server pairs such as Request Smuggling, Access Control Bypass and

youtube.com/watch?v=vPwV4x… I just came across an amazing video showcasing the XSS to Account Takeover process using the xss0r Tool! 😱 This video highlights just how powerful and effective the tool is when it comes to finding and exploiting XSS vulnerabilities. If you haven’t seen

#xss0rRecon script ! From a total of 209 links crawled from the testphp.vulnweb.com site, xss0rRecon identified 4 URLs potentially vulnerable to reflected XSS attacks. This demonstrates the power and efficiency of xss0rRecon. Currently tested on Debian, with configurations

🚨 I convinced my team to do one last giveaway! Options: hhub.io/eu2wxGj 🏆 Full Access: $199 💻 Lifetime Course: $39 (includes updates) 🎯 1-Month trial (no updates): $19 TWO WINNERS (1 each): - Full cert bundle - Lifetime access Enter: ↪️ RT + Reply with 🎯

🎁 End of Year Giveaway 🎁 Hack The Box 6-month VIP+ x1 - Follow, Like, and Retweet to join! - Winner will be picked randomly on December. #hackthebox #giveaway #projectsekaictf

🔴 GIVEAWAY ALERT 🔴 Our AI Red Teaming cohort is over 50% full and starts in just 9 days! For Black Friday, we're giving away TWO seats to our course, which is led by the world's top AI Security Experts! RT this post & Comment below to enter! Winners announced on Dec. 1st!

🚀Black Friday Giveaway!🤗 *** 𝗙𝗼𝗹𝗹𝗼𝘄 𝗼𝘂𝗿 𝗽𝗮𝗴𝗲, 𝗥𝗲𝗽𝗼𝘀𝘁, 𝗟𝗶𝗸𝗲 𝗮𝗻𝗱 𝗖𝗼𝗺𝗺𝗲𝗻𝘁 𝘄𝗵𝗶𝗰𝗵 𝗲𝘅𝗮𝗺 𝘆𝗼𝘂 𝘄𝗼𝘂𝗹𝗱 𝗹𝗶𝗸𝗲 𝘁𝗼 𝘄𝗶𝗻 𝗮𝗻𝗱 𝟱 𝗹𝘂𝗰𝗸𝘆 𝘄𝗶𝗻𝗻𝗲𝗿𝘀 𝘄𝗶𝗹𝗹 𝗴𝗲𝘁 𝗮 𝗳𝗿𝗲𝗲 𝗲𝘅𝗮𝗺 𝗼𝗳 𝘁𝗵𝗲𝗶𝗿 𝗰𝗵𝗼𝗶𝗰𝗲! *** Get

🛑 GIVEAWAY ALERT 🛑 Today is day THREE of FIVE days of Arcanum Information Security and friends Black Friday and Cyber Monday giveaways! Today we are giving away FIVE seats to our NEW training: "Hacking Your Career" HYC releases in January and is PACKED with actionable advice to

🛑 GIVEAWAY ALERT 🛑 ⬇️ Today is day SIX of EIGHT days of Arcanum Information Security and friends Black Friday and Cyber Monday giveaways! Today game recognizes game. If you’ve taken my classes, you know I always recommend @LearnPrompting. Today, I’m giving away one free seat to their

🎉✨ Big News for GOLDEN PLAN License Winners! ✨ Congratulations again to our 10 lucky winners! We have an important update: out of the 10 winners, only 9 have completed all the required steps to claim their license. 🕒 To the selected winners: Please ensure you message us

One more example for bad behavior / Scam in paid subscription for bugbounty santimillionaire.com I was there for the last 5 months trying to find something useful but unfortunately nothing , just a ready payloads and some tips filtered for each bug and this month I found

Critical vulnerabilities doesn't have to be complex or have a CVE - DeepSeek publicly exposed their internal ClickHouse database to the world, without any authentication at all, and leaked sensitive data. No one is safe from security mistakes, follow along to learn more 🧵

Per popular demand, Turbo Intruder 1.51 now inserts results at the top of the table so you can watch them arrive without scrolling! Let me know how you find it. If you prefer the old behaviour, you can change it back using: table.setSortOrder(0, False)

You might have noticed that the recent SAML writeups omit some crucial details. In "SAML roulette: the hacker always wins", we share everything you need to know for a complete unauthenticated exploit on ruby-saml, using GitLab as a case-study. portswigger.net/research/saml-…

the research paper is out: Next.js and the corrupt middleware: the authorizing artifact result of a collaboration with inzo that led to CVE-2025-29927 (9.1-critical) zhero-web-sec.github.io/research-and-t… enjoy the read!

🎉 Hyped for #NahamCon2025! ✨ Day 1: Full AI x Offensive Security track with JS0N Haddix, Joseph Thacker , ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ 🛡️,Johann Rehberger, Ciarán Cotter, xssdoctor. Details: NahamCon.com #InfoSec #bugbounty #CyberSecurity

Day 2 is packed with some 🔥 talks! Check out the entire schedule on NahamCon.com! Remember this is 100% free, no tickets or anything needed. Just show up and watch the talks!

⚡️XBOW found LFI where most tools would have given up. Photo download endpoint blocked all path traversal attempts. But JavaScript analysis revealed /photo/proxy?url= - vulnerable to file:// scheme access. Successfully read a password file via proxy endpoint. Technical

The whitepaper is live! Learn how to win the HTTP desync endgame... and why HTTP/1.1 needs to die: http1mustdie.com

The voting has concluded, and we're thrilled to announce the top ten web hacking techniques of 2025! Massive thanks to everyone in the community for sharing their hard-earned discoveries, plus the panel and everyone who nominated or voted! portswigger.net/research/top-1…