🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

New Reconless video! I will talk about how you can abuse IDN and Unicode tricks to make short domains for XSS that has a length limitation, bypass URL/SSRF validation, and many more! youtube.com/watch?v=f1XCvD…

Check out our new video by FD and learn Unicode tricks on IDN!

Hacking without Humans - Check out our latest video! Ron Chan & FD talk about how OpenAI's GPT-3 can be applied in cybersecurity. From writing bug bounty reports, identifying spam reports to looking for security logic flaws from the docs. youtube.com/watch?v=n7WOn8…

Check out how Ron Chan cracks open the data encryption in this episode of Hacking 1Password!

As a frequent request, we have made a video covering how to find DOMXSS with DevTools! FD walks through how to use Untrusted Types to turn a manual process into semi-automated. youtube.com/watch?v=CNNCCg…

Love this video by Reconless😍😍😍 Finding DOMXSS with DevTools | Untrusted Types Chrome Extension youtu.be/CNNCCgDkt5k via YouTube

Check out our latest video in the 1Password Hacking series, where how Ron Chan found simple API bugs that nobody had looked at after decrypting the protocol!

Ever wondered how an exploitation and the impact of a JWT bug look like? Check out our latest video, where we exploit a critical JWT without a signature to take over any account without user interaction on Microsoft Outlook! youtube.com/watch?v=t54N4x…

Don't assume XSS in out-of-scope/sandboxed domains is not worth reporting! Check out how you can escalate it for a bigger impact in this video. youtube.com/watch?v=tl6JCL…

Do you spell it CSRF or XSRF?

I wrote a tool to help to make the tedious process of authorization testing in GraphQL more enjoyable. Give it a try! You can find it at graphql-dashboard.herokuapp.com How to use guide at youtube.com/watch?v=JJmufW…

The absolute state of YouTube

‘Soft skills are the most under-researched area of the bug bounty industry’ – ‘Reconless’ YouTubers (Reconless ) on filling a gap in infosec education portswigger.net/daily-swig/sof…

Somebody told me you can find exclusive videos from Farah Hawa pwn() Reconless stacksmashing and LiveOverflow 🔴 on there 🤫

blog.s1r1us.ninja/bug-bounty/coo… by s1r1us

Ed has published a new blog post on DOM-based XSS. 👇 #bugbountytips

What is something you wished bug bounty hunters would blog more about?

Reconless member Ed is doing a bug bounty Q&A series on edoverflow.com.

New blog post by Ed 👇

Brilliant finding by sateeshn. 🦊 GitLab remains one of the best programmes to learn from thanks to their transparency. 👏