After being nerd sniped by this, and discussion with Frans Rosén, heres two alternative ways: x(""+{a:location=name}+"") x(""+new class b{toString=e=>location=name}+"")

Despite what many think, Nuclei isn't limited to basic HTTP requests. In fact, it's not even limited to HTTP! ⚛️ 🌀 Using its features effectively allows for broader scans beyond web servers. Learn how to go beyond HTTP 👇 #HackwithAutomation blog.projectdiscovery.io/nuclei-beyond-…

Check out my friend Lupin and his new 🔥 video going over attacking UUIDs and the "Sandwich Attack" youtube.com/watch?v=Wgo3bG… 💪

Basecamp disclosed a bug submitted by Emil Lerner: hackerone.com/reports/2107680 - Bounty: $8,868 #hackerone #bugbounty

TESS These are pretty solid: github.com/the-xentropy/s…

🔥 OAuth "token reuse" vulnerability An interesting OAuth attack technique by Aviad Carmel that reused OAuth tokens from a different app to fully takeover victim's account in many popular apps like Grammarly salt.security/blog/oh-auth-a… #bugbountytips #bugbounty #cybersecurity

Bhavuk Jain Yep, it’s a pretty neat feature offered by GitHub as part of the Secret Scanning Partner Program. AWS, Microsoft, Google and Slack are part of it. docs.github.com/en/code-securi…

If you ever do static analysis on Android applications that are compiled with React you'll need to read the code of the assets/index.​android.​bundle file. However this file is a Hermes JavaScript binary that needs to be decompiled. This tool saved my life:

OSINT TIP #246 🐛 Tired of googling for #BugBounty writeups, payloadartist made a little tool "Bug Bounty Hunting Search Engine" that lets you search writeups easily. BugBountyHunting.com Thanks for tip Rohit Kumar 👏🏻 #OSINT #cybersecurity #bugbountytips #infosec

Hey, hackers! 👋🏻 I hope this note is bookmarked on your belt! It contains awesome pdfs including: - Red team Operations - Reverse engineering content - Red Team x Blue team - Practical social engineering - Windows Privilege escalation - AD, & Road to OSCP - JR to

Over 400 stars on Surf (github.com/assetnote/surf) - thank you so much for the support! I find that this tool leads to critical SSRF discoveries, despite its simplicity. I hope everyone has a happy holidays. I can't wait to release even more tooling and research in 2024.

Azure AD Security Config Analyzer (AADSCA) github.com/Cloud-Architek…

AI Prompt Injection labs.nettitude.com/blog/artificia…

🚨40,000+ Nuclei templates for security scanning and detection across diverse web applications and services🚨 📥github.com/linuxadi/40k-n… #bugbountytip #bugbountytips #ethicalhacking #CyberSecurity #Pentesting #sqli #xss #CyberSecurityAwareness #bugbounty #ssrf #AEM

puaf_landa, a new kfd Exploit..!! 🔥🔥 iOS 16.6.1 and 17.0 betas! ✅ "This exploit is useful for jailbreaks as well as a trollstore installation method." github.com/felix-pb/kfd #Jailbreak #iOS16 #iOS17 #kfd #exploit #puaf_landa

Windows Local Privilege Escalation Cookbook github.com/nickvourd/Wind…

At Assetnote, we focused on building a comprehensive set of exploits for the recent Ivanti Pulse Connect Secure vulnerabilities (CVE-2023-46805 & CVE-2024-21887. We found an additional auth bypass payload that works on older versions of the software: assetnote.io/resources/rese…

Congratulations to Ayubali for clearing our Certified Red Team Professional exam! #ADLab #CRTP #AlteredSecurity cc Nikhil Mittal alteredsecurity.com/adlab