LeakyCLI: AWS and Google Cloud Command-Line Tools Can Expose Sensitive Credentials in Build Logs orca.security/resources/blog… #Security #Pentesting #SecurityEveryday #BugBounty #pentest #appsec #cloudsecurity

Android & iOS Static Analysis with Nuclei medium.com/@justmobilesec… #Security #Pentesting #SecurityEveryday #BugBounty #pentest #appsec

Breaking Custom Encryption Using Frida (Mobile Application Pentesting) labs.cognisys.group/posts/Breaking… #Security #Pentesting #SecurityEveryday #BugBounty #pentest #appsec

Hackers, we want organizations to have the ability to share more information about their assets to help you be more effective and efficient at hacking. As a first example, here’s a brief wordlist for the most common parameter names and corresponding CWEs in

Unveiling Active Directory Secrets: Uncommon Tricks for Enhanced Security by Vincent Le Toux (Paris, France) Slides: raw.githubusercontent.com/vletoux/confer… Video: youtu.be/UE7c8IvUYoI?si…

Android Game Hacking: Increase money in Dude Theft Wars Shooting 8ksec.io/hacking-androi…

I've just seen the latest episode, and once again... 🤯 Thank you Frans Rosén & Critical Thinking - Bug Bounty Podcast for sharing 👏 The X-Correlation between Frans & RCE - Research Drop (Ep. 86) youtube.com/watch?v=YLdqWZ…

The master Frans Rosén is back with some insane research on X-Request-ID headers and how to use them to... **checks notes** destroy the internet. LOL This one is a bit better on YouTube, so check it out over there for the visual. Don't miss it! youtube.com/watch?v=YLdqWZ…

🕵️‍♂️ Just reported some fun P1 findings in a bug bounty program! Here’s a tip that might help you on your next Android app test. 👇1/4 #BugBounty #bugbountytips

Mark-of-the-Web Bypass redcanary.com/threat-detecti… #Security #Pentesting #SecurityEveryday #pentest #appsec

Bypassing WAFs with the phantom $Version cookie by Portswigger portswigger.net/research/bypas… #Security #Pentesting #SecurityEveryday #BugBounty #pentest #appsec

From XSS Vulnerability to Full Admin Access by Haymiz haymiz.dev/security/2024/…  #Security #Pentesting #SecurityEveryday #BugBounty #pentest #appsec

Hacking AI Applications: From 3D Printing to Remote Code Execution by SecurityRunners securityrunners.io/post/hacking-a… #Security #Pentesting #SecurityEveryday #BugBounty #pentest #appsec

The Windows startup process tree. #ThreatHunting #DFIR

Web scraper tool

I’ve created a Docker container to simulate CVE-2025-29927, allowing security enthusiasts to test the vulnerability in a controlled environment. hub.docker.com/r/busk3r/cve-2… If you're into bug bounty, pentesting, or CTFs, give it a try! 🔥 #CyberSecurity #CTF #EthicalHacking

Active Directory Exploitation Playlist Link: youtube.com/playlist?list=…

For people who keep asking what to build - Build your own operating system - Build your database - Build your virtual machine - Build your web server - Build your own game engine - Build your compiler - Build your own programming language - Build your own browser - Build your

<template shadowrootmode=open> attaches a shadow root to its parent. The shadow DOM contains an unnamed <slot> that by default collects the parent's light-DOM children, so the "x" text node is assigned to the slot, firing onslotchange. jsfiddle.net/m9g7c258/ #xss

Struggling to analyze JavaScript files manually in Burp Suite? 😓 JSAnalyzer is a new Burp Suite extension by Jenish Sojitra that automatically extracts API endpoints, secrets, URLs, and sensitive files from JS responses. It also performs smart noise filtering to reduce false